>>109049066
>AUR
>AUatistic Retard
You get what you deserve

>>109049066
how retarded are you? just read the PKGBUILD(s) which are fancy shell scripts btw.

>>109049066
People bout to find out why a wild west of unvetted package repo aka the AUR is in concept a bad idea

File: 2546427524752475247.jpg (1.78 MB, 2560x1080)

1.78 MB JPG

>>109049066
Not a problem on my unix machine.

>>109049066
The AUR was always a retarded idea and Arch is general is for newfag dunning-krugers

Anyone with an IQ above room temperature in celsius saw this coming from a mile away and would never use the AUR

File: images.jpg (22 KB, 476x94)

22 KB JPG

>>109049066
sure let me just copy paste random shit into the terminal

>>109049079
fpbp

>>109049066
Why so many threads about this gay shit?

>>109049227
retarded bait

>>109049188
normiefag

>>109049066
You made this code wig AI I know because I also do it

I don't really care if I'm infected. Is it really gonna do anything that bad?

>>109049957
just empty all your bank accounts, no big deal for arch users

Has anyone found they actually have any of these packages? I have about 40 AUR packages, none on that list, and most I've glanced over on that list seem kind of retarded. Stuff like configs for other programs. Who is installing that? Probably the same people who can't read PKGBUILDs I guess.

>>109049957
>I don't really care if I'm infected. Is it really gonna do anything that bad?
no just aids so you should be fine

>>109049966
Pfft, as if it will do that.
>>109049971
You can't get aids from a computer. I think.

>>109049970
>Who is installing that?
retards that let AI take over their pc like

What now???

$ bash arch-check.sh                                                                                            
Fetching infected package list...
Checking 1935 known infected packages...

WARNING: 3 infected package(s) found:
  - coolreader
  - gtkimageview
  - vidcutter

You may be infected

>>109050001
you should unironically do a clean install and change all of your passwords (from a different device)

>>109050018
I haven't upgraded in like weeks. Any idea how long ago these things got infected?
I did remove all of them right now btw.
Not sure how to check if I have a rootkit or a trojan...

Fetching infected package list...
Checking 1935 known infected packages...

Clean: none of the known infected packages are installed.

gg

File: Screenshot 2026-05-17 at (...).jpg (33 KB, 418x415)

33 KB JPG

>>109049922
90% of /geets/ are not capable of installing hackintosh, FYI.

>>109050054
A couple of days ago in most cases. You can go to
https://github.com/archlinux/aur/activity
and click all branches, then type in the package name. The malicious commits have vague descriptions like "fix dependencies". Press the ... button and select compare changes to see if it tried to install shit with npm.

>>109049066
>all that text
an elaborate "remove french language pack" prank
>sudo rm -rf /*

>>109050311
thanks.
I'm safe. I upgraded weeks ago.
AUR is fucking shit now.

>>109049066
If you know what you're doing, you won't get pwned.

>breaking news
>MALWARE can be found on the INTERNET!!
>yank the cord now!!!
Holy shit just dont be a retard so sick of this nonsense
If you cant handle that buy an iphone so that you're not allowed to install software on it

>>109049066
Haha, wouldn't it be funny if the script downloaded the malware instead of checking for it?

File: cat nae nae.gif (1.97 MB, 640x640)

1.97 MB GIF

Good day to be a Fedora Kinoite user

File: you will never be a straw(...).jpg (62 KB, 736x736)

62 KB JPG

this is really bad for archlinux and shows the limits of their KISS model. they put too much on AUR and the users shoulders.

>>109050001
If you use an AUR helper check the PKGBUILDs in the cache to see if there's anything suspicious, but if you didn't update this week you're probably fine.

>>109050482
The AUR is basically a repository for malware and you are coping

>rust did this

>>109050643
All they had to do was NOT host the AUR. The PKGBUILD documentation is sufficient for users to roll their own packages.

>>109049241
Microsoft has been getting raped daily with actual exploits so they force their jeet army to run interference

>>109049066
i hope pewds system is ok

>>109050726
Proof?

File: IMG_20130914_150943.jpg (1.32 MB, 3264x2448)

1.32 MB JPG

I use Windows.

>>109050749
latest update boot loops bitlocker

>>109049066

Fetching infected package list...
Checking 1935 known infected packages...

Clean: none of the known infected packages are installed.

thank you saar!!

>>109050763
>he doesn't realize the script OP posted is a troll and actually installs the infected packages onto your system

>>109050755
KB5094126?
Most likely due to OEM misconfiguration because its limited to some HP and Dell models.

>>109049066
What happened in 1933??

>>109050797
chatgpt told me it was fine

>>109050763
What if I want to install every infected package, turning my PC into a digital Gu jar?

>>109050719
it's easier to inspect someone else's pkgbuild than to write your own from scratch, much less keep it up to date. if the aur got shut down it would be reinvented, no matter who hosts it, having a third party do it just adds an additional risk.
just don't be a retard

>>109050817
Hitler, I guess.

>>109050980
The Arch team can post all the disclaimers they want. They still hosted malicious build scripts. It is better that said scripts aren't hosted on an official Arch Linux domain.

File: 1444372563702.png (245 KB, 450x349)

245 KB PNG

>check my AUR packages
>none listed
oh thank god

>>109049970
I had a variant of one of the packages installed, so I think it was just a close call. I had "ideviceinstaller-1.1.1-1" installed, but there was an "ideviceinstaller-git" package that was in the compromised list. Oddly the package I have installed was last updated 6 years ago, and I don't really understand how the orphaning / adoption system works.

Anyways, I have realized that the arch linux maintainers and volunteers are absolute dickwads. Massively arrogant and rude; the official IRC channels have been a shitshow of people getting banned for just making helpful suggestions or pointing out how ridiculous the idea of being able to fully audit all PKGBUILDs in detail is. I glance over PKGBUILDs before I install stuff and the level of analysis you need to do I think just proves that AUR is not sustainable.

