Slashdot Mirror

Debian has ideology and a huge community, fedora has corporate clout, ubuntu has support, Linux Mint has "like ubuntu but not batshit insane" what has Arch to offer?

If the only thing new about Arch is it's package manager then you better give me an awesome sales pitch because I'm sick of centralized servers. The thing I want to see succeed most than anything is a distro based on Zero Install or something like it. What good is arch for?

Not being locked into one distro???? You're destroying the dreams of the distro company CEO's. STOP RUINING THEIR BUSINESS PLANS!

Seriously, someone take a hint: Linux is supposed to be free, and no one should be locked into a particular distro. If you release a piece of software, you need to make it EASY to install on ANY distro, which means using a software installation standard. What's that? None exists? Then use Zero Install because that's the closest one I know of since it can run on top of any and all distros.

Ah yes, one of the last major problems Linux still really needs to solve: binary portability. They should provide 7.11 available for download in a universal installation package which contains everything needed, and then at the end of the installation you select which Xorg version you want to boot into by default if you already have a version installed.

When are Linux users and devs going to hunger enough for this kind of freedom so that they all switch to truly cross-distro installation packaging systems like Zero Install?

Windows has installation CDs that are slimmed down as well as ones which contain more software. The solution isn't to have all distros include the same software. You said what the solution is: standards. All you need are standardized ways for the same type of thing to be done across any distro, like program installation standards. The system needs to be able to recognize all dependencies and to easily obtain anything which is missing. Then, who cares if libraryXYZ is missing? Your package manager will get it for you.

The stupid create-your-own-software-universe model needs to die. Programs need to be cross-distro at the very least, and cross-platform preferably.

Everyone: please just say no to any systems which attempt to lock you into a single vendor source for your software when alternatives exist that give you much more freedom. Using Android as an example, it takes away your freedom by locking you into Android-only apps. Why would I choose that over a distro which allows me to run any and all Linux apps? Want to buy something from the Ubuntu Software Center? Hell no, you shouldn't be ball-and-chained to a specific distro, and even if you did find the DEB file you would be locked out of RPM-based distros unless you somehow converted the DEB to RPM, but why should you have to?

The point is that even open source software can make you a slave if it doesn't offer standards, because that is where real freedom comes from. Development time has a cost, so spend your time and money helping out projects which seek to give true freedom to all computer users world-wide. Programs like Zero Install perhaps? Standards groups like freedesktop.org?

0install does not touch any files outside of ~/.config/0install.net/ and ~/.cache/0install.net/ by default, and it won't let packages change things at install time either. This is necessary so that it can be used with sandboxes.

The only exceptions are that it will make a configuration change that you request explicitly. For example, if you ask it to add Firefox 4 to your Network menu then it will do that, or if you ask it to add a "firefox4" shell command to run it then it will create a "firefox4" script in your $PATH.

You might be interested in the EBox sandboxing demo (the challenge is to create a package that accesses a user's files without the user's permission).

It's perhaps more like Java Web Start in concept, but it works with any language (including Java). There is the 0export tool to create self-extracting bundles, but yes in the normal case it assumes that 0install will already be on the machine.

Absolutely. You could try Zero Install[1]. The list of software[2] is pathetically small (it does, however, provide useful apps such as Firefox, Inkscape, and Xara Xtreme), but there are ways of generating your own package. So, you could just generate your favorite packages and either publish them on the web or carry them with you on a USB stick or something. I don't think this will be the future package management system to rule them all, but it is nice to be able to install an app you need without spending ages compiling it (and its dependencies!) or by requesting that your systems administrator approves a request, which could take a long time, particularly if your request is uncommon.

[1] http://0install.net/
[2] http://0install.net/injector-feeds.html

Absolutely. You could try Zero Install[1]. The list of software[2] is pathetically small (it does, however, provide useful apps such as Firefox, Inkscape, and Xara Xtreme), but there are ways of generating your own package. So, you could just generate your favorite packages and either publish them on the web or carry them with you on a USB stick or something. I don't think this will be the future package management system to rule them all, but it is nice to be able to install an app you need without spending ages compiling it (and its dependencies!) or by requesting that your systems administrator approves a request, which could take a long time, particularly if your request is uncommon.

