To be clear, -Qm displays installed packages not currently in the repositories. This will include AUR packages, but I avoid the AUR (except for davmail years ago) every once in a while I’ll run it just to check and sometimes it finds packages.
When you install things from the main repos the dependencies get installed too, and if those dependencies are no longer needed they’ll be removed from the repositories. (I also have a bad habit of forgetting --asdeps when installing optional dependencies.) Sometimes they’ll conflict with a new dependency and pacman will ask to remove and replace them, but other times the functionality has become a part of an existing package, so with no conflict to prompt removal they’ll just sit unused on your install. If you haven’t tried -Qm in a long while you’ll probably find a few harmless currently-unused packages that were installed through the normal repos. (-Qdt will cover the other cases where dependencies remain in the repos but are now only needed for packages you don’t have installed.)
Obviously -Qm will also show removed packages that aren’t dependencies, a few years back my preferred pdf viewer was removed from the repositories.
-Qm will also find manually installed packages that aren’t in the AUR if you ever do that.
And don’t forget that a system compromise means you need to re-install all in order to re-gain control of your system. Without the malware of course.
Edit: I see downvotes… Some people don’t seem to understand why running malware permanently destroys a system’s integrity. I do not have more time today - can somebody explain for me why?
You can then search the list of compromised packages.
Or just uninstall all AUR packages, instead of waiting for your ones to appear on that list, and having to re-install your full system to ensure its integrity.
The command
pacman -Qmwill display every package from the AUR on your system. You can then search the list of compromised packages.Here are some scripts that can help too
(Edit: apparently i need to say to read and understand what these scripts are doing before running them. If you don’t understand what you’re running then don’t run them) https://gist.github.com/Kidev/85756c3dcad3623ca5604a8135bafd14
You suggest people to run more untrusted code in order to fix malware from untrusted code?
Is this a joke?
To be clear, -Qm displays installed packages not currently in the repositories. This will include AUR packages, but I avoid the AUR (except for davmail years ago) every once in a while I’ll run it just to check and sometimes it finds packages.
When you install things from the main repos the dependencies get installed too, and if those dependencies are no longer needed they’ll be removed from the repositories. (I also have a bad habit of forgetting --asdeps when installing optional dependencies.) Sometimes they’ll conflict with a new dependency and pacman will ask to remove and replace them, but other times the functionality has become a part of an existing package, so with no conflict to prompt removal they’ll just sit unused on your install. If you haven’t tried -Qm in a long while you’ll probably find a few harmless currently-unused packages that were installed through the normal repos. (-Qdt will cover the other cases where dependencies remain in the repos but are now only needed for packages you don’t have installed.)
Obviously -Qm will also show removed packages that aren’t dependencies, a few years back my preferred pdf viewer was removed from the repositories.
-Qm will also find manually installed packages that aren’t in the AUR if you ever do that.
And don’t forget that a system compromise means you need to re-install all in order to re-gain control of your system. Without the malware of course.
Edit: I see downvotes… Some people don’t seem to understand why running malware permanently destroys a system’s integrity. I do not have more time today - can somebody explain for me why?
Or just uninstall all AUR packages, instead of waiting for your ones to appear on that list, and having to re-install your full system to ensure its integrity.
I had more aur packages than I thought but none in the list. Is this just known ones and there could be more?
Of course. A compromised package can’t be on the list if it’s unknown. Hopefully not, but there’s still a possibility