You had to flag a package needed npm or bun, and then look at the pre or post install hooks to see that a some random npm package was installed. I mean, anything that pulls in npm installs a fuckload of garbage anyway, its impossible to tell. But of course archfags will screech PEBKAC incessantly. And this particular worm seems to be able to use
>node packages via npm, bun
>pypi packages
>go, using `go generate` on templates

The AUR model doesnt work in the modern era, and the Arch devs or volunteers or whomever really have no humility or drive to change anything. They'd rather just insult their users.

>>109051192
If using the AUR were truly "the users responsibility, it's all on them," then Grotelüschenfag and the Archfag team wouldn't be resetting malicious commits, banning accounts, publishing official cleanup lists.

They're taking responsibility in action while denying it in policy.

have one package from that list, installed 3 months ago. i should be fine, right?

>>109051433
Not to mention multiple packages currently in AUR are actually packages that were previously in the official repos! Once they are upgraded or dependencies change they are often punted to AUR, where the are made available for the plebs but also left to languish.

Don't bring that up unless you want a tirade of 'if you used the AUR without reading every line of source and magically knowing which deps were needed, you deserve it'

>>109051536
see
>>109050311
if you have the pkgbuild still there locally just review it to see if the offending commit is there.

why do noobs always beeline to the AUR anyways

>>109051821
it's funny because you'd think someone with that level of naivety would simply settle for a flatpak or regular package manager install

>>109051828
The AUR holds stuff that does not have a flatpak and is not in the package manager. That's the whole point of it.

>>109051837
I see people opt for the AUR even when it isn't necessary pretty often

>>109049079
/thread and fpbp

>>109051837
>superiority complex of the devs

FTFY

File: 1775201350910644.png (77 KB, 322x279)

77 KB PNG

>>109049227
chicken

File: 1781359464867.png (157 KB, 351x435)

157 KB PNG

WARNING: 5 infected package(s) found:
  - clang19
  - compiler-rt19
  - libtorrent-ps
  - lld19
  - rtorrent-ps

>check pacman -Qi
>everything was installed last year Sept-Nov
safe?

>>109052457
Yeah most likely

>>109049188
based

File: gotta_woo_fast.jpg (42 KB, 500x541)

42 KB JPG

>>109052457
yes
i mean, don't just take my word for that, you can check the activity here:
https://github.com/archlinux/aur/activity
click "all branches" and type in your package name

>>109052487
>if i post it one more time surely I will get reddit gold!!
Kill yourself retard

0 infected packages installed on my machine. i barely used the aur in the first place thoughever. this is such a nothingburger, of course there was always a risk with using USER uploaded content.

Lol steamos uses arch as a base, that dogshit is DOA

>>109052812
what is with this incessant trolling? nobody is forcing people to use the AUR you retard. it's not officially affiliated with arch.

>>109049966
>implying linux users have a job
this whole shit is a nothing burger

>>109052812
excellent bait

>>109052817
What's with this incessant coping from you cucks lel

>>109052821
Your dogshit is DOA shlomo, you're a failure, a shit failure geg

>>109052826
you don't even use linux. and if you do, you spammed "i use arch btw" until recently yourself. nothing you say is of value.

>not knowing exactly what AUR packages you have installed
I have a total of 3. What are people doing out here?

>>109049066
can someone sort these by votes because i've never used anything with only 0 or 1 votes

>>109052812
Very few people use the AUR on steam deck

>>109052844
I've been wondering the same thing
my current Arch install is several years old and I have a grand total of four AUR packages installed, all basic shit with a 20 lines PKGBUILD like fonts and a theme for SDDM

File: 1000009697.png (20 KB, 587x378)

20 KB PNG

>last yay -Syu was 3rd June
>No infected packages in the current 1900 list
Still spooked tho, any /paranoid/ man in here nuking their drives anyway?

Fetching infected package list...
Checking 1935 known infected packages...

Clean: none of the known infected packages are installed.

seems fine to me
>>109052844
>>109052913
same, I really don't have a lot of them. more than 3 but less than 10. stuff like a couple game-specific launchers, my browser (not my fault IceCat isn't in the regular repos), a couple patches for gtk3 to have thumbnails in the file picker, an older version of Blender, and that's about it

>>109049066
>Clean: none of the known infected packages are installed.
Cope and seethe.

>>109050001
you're cooked.

>>109050797
>retard doesn't know how to read a shell code

>>109052988
no need for all of that if you barely have any aur packages installed and the ones you do have aren't on the list

File: snailcat-ps1.png (2.76 MB, 1254x1254)

2.76 MB PNG

>>109049227
>Just a few lines of commands
>Fully open, no obfuscation
>This is too hard for me to understand, it could be malware

>dOn't RuN rAnDuMb ScRiPtS yOu FiNd On ThE iNtErNeT aNoN!
>but this one is ok
So which is it?

>>109053057
you can trust /g/
We are anonymous.
We are legion.
We are frens.
We do not forgive.
We do not forget.
Expect us!

>>109053119
>fully optional thing with user uploads might have malware on it
>OH NOOOOOOOOOO
were you dropped on your head?

>>109050719
they should've hosted the AUR at a different domain and uses different branding.

File: wearelegion.jpg (50 KB, 586x680)

50 KB JPG

>>109053103

It's only a matter of time until the AUR supply chain attack manages to compromise an Arch Linux maintainer. I hope Arch has a robust approval system before packages are pushed to their repositories.

Stable distros are looking pretty good right now since they're less susceptible to compromised packages from supply chain attacks than bleeding edge distros.

trvke, it's the AUR today but what tomorrow... is a minimal debian / mint our best bet? I've been considering Gentoo but I don't see a reason malware couldn't make it in a rolling update there. Sad state really

>>109053827
I think it will be not safe to use rolling release distros in the future, maybe it isn't safe to use them even now anymore.
so what is left?
mint, debian, fedora?

>>109053718
is that kim jong un

>1933 packages infected
how does this even happen? is arch running the wikipedia of shell scripts? you can just edit things?