[1] http://0install.net/
[2] http://0install.net/injector-feeds.html

Zero Install will do what you want.

http://0install.net

It's dead simple. We need something like this in Linux. You mean like this : http://0install.net/

wiki: http://en.wikipedia.org/wiki/Zero_Install

What do you mean you aren't already using it?

http://0install.net/

Check this out, it might be what you're looking for, been around for years though and hasn't taken off.

http://0install.net/tests/Chromium.xml

Tested on Ubuntu/Jaunty so far, but let me know if it doesn't work on other distributions.

Ah, you mean Zero install`?

Exciting concept, and it works rather well. It's been around for years, but noone seem to be using it at all.

If you do a distro upgrade from one finished version to another (skipping all betas and alphas), generally things work, but you are right in that this is something that needs more attention: drivers. DKMS is helping with that, dragging along any drivers you've installed when you switch kernels, but it's new and needs more attention.

Software portability in general needs a lot more love in Linux. You shouldn't have to be dependent on your repository to install the Linux software you want. An elegant solution for this still needs to be found, though Zero Install is doing fairly well at overcoming a lot of the challenges, but it's sad that such a flexible package management system isn't the root system. Who knows, maybe eventually they'll make a Zero Install distro. ^^

Thanks, however the only once I know working on this is the Burgdorf Packaging API which is a low-level solution being sponsored by the LSB, and higher level solutions like Zero Install and Klik. Klik is very self-contained by using program "images" so it has sandboxing, and several other features. Zero Install uses "feeds" or URLs so it can get automatic program updates right from the source, and has various other features as well and will have sandboxing too eventually. Both systems are completely cross-distro and completely avoid dependency conflicts (something that should never ever happen if the package format was made well). Awww, you have two versions of libraryX you want to install but they dun wanna be both installed? It's called name one libraryX1.0 and one libraryX1.1 or something, sheesh. =P And tell the library maintainers to use a more stable API so that both aren't required! ^^

Any way, yeah, everyone, both developers and users alike, would radically benefit from having actually accessible Linux software, you could actually share the damn stuff for one thing with your friends no matter what "distro" they are running. One problem I think there is is that a distro would be more of a collection of software is all, and maybe a certain way the package manager was configured or the directory structure was configured or whatnot (something that should be easily changeable), but there would no longer be such segregation/proprietization of software. You like the network applet program Ubuntu uses and want it in Fedora? OK, well since it's all open source and it's all Linux, it should be easy to install it, if there were cross-distro binary packages, otherwise good luck compiling with all those dependencies, and if you're a "normal" user you're screwed and your choice is whether or not to switch to Ubuntu, and I think that's what Canonical and other companies want, and that shouldn't be the way things are, that problem should not exist when it's all open source software.

Linux use will increase much faster after this happens, and it will happen eventually.

Interesting, but of course Linux has the main oomph behind it right now, and luckily many features are being shared, between all kernels and OSes out there right now. I believe this problem can be solved easily within Linux, without having to switch to P9 or Minix or anything else, but those are certainly life savers should anything completely fragment Linux.....more than it is now. =P

The Burgdorf Packaging API is one solution that will help solve the Linux package standardization issue, as well as more top-level solutions like Klik and Zero Install.

If you read in part 2, he talks about registering the program with the package system, but not providing for dependency resolution other than the one big LSB compliant resolution, as well as some additional LSB "pieces", but to limiting it to that instead of worrying about the thousands of other packages, so you're half right. I don't really understand this though, because once you have the dependency system in place, you don't really need to "worry" at all. Sure, having a base set of packages I guess can be helpful, but I believe the package format and manager together could provide all the solutions needed to resolve any kind of problems with getting software.

