Arch users are spoilt for choice when it comes to software downloads. You could either get your packages from the official Arch repository, Snap Store, and Flathub or completely eliminate the need to install software by simply downloading AppImages.

Then there's another option—downloading software from the Arch User Repository (AUR). But not every Arch user is familiar with it, especially newcomers. So, what is the AUR, and how can you download packages from this special repository? Let's find out.

What Is the AUR?

The Arch User Repository is a community-driven package repository developed by Arch users for Arch users. If you don't find a package in the official repository, there's a good chance it might be in the AUR.

The AUR doesn't contain prebuilt packages, however. Instead, it hosts package builds (PKGBUILD), which are scripts that you can run with makepkg to build a package. The generated archive would then contain all the binaries and instructions required to install the package on your system.

If you've ever wondered how does a package get into the official Arch repository, the answer is the AUR. Most packages start their journey in the AUR, where users can vote for them to express their interest.

aur official website

And as obvious, a package with a specific amount of votes and good packaging gets tested and included in the official Arch "community" repository (not to be confused with the AUR). The minimum amount of votes for the package to be eligible for inclusion is 10, anything more than that is icing on the cake.

But that's not the only prerequisite, a Trusted User (more on that in the next section) should volunteer to maintain the package when it's moved to the official repository. If a package has hundreds of votes and no TU that's willing to maintain, it won't be moved to the community repository.

Also, unlike the AUR, the community repository contains binary packages that users can install with pacman, and not PKGBUILDs.

Should You Download Packages From the AUR?

If anyone can upload and submit their PKGBUILDs to the AUR, doesn't that compromise the security aspect? The answer is yes, but partly. The AUR has package maintainers known as "Trusted Users" that have been a part of the project for a long time.

The TUs regularly check what gets uploaded to the repository and keep an eye out for anything that looks troublesome. Although the regulations and checks help kick malicious uploads away, there are times when things slip past.

Therefore, an advanced security-conscious Arch user always checks the package builds before running makepkg to build the archive (and you should do it too).

How to Download AUR Packages

Since the Arch User Repository and the official repository aren't the same, the utilities for downloading packages from both the repositories are different. For the official repository, you can use pacman. But for the AUR, you have two choices.

Either you can manually clone and build the package or you can automate the process using an AUR Helper.

Manually Downloading a Package From the AUR

To download a package from the AUR, you'll have to install some necessary utilities on your system. Type the following command in the terminal to install the packages: 

        sudo pacman -S base-devel git

Start by heading over to aur.archlinux.org and searching for the package you want to download. Go to the package web page and copy the Git Clone URL.

get clone url from the aur

Then, launch the terminal and type the following command: 

        git clone cloneurl

Navigate to the downloaded folder using the cd command and run makepkg as follows: 

        cd pkgname/
makepkg -si

For example, let's download the Brave browser from the AUR: 

        git clone https://aur.archlinux.org/brave.git
cd brave/
makepkg -si

You don't have to run pacman to install the generated package archive. The makepkg command will automatically invoke pacman, which will then install the package along with the necessary dependencies.

Download Packages Using an AUR Helper

An AUR Helper simply automates the process of downloading PKGBUILDs from the AUR, generating the archive, and installing the package using pacman.

One such AUR Helper is yay, which is easy to download and use. Run the following commands one by one to install yay on your system: 

        git clone https://aur.archlinux.org/yay-git.git 
cd yay-git
makepkg -si

The basic syntax of yay is very similar to that of pacman: 

        yay -S packagename

To download Brave from the AUR using yay: 

        yay -S brave

That's how easy it was to install AUR packages using yay.

How to Submit Packages to the AUR

One of the primary concerns of developers is submitting packages to the AUR. The first thing you could do is read the package submission guidelines on the official website. Note that this guide already assumes you know how to create a package for the AUR.

To get started, you need to host your package on a platform like GitHub or GitLab. Then, clone the repository to your system and navigate to that directory using the command line.

The next step is to create a PKGBUILD that you'll add to the AUR. To do that, replicate the default package build prototype available at /usr/share/pacman: 

        cp /usr/share/pacman/PKGBUILD.proto PKGBUILD

Open the package build file using any text editor of your choice. Then, inside the PKGBUILD, specify the necessary information such as the package name, repository URL (GitHub or GitLab), necessary dependencies, etc.

demo PKGBUILD for AUR packages

Here's a full table covering the important variables in brief detail:

Variable

Usage

pkgname

The name of the package

pkgver

The current version of the package

pkgdesc

A brief description of the package

arch

The required architecture of the target system

url

The URL of the Git repository to access the package

license

The software license you want to use

depends

Dependencies required by the package

conflicts

Packages that conflict with your package

provides

The package your AUR repository provides

source

Source of the files required to build the package

Note that you also need to fill in the maintainer details specified at the beginning of the file. Additionally, edit the build, check, package, and prepare methods at the end of the file to suit your needs.

When you're done, build the package using the PKGBUILD you just created. 

        makepkg -si

If all goes well, generate the SRCINFO file by typing: 

        makepkg --printsrcinfo > .SRCINFO

Move the PKGBUILD and .SRCINFO to a separate directory.

To submit your package build, create and clone an empty AUR repository using the following command syntax: 

        git clone ssh://aur@aur.archlinux.org/packagename.git

...where packagename is the name of your package.

Copy the package build and SRCINFO file to the newly created repository folder using the cp command. Finally, all you need to do is commit, add, and push the changes to the remote AUR repository using Git.

Related: Advanced Git Tutorial

Is the Arch User Repository Safe?

The AUR is one of the most prominent methods of package distribution on Arch Linux, and the community is striving to take it to the next level. Thanks to all the users who participate in the maintenance of the AUR, this community-driven repository now hosts thousands of user-developed software packed with exciting features.

To sum it up, there's no actual harm in downloading software from the Arch User Repository, but only if you check the package builds and the INSTALL files prior to installation. Failing to do so might not have any serious complications every time, since the Trusted Users do a great job steering harmful packages away from the whole database. But it's always better to be safe than sorry.

If you're new to Arch Linux, consider learning how to download and install packages from the official repository first, and then, when you're comfortable with the process, proceed with the AUR.