Zero Install: The Future of Linux on the Desktop?

SiegeX writes "Zero Install ,which is apart of the ROX desktop environment is not just a new packaging system, it's a whole new way of thinking; a way that I believe is exactly what Linux needs to become a serious contender for Joe User's desktop. Zero Install uses an NFS to both run *and* install apps from. The apps are all self-contained in their own directory; binaries, docs, source code and all. Once the app has been downloaded its kept in a cache from that point on to minimize delay. The beauty becomes apparent when Zero Install is combined with ROX which runs the application by just clicking on the directory it was installed to. Deleting the application along with all the other misc files is as simple as removing the directory it's contained in. This method of partitioning applications in their own directories also allows installing multiple versions of any application trivial. This is something even the greatest of technophobes could understand and use with ease."

Re:waste?

[JaredOfEuropa]

To me, it would be better to have to package load onto the HDD, and if there are any missing libraries, have that go and fetch them as well.

That's exactly what is happening: the software is cached. From their website: "I've only got dial-up; can I still use Zero Install? Yes! Run each program you want while on-line and it will be cached. When you're off-line, the cached copy is used automatically."

Re:apps contained in their own directories....

[Ummagumma]

No, actually, not at all. Most programs on your windows pc that are 'installed' into Program Files still have obscure registry entries, and may require dlls and such in the \winnt and \winnt\system32 directories. You cant just remove a progam from the 'Program Files' folder, and have it gone.

Yes

[mrsev]

This sounds great. Im no linux guru and the hardest thing I find is to install a programme that requires other files but one version is required for one app and the other for another. In this age disk space is trivial and stability and ease of use much more important. Granted many people like tinkering with their systems but for me I just want to get my work done..(and then play games).

This is also what Microsoft is trying

[Koyaanisqatsi]

Flame as you want, but .Net assemblies not published to the GAC (Global Assembly Cache) are exactely like that: all of the application files are kept under a single directory and all you need to setup the app is a "xcopy" of its files.

Delete the directoty and the app is gone.

This is here now, and altough .Net still have to catch on into the desktop, it is very much real on the server side. Gotta love it!

User settings storage in win32

[tepples]

It's still very much like this in Windows, in fact, with the "Program Files" directory often containing everything (although "Documents and Settings" is becoming more used for user settings storage). Personally I like the idea. I've always been confused trying to locate various files which belong to a single application in *nix.

Most *n?x apps seem to store all the per-user settings in a dot-file or dot-folder in the user's home directory. In Windows, they're often strewn about in at least three places: C:/Documents and Settings/Me/Application Data/, C:/Documents and Settings/Me/Local Settings/Application Data/, and HKEY_CURRENT_USER in the registry. In addition, a lot of the apps I have installed on my Windows 2000 machine came bundled with peripherals, where the app and a device driver came as part of the same install, the app in C:/Program Files/ and pieces of the driver in various folders in C:/Windows/.

How does Rox handle it?

If you have Knoppix try klik

[bfree]

In the last few months klik came into being. klik is a point and click software store for Knoppix which uses AppDir (quoting from the architecture description):

Mainly a philosophy about making each app package "self contained" (at least relative to some defined base system, Knoppix in our case).

If you have a recent (say from last November or so) version of Knoppix fire it up and give it a go! You can even install software while running from the liveCD and retain it in a persistent home.

Similarities to Archimedes

[pigpogm]

This sounds to me as though it has some similarities to the way the old Acorn Archimedes used to work (What? Oh, it was quite big over here in the UK ;)

An 'application' looked like a single file that started with a '!'. It ran as though it was one file, copied and moved as though it was one file. If you used a modifier to open it (Ctrl-click, or something similar), though, it actually opened up as a folder. The app was really made of a number of files - the icon that the application/folder would have, the actual programs, any config files, a script that was run when the program was launched, and another script that would be run as soon as the OS 'saw' the app.

Part of the config would tell the OS what file types the app could handle, so as long as the app had been 'seen' (ie, it's parent folder had been opened), the filetypes would be recognised until the next reboot.