I'm frustrated that decentralized package resolution development is occurring in "top-down" programs such as Zero Install, and not in the base package systems where they should be. Using decentralized packaging, you have URLs for all dependencies, and you could have multiple locations from which packages were available, and the system also incorporates key signing and hash checking to protect users from file fraud. Using this system a developer could actually make all the dependencies they are using available from themselves if they didn't want to point anyone elsewhere, but only the dependencies the user didn't have would be downloaded, instead of installing the whole whopping software bundle. In other words, it would allow you to utilize dependencies and save bandwidth and storage space (though both of those things aren't AS big of an issue now days as they have been) while not running into any kind of problems with "worrying" about the base package installation.

Any way, just the base implementation is good enough for now so that all Linux users will have SOME way of installing any software, but I believe there is a lot of room for improvement and that they should really take a look at all the things Zero Install is accomplishing.

Yes, it should be, and you shouldn't have to look for DEB packages if you're on a Linux distro using a deb-only package manager or a RPM if you're on one using a RPM-only manager. All package managers should be made compatible with at least one format(preferably more) so Linux software installation is simple, instead of Linux users having to hit website after website of software where the developers never bothered to release some kind of binary because of this mess, or they release a binary which isn't a normal package, and even if it does it doesn't contain the information inside it for a URL for automatic updates. Instead us Linux users often have to deal with out-of-date software because we're stuck waiting on our distro maintainer to specially package everything under the sun we could ever want, which is impossible, and which gives certain larger distros an unfair advantage. Or, we have to compile it, which limits the numbers of Linux users greatly because obviously normal users don't know how and most users don't want to bother with doing it even if they do know. So, yeah, I'd say it was a big problem.

Can read why Linux software installation sucks part one and two, and read about two projects hoping to make it better in the future.

You should never be locked in to using only software provided by a distributor, software shouldn't be provided by them except to provide the convenience of the base installation bundle. Free Software has to mean freedom of accessibility, too. If no one can use some free software program due to it's proprietary nature and neglect of standards, that software isn't truly free. All of Sourceforge should be my Linux repository, and tools and standard APIs to easily search or add that software to my computer should be a concern on every developer's mind. It needs to be done easily so that Linux can actually reach the masses by allowing software to be more easily shared. Fragmentation and becoming proprietary and locked down hurts Linux and thus hurts everyone.

Help untangle the Linux software installation catastrophe by supporting proposed solutions like the Burgdorf Packaging API and cross-distro packaging formats like Klik and Zero Install. Once every Linux user has the ability to easily access the software which exists out there, instead of waiting on the whims of their distro's private software repository maintainers who have better things they could be doing, software will be much more "free".

First I just have to say, awesome journal. Thank you so much for promoting cross-anything usability. In order for everyone to have access to all software, having that software use modular/extensible APIs/ABIs so that they can always function in the best way in any environment is very important. The Freedesktop project is very important in helping to bring more interoperability to the Linux system, so I wish them all luck in this struggle. It'll be amazing when a way can be found to make any program have the look and feel of the native desktop or whatever user-defined look that they want, and when configuration files and data can all be stored in similar locations, like just off the user's home directory, instead of being buried inside .kde or .gnome. Heck, I'll be happy when my KDE program menu icons start displaying correctly in Gnome.

While it's fine and great that Ubuntu has become a noticed distro, I'll be happier when "Linux" becomes more common. When you can download virtually any distro and it will simply be a specific selection of Linux software, but you can go out and easily download and install any Linux software or drivers you want. Then, it won't need to be "Ubuntu", it will just need to be "made for Linux". Some distros may not be concerned with cross-distro software portability because they have an interest in users coming to them for help, instead of to the actual upstream providers of the software, since some of these distros are based on wanting to create a need for support. However, just like not having desktop standards hurts everyone, not having easy cross-distro software installation does the same. Fortunately, there are projects like the Burgdorf Packaging API which are working on solving this issue, as well as more top-level solutions like Zero Install, and of course both of these projects could use more support from everyone. :)

have a look at Zero Install. It solves most of the problems you've mentioned.