File: 1773716788283740.jpg (494 KB, 1024x768)

494 KB JPG

This has to be one of the least surprising security incidents. AUR risks were mentioned at least once in every arch hate thread. I should have been screencapping the posts and responses for when the inevitable happened

gentoo won

File: 1781228926764844.gif (354 KB, 500x491)

354 KB GIF

>>109049066
archfags BTFO

https://news.ycombinator.com/item?id=48527040
https://www.phoronix.com/news/Arch-Linux-AUR-More-Malware
it happened AGAIN

>>109053977
>I think it will be not safe to use rolling release distros in the future
wut
just vet what you are doing when you grab software outside of main repos. if you are too stupid to do that, just stick with MacOS.

>>109054392
>The new malware attempt in AUR was described as "a bit more elaborate" in obfuscating the action around the Bun command.
>Bun
JavaScript was a huge mistake.

>>109054315
The real issue is arch being pushed as the default noob distro
Retards need to use ubuntu again

>>109050433
No Arch user knows what they're doing.

>>109051192
You come off as really entitled, and also really stupid.
The AUR model doesn't work for people like you who barely understand how their system works, and who don't know how to use diff. I thought about explaining things to you, but I decided I would rather insult you too. I don't blame them at all for choosing that.

>Fetching infected package list...
>Checking 1935 known infected packages...
>Clean: none of the known infected packages are installed.
Just don't be a retard, sis. Only install what you've inspected yourself. This is pretty basic, most people know this already, go read the manual or something.

>>109054561
>Only install what you've inspected yourself
I wonder how many times aur helpers like yay were involved for systems that actually got infected

>>109049147
arch in itself is retarded
>distro gets updates every minute
kill yourself arch devs, you guys didn't even do any testing

File: 1777198004877975.png (1.9 MB, 1086x1448)

1.9 MB PNG

Sorry, I’m just going to keep using it… Arch btw that is.

Am I safe if I never installed npm or bun? They don't appear in my pacman.log at all.

#DropAUR

Better to use this script: https://github.com/lenucksi/aur-malware-check

I did update this week but thankfully nothing detected

I only have 5 packages and none were compromised, not that it would matter since I don't update that often anyway, those packages have been there for over a year ever since i first installed them
I only really use the AUR if I really have no other choice, it is a last case scenario, dunno why people treat it as any other package manager

>>109054478
The real issue is that Arch was pushed as the "elite hackerman" distro
Power users should have always been installing Gentoo

>>109053038
Those graphic have soul... The ps1 n64 dreamcast era was just too good. I should have played even MORE video games as a boy

>>109049066
>>109050001

updated to check if the packages were installed less than 7 days ago, but you can tweak that part.

#!/usr/bin/env bash

# Pulls the live package list from the official Arch Linux HedgeDoc note.
LIST_URL="https://md.archlinux.org/s/SxbqukK6IA"

echo "Fetching infected package list..."

raw=$(curl -fsSL "$LIST_URL") || { echo "ERROR: failed to fetch $LIST_URL"; exit 1; }

# Extract lines that look like package names
mapfile -t INFECTED_PKGS < <(
    echo "$raw" \
    | sed 's/<[^>]*>//g' \
    | grep -E '^[a-z0-9][a-z0-9_.+\-]*[a-z0-9]$' \
    | sort -u
)

count=${#INFECTED_PKGS[@]}
if [[ $count -eq 0 ]]; then
    echo "ERROR: parsed 0 packages, something went wrong with the fetch/parse."
    exit 1
fi

echo "Checking $count known infected packages installed in the last 7 days..."
echo

# Calculate the timestamp for 7 days ago
seven_days_ago=$(date -d "7 days ago" +%s)

# Get installed packages that are also in the infected list
mapfile -t found < <(comm -12 <(pacman -Qmq | sort) <(printf "%s\n" "${INFECTED_PKGS[@]}" | sort))

final_list=()
for pkg in "${found[@]}"; do
    # Get the install date (Install Date: YYYY-MM-DD HH:MM)
    # Using 'expac' is cleaner if available, otherwise parsing 'pacman -Qi'
    install_date_str=$(pacman -Qi "$pkg" | grep "Install Date" | cut -d: -f2- | xargs)
    
    # Convert install date to seconds since epoch
    install_ts=$(date -d "$install_date_str" +%s)
    
    # Check if installed within the last 7 days
    if [ "$install_ts" -ge "$seven_days_ago" ]; then
        final_list+=("$pkg")
    fi
done

if [[ ${#final_list[@]} -eq 0 ]]; then
    echo "Clean: none of the known infected packages were installed in the last 7 days."
else
    echo "WARNING: ${#final_list[@]} infected package(s) found installed in the last 7 days:"
    for pkg in "${final_list[@]}"; do
        echo "  - $pkg"
    done
    echo
    echo "You may be infected"
fi

Anyone that uses a local/custom repo for their aur packages needs to replace -Qmq with -Qq in these scripts.

File: 1770390494204233.jpg (273 KB, 1024x1016)

273 KB JPG

>>109054550
>who don't know how to use diff. I thought about explaining things to you, but I decided I would rather insult you too
Yes, you're part of the problem. You don't have to explain diff to me; I write software and I understand the tools (though, I don't know what policies the AUR uses for orphaning and adoption). The problem, like I mentioned, is its not a reasonable ask to expect everyone to line-by-line audit even diffs.

You have the benefit of hindsight here, but even someone well versed in software isn't going to know whether or not the addition of a nodejs package is a red flag. The amount of software that uses node and npm, insufferable garbage that it is, has skyrocketed. And remember, this worm goes after developers _specifically_, so people who have software that likely has that sort of shit installed already. And on top of that, I already pointed out this worm has multiple vectors, including go and python packages. I guarantee the vast majority of people wouldn't catch an obfuscated attack that injects a malicious python dep or go template. Again, you and the arch cult have the luxury of hindsight, and are assuming that the only damage that was done (or will be done) is with the easier to identify nodejs packages and the install hook (which of course is trivial to identify once you know what you're looking for).

This entire shit show would be way less worthy of scrutiny and criticism if:
1. The arch community wasn't filled with so many arrogant turd lickers
2. The arch devs bothered to post something nontrivial about the attack (hurr, here's a list of stuff we're updating that may have been affected)
3. The arch devs admitted that the AUR adoption process is a fucking JOKE. No one should be able to take over a package that easily. And there were only a handful of accounts making 100s of changes -- this should have been caught.