It's not quite that simple

[SuperBanana]

Apple has had this for years going back to the old System 9, 8, 7, etc

Actually, it hasn't. Ask any Mac pro; applications started making "library" files that went into the System folder(or worse, programs like Norton Utilities insisted on putting libraries into the Extensions folder, which was not what Apple told developers it was for). Apple caved in and 9.x started sprouting "Application Support" folders, a "Libraries" folder, etc. Developers just couldn't wrap their brains around the single-file, applications-don't-mess-with-the-system-folder model. Often times, commercial programs would blatantly disregard Apple's filesystem guidelines. Often times extensions has such weird names, Cassidy&Greene developed an extension manager with a database of all the known files so you could figure out what the hell stuff was.

While you tout OS X as better than Linux or Windows, as an experienced long-time Mac user I saw OS X as a step down from the old MacOS with regards to filesystem simplicity. Applications now install stuff into zillions of different places. Virtually none of their installers ask if you want to install just for your user(ie using your Library, Application etc folders), or install system-wide(a few- VERY few- do). Application installers that have no business needing my password ask for it; why does Acrobat reader need sudo to install itself into Applications? Answer- it doesn't, but it's probably saving some prefs file somewhere it shouldn't.

Even worse...you can install packages using a "package system", but Apple will be damned if they'll give you a way to UNINSTALL a package, system or otherwise. Want to remove all the localization crap you forgot to turn off during system install? You have to download a third-party app to remove almost a gigabyte of files from your system, instead of just going into a "Software" panel and clicking remove. Windows has had it for years, with its only flaw being that it calls the developer's uninstall program, which often times doesn't work, especially if you've deleted the app folder but nothing else.

Another side effect of the multiple-files problem is added complexity; the # of files in the filesystem has ballooned enormously, because instead of an application being one big file with a resource fork, it's now at least 3 folders, and often times hundreds(or even thousands) of files. Moving an application used to be easy- you moved one big file, the Finder just did a straight copy very efficiently. Now it has to copy hundreds of small files, so it takes forever(and amusingly, copying just a bunch of raw non-app files takes about 5 times longer in the Finder than it does via cp or ditto).

Don't get too uppity about not having a registry. OS X uses a number of preference files, and even though they've changed to XML and the like, users are seeing the same problems with OS 9- corrupt preference files causing odd behavior. Remove the naughty pref file, things start working again. There are now third party utils that specialize in checking these prefs; if they can do it, why can't it be part of the bootup process?

Oh, and lastly- Apple has made it even more difficult to make a boot disk for your mac to do disk maintenance. It used to be you just copied over your system folder, removed all the extensions, control panels, prefs, etc you knew you didn't need. Now? You need some stupid shareware program to do it, and half of 'em still haven't been updated for 10.3.

Clearing up a few things...

[tal197]

I'm the author of Zero Install (and much of ROX) so I'd better clear up a few points here.

The main one is that there are actually two installation systems being discussed in the article:

1. ROX uses application directories (bundles). That means that instead of downloading gimp.tgz and then copying the files inside it all over the place (/usr/bin, /usr/share, etc), they stay in a single directory and you access them from there. That allows drag-and-drop installing, and uninstalling by deleting the directory.
2. Zero Install is a caching network filesystem, where all software is available at a fixed, globally unique, location (like web pages).

ROX application directories can be made available via Zero Install. In that case, running the application is a lot like running a program from a network share (but more aggressively cached). Or, you can DnD them onto your local disk manually (without Zero Install).

You can also use Zero Install for non-ROX type applications.

Secondly, when we say that application directories are self-contained, we mean that a single .tgz download corresponds to a single installed directory. Application directories can (and do) still depend on shared libraries (possibly other application directories).

Without Zero Install, after installing an application by drag-and-drop, running it may tell you that you need to install some other library before it will work.

With Zero Install, the application just tries to access it from its fixed location (URI) and it gets fetched.

Re:Could there be a difference here?

[expro]

I install Mozilla on OSX. It says, rather than using an install program, I should just drag the icon into a directory, such as the applications directory, making it writable by any unprivileged program the user may execute.

This is not unlike I have seen for other programs for Mac as well.

When I try to take the initiative and protect these directories, the programs often stop working, because the program writes these directories when run by the user.

I am told by admins that program directories on OS X should generally be made user-writable.

