Petreley On Simplifying Software Installation for Linux

markcappel writes "RAM, bandwidth, and disk space are cheap while system administrator time is expensive. That's the basis for Nicholas Petreley's 3,250-word outline for making Linux software installation painless and cross-distro." The summary paragraph gives some hint as to why this isn't likely to happen anytime soon.

Autopackage comes to mind

[Simon+(S2)]

Autopackage comes to mind.

from the site:
* Build packages that will install on many different distros
* Packages can be interactive
* Multiple front ends: best is automatically chosen so GUI users get a graphical front end, and command line users get a text based interface
* Multiple language support (both in tools and for your own packages)
* Automatically verifies and resolves dependancies no matter how the software was installed. This means you don't have to use autopackage for all your software, or even any of it, for packages to succesfully install.

Gentoo

[Tyler+Eaves]

emerge

Doesn't get any simpler than that. Come back in a minute to 12 hours (Depending on the package), and *poof* new software. Ditto BSD ports.

Re:Gentoo

[Tony+Hoyle]

Firstly, when gentoo boots you have to wing it to work out how to get online to read the damned thing. Then it tells you to set your USE variables, with *no* documentation about what any of them do (not that it matters, half of the packages ignore them anyway). I also found several factual errors in it (for example stating that files are on the CD that aren't there).

emerge doesn't pick the latest versions of stuff either... you end up installing from source anyway. eg. I need the kerberos enabled ssh to work with my network. I had krb5 in my USE but it didn't build with kerberos. It also built an out of date version. I had to manually go in to the package directory and force it to build the latest version (which emerge insisted didn't exist).. which still didn't build with kerberos, so I gave up on it and ftp'd a prebuilt one from a debian machine.

Also the dependencies suck rocks. I wanted to build a minimal setup and get it working, so I decided to install links. Bad move. It pulled in svgalib (??), most of X and about a million fonts - for a *text mode* browser.

12 hours is also a bit optimistic - On a dual processor machine I had it building for 3 days.. and at the end half the stuff didn't work anyway. Luckily I can get a debian install on in 20 minutes with a following wind, so I got my machine back without much hassle.

Re:Gentoo

[antiMStroll]

Not what I remember. The install docs are on the CD. Alt-F2 to open a second console, then 'less README.TXT' or 'less README' to view the instructions. The last Gentoo install I did was 1.2, so this may have changed.

Correct, emerge doesn't automatically pick 'the latest stuff'. Which distro does? The true route to madness for any distro designer is to insure all the default installs are cutting edge. Forcing a higher version is simple, use 'emerge explicit-path-to-ebuild'. Typing 'emerge icewm' builds the default, tested and solid verion, 'emerge /usr/portage/x11-wm/icewm/icewm.x.x.x.ebuild' builds whichever one you chose. There are other methods as well. On the other hand, if an exploit is found a new ebuild for the package is up almost immediately.

Regarding svga lib, Gentoo has a large number of default build parameters in /etc/make.profile/make.defaults, one of them being svga support. Links with svga support is awesome, and what I'm using to post right now (links -g). To remove it, add -svga to your USE variables in /etc/make.conf . I always do 'emerge --pretend packagename' before an emerge to see what will be installed.

Lastly, something doesn't jibe between your claim of aiming for a minimal install and a 3 day compile. My 192 meg P2-366 notebook took an evening. KDE and OpenOffice (the latter if compiled from source, instant-install binary versions are also available) are reputed to take days on slower machines.

While the Gentoo install and USE variable configs are complicated and well beyond the capabilities of new users, post-installation upkeep is a dream. It's a hard-core distro more suited to geeks and business environments. Sounds to me as if you simply didn't know enough going in.

Matrix Reloaded spoiler in parent

[jeroenvw]

WARNING: Stupid Matrix reloaded spoiler in parent, in the middle of the 4th paragraph

OpenStep / OS X frameworks

[pldms]

Did some of the suggestions remind anyone of the OpenStep frameworks idea?

Frameworks (very roughly) are self contained libraries containing different versions, headers, and documentation. Java jar libraries are somewhat similar.

The problem is that using frameworks requires major changes to the tool chain - autoconf et al, cc, ld etc.

Apple shipped zlib as a framework in OS X 10.0 (IIRC) but getting unix apps to use it was very difficult. Apple now only seem to use frameworks for things above the unix layer.

I suspect there are lessons to be learned from this. As another poster said, evolution rather than revolution is more likely to succeed.

