Add package to AUR

[ItsDrike]

AUR (Arch User Repository) is a package index holding millions of packages for Arch Linux, portmaster should be added here to make it very easy to install it on arch-based machines.

Not only that, but also currently, I haven't even found any way at all to install your package on Arch, following your install docs, there is a link for pkg.tar.xz installation file, but this only points to CI workflows, and when I checked those, they did have an artifact of containing this, but it was already removed (I suppose it was too old), which means there currently isn't any way to get your package installed on Arch Linux, or any arch based distributions for that matter.

I would recommend against just fixing the .pkg.tar.xz and instead of making a regular listing on AUR, since arch users are very familiar with it and it provides easily accessible updates (even though you might have auto-updating, it's still a good thing to do). Currently, I don't have a way of installing your software at all, since I'm only running arch Linux and as I mentioned, I wasn't able to find any installation files for your package.

[davegson]

Hey there, thanks for reporting!

You are right, it currently is not possible to download PM on arch - which definitely should not be the case. We are on it and will keep you posted as soon as a working .pkg.tar.xz is out.

We will also update our website and link to the Arch package on the download section since that would be an easy win for arch users too.

Regarding the AUR, it is a great suggestion. I cannot promise anything yet, but we will talk about it in our next team session this Friday.

Internal note: tracked by CC#1841 and CC#1842

[dhaavi]

Thank you for your patience. Unfortunately both of our build processes broke, so these had to be fixed first.

You can now find the arch installer here. We'll be updating the references asap. Also, the installer file is a bit too big now, it will be better in the future.

[ppacher]

Hi, just for reference, you can still install on Arch by using the PKGBUILD provided in this repository. Just clone the repository and use makepkg as with all AUR packages. The main difference is that our PKGBUILD repo is not yet inside the AUR git and you cannot use AUR helpers like yaourt, yay and friends.

If you're unfamiliar with building arch packages yourself you can look at the install docs here.

[ppacher]

@davegson, @dhaavi the installer built by the github CI workflow was not really intended to be distributed directly. Arch users are used to build stuff like this on their own (AUR, makepkg). The CI is more for ensuring the packaging works. Not sure where we put the download link but we should remove it from there and point to the install docs / PGKBUILD file. We should update docs.safing.io to NOT REFER to the .pkg.tar.xz file but point to the PKGBUILD instead.

@dhaavi the install size is bigger than the .deb/windows one because it's actually an offline-installer (as it should be on arch) and contains all portmaster modules that were "stable" at the time makepkg was invoked.

[ItsDrike]

I haven't noticed that there was actually a PKGBUILD, in that case, it's quite easy to just build the package directly, but nevertheless, my point remains, the package should be released to AUR, to provide a much easier way for everyone to be able to install PM.

I will respect whatever decision you make, but I don't think there is really any reason against using AUR, however, if, for whatever reason, you do decide against AUR release, you should follow @ppacher suggestion of mentioning that there is a PKGBUILD and that the package should be built directly, rather than relying on .pkg.tar.xz files.

Also, the linked install docs point to GitHub docs on the main repository, but the link to installation for Linux points to the docs I sent, and these differ in content, you should include the arch installation part in the docs readme links to, or change the link

[davegson]

thanks for chiming in @ppacher and pointing to the already working solution.

@ItsDrike you are right, in the process of migrating some info from the GitHub wiki (which will be deprecated mid-term) to our docs we overlooked to transfer some of the information. I'll make space to correctly update our docs today or tomorrow. I think that is the appropriate resolution for the issue right now. We will discuss AUR a bit more this week with everyone involved.

[davegson]

We fixed the main issues:

• @dhaavi fixed the pkg.tar.xz, which is now correctly linked to in the docs.
• the install instructions for PKGBUILD have been copied from the GH wiki (docs repo - PR#7) and this is now the second arch option to chose from in the docs

I'd consider the issues resolved for now. However, I am leaving this issue open since its core is about AUR. Regarding that, we'll discuss it this week as previously mentioned.

[davegson]

As an update - we are moving forward with this.

There are a few things we have to tackle before being able to be listed in AUR, but will update you all here as we wrap things up.

[ralyodio]

no package in AUR yet?

[davegson]

Since many are eagerly awaiting this, a short update:

we are currently heavily focusing on SPN development which is slowing down Portmaster improvements. However, in our internal project management this feature is already marked as "Next Up", so when resources are free again this is going to be one of the first features being picked up again. Thanks for your patience

[cppcooper]

Good to hear! I thought it was odd the site said waiting for feedback before adding to AUR, but if this is next on the list then who cares what the site says

[davegson]

I agree that text was confusing 👍 I changed that now https://github.com/safing/docs/pull/54 or view it on the site https://docs.safing.io/portmaster/install/linux#arch-linux

[jike212]

Just wanted to say, great work on Portmaster! Looking forward to AUR support as this is the first time since I started using Arch that such a useful tool wasn't in there. Congrats on the great app!

