SkillAgentSearch skills...

Aurch

An Arch Linux AUR helper, aurutils wrapper script that sets up aurutils in an nspawn container.

GenerateConvertImprove

Install / Use

/learn @Cody-Learner/Aurch
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

aurch

The emphasis of aurch is using an nspawn container for AUR 'build isolation' rather than a 'clean chroot'. <br> Aurch isolates the build environment to mitigate build script errors/malicious intent causing issues on host. <br> The original aurch script has been split up into two seperate scripts with a dedicated setup script now. <br> <br> <br> aurch-setup:<br> Aurch-setup sets up an nspawn container for building AUR packages and sets up a local AUR repo in the host. <br> The nspawn container has Aurutils setup within it with Aurch acting as an nspawn and aurutils wrapper. <br> The nspawn container is persistent, has an AUR repo, and is maintained to a minimal base package set. <br> ie: Currently 154 packages. <br> <br> aurch:<br> Aurch builds AUR packages in the nspawn container isolated from the host. <br> After packages are built, they're copied into the host AUR cache and entered into host pacman sync db.<br> Automatically builds and saves all required AUR dependencies in the nspawn container AUR repo. <br> Installs any required pgp keys in the nspawn container. <br> Removes all official and AUR* packages used in the nspawn container build process upon completion, maintaining a minimal footprint of a small, consistent set of base packages. <br> * Removed from the containers arch install while remaining in the containers local AUR repo. <br> <br> <br> Note: <br> Aurch script isolates the build process from the host, not to be confused with building packages in a 'clean chroot'. Scripts such as devtools were not written to and do not isolate the build process from the host. <br>

References: <br> Arch wiki: building in a clean chroot <br> https://www.reddit.com/r/archlinux/comments/q2qwbr/aur_build_in_chroot_to_mitigate_risks/hfn7x0p/ <br> https://www.reddit.com/r/archlinux/comments/qk3rk7/wrote_script_to_setup_an_nspawn_chroot_and_build/hixia0b/ <br> <br>

USAGE
            aurch [operation[options]] [package | pgp key]

OPERATIONS
            -B* --build     Build new or update an existing AUR package.
            -G  --git       Git clones an AUR package.
            -C  --compile   Build an AUR package on existing PKGBUILD.(1) 
            -Rh             Remove AUR pkg from host.(2)
            -Rc             Remove AUR pkg from nspawn container.(3)
            -Syu  --update  Update nspawn container packages.(4)
            -Lah* --lsaurh  List AUR sync database contents/status of host.
            -Lac* --lsaurc  List AUR sync database contents/status of nspawn container.
            -Luh* --lsudh   List update info for AUR packages installed in host.
            -Luc* --lsudc   List update info for AUR pkgs/AUR deps in nspawn container.
            -Lv             List aurch variables.
                  --login   Login to nspawn container for maintenance.
                  --clean   Manually remove unneeded packages from nspawn container.
                  --pgp     Manually import pgp key in nspawn container.
            -h,   --help    Prints help.
            -V,   --version Prints aurch version.

            (1) Useful for implementing changes to PKGBUILD, etc.
            (2) Removes:  /AURREPO/<package>, <package> if installed, and database entry.
            (3) Removes:  /build/<package>,   /${HOME}/<build dir>,   and database entry.
            (4) Runs `pacman -Syu` inside the nspawn container.

OPTIONS *
            -L, List:
                Append 'q' to  -L list operations for quiet mode.
                Examples: aurch -Lahq
                          aurch -Luhq
                          aurch -Lacq
                          aurch -Lucq
                Do not mix order or attempt to use 'q' other than described.

            -B, Build:
                Append 'i' to build operation -B to install package in host.
                Example: aurch -Bi
                Do not mix order or attempt to use 'i' other than described.

OVERVIEW
		Run aurch-setup before using aurch.
		Run aurch to manage AUR packages.
		Aurch is designed to handle AUR packages individually, one at a time.
		ie: No group updates or multi package per operation capability.
		The aurch nspawn container must be periodically updated via aurch -Syu.
		Update nspawn container before buiding packages.

