That doesn’t match my experience with AUR at all. Usually it pulls a specific git revision and checks the hash. This also ensures that the build shouldn’t suddenly fail to some extent.
Though it’s entirely possible that it’s not like this for all packages, though I find it kind of counterintuitive since your package manager wouldn’t know when to perform an update in this case.
In the PKGBUILD file you can list sources (line 12,13) and their respective checksums (line 14,15). In this PKGBUILD there are 2 sources: the first is the systemd unit file, it’s coming from the package’s AUR repo, not from upstream, you can see its checksum. The second source is the actual source, and you can see, it’s checksum is ‘SKIP’ so it shouldn’t be checked.
With these kind of packages you can’t get notified if there is an update available, but if you install it again with your favorite AUR helper it would update itself for the latest version. It calculates version number from the latest commit hash, before building and installing, so if that is the same it won’t update again.
That doesn’t match my experience with AUR at all. Usually it pulls a specific git revision and checks the hash. This also ensures that the build shouldn’t suddenly fail to some extent.
Though it’s entirely possible that it’s not like this for all packages, though I find it kind of counterintuitive since your package manager wouldn’t know when to perform an update in this case.
It’s documented in the wiki, they are called VCS packages, and it’s not the usual, they work a bit differently: https://wiki.archlinux.org/title/VCS_package_guidelines
You can see in this instance, that it skips the sha checking for upstream source, in line 15 of the PKGBUILD it says ‘SKIP’: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=hyprspace-git#n15
sha1sums parameter is documented in the wiki: https://wiki.archlinux.org/title/PKGBUILD#sha1sums
In the PKGBUILD file you can list sources (line 12,13) and their respective checksums (line 14,15). In this PKGBUILD there are 2 sources: the first is the systemd unit file, it’s coming from the package’s AUR repo, not from upstream, you can see its checksum. The second source is the actual source, and you can see, it’s checksum is ‘SKIP’ so it shouldn’t be checked.
With these kind of packages you can’t get notified if there is an update available, but if you install it again with your favorite AUR helper it would update itself for the latest version. It calculates version number from the latest commit hash, before building and installing, so if that is the same it won’t update again.