When using sudo yay it recommends not using sudo. It seems I had two different outcomes from using sudo and then from not using it. Having used it, what effect does this have?

  • sorrybookbroke
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    What different effect did you see?

    The main difference is in where the package gets built, as you are the root user not your own user, the cache will be in a strange place and some config files may be misplaced.

    Also, running as root is dangerous as the aur uses random scripts made by strangers on the internet. (edit: as stated by OP, mkpackape refuses to run anyway) This can be very dangerous, even when not run as root. I’ve seen an ip logger next to a list of “people who can fuck themselves”, fork bombs, and have heard of crypto miners being installed. All in large well used repos.

    Cemu, nordvpn, certain browsers, and many more are not distributed by their owners

    Giving these scripts that are often made by some random person root access is asking for damage. People could just put dd if=/dev/random of=/dev/sda inside it and boom, your drive is not only gone but you can’t even recover your data

    Edit: they are correct, yay will simply refuse to install an aur package using sudo, apologies for suggesting otherwise

    • Admetus@sopuli.xyzOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      With sudo it appears the dependencies for pkgbuild are downloaded then deleted but qv2ray, the main target remains uninstalled (manual intervention required) and it states qv2ray - exit status 10.

      However on the second time without sudo the package is finished and a second install prompt appears, and the installation is successful.

      So it appears to be that running makepkg with sudo was not permitted anyway, and there was no result. Also the packages (the cache you refer to?) were deleted following this.

      I’ll remember from now on the AUR is riskier than pacman and I’m glad the package was installed in /home. 🤔

    • mrmanager@lemmy.today
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Yes but this doesn’t happen. It’s a fear that is completely overblown. A lot of people look at the scripts before installing and so should everyone. Takes almost no time to see it’s harmless.

      Anyone with experience can glance through a install script in a few seconds and see what its doing. It really is very simple.