Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenPKG 1.0 Released

Posted by michael on from the dependencies dept.

Ralf S. Engelschall writes: "I'm proundly announcing today the release of OpenPKG 1.0, the world of cross-platform RPM-based Unix software packaging. A flexible and powerful software packaging facility, OpenPKG eases installation and administration of Unix software across several platforms. It primarily targets the Unix platforms FreeBSD, Linux and Solaris, but is portable across mostly all modern Unix flavors. OpenPKG was created in November 2000 and after over one year of development it is already a mature technology in production use. It is available as Open Source and is further maintained by both my development team at Cable & Wireless Germany and our contributors. For more details visit openpkg.org and ftp.openpkg.org."

19 of 222 comments (clear)

  1. Congratulations Ralf. by bodin · · Score: 5, Informative

    Let's just say that Ralf is the commited guy for standard packages.

    http://www.openssl.org/
    http://www.modssl.org/

    To say a few.
    He's the guy that wrote mod_rewrite back in the old days. Tough guy.

    1. Re:Congratulations Ralf. by ichimunki · · Score: 4, Insightful

      While I appreciate this work, what I really don't understand is why not work on building a tool that doesn't rely on "packages" so much as it relies on source tarballs that are independent of any packaging system.

      What *I* want (and yes, I am coding this myself) is a system that only knows as much as necessary to get the package from its original source in the rawest form available. Then the system takes the package and builds/installs it using a user account set aside for the purpose of installing non-base software.

      Optimally the package system will help the user write a shareable makefile of sorts and save/share that with other systems that user has and with other users. Then, once the build is done, you zip the build directory back up so that if you should need to work with them again the whole mess is handy.

      At its very best the package system recognizes source sources such as tarballs via FTP and HTTP, but also CVS. And finally some hooks to external information sources (announcement lists, a central log of known changes) so that the user can be alerted to potential upgrades, bug fix releases, and security patches.

      One thing I don't like about RPM/.deb/etc is that they rely way too heavily on a database of what is installed to determine what they will install next. If I don't package my "found" software using the package system, this causes RPM/dpkg to start complaining about stuff it doesn't have that I know it does.

      --
      I do not have a signature
  2. Time loss by leandrod · · Score: 4, Flamebait

    RPM was created as duplication of effort, because Debian wasn't willing to rush a half-baked dpkg. Now it becomes a standard. Reeks to me of Microsoft Windows-like storyline.

    Why not just port and use dkpg, apt and associated tools? They were all created to be portable, and are indeed already used in http://fink.sf.net./, http://debian-cygwin.sf.net./ and the like.

    --
    Leandro Guimarães Faria Corcete DUTRA
    DA, DBA, SysAdmin, Data Modeller
    GNU Project, Debian GNU/Lin
    1. Re:Time loss by Captain+Morgan · · Score: 5, Insightful

      Right... why not judge the two based on some kind of technical merit, like their features? And it would really be nice if the debian people and the redhat people got together and standardized on the next generation package format that they would both be happy with.

    2. Re:Time loss by GauteL · · Score: 4, Insightful

      Why should be judge them on technical merit? Both are perfectly adequate, and even though .deb may be technically better, the main reason for people disliking rpm is the amount of incompetently built rpms available.

      My point is that .deb may be marginally better technically, but it doesn't matter as long as most projects have chosen .rpm, and the cost of remaking that decision is FAR bigger than any advantages.

      I have nothing against debs, I like them. I use Debian a lot. I like it. But there really is no point in advocating that everybody should switch to debs, because it isn't going to happen.

    3. Re:Time loss by mattdm · · Score: 4, Insightful

      I'm not even sure .deb is technically better. There's some things RPM does nicely that dpkg doesn't. (For example, the "one big patch" idea in dpkg means that if you're going to add patches of your own to an upstream package, you need to invent your own structure for keeping your changes distinct, and reinvent it for each package, as far as I can tell. RPM deals with lots of patches nicely, and I think it's one of the reasons that there are so many Red Hat-derived distributions.)

    4. Re:Time loss by ink · · Score: 4, Informative
      So it doesn't automagicly resolve problems, like apt-get does, which is why, having used both, I prefer apt-get.

      For the (hopefully) last time: APT HAS NOTHING TO DO WITH THE PACKAGING SYSTEM other than requiring the package system to know about dependencies. APT works just fine with RPM, just as it works fine with debs and I see no reason why it couldn't work with OpenPKG.