EXAMPLES
            SETUP FOR AURCH:

		Set up nspawn container:                        aurch-setup --setupchroot
		Set up local AUR repo:                          aurch-setup --setuphost


            USING AURCH:

		Build an AUR package(+):                        aurch -B  <aur-package>
		Build and install AUR package:                  aurch -Bi <aur-package>
		Git clone package                               aurch -G  <aur-package>
		Build (Compile) AUR pkg on existing PKGBUILD    aurch -C  <aur-package>
		Remove AUR package from host:                   aurch -Rh <aur-package>
		Remove AUR package from nspawn container:       aurch -Rc <aur-package>
		List nspawn container AUR sync db contents:     aurch -Lac
		List nspawn container AUR repo updates:         aurch -Luc
		List host AUR sync database contents:           aurch -Lah
		List host AUR repo updates available:           aurch -Luh
		Manually import a pgp key in nspawn container:  aurch --pgp <short/long id>
		Manually remove unneeded pkgs from container:   aurch --clean
		Login to chroot for maintenance:                aurch --login

		(+) Package placed into host AUR repo and entry made in pacman AUR database.
		Install with `pacman -S <aur-package>`

USER VARIABLES
		BASEDIR = path to chroot base dir
		AURREPO = path to host aur repo
		REPONAME =  host aur repo name
		AURFM = AUR file manager,editor (mc = midnight commander)
<br> <br>

Screenshot_2021-11-02_18-13-26

Screenshot: aurch --setup https://cody-learner.github.io/aurch-setup.html <br> Screenshot: aurch -B bauerbill https://cody-learner.github.io/aurch-building-bauerbill.html <br> <br>

NEWS, UPDATE, INFO:

UPDATE For Feb 21, 2026

aurch.sh

  • Added early script exit for essential unassigned or empty variables.
  • Implemented safety additions throughout script consisting of: <br>
    • The find command additions of -mindepth 1 <br>
    • Parameter Expansion Error Checking: :? <br>
    • Path Normalization : ./ <br>
  • Rewrote -Lv operation, print_vars function to clean up code.

README.md:

  • Update to reflect changes.

Changelog:

  • Update to reflect changes.

UPDATE #2 For Feb 18, 2026

aurch.sh

  • Found a bug that would delete dir inside aurch nspawn container running aurch -Cc without a package.
  • Provided a fix + fail safe.
  • Future plans include rewriting option parsing to implement checks further up towards the beginning of the processes.
  • Several small changes for text clarification and to allow alternative GUI AURFM options.

README.md:

  • Update to reflect changes.

Changelog:

  • Update to reflect changes.

UPDATE For Feb 18, 2026

aurch.sh

  • Added comments in header section for optional features and their dependencies.
  • Setup AURFM var to detect an appropriate file browser in either tty console, or GUI terminal env.
  • Fixed inspect files selection to sequentially display all git cloned/pulled dir's including AUR dependencies in AURFM.
  • Fixed screen width line length in -Lv operation.
  • Relocated cleanup_chroot function to directly proceed -Cc build_clean_chroot function.
  • Rewrote yes_no function requiring user input to proceed, adding a [d] selection Details of pkg which displays pkg data including URL links and comments from the AUR webpage.
  • Provide an optional script pbs.lua to scrape AUR data from webpage for Details of pkg selection.

README.md:

  • Update to reflect changes.

UPDATE For Feb 6, 2026

aurch.sh

  • Added sudo keep alive to build_pkg() function and trap command.
  • Added & syncpid="$!" ; wait "${syncpid}" to the pacsync lines in ### Optionally install package ### section. This is in place of ; wait. Adding the SUDO_KEEPALIVE caused the wait command to wait for the sudo job.
  • Added grep -v 'aur.db to cleanup_host function, to filter out aur.db from aurch-keeppkgs.
  • Rewrote aurch 'menu'.
  • Rewrote check_host_updates function to use batch processing for the AUR rpc call.

etc-sudoers.d-aurch-example

  • Added line for no sudo pw needed to remove aurch-sudo file created in the -Cc operation.

README.md:

  • Update to reflect changes.

UPDATE For August 27, 2025

aurch.sh

  • Set CleanChroot path as a variable.
  • Changed czm variable name to acp (aurch colored pointer).
  • Added note variable for green color text formatting.
  • Deleted the ck_per (check/correct file permissions) function as it's no longer necessary.
  • Function fetch_pgp_key, edited the ubuntu keyserver to use port 443, and added a fallback hkps://keys.openpgp.org in case of failure.
  • Function cleanup_chroot, added delete /etc/sudoers.d/aurch-sudo file, so trap will remove it if build_clean_chroot function is interrupted.
  • Function check_chroot_updates, rewrote to speed up via parallel checks and added a progress bar.
  • Eliminate building debug packages in -Cc clean chroot operation via makepkg.conf.
  • Automated system update to -Cc clean chroot build env.
  • Function cleanup_host added delete /etc/sudoers.d/aurch-sudo file, so trap will remove it if build_pkg function is interrupted.
  • Added if

Cody-Learner

View profile

View on GitHub
GitHub Stars25
CategoryDevelopment
Updated1mo ago
Forks0
Cody-Learner/aurch

Languages

Shell

Security Score

95/100

Audited on Feb 22, 2026

No findings