You mean something like .. i dunno .. like this?

Oooor... like this?

Or maybe like this?

Note that all three have their use cases.
First is programs from repositories (default shipped with ubuntu contains a lot of programs, but you can add your own), and all software installed from this will be automatically updated.
The second is for single programs packaged for ubuntu, which contains a compressed file with all the software (similar to windows, except the package manager keeps VERY good control over the files the program adds, and is much more painless to remove).
And the last one, if you target multiple distros with one installer.

There's also the traditional source code packages, and some more .. special systems, like this.

All in all, there is no reason why an ubuntu user should not find it just as easy or even easier to install/manage programs than a windows user.
And we all know the standard windows installer. Trust us, we know what we're doing! Really!

I find it very disappointing anyway that anything you install on ubuntu is installed as root (at least that is the default way of doing it). Wouldn't it be übercool to be able to install applications as the local user, and drivers maybe as the "driver" user? I still think The Zero Install system is a nice and secure way to install software, and maybe one day we can extend this to install drivers as well, so that root access will almost never be required (a bit like Plan 9, or what SE Linux is trying to do).

I'm sure there could be a simple, elegant technical solution for this, a kind of RSS-type standard for application updates - you could then choose your prefered updater just as you can now choose your preferred RSS reader.

See: Zero Install

And here's the RSS-like feed format.

I'm sure there could be a simple, elegant technical solution for this, a kind of RSS-type standard for application updates - you could then choose your prefered updater just as you can now choose your preferred RSS reader.

See: Zero Install

And here's the RSS-like feed format.

When someone creates a mechanism to do deployments of just the pieces you need to run an app and installing them in an isolated sandbox

I wish people would stop making blanket generalizations. A distribution is whatever the maintainer makes it. If you mean major desktop distributions sure that narrows it down. Also check out Zero Install.

More useful link:

http://0install.net/

"It'd be nice if you could just grab a random .deb (or whatever) file from a website and install it, having it automatically install all necessary libraries even if they're not part of the distribution and without breaking anything I've installed from elsewhere. This needs several things as a starting point: a decentralized package namespace (identifying packages with URIs could work), completely declarative packages (so that software and users can predict what'll happen as a result of installing a package, and so that the installation can be adapted to suit each distro) and the ability to have multiple versions of the same thing -- possibly all from different sources, with possibly-conflicting version numbers -- installed at the same time."

Haven't we got that already?

See also: Decentralised Installation Systems

http://0install.net/tests/Inkscape.xml

It uses the RPM, which works on Ubuntu/5.10 and Debian/testing if you have the appropriate libraries installed:

apt-get install libglitz libstdc++6 libgtkspell0 libgnomevfs2-0 libxslt1.1

You don't need to be root to install this way. Make sure you tick 'Help test new versions', though, or you'll get the previous 0.43 version.

It doesn't have to be that way. When you type 'firefox', you want your computer to run the software from http://www.mozilla.com/firefox. Setting this short-cut (associating this short name with the full URL) should indeed require admin access if it is to affect all users. But, if you let each user store this association themselves, so that typing 'firefox' expands to telling the computer "Run http://www.mozilla.com/firefox", there's no reason why the computer can't be smart enough to only download and store the actual program code once.

See 0install.net for an example of this way of running programs.

You already can: 0install.net. More easily, in fact, because Linux will automatically fetch the dependencies and check for updates. Things have moved on since the days of centralised APT repositories where you have to be root just to install something.

Take a look at the screenshots!

You already can: 0install.net. More easily, in fact, because Linux will automatically fetch the dependencies and check for updates. Things have moved on since the days of centralised APT repositories where you have to be root just to install something.

Take a look at the screenshots!

Good comment. Thanks.

Software install is definitely an issue still. When the software you want is included in the distribution, then the install is easier than on windows. Open up whatever package manager you have, and chose the programs you want, and install them. As a bonus, you seamless updates to new versions for all those programs. But installing something that's not in the repository is a pain in the ass.

