Using the AUR

submitted by

Found two great posts on how to take some precautions when using the Arch User Repository. To whom it may concern.

How to review an AUR package - Bert Peters
https://bertptrs.nl/2026/01/30/how-to-review-an-aur-package.html

AUR Chaos malware: an analysis
What happened, and an investigation of the malware - mh4ckt3mh4ckt1c4s
https://www.mh4ckt3mh4ckt1c4s.xyz/blog/aur-chaos-malware-analysis/#conclusion

2
38

Log in to comment

Hot Top New Old

Pacman hooks install to /usr/share/libalpm/hooks (and sometimes to /etc/pacman.d/hooks though that’s incorrect).

Incorrect, for the package i guess, because there are the users hooks?

 reply
4
OP edited

Good question. I haven’t used custom hooks myself, but I believe you are correct. The alpm (Arch Linux Package Management) hooks manual states:

Hooks are read from files located in the system hook directory /usr/share/libalpm/hooks, and additional custom directories specified in pacman.conf(5) (the default is /etc/pacman.d/hooks).

So I guess the blog post means to say, that hooks are not supposed to be added automatically at installation of a package.

 reply
3
Insert image