When using sudo yay it recommends not using sudo. It seems I had two different outcomes from using sudo and then from not using it. Having used it, what effect does this have?
When using sudo yay it recommends not using sudo. It seems I had two different outcomes from using sudo and then from not using it. Having used it, what effect does this have?
What different effect did you see?
The main difference is in where the package gets built, as you are the root user not your own user, the cache will be in a strange place and some config files may be misplaced.
Also, running as root is dangerous as the aur uses random scripts made by strangers on the internet. (edit: as stated by OP, mkpackape refuses to run anyway) This can be very dangerous, even when not run as root. I’ve seen an ip logger next to a list of “people who can fuck themselves”, fork bombs, and have heard of crypto miners being installed. All in large well used repos.
Cemu, nordvpn, certain browsers, and many more are not distributed by their owners
Giving these scripts that are often made by some random person root access is asking for damage. People could just put
dd if=/dev/random of=/dev/sda
inside it and boom, your drive is not only gone but you can’t even recover your dataEdit: they are correct, yay will simply refuse to install an aur package using sudo, apologies for suggesting otherwise
Look at the pkgbuilds and the sources used! That’s the minimum of due diligence one should do when using the AUR.
With sudo it appears the dependencies for pkgbuild are downloaded then deleted but qv2ray, the main target remains uninstalled (manual intervention required) and it states qv2ray - exit status 10.
However on the second time without sudo the package is finished and a second install prompt appears, and the installation is successful.
So it appears to be that running makepkg with sudo was not permitted anyway, and there was no result. Also the packages (the cache you refer to?) were deleted following this.
I’ll remember from now on the AUR is riskier than pacman and I’m glad the package was installed in /home. 🤔
Yes but this doesn’t happen. It’s a fear that is completely overblown. A lot of people look at the scripts before installing and so should everyone. Takes almost no time to see it’s harmless.
Anyone with experience can glance through a install script in a few seconds and see what its doing. It really is very simple.