I know how to compile stuff, but that doesn't make it any less of a pain. Do I have all the required dependencies? There's no easy way to check, just trial and error. ./configure, look at the error, try to guess what package it's missing, install that package, ./configure again. It sucks. Luckily this problem is being approached from a few angles now. Autopackage (http://autopackage.org/), klik (http://dot.kde.org/1126867980/), and zero-install (http://0install.net/) all look really promising. I've tried klik, and it really rocks. Give it a go if you have a chance.

It's just executable files appearing in the file system, so anything that can run executables can use it (konquerer, shell, etc). I can see why konqueror would be confusing, since it is both a file manager and a web browser.

The example screenshots show ROX-Filer being used, which isn't also a web browser, so it's a bit clearer in that case.

"But, as far as I can tell from that website, Zero Install makes running that software from the web a transparent operation that is almost indistinguishable from running that same software after someone has explicitly and deliberately downloaded and installed it."

Yes, you wouldn't want users to run software thinking they were just following a link in a web page. I've just tried it in firefox, and it just shows the contents of an executable shell script rather than running it.

Incidentally, the injector (next version) does ask users to confirm that they trust the GPG key of a software author before allowing them to run the software: the injector.

Thanks for the plug ;-) By far the biggest problem with Zero Install is simply that it requires a virtual filesystem, and POSIX doesn't provide a way to do this, so we have a Linux-only kernel module. And Linux has a really unstable module API, so we can't ship binaries, which makes it hard to install the system in the first place. But this is not a theoretical problem with app dirs, just a limitation of Linux.

For both Zero Install and the injector, the situation I want to support is:

• Multiple users.
• Sys admin doesn't trust users with root permission.
• Users don't trust each other.
• Two users want to run the same software. This must be efficient.

Current systems make you choose either:

• Inefficient (two copies downloaded and installed), or
• Insecure (second user must trust first user to get and install a good copy).

Readers might like to see the full discussion.

Thanks for the plug ;-) By far the biggest problem with Zero Install is simply that it requires a virtual filesystem, and POSIX doesn't provide a way to do this, so we have a Linux-only kernel module. And Linux has a really unstable module API, so we can't ship binaries, which makes it hard to install the system in the first place. But this is not a theoretical problem with app dirs, just a limitation of Linux.

For both Zero Install and the injector, the situation I want to support is:

• Multiple users.
• Sys admin doesn't trust users with root permission.
• Users don't trust each other.
• Two users want to run the same software. This must be efficient.

Current systems make you choose either:

• Inefficient (two copies downloaded and installed), or
• Insecure (second user must trust first user to get and install a good copy).

Readers might like to see the full discussion.

again, see http://0install.net/ for a good solution to this. Quite brilliant.

ROX (RiscOS On X) which has a filer, window manager and a session manager uses Application Directories taken from Risc OS. This sounds very similar to Apple Application Bundles.

Installation is done by copying the directory, and the first time you run it, it will be compiled. You do have to run it from ROX-Filer for this to be supported (just double-click on the application directory), otherwise you have to run a script inside the directory.

Recently ROX has combined AppDirs with the Zero Install installation method, which uses a caching-remote filesystem. You can run things direct from the server they are distributed on using a virtual filesystem which will locally cache the files.

There are already a lot of applications written for this.

Better link:

0install.net

(yes, ROX is using Zero Install, but they're separate projects)

Why should it give you an error? It should just fetch what it needs itself.

0install.net

Depends how it got there. If it was by extracting an archive, all SUID bits should be cleared by the extractor. Personally, I prefer to use sudo to track all extra privs in one place, and keep all executables on a nosuid partition (/uri/0install is always mounted nosuid, for example).

However, the comment you replied to was "Q: Why aren't user and superuser programs seperate?". Your reply is about one-directory-per-program, not about the separation between /bin and /sbin.

What would be good is binary sandboxing on system level.

Exactly. JWS is Java-only, while much Linux software is written in C, Python, etc. Combine Zero Install with Linux-level sandboxing and you have the same thing, but faster and language-neutral.