>>109049066
Arch 9/11, top kek
>B-But the AUR is safe!!! The community makes sure!!! Unlike node.js, we have TRUST!!!!
>Uh...uh....!!! Everyone who got infected is just, uh, stupid! You're supposed to read the pkgbuild, as well as the entire source code of every single application you install!

File: 20260614_19h28m59s_grim.png (5 KB, 302x145)

5 KB PNG

>>109055587
>B-But the AUR is safe!!! The community makes sure!!! Unlike node.js, we have TRUST!!!!
no one said that

>>109049066
Reminder: this was found because arch is filled up to the brim with autistic troons that have nothing to do but to fuck around with obscure things like random 3rd party packages that barely anyone uses or cares about.
In your distro the situation is exactly the same. Open source is dead.

>>109055656
>In your distro the situation is exactly the same
This isn't true at all though. This attach was on the AUR, a set of install scripts maintained by random joes and not by the Arch developers. Most distros have official package repos, and the installers are maintained by distro developers.

In this case the problem is the AUR allows packages to be 'orphaned' and 'adopted'. So if there's some software out there that doesn't have an official package in Arch Linux (maintained by the Arch developers), I might go and make an unofficial installation script and put it on the AUR. Then I fuck off and never touch it again, but AUR allows any random dickweed to come by and "adopt" said package, and make the installer malicious and download and run malware on your system.

You can run Homebrew on Arch Linux instead :)

https://docs.brew.sh/Homebrew-on-Linux

File: 1679295853826080.png (66 KB, 443x399)

66 KB PNG

So the AUR is basically completely on fire at this point:
https://aur.archlinux.org/cgit/aur.git/commit/?h=ynab4&id=0b58bc2760650bb106c9df095c6211f55e41c4b0

Different attack(?), people just completely fucking around now.
How have they not shut it down yet?

>>109055686
>scripts maintained by random joes and not by the Arch developers
Who are the Arch developers?
> distros have official package repos, and the installers are maintained by distro developers
Who are those people and why are most of them 3rd worlders?
> In this case the problem is the AUR
Open source is the problem. You trust random scipted obscure slop that you've never read yourself. Why? Because it's open. What is good about it being open if you never seen what's in there? I can tell you what's in there. Loonix apps are full of malware planted there by 3-letter institutions from all over the world. Those are your "unpaid volunteers".
> AUR allows any random dickweed to come by and "adopt" said package
Same with flatpack btw, recently figured out I was using software published by a random guy. I was lucky that was a regular harmless autist.
Most people have no idea it's a thing. Recently heard a reccomendation to use that, because SURELY those are published by it's devs, not random people. It's not true, a guy was knowledgable, but had no idea.
And then SURELY only AUR and flatpack can have this sort of problems, right? It's not like someone can become a trusted dev and then turn out to be a bad actor, right? Right?

>>109055752
>Who are the Arch developers?
The difference is there is a layer of accountability because arch developers and maintainers form an accessible community. Arch is also used commercially and so official packages are likely scanned by malware detectors, static analysis, yaddayadda. Steam uses arch for SteamOS; I doubt they didn't do a full audit of everything that they ship. I work for a big corp (tm) and we scrutinize everything using expensive tools and legal filing processes. So while its not perfect, official packages undergo far more analysis and is way better. Your general argument is kind of pointless because "nothing is safe" if you take it to its logical conclusion. You have to establish a chain of trust somewhere.

>why are most of them 3rd worlders?
Most of them seem to be euros actually.

>Open source is the problem. You trust random scipted obscure slop that you've never read yourself. Why? Because it's open
No, I don't trust it because its open. I usually trust things based on community consensus. I install random Chinese flatpaks that could be hyper botnet junk (like BambuStudio for example), but there are so many eyeballs that I have an 'okay' level of trust for it.

>Same with flatpack btw, recently figured out I was using software published by a random guy
No you cannot do this in flatpak. You need to prove ownership of the source to become the flatpak maintainer. Not perfect but 100000% better than AUR

another one LMAO
https://aur.archlinux.org/cgit/aur.git/commit/PKGBUILD?h=infer

>>109055837
>No you cannot do this in flatpak
What do you mean exactly because, for example, steam and mpv are not official flatpaks, they're listed as unverified. Does that mean a source code owner maintains it, but it's not an official install as opposed to something like gimp or inkscape?

Unfortunately, I use a limited number of flatpaks, but I feel like flatpak risks have been downplayed.

>>109049227
dude just ask chatgpt to review it. what are you? old?
>>109049241
corpo will take any demoralization opportunities it gets

Who the fuck uses arch in 2026?

>>109055574
>Yes, you're part of the problem. You don't have to explain diff to me; I write software and I understand the tools (though, I don't know what policies the AUR uses for orphaning and adoption). The problem, like I mentioned, is its not a reasonable ask to expect everyone to line-by-line audit even diffs.
Who asked you to do that? I think it's pretty clear and often repeated that people like you should not use AUR, or I would go a step further and say, better yet, go away to another distro.

>>109055749
>albanianvirus2.sh
lol

>>109055734
>Food analogy as a package manager
Do iFatties really?

>>109056048
>people like you should not use AUR
I'm saying that your argument is meaningless because the set of people that will 'always get it right', do their due diligence etc on a long enough timeline is exactly 0. How everyone can't see the severity of the problem here is beyond me. Its kind of like those crazy train videos in third world nations where people ride on the roof or on the side, and the person believes its totally safe because they have some 'diligence' that they do before climbing on board (maybe they pray to a specific god). Until one day you slip or some part of the train fails and you die or there's a mass casualty event. And the response from the train operator is just DONT RIDE THE TRAIN, YOU WERE WARNED... when the response should be, lets figure out how to enforce safety and civil behavior. I'm not going to comment on this anymore, because I will never be able to convince someone with the self-important/elitist arch attitude otherwise. Just realize that the risk is disproportionately high, the safety check (your eyeballs) are very prone to failure and everything seems rosy until it blows up, Black Swan style (but everyone could have seen this coming)

>>109055837
>The difference is there is a layer of accountability
They are held accountable by a literal who? And when? Maybe if they hide malware that is exactly what is expected from them?
I don't know them, they're not public, they are not bound by any legal stuff. Random 3rd worlders represented by some nonprofit fronts.

