I have been cautioned on this forum not to blindly install packages from AUR using yaourt because they could lead to problems, including execution of malicious code, and rendering my system unusable.
I am now thinking of trying my hand at making a package that is not in the official repos: audacious-qt5
It appears that the most difficult part is to generate the PKGBUILD script. I have gleaned from the Web that one should check the PKGBUILD script to see if it is “safe” before installing something that AUR points to.
I have come across a question entitled Convenient way to check AUR PKGBUILD against malicious code? but unfortunately, it remains unanswered.
Are there any guidelines on where and what to look for in a PKGBUILD to ensure that it is safe?
And, might one, after scanning and convincing oneself that the PKGBUILD is safe, install from AUR using yaourt? Or does one need to build the package oneself, as would be the case if the PKGBUILD needed to be changed?
The information on building Arch packages is too “componentized” and distributed across several wikis to give a coherent overall picture of the process. A single example of how to do this from alpha to omega with any “helper” would be very useful to one who hasn’t done it before. Is there such a tutorial?
Also, can one use the AUR directly, or should one use other repos, because NRR is built upon Manjaro which is on top of Arch?
Sorry for the number of questions and their length.
Thanks.