0x5t4l1n/AURHub
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/AURHub.git synced 2026-05-26 11:25:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
027847fbacc507ec4d266523d417822b85ba2a3a
AURHub/docs/README.md
T

2.8 KiB
Raw Blame History

ArchStore — Arch Linux Package Store

A modern lightweight package manager client for Arch Linux that combines official pacman repositories and the Arch User Repository (AUR) into one clean, elegant Play Store-like interface.

Main Features

  • Unified Search: Search packages across pacman repositories and the AUR simultaneously.
  • Detailed Package Sheets: View descriptions, maintainers, votes, popularity, and installed statuses.
  • PKGBUILD Security Scanner: Analyzes PKGBUILD script manifests for suspicious scripts, remote code execution (curl/wget to sh), command injection, and other threats.
  • System Updates Check: Checks for updates from both pacman sync databases and the AUR.
  • Category Browsing: Explore applications by genre (Development, System, Networks, Multimedia, Games, etc.).
  • Local SQLite Caching: Fast indexing and pagination for package queries with a 15-minute Time-to-Live (TTL).

Technical Architecture

Backend (FastAPI + SQLite)

  • Safe execution of system tools (pacman, yay) utilizing asyncio.subprocess exec arrays (no shell=True) to completely eliminate command injection vectors.
  • Whitelist-based package name and search query sanitization.
  • Lightweight SQLite storage cache with auto-expiration.

Frontend (React + Vite + TailwindCSS v4)

  • Responsive dark-mode UI inspired by Arch Linux.
  • Fixed sidebar layout collapsing on smaller device widths.
  • Shimmer skeleton loaders, micro-animations, and staggered grids.

Installation & Setup

Prerequisites

Make sure you have python, node, npm, and an AUR helper (like yay) installed.

1. Backend Setup

Create a virtual environment, activate it, and install Python dependencies:

cd backend
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Start the development API server:

uvicorn main:app --reload --port 8000

The backend API will run on http://localhost:8000.

2. Frontend Setup

Navigate to the frontend folder, install npm modules, and run the development server:

cd frontend
npm install
npm run dev

The frontend application will start on http://localhost:5173. Any calls to /api will be proxied to the backend automatically.

Security Policy

  1. Command Sanitization: Strict whitelist of ^[a-zA-Z0-9@._+-]+$ for all package names passed to shell processes.
  2. Untrusted Scripts Isolation: Build and PKGBUILD script generation is handled strictly through the pacman package manager database structures and standard AUR helpers (yay), bypassing manual root exec calls.
  3. No Sudo Privilege Escalation without Prompt: Installation requests call pkexec (standard Polkit helper) to prompt user dynamically, or run in the user's home space for user-run AUR installs.
Reference in New Issue View Git Blame Copy Permalink