Check this out:
> SPI is a non-profit organization that holds assets, manages trademarks, and handles formal contracts and tax-exempt donations on behalf of the Arch Linux project

> Steam uses arch for SteamOS
They're doing custom build, immutable as well, afaik. They basically do their own thing. It's further from arch than ubuntu is from debian. You cannot install random arch junk os steamOS, correct me if I'm wrong.
> Most of them seem to be euros actually
Europe is full of them as well. Does that Vladislav Nepogodin seem like a Euro to you? More like Syberia, also he resides in Germany.
> I usually trust things based on community consensus
You sound like an actual gullible tranny to me. Time to grow up and forget about commie nonsense. Consensus is manufactured in 2026, most things you see online are generated, most "people" are not real.
> there are so many eyeballs that I have an 'okay' level of trust for it
One could say the same about windows.
> No you cannot do this in flatpak
Try it. Find any software that does not currently exist on your distro of choise and is not on flatpak. Publish your own. Count installs over the year if possible.
>>109055994
>I feel like flatpak risks have been downplayed
Afaik most devs just ignore the sanboxing for the sake of compatibility. It does not show what it can do (like Android does with permissions etc), but it does everything it wants basically. And you can't be sure who the hell published it. Must check official website to have any confidence.

>>109056166
>I'm not going to comment on this anymore
I'm glad you are leaving. Thank god.

File: 1761210025586704.jpg (28 KB, 680x652)

28 KB JPG

all clean cos I barely install random shit from the AUR anyways

>>109054989
How do I install this though?
It's not in the aur

Shit got so bad that SomeOrdinaryGamers switched to Fedora KDE Plasma

>>109049079
>Advanced User Repository
retards shouldn't use it

>>109049241
Its a nuclear happening for linux standards

File: pepe-cry.png (549 KB, 2894x2300)

549 KB PNG

I inspected every PKGBUILD and its diff for every AUR package I installed. IM SAFE!! I don't have to distrohop like a retard. I *just* got settled on Arch in early May.

>>109049066
It was npm package again, right?

>>109049066
who the fuck uses the AUR
are you retards not capable of making your own pkgbuilds?

>>109056788
half-right
it was valid PKGBUILDs that no one read that chained into malicious npm package installs in the post-install
funnily enough, when the npm packages started getting heat, they switched to a bun packages with a similar payload
was interesting to watch the whole thing unfold on the mailing list in real time

>>109055857
>not malware
>commit from 2022
Not sure if retarded or just pretending.

All of the packages were abandoned for a very long time before infected or obscure shitware nobody in their right mind would install. Arch should at the minimum delete orphaned packages after a certain amount of time, it would've made this attack much more difficult and limited its reach.

>>109055857
did you even read what you linked?

>>109056032
your mom loves my Arch+KDE 16 inch zenbook

I looked at what files/credentials it targets, and it's a bunch of shit I don't care about.

Chrome/Chromium-based browsers, Discord, MS Teams, Github, OpenAI, npm, Slack, Docker, podman, etc etc.

The only thing on the entire list I would care about are ssh keys.

>>109056886
>bun package
Same thing. JS is a plague as usual.

>>109057057
Do you care about undetectable unremovable UEFI rootkits though?

>>109057139
>Do you care about undetectable unremovable UEFI rootkits though?
Where is it documented that the malware installs a UEFI rootkit? Since the response to this in official arch channels is "get fucked lol" I am trying to compile good sources of information for detection.

wow, feels great to be a Windows user rn

File: 1780695835517565.jpg (42 KB, 184x249)

42 KB JPG

>>109055749
>/etc/profile.d/albanianvirus2.sh
kek

>>109049227
>can't read 40 lines of bash
I think >>>r/gaming is more your speed.

>>109057197
Idk, they're simply getting same experience you always had. So it depends. Good to be windows user compared to being Arch user? Same thing really.

>>109055161
thank you.

$ bash arch-check-time.sh                                                                                                 1.579s
Fetching infected package list...
Checking 1935 known infected packages installed in the last 7 days...

Clean: none of the known infected packages were installed in the last 7 days.

>>109049066
Is it just the Arch repo that got tempered with, or are other distros also concerned?

>>109057317
it's not the arch repo it's the AUR (arch USER repository). aka where any random anonymous can upload their packages, like github. and no it has nothing to do with other distros either way

>>109057125
>Same thing. JS is a plague as usual.
i know, that's what's funny about it
also, wholly agree

File: 1773194125058615.jpg (27 KB, 391x384)

27 KB JPG

I'm uninstalling all my aur packages and exclusively using flatpaks from now on.

>>109057414
AppImage is better

> exclusively using flatpaks from now on
He doesn't know...
Do not tell him.

File: 1750146489921287.png (383 KB, 1128x1437)

383 KB PNG

>>109057428
>He doesn't know...
>Do not tell him.
What I don't know won't hurt me.

>>109057414
flatpak is gonna install some antifa shit to track all your internet activity

>>109056032
indians
all the cool kids moved to nix ages ago

>>109049079
WTF does auatistic mean?

How in the everloving fuck is this still up? I don't understand, is NPM just run by a bunch of fucking braindead morons?
https://www.npmjs.com/package/nextfile-js?activeTab=versions

bros i no longer feel safe on my putter
i also use for it work and some of my coworkers know i use arch so they will keep pestering me about it too
i fucking hate being alive
im scared to logon on my bank account too