Instances don't really matter for static linking

[Skapare]

Nicholas Petreley writes:

The following numbers are hypothetical and do not represent the true tradeoff, but they should serve well enough to make the point. If libthingy is 5K, and your application launches a maximum of 10 instances, all of which are statically linked with libthingy, you would only save about 45K by linking to libthingy dynamically. In normal environments, that is hardly worth the risk of having your application break because some other build or package overwrites the shared version of libthingy.

Linking libthingy statically into application foo does not preclude the sharing. Each of the instances of application foo will still share all the code of that executable. So if libthingy takes up 5K, and you launch 10 instances, that does not mean the other 9 will take up separate memory. Even statically linked, as long as the executable is in a shared linking format like ELF, which generally will be the case, each process VM will be mapped from the same file. So we're still looking at around 5K of real memory occupancy for even 1000 instances of application foo. The exact details will depend on how many pages get hit by the run-time linker when it has to make some address relocations. With static linking there is less of that, anyway. Of course if libthingy has its own static buffers space it modified (bad programming practice in the best case, a disaster waiting to happen in multithreading) then the affected pages will be copied-on-write and no longer be shared (so don't do that when developing any library code).

Where a shared library gives an advantage is when there are many different applications all using the same library. So the "shared" part of "shared library" means sharing between completely different executable files. Sharing between multiple instances of the same executable file is already done by the virtual memory system (less any CoW).

The author's next point about sharing between other applications is where the size of libthingy becomes relevant. His point being that if libthingy is only 5K, you're only saving 45K by making it a shared (between different executables) library. So that's 45K more disk space used up and 45K more RAM used up when loading those 10 different applications in memory. The idea is the hassle savings trumps the disk and memory savings. The situation favors the author's position to use static linking for smaller less universal libraries even more than he realized (or at least wrote about).

For a desktop computer, you're going to see more applications, and fewer instances of each, loaded. So here, the issue really is sharing between applications. But the point remains valid regarding small specialty libraries that get used by only a few (such as 10) applications. However, on a server computer, there may well be hundreds of instances of the same application, and perhaps very few applications. It might be a mail server running 1000 instances of the SMTP daemon trying to sift through a spam attack. Even if the SMTP code is built statically, those 1000 instances still share unmodified memory mapped from the executable file.

DLL Hell On Windoze

[rossz]

My specialty is software installation. I've written dozens of installers on a multitude of platforms. On the windoze platform, DLL happens for two reasons:

1. No backwards compatibility. All too often, new versions are released that break older programs. Even Microsoft has done this with major DLLs.

2. Stupid installer writers. You're supposed to check the version number of a file before overwriting it. All too often the file is overwritten without regard to the version numbers.

So to overcome these two problems, the smart installer coder would put all the DLLs in a private directory of the application (not in system/system32).

Of course, Microsoft came up with a new system that broke this simple fix. Registered libraries. Instead of using a specified path to get a DLL, you would ask the system to load the DLL (using registry information). The path was no longer considered. One, and only one, version of the DLL was allowed on the system, and there was no feasible way to get around this limitation. Someone came up with a fix. It would have been a major pain to implement and would require cooperation amongst the DLL coders, which isn't about to happen since the lack of cooperation was one of the core problems in the first place.

For a commercial level installer, missing libraries was absolutely unacceptable. My personal rule was to ALWAYS include dependencies in the installer package. This meant the installer was bigger and more complicated, but it guaranteed the application could be successfully installed without the user having to run off to find a missing library. Or did it? No - Microsoft decided that some libraries could not be independently distributed. The only legal means of getting the library was through the official Microsoft installer. And no suprise here, half the time the only official installer for a library was the latest version of Internet Explorer.

Requiring an upgrade to IE is a major problem for large companies. They standardize on specific software and don't allow the users to change it. Requiring a site-wide upgrade of something like IE (or the MDAC package) was not to be taken lightly. Especially when it was dicovered that the required upgrade would break other applications (back to DLL hell).

FYI, when a major customer pays your mid-sized company a couple of million dollars a year in license fees, they can definately tell you they won't upgrade IE. It's our job to come up with a work around. Too bad a measly few million paid to Microsoft wasn't enough to get them to change their ridiculous library polices.

Re:Static linking problems

[dwillyson]

Nice try!
but 1$ -> 45 Indian Ruppes

So you wouldn't be able to hire 1000 Indian programmers with that exchange rate.

Also your racist comments show how little you know about Indian programmers some of who are big names in the American Computer Industry.

Also almost every Indian programmer is well versed with English language and most of them can understand/write better english than you, so you won't have to hire a crappy american undergrad to do the translation work.