[ZeroDot1]

Please update the arch linux package (https://docs.safing.io/portmaster/install/linux#arch-linux), it is completely outdated, and it is not safe to use security software that becomes insecure due to outdating.

CC: @davegson

[ZeroDot1]

This package is also completely outdated. https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.pkg.tar.xz

[dhaavi]

Hey @ZeroDot1, thanks for having an eye on these important things! This is greatly appreciated.

Yes, the PKGBUILD file currently referenced by the docs includes an older version of the portmaster-start binary. However, during install it will download the newest version of all resources, bringing you up to date immediately.

And yes, the portmaster-installer.pkg.tar.xz from the update server currently packages some older resources, which could lead to compatibility or bootstrapping problems. However, a reboot would fix this and the resources are also automatically updated immediately after install.

---

So from our viewpoint these issues fix themselves. This is not to say we disagree with your input. We also felt the installers needed a face-lift and are currently working on multiple updates to the installers. This work package will also completely update the Arch installers. When this is done, we will start a community review process of the new PKGBUILD before we release it to the AUR.

What are your thought on this approach? Do you still have concerns? If yes, what are they?

Thanks again for your valuable input, as well as for maintaining CoinBlockerLists! 🎉

[ZeroDot1]

Thank you very much for your answer.

I recommend if you provide AUR packages then it should be 2 packages portmaster and portmaster-git.

With portmaster-git users can then always update to the current development state when an update is made in the repository.

And with the package portmaster users can install the latest official release of portmaster (Example: https://github.com/safing/portmaster/releases/tag/v0.7.6).

[ShayBox]

Just a warning for when you push this to the AUR, all the stuff you're doing post-install like downloading modules and symlinking should be done during building/packaging, there shouldn't be any module downloads when you go to install the compressed archive, that's a big no-no.

EDIT: Additionally, unless it's a -git package, the builds should be reproducible, no downloading of dynamic modules that change all the time, if the version number is the same in the PKGBUILD, it should always build the same pkg archive. Essentially offline building, no self-updating.

Clarification: To be clear, it's fine if the program itself downloads something like a database, but the build script shouldn't be, (unless it's a -git, which always builds the latest git commit), dynamic module stuff should be linked to versions or pulled by the program, everything should be tracked by pacman, and anything tracked by pacman shouldn't be replaced/changed/updated by anything but pacman.

[ppacher]

Hi @ShayBox, thanks for chiming in here.

As a long-term Arch user I'm aware of those issue and that is also why we did not push it to AUR yet. Though, we just don't have the resources to maintain and release the software for so many different package managers and distributions. Also, since we're still in "alpha" phase we want to be able to push out updates frequently and may do backwards incompatible changes and for the time being it's important for use to know our users are moving/updating as we release fixes. Being able to disable automatic binary updates is something we already talked about but it's unlikely to happen any time soon.

We already had a PKGBUILD that pre-downloaded all required modules, binaries from our update server during package build. Since that, for example, also includes an electron build, the resulting package archive is very big and still won't be reproducible as it will always fetch the latest released version. Since the Portmaster will download updates as soon as it starts anyway we decided to ditch the pre-downloading during build phase and just let the PM do everything on start up.

Do you have any suggestion on how we could move on here?

[github-actions[bot]]

Auto-closing this issue after waiting for input for a month. If anyone finds the time to provide the requested information, please re-open the issue and we will continue handling it.

[dhaavi]

Whoops. This should not have auto-closed - we used the wrong label. Reopening.

[pluja]

Is the info in this link updated? https://docs.safing.io/portmaster/install/linux#arch-linux

[davegson]

good catch, this is not up to date. The Download page is where'd you get the links for AUR. Will see that the docs get updated too (as well as this issue closed)

[dhaavi]

Thanks for the hint.

I removed the section as we are now finally in the AUR! :tada:

[ubergeek77]

I appreciate the work that went into getting this on the AUR. I'm coming in late to the discussion, but it looks like this was discussed for over a year, and I'm glad it all worked out in the end.

However, I noticed this seems to be a stub that downloads binaries from Safing, rather than compiling it. I am not pointing this out because I don't trust Safing, but I am more interested in compiling every component in this open-source project without the need for external dependencies.

I'm not asking Safing to provide a full AUR package that does this (although that would be amazing!), and perhaps this discussion is better left in its own issue, but:

Does/can Safing provide a build system for all Portmaster components that can create an i.e. Debian package that has everything needed fully included?

I know the individual repos have their own build scripts, but with disjointed multi-repo projects like this, it can be difficult to make sure everything needed for a fully functioning build is included and where it needs to be.

I'm sure Safing has their own deployments for the purposes of maintaining their Debian package, can a stripped down version of this without signing keys be provided to the community?

Or, really, just anything to go off of. I'm capable of building my own scripts if I knew exactly what the build process looked like. But this is a rather large project, so I figured I'd ask first 😅