      --
      The wheel is turning, but the hamster is dead.
  3. Microsoft is moving to MSI by yerricde · · Score: 5, Interesting

    The one true package format: setup.exe

    I assume you refer to the standard name of a Windows installer program. Those may become obsolete, as Microsoft and other vendors shift to .msi packages that use the Windows Installer.

    --
    Will I retire or break 10K?
  4. Uses separate RPM repository, no NLS by bojolais · · Score: 4, Interesting

    I notice that an openpkg-installed package populates their own RPM database, rather than using one that may already be on the system. While this may be due to the fact that they need to store additional information that a default RPM4 database doesn't allow for, it would seem to be a horrible inconvenience to maintain two separate RPM databases... even if one allowed you more cross-platform control.

    Also, I thought it interesting that they favor English as the only language used on Unix machines, and chose not to include NLS support in OpenPKG. And they're not even Americans!

  5. Re:hmm... by chabotc · · Score: 5, Insightful

    I don't even know how to begin replying to this, but i will give it a try ;-)

    First off, no this will not work. Due to different system calls, C libraries, different architectures (CPU etc), etc etc packages will never be that portable. Java and other (supposed to be..) cross-platform type programs might have a chance, but normal applicaties will not be.

    So, if a 'package' is not portable, what good will this do me then, you might wonder? Well the thing is, that previously, you had to make a different 'build and package tool' implimentation for every platform you want to compile your program on. pkg/ports stuff on BSD, other pkg stuff on solaris, apt on debian, rpm on redhat & other linux's.

    So this is where OpenPKG comes in. You only need to write the 'build and package tool' implimentation once (a so called .spec file). This 'source package' you can then compile on each different architecture and platform.
    (resulting in a binary usable for only that platform).

    This makes cross-platform/architecture distribution a lot easier, and a lot easier to maintain.

  6. Duplication of Effort is *Okay* by Sargent1 · · Score: 5, Insightful

    I've already seen a number of people saying, "Yeah, great, but why didn't you port an existing system [usually Debian's] instead of writing your own solution? We don't need another package management system." This drumbeat of "don't create multiple approaches" opinion continues to get louder, and as it does so irritates me more and more.

    It's *good* that there is more than one way to do it. I'm glad that open source not only provides for the possibility of multiple approaches (the built-in allowances for forking), it has a long history of such.

    Don't like sendmail? Write a different mailer, and perhaps like postfix it will become popular. Think that the available desktop managers were built wrongly? Try coding one using your preferred approach. Having diverse solutions can help improve them all, as features from one program are pulled into others.

    The OpenPKG folks saw a need and decided to base their solution on RPM. You may not think that was the wisest choice, but they get to choose where they apply their effort. There is no One Approach to bind all open-source programmers, no One Application in any given niche to which all should contribute. One of the beauties of OSS is that I can choose where I wish to contribute.

  7. It's too bad by DaveBarr · · Score: 4, Informative
    There's two main roads to take when trying to develop a solution for this problem. The first way (the OpenPKG way) is to pick a package system and use it across all your platforms. This ensures that your package system will be incompatible with the majority of your systems. (As a side note, it is too bad that they chose RPM on top of this). However, you at least get to use one tool for all the stuff you add.

    The other road is to develop a meta-package system which "wraps" the existing native package system. This ensures the two package management systems don't stomp on each other, and allows you to interoperate with the native package management system (Sun's pkgadd, HP's depot, SGI's inst, etc). As many of us know it can get extremely ugly when a package management system starts getting out of sync with what is actually taking place on a filesystem.

    To put in a shameless plug (I'm only a customer) for some very cool quasi-commercial effort in this area, we use software packaged by The Written Word. (yeah, strange name). Their software is of the latter philosophy.

    I say quasi-commerical because while they sell distributions packaged on their tools for profit (and provide support and updates for their software by subscription, allowing me to concentrate on my normal duties, not worrying about recompiling this and that when the latest exploit comes out) they are actively involved in open standards-based efforts to develop a true cross-platform open package management system. And by my understanding are committed to switching their system to an open standard once it is standardized and of a sufficient functionality.

    Either way, as Debian users know, the important part is not that you pick a good package system. The important part is that you pick a system that is well maintained, so when the next fix for exploit comes out you know that within a short period of time you can run {apt-get,pkg-inst,whatever) and get a working fix installed.