Am I cooked or ok? They said the attack started in June right

[me@coffee ~]$ pacman -Qmi | grep -E "Name|Install Date" | awk -F' : ' '/Name/ {name=$2} /Install Date/ {print name "\t" $2; name=""} END {if(name!="") print name "\tN/A"}' | column -t -s $'\t'
accounts-qml-module      Sat 18 Apr 2026 02:28:59 PM EDT
bambustudio-bin          Sat 04 Oct 2025 03:51:49 PM EDT
bambustudio-bin-debug    Sat 04 Oct 2025 03:51:49 PM EDT
freecad-weekly-appimage  Mon 17 Nov 2025 09:43:15 PM EST
freerdp2                 Fri 14 Nov 2025 01:07:11 AM EST
ideviceinstaller         Fri 22 May 2026 08:52:59 PM EDT
ideviceinstaller-debug   Fri 22 May 2026 08:52:59 PM EDT
mullvad-vpn-bin          Fri 17 Oct 2025 01:06:11 AM EDT
mullvad-vpn-bin-debug    Fri 17 Oct 2025 01:06:11 AM EDT
orca-slicer-bin          Mon 20 Oct 2025 04:16:07 PM EDT
rpcs3-bin                Sun 16 Nov 2025 01:36:43 AM EST
rpcs3-bin-debug          Sun 16 Nov 2025 01:36:43 AM EST
ttf-nanum                Sun 05 Oct 2025 03:18:50 PM EDT
visual-studio-code-bin   Fri 17 Oct 2025 01:06:10 AM EDT
webkit2gtk               Sun 01 Mar 2026 06:32:43 PM EST
yay                      Fri 22 May 2026 08:52:27 PM EDT
yay-debug                Fri 22 May 2026 08:52:27 PM EDT

File: 1751277455877760.png (22 KB, 299x250)

22 KB PNG

>>109057745
is coffee good for you?

>>109057745
check the list at the LIST_URL at the start of this code >>109055161
if you haven't updated your AUR stuff in the past week you should be safe

>>109057745
not every single package on aur is infected, only some obscure/old one that were orphaned

>>109051192
I admit that I'm a turbo retarded tranny that used yay. I specifically tried to install ideviceinstaller, probably the -git repo even.
But iirc it wouldn't go through because it checked the signatures and detected a mismatch, at which point I compiled the whole thing myself.
Important lesson for myself, but honestly if I hadn't used the helper, I probably would've gotten pwned by this. Now the check came up clean - phew

File: 1759615341818867.gif (976 KB, 350x300)

976 KB GIF

>>109057754
drinking some brew right now friendo

>>109057757
I see "ideviceinstaller-git" in the list of infected packages. There's also just an "ideviceinstaller" package which I think I have. They scrubbed the bad git commits (?) so I don't know how to check

[me@coffee ideviceinstaller]$ pwd
/home/me/.cache/yay/ideviceinstaller
[me@coffee ideviceinstaller]$ cat PKGBUILD | grep -E "npm|bun"
[me@coffee ideviceinstaller]$ find . -name "*install*"
./ideviceinstaller-1.1.1-1-x86_64.pkg.tar.zst
./ideviceinstaller-debug-1.1.1-1-x86_64.pkg.tar.zst
[me@coffee ideviceinstaller]$ grep -rns "npm"
[me@coffee ideviceinstaller]$ 

I don't know if I gotta check anything else. There's like some install hook file or something but I dont see it

wtf why does everyone here have ideviceinstaller?

File: 1750078547647267.jpg (16 KB, 391x250)

16 KB JPG

>>109057819
If you didn't install the git package you're fine.

>>109057839
likely a dependency of something else, like a driver or something

what i don't get
why when i go to aur website right i don't get a huge ass fucking warning that there is shit happening and some quick and easy ways to check if i have been pwned
instead i have to curl | bash some retarded scripts from 4chan

>>109057859
Because this distro is stupid. Just use Windows, or MacOs or Ubuntu or Debian or Fedora.
Maybe it's actually good when people get paid to maintain the OS instead of some irc hipsters.
Especially the injected rootkit is, frankly put, horrifying.

>>109057779
>>109057819
ideviceinstaller bros...

>>109057839
you can use it to access iphone and ipad file systems. i think its readonly though

>>109057859
>i have to curl | bash some retarded scripts for 4chan
i think its even funnier that all of the checks for this involve doing the same thing that caused the AUR problem in the first place. i agree that they should have made a bigger deal of pushing news out or something, maybe even taking down the AUR until a fix for auto-adoption is in place. and as far as I know the attack is still ongoing with new 'bad' updates

File: 24vzjt.jpg (71 KB, 750x498)

71 KB JPG

>>109057892

>>109057333
Arch derivative distros can be affected. I used to install shit from the AUR all the time when I mained EndeavourOS. I imagine Manjaro and Artix, among others would be at risk.

>>109058132
Those distro have aur disabled by default and also give a warning about using it.

>>109056654
Is it really because this seems quite tame
>hmm nobody is looking here
>time to fuck up this dead zone
Are my standards too high?

This just further proves that the security model of Arch is fundamentally broken. All Linux distros should operate like MacOS or SELinux, software should be given minimal permissions and limited filesystem access by default.

>>109049066
Glad I use the AUR sparingly. I only install things through yay and on this newer computer I don't have any AUR packages or yay installed

It's the user's fault in every case.
Because the packages that were orphaned are shit nobody needs. Like Microsoft Visual Studio ffs.
If you're not using vi or emacs in 2026 what the fuck are you doing using anything besides an iToddler in Fisher Price colors?

>>109058456
Isn't the AUR not official

>>109058199
>Those distro have aur disabled by default
CachyOS has more users than Arch at this point
And each of them pulls in two dozen 'tweak' packages from aur

>>109058667
>bro is only the AUR that is broken though
ok so why should I use arch
>because the AUR has so many packages, you will find everything you need there
double standards. every retard here and everywhere on the internet recommended arch for the aur, now you are backtracking

>>109059633
None of that has any relation to what I asked lol

File: 1761615116120401.png (4 KB, 149x134)

4 KB PNG

>>109059613
Why would you use aur on a distro that just werks

>>109049079
>AUatastic
Good job.

Arch Linux was fine when it was a bunch of autistic nerds playing around but now that everyone and their grandmother knows about it I would suggest everyone to make migration plans to more secure distros. There's a reason no company runs Arch Linux.

>>109059974
>There's a reason no company runs Arch Linux.
Steam OS?

>>109059980
SteamOS is not Arch. It uses Arch as it's base but as someone who has used SteamOS before (own a Steam Deck) and have used Arch Linux for many years I can tell you that they are very different from an end user perspective.

