14 DAY TRIAL // There's a new tool out there that we would like to introduce to our Arch Linux power users who are already familiar with the complexities of AUR packaging and maintaining.
While digging through the Internet, we've discovered the Arch-ppa utility, which appeared on GitHub a few weeks ago, created by Ryan McGuire, promising to help you create and maintain a personal Arch Linux package repository that is secure and safe for users to use.
Think of arch-ppa like a DIY PPA (Personal Package Archive), in the style PPAs are used on the popular Ubuntu Linux operating system, but hosted by you, on your own terms, either locally or on a server that you have access to and they allow you to distribute packages to hundreds of thousands of possible Arch Linux users.
arch-ppa was created because AUR is not all that secure
arch-ppa developer Ryan McGuire says that he created this utility to help the Arch Linux personal packaging ecosystem be more secure than it is right now via AUR (Arch User Repository), an officially recognized software repositories where anyone with the proper skills can upload new software and maintain it.
As such, AUR comes with a big warning for those attempting to install any of the packages maintained there by users like you and me, that you'll use the provided files at your own risk. Fortunately, AUR is under the supervision of the Arch Linux maintainers, so any attempt to distribute malicious files is immediately stopped.
"This is why I don't like to use AUR helpers like yaourt or pacaur. Using the AUR with a helper requires you to be diligent in reviewing the PKGBUILDs it downloads, in order to make sure it doesn't include things like viruses or trojans, or downloading from a weird URL," said Ryan McGuire.
This is where arch-ppa comes in handy for AUR package maintainers are looking for an easy tool to create a manual repository that they can maintain with the Arch Linux packages they want to distribute in a secure and safe environment. But the truth is that the adoption of this tool will be limited to those who have a capable server.
AUR (Arch User Repository) has a long history and it is used with success by numerous Arch Linux users these days, but if you are interested in hosting your own personal Arch Linux package archive, give arch-ppa a try. All the instructions to get started with it can be found on the project's GitHub page.