    The biggest problem with many of the other package systems out there (Sunfreeware, Red Hat Contrib) is not that the package system is necessarily bad, it's the fact that the people don't maintain the packages. They're either woefully out of date, or compiled with beta snapshots of gcc or libc, have incorrect or missing dependencies, or simply haven't been tested.

  8. The problem with this... by printman · · Score: 4, Informative

    The problem with this is that is requires the RPM software on all target systems. This won't be popular with a lot of sysadmins because most want to stick with the vendor packaging systems whenever possible so that only 1 install tool needs to be learned and so that dependencies between packages are handled consistently.

    RPM's source-centric view (where you have to rebuild everything from scratch all the time, making development of the initial distributions extremely time consuming) is also a major problem, because a lot of packages take a long time to compile (we have one that takes several hours on older hardware), and you may be testing fixes, etc. that only affect a single executable in your package.

    Anyways, for people that want something a lot more portable and flexible, see my (also free) EPM software at "http://www.easysw.com/epm/". It does native RPM, DPKG, *BSD pkg, System V pkg, IRIX inst, HP-UX swinstall, Tru64 setld, and AIX installp packages, or so-called "portable" install scripts with tar files, all from the same software description/list files. Utilities are provided to automate the building of the list files from already-installed files/directories (the classic RPM BuildRoot stuff) or by intercepting "install" commands, making it very easy to create and/or maintain them.

    --
    I print, therefore I am.
  9. I'll never tourch RPM again if I have too by smnolde · · Score: 5, Insightful
    The first time I typed "make install clean" in the FreeBSD ports tree I told myself I'd never do roothat again or RPMs again.

    Since FreeBSD can run the huge majority of linux applications that I need/want, i have no need to get into RPM-hell again.

    If I need to upgrade a system I use cvsup to apply the necessary patches to my source tree and make the world. If I want to update applications, I cvsup my ports tree and run portupgrade. There's nothing easier and it's very rare anything goes wrong.

    So, why build this OpenPKG thing in the first place? VC money down the tubes. I'll keep my ports and packages, but I'll never run RPMs again.

  10. Why RPM? by Anonymous Coward · · Score: 5, Insightful

    When I started using Linux, there was RPM, but then I found dpkg and apt and have never gone back.

    Last week, I tried FreeBSD for the first time. I was very impressed with the ports tree and pkg_add.

    What would be the compelling reason to use openpkg on systems with package managers better than RPM?

  11. FreeBSD pkg_add by Shooter6947 · · Score: 5, Informative

    How is this new system different/better than the FreeBSD pkg_add? When I want to download an install a precompiled binary I just type (as root)

    pkg_add -r gnupg

    for instance and the binary package gets automatically ftped down, unpacked, and the pieces installed to the correct locations. With thousands of FreeBSD ports already set up, why should I or anyone switch to this new system?

  12. Re:Sounds neat by ivan256 · · Score: 5, Insightful

    Right, and furthermore it's not RPM that's playing catch up to DEB it's the quality of the available packages, and the standardization of versioning. Too many people make RPMs and assume that beacuse it's an RPM it'll work with any version of any RPM based distribution. This causes huge problems when figuring out dependancies.

    The key is to get your packages from one source, where all the binaries are built relative to the other packages in the repository so that the dependancy names and versions are uniform throughout your system. This is what debian does better then everyone else. It has nothing to do with the DEB format, and it has nothing to do with apt either.

  13. Has anyone actually read their documentation? by Florian · · Score: 4, Informative
    If you had, then you would know that
    • it uses a modified, incompatible version of rpm which will will coexist with "normal" rpm in case the OS it includes the latter. (Unfortunately, the OpenPKG executable is called "rpm" as well, but resides in a different path)
    • it builds its own repository/package database separate from the core OS packages
    • it uses its own particular filesystem layout
    • it doesn't provide apt-like functionalitySo OpenPKG does not replace existing package systems, but is meant as a secondary package system for OS-independent userspace tools (thus allowing to share installed packages across different Unix-like OSs). It breaks all Unix/Linux filesystem/compatibility standards, creates headaches by installing itself as a secondary package manager/database, and thus is unlikely to be widely adopted. (Seems rather like a possible solution for sysadmins who want consistent application installations acrosses different flavors Linux/FreeBSD/Solaris).
    --
    gopher://cramer.plaintext.cc http://cramer.plaintext.cc:70
  14. Congratulations, ichimunki by MadAhab · · Score: 5, Informative

    Congratulations, you just described the FreeBSD ports system.

    --
    Expanding a vast wasteland since 1996.