docs: Add example for installing AUR packages in ArchLinux images

[estebanpuyanas]

Add example for installing AUR packages in Arch-based images

Adds a documentation file under mkosi/docsexplaining how to install AUR packages at image build time using aurutils and mkosi's $PACKAGEDIR mechanism.

The example uses neovim-git as a worked case because it has both official-repo makedepends and AUR dependencies, which exercises the full dependency resolution pipeline.

The approach covers:

1. Bootstrapping aurutils from the AUR at build time.
2. Using aur depends + tsort for dependency resolution.
3. Building packages as the nobody user to satisfy makepkg's refusal to run as root.
4. Using $PACKAGEDIR to pass built packages from the build phase to mkosi.postinst.chroot.
5. Configuring mirrors via reflector since the build sandbox starts with none.

Tested end-to-end on Arch Linux (EndeavourOS) with QEMU. The image builds successfully and nvim --version confirms correct installation after booting.

Closes #2578

[behrmann]

Thanks! This is an interesting writeup, though I'm not entirely sure the upstream docs are the best place for it in this form, since advocating for any AUR helper is really mkosi's place.

A few thoughts I had while skimming it.

[behrmann]

The usage of .chroot scripts implies that all of this is done in the image being built and that the image should be updated later. That is not something mkosi necessarily guarantees is possible. If you built this inside an Arch tools tree, you could also piggyback off the setup that mkosi already does.

[estebanpuyanas]

Looking at the existing building-rpms-from-source.md example, I can see it uses mkosi-chroot and mkosi-install from the host side rather than relying on .chroot scripts.

I'd be happy to rework the example to follow that pattern if that's the preferred direction. Alternatively I can add an explicit note scoping this example to Arch hosts building Arch images and flag the tools tree approach as a follow-up?

[behrmann]

Why is this necessary? Why not use --syncdeps from makepkg?

[estebanpuyanas]

From my understanding, --syncdeps calls pacman via sudo internally, which won't work since nobody has no sudo privileges in the build sandbox. The intended fix would be to install deps as root first using makepkg --nodeps --nobuild to parse them, then install, then build. Alternatively, since aurutils itself has a well-known and stable dependency list, I can just hardcode the deps install and drop the PKGBUILD sourcing entirely. Which approach would you prefer?

As a sidenote, the discussion in #2578 has these two gists, which I largely used to base the work done here:
https://gist.github.com/michaelbeaumont/1b2b58d63ccdc446496f0156d6aca4ad
https://gist.github.com/Strykar/ffafe1fca0ce777a048ec44984d7aaef

[estebanpuyanas]

@behrmann, I tested that approach by replacing the highlighted lines to:

sudo -u nobody \
    PKGDEST="/tmp" \
    PKGEXT=".pkg.tar" \
    makepkg --clean --cleanbuild --noconfirm --syncdeps

However, it resulted in a failed build, as it does seem like syncdeps calls pacman internally via sudo as I said above. I am attaching a text file with the build output in case I missed anything else that I could try. failed-syncdeps-build.txt