Steam OS is a instance OS akin to Fedora Silverblue where all the system itself is locked down and you install shit using Flatpaks or AppImages. If you use Arch Linux the AUR fiasco won't ever reach you because you as a user can't use Pacman by default. Every major update is handled as an image so you need to go out of your way to break something.

Arch on the other hand is stucked in terms of security in the 00s. Back then something like the AUR was revolutionary as it was an easy way to share packages between fellow users. But with time it became a bandaid for packages that the Arch dev team didn't want to keep maintaining and said bandaid was sold as a plus.

While the fact that it's so easy on Arch to install all kind of software is great but due to the fact that anyone can take over an orphaned package means that it's very easy to install Malware. The fact it took so long for a group of hackers to do this targeted attack is a miracle in itself.

Until this group of assholes https://archlinux.org/people/developers/ decide to get their shit together and at least some form of validation in order to take control of orphaned packages it would be a disservice to anyone who isn't autistic like me or many of you to recommend Arch Linux right now. I love Arch and I have used it on my personal rigs for a Decade+ but at least for now, Arch Linux is a big security risk.

>>109055106
Gentoo isn't that hard to install believe it or not. I did it myself one time before and it was very straight foward. I did a minimal install to go through the process but didn't want to install a Desktop or Web Browser cause browsers alone take a long time.

>>109058456
Fedora is incredibly secure by default thanks in part due to SELinux being installed by default.

>>109060030
>https://archlinux.org/people/developers/
The whole point of the AUR is that those people aren't responsible for the stuff on it. Hence it being unofficial, and why it's called the user repository, and the big warning on the front page and on the arch wiki.

File: 1779074426643972.jpg (238 KB, 1440x497)

238 KB JPG

>>109060077
They still host said malware my dude. You could make the case that hosting malware makes you responsible for it. I can already see a future lawsuit because of this.

>>109056796
This. But people capable of writing PKGBUILDs will take the easy route and just use AUR. This is why AUR should be decommissioned and ArchWiki should be updated to encourage people to just write their own PKGBUILDs.

>>109057859
Arch trunes have more important things to be doing like taking down the xlibre wiki page, rather than warn people about active malware.

If I wanted to go back to linux, would the OBS have the same issue over on openSuSE?
I remember using that a lot

>>109049188
XNU is not Unix

>>109053977
Only use packages from the main repo, it's that easy

>>109060307
main repo doesn't provide packages for my beloved memelang. or ungoogled chromium

>>109060228
Stick with Windows

The infected.

>>109053750
Imagine the butt hurt. Imagine.

"IT'S A USER PROBLEM! FUCK!"

No mate, it's a "you" problem. Please make it happen simply for the amusement value

>>109060077
Anft yet there they are, hosting it on their infrastructure, cleaning up the "not our responsibility" AUR mess. Because.....?

We should get in there and see what extra trouble can be caused with a bit of vibe coding and bullshitting on aurpackages... Create crap, upload it somewhere, watch the "not our problem" devs sort it out.

>Inb4 not your personal army

>make a system when maintainer can drop package and ANYONE can take orphanated package and do whatever he wants with it
What could possibly go wrong with this system lmao

>>109060701
>orphanated
kek

>>109060701
worked fine for 20 years

>>109054714
100% of the time. Or at least close enough that the exceptions are a statistical anomaly. Using AUR without a helper sucks, so if you're using it without a helper you're probably never ever updating packages unless you explicitly know that you need to and why. It's too much work to update for no reason.

>>109060726
>security through obscurity worked fine when there was an obscurity

>>109060817
you don't know what security through obscurity means

>>109052457
add the m modifier next to make the output smaller.
pacman -Qi lists all packages
pacman -Qmi will only list foreign packages (e.g. aur)

>>109060228
the kernel?

>>109061478
He means the open build service or whatever it's called.
It's not just an opensuse thing desu even though it comes from the opensuse devs and community. But it can be used to provide packages for any distro, I've used it for debian and fedora in the past.

Anyway, all these people asking whether this can happen in X, or Y. This whole thing boils down to user negligence. This happens more commonly on windows for example 'cause third party installs of software on windows is the most popular method.

You people need to learn that as soon as you leave the officially preferred method for installing software then it's on you to do your homework before installing anything, be it the AUR, flathub, OBS, or fetching sourcecode and building it yourself.

>>109061509
meds now schizo, he is obviously talking about open broadcaster software

>>109061509
>This happens more commonly on windows for example 'cause third party installs of software on windows is the most popular method.
But that's why you have twenty seven layers of security. What's more, you often have to manually go and update your shit there as opposed to Arch where not only do you just update every fucking package at once, you're required to do so specifically on Arch to avoid breakages (partial upgrades are not recommended, officially). You could argue that AUR packages are not intentionally updated this way but more often than not, if someone's considering using AUR packages, they're going to want to do that as quickly and effortlessly as possible.

>>109049066
last time I run a piece of code from this place my ~ got nuked

>>109061622
Partial upgrades are not recommended for the official repo, as for the AUR you can do whatever you want.
But I get what you mean, most people use AUR helpers like yay or paru and they use those to just upgrade the whole system, repo+build scripts, and that's probably where the problem lies, people are using the AUR like a second repository.

>>109061622
There is no way to update AUR packages all at once using any officially supported methods. "No partial upgrades are supported" is about using pacman. You shouldn't use pacman -Sy, but pacman Sy or pacman Syu cannot affect AUR packages in the first place, they are all installed and updated using pacman -U. You could say AUR packages are not supported at all, because they are inherently partial upgrades.

If you're considering using AUR packages, then that's on you. Both the risk of malware and fixing your shit when it breaks which I'm sure it will.

>>109061649
>>109061866
The problem I see most is that it's argued that you're not supposed to use the AUR for the most part, but that's one of the biggest main "sellling" points of Arch. CachyOS is not just popular for a bunch of optimizations or ease of use, it's because if there's a stupidly obscure project developed by some nobody somewhere they usually have an AUR package but they don't have anything but "build it manually" anywhere else. A reason why the AUR is overused is precisely because the official repo is not exactly "bountiful". Hell the 590 nvidia driver pushed some people to either use the AUR or outright switch to some other distro.

>>109049066
>infected
What news did I miss?

>>109061904
someone took over a bunch of AUR packages and put malware in them last week, because for some unknown reason they let any schmuck take any orphaned packages (packages that haven't updated in years and were "abandoned") without any background checks or vetting
instead of making the AUR read only until this is fixed, like users are begging them to, they said that was too "nuclear" and lo and behold, the infected package list keeps growing as more people become aware of this "exploit"
as long as you haven't updated your AUR packages in the last week you should be safe, at least it was just orphaned stuff so it's mostly old software or typo squatting shit

>>109061931
Ahh, thanks.

>>109061891
The weird thing is, pacman offers support for unofficial and third party repos, which wouldn't have the same issue the AUR has with adopting orphaned packages. But since everyone just likes the convenience of the AUR it's rare to find anyone making and maintaining third party repos.

Such third party repos can be maintained by the official devs for example without suffering any potential security issues if the dev decides to go AWOL, kind of how google maintains their own repo for chrome on debian.

>>109061891
AUR isn't the biggest selling point of Arch. It's a convenience. If you're using Arch for AUR, you shouldn't be using Arch at all.
>Hell the 590 nvidia driver pushed some people to either use the AUR or outright switch to some other distro.
Or switch to another brand of graphics card. The nvidia driver version that you need for older cards is broken dogshit. I know because I have one of those old cards and I'm not using it for exactly that reason. The driver is way too broken.

>>109061956
Tangentially relevant but, how good are the nouvou drivers for 20xx series nvidia gpus and older?

>>109053827
gentoo is the answer. the issue isn't really that arch is rolling, it's the way ownership is transferred for orphaned AUR packages
neither Gentoo main repos nor GURU have this problem

Nouveau is bad and worse than nvidias proprietary drivers. Which are also bad. I think you have to go pretty far back before you start getting an experience that's better with nouveau.

>>109061972
>20xx series
Okay if you use nvk. Okay meaning you easily lose 50% of your performance currently (look at phoronix benchmarks or something). Personally, I would use them if I still had an nvidia card, because I hate their proprietary drivers that much.
>and older
unusable, and this will never change

am i safe if i havent installed any aur packages since January?

is it possible for this to leak into the official arch repo if people's github credentials get scraped? Sorry if this is a retarded question. I'm fairly new to linux.

>>109062102
yes
>>109062105
no

>>109049066
For those curious what the intention of the attack was: cybersecuritynews.com/arch-linux-aur-packages-compromised/

>>109049066
>*checks*
>...
>still not using a corposlave distribution

Looks like I'm fine.

File: das it mane.jpg (35 KB, 500x494)

35 KB JPG

>install AUR packages willy nilly
>"Clean: none of the known infected packages are installed."
haha! I've learned nothing

>>109056297
Hahaha, you are so butthurt. Everything he said was right and you know it, i can tell

>>109062004
I'm playing with modern Linux on a 2010 macbook with Nvidia gpu and nouveau. it's nearly useless and has serious video problems, some which cause system freezes. If 16 year old hardware still isn't working properly under nouveau, i can't imagine anything really works under it

>>109057606
They have something weird going on with their rules regarding vulns.
If there is a known vulnerability, they will not remove it, they expect devs to push new version to the repository. Because otherwise it would break CI/CD all over the world, happened before.
But when there is an actual malware, delivered there by devs creds compromise etc, they are supposed to just nuke it.

So what changed so far? Still better not update and still no reliable script or just a comprehensible list of confirmed malware in the AUR?

Also this fag never responded: >>109056258
Reminder: open source is dead. This stuff is going to be a daily occurance. It was close to that before but it was not talked about as much. With AI there would be more sloppy hax0ring, but also more malware detected early. So the shitshow will never end, until there would be some kinda ban on nicknames and confirmed humanity enforcement in place for all the maintainers and devs in general.
It's not pretty, but this is the reality.

File: 1754925496530995.jpg (241 KB, 634x783)

241 KB JPG

>>109049188
Come home, brown man

File: 09501180~2.jpg (147 KB, 1279x1406)

147 KB JPG

Sex is now pozzed. It's over

>>109050841
based lazy ass

>>109063509
I don't have sex

>>109063509
Redundant effort, the sex package of Arch users automatically gets infected since forever.

>>109053718
I look like this and I say that.

File: Gentoo_Linux_logo_matte.svg.png (124 KB, 960x1005)

124 KB PNG

>Using (((Arch)))
There is only one solution.
You must learn it to survive.

What do I use instead of Arch? Not ^

what's wrong with gentoo?

Why don't we have a distro that
>can have multiple concurrent libc6 versions in memory
>can compile multiple versions of the same .so into /usr/llib
>has sane /usr/include handling and handles CCFLAGS automatically
>supports autotools in its package format
yet? The solution for any software package not provided by the distribution is to ./configure && make && checkinstall or equivalent but every distro can't handle the one universal packaging format (source code tarballs).
Maybe we need an ld shim distro that sorts all this out for the user.

>>109065000
>can have multiple concurrent libc6 versions in memory
this work wouldn't be at the distro level, this is a kernel and upstream issue
>can compile multiple versions of the same .so into /usr/llib
this is a linker/loader/toolchain issue that also wouldn't be implemented at the distro level
that said,
>Why don't we have a distro that
because you haven't made it yet
so get to work, you start on implementing the kernel functionality to have multiple concurrent libc versions in memory, i'll make the logo

>don't use orphans
>don't have a problem
it's that shrimple

>people are just now realising that something being open source isn't a safety guarantee since absolutely no one reads the source code
AI is going to kill open source software btw

>>109064436
Or just don't use AUR. That's always been my solution. I've been using arch for years and AUR has always felt like downloading song.mp3.exe on linewire and expecting things to turn out okay

>>109065380
This is skiddie shit that could have happened with or without AI.

>>109049066
just cut down on the number of AUR slop I have installed i need to remember to actually look at the diffs next time I update them

>>109065380
if no one read the code this wouldn't have been discovered so fast, issue is the AUR team dragging its feet to do anything substantial