When I do a default install Eclipse on OS X, it places the user workspace underneath the Eclipse program directory, not naturally leading to program directories that are not virus writable. I run it on Linux, and the workspace is separated from the program directory off of my home directory, and the eclipse stuff installs nicely into a protected area.

Re:I thought we wanted people to reuse code?

[tal197]

Talk about encouraging waste.... The article states:

The apps are all self-contained in their own directory; binaries, docs, source code and all. * * * This method of partitioning applications in their own directories also allows installing multiple versions of any application trivial.

What happened to the idea that we wanted programmers and users to share libraries and code? To solve rather than avoid dependancy problems?

Applications are self-contained in that everything from a single package is in a single directory, rather than being spread over /usr/bin, /usr/share, etc. They can still depend on other packages.

Without Zero Install, this means that although installing an individual package is quite easy, you may then have to install dependant packages in a similar fashion. With Zero Install, you get automatic dependancy resolution and freedom from install scripts.

Re:This sounds perfect...

[tal197]

Are you all guys seriously claiming that first
a) finding right foo for your system,
b) downloading foo,
c) knowing where it went,
d) knowing where to drag it,
e) actually dragging it

is simpler than cryptic
a) "install foo"?
[ b) enter root password and hope it doesn't mess up your system ]

a) You don't have to find the right version for your system, just run the application. It will try to access the appropriate binary and that will get cached.
b) Downloading happens automatically, just like viewing a web page through a web cache.
c) It goes in the cache directory, whose structure mirrors the URI scheme (eg /var/cache/zero-inst/gimp.org/bin/gimp). You shouldn't care though, any more that you care about the structure of squid's web cache.
d) Drag it where you want it. On your desktop, panel, start menu, etc.
e) You could just run it where it is, without creating a short-cut at all.

Re:This sounds perfect...

[tal197]

Everybody here is oohing and aahing but let me go on the record as saying that this is actually a BadIdea (TM). Why?

Sorry to spoil your arguments, but each of your starting assumptions is wrong ;-)

• It does use shared libraries, so just upgrading libxml will do, same as usual.
• User data isn't kept inside the applications. The whole /uri/0install filesystem is read-only anyway.
• Configuration isn't inside either.

Just a bad idea taken to it's expreme.

If you could point me to the places on the site where you got your information, I'll try to fix them / make it clearer. Thanks.

Re:Screw drag & drop

[be-fan]

Most people don't want to learn a new packaging system.
With APT, they don't have to. They just have to be able to double-click on the program they want. I've seen lots of Windows users who love the concept and wish Windows had it.

The problem with Apt is it relies on someone else saying 'oh, that's great, I'll make some debs.'
Isn't that true for installers as well? Somebody has to make those too.

And it only works for someone with Debian or a Debian-compatable system like Lindows, Xandros, Knoppix, et al.
Ximian has a nifty tool called Build Buddy that automates the process of generating packages compatible with not just RPM and DEB systems, but Solaris and HP-UX package managers too.

Additionally, to install a deb you need to be root.
This needs improvement, yes.

Re:Potential for unpublishing apps?

[tal197]

But one thing I wonder about Zero Install: what if you launch an application, it needs a piece that you don't have cached, and the server hosting it is down? Is it possible for a maintainer to unpublish an application?

Zero Install can download from mirrors, peer-to-peer, etc, provided it gets the master index with the GPG signature from the main server.

If you want to get the master index from a backup server, you need manual intervention (root needs to indicate that the backup server can be trusted).

However, since the signature part is small (about 1K), a single trusted backup site (debian.org?) could easily host every index in the world. The rest of the data can come through peer-to-peer, etc.

Re:What about security?

[tal197]

If just running an application can send it stalking over the Internet downloading and installing libraries, what happens to security? Or is this automatic install only for objects on the LAN repository?

System security? Nothing. All code runs as you. As for your own security, it doesn't allow any attack that couldn't have been done without Zero Install too.

Reducing the security risk from traditional installation systems (APT, RPM, etc where you're running a downloaded install script as root) was an important goal for Zero Install.

See The Zero Install system

Re:static or what?

[Afrosheen]

Here's the difference in a nutshell.

Statically linked binaries include all the libs and dependencies along with the binaries used to actually 'run' the program in one fat package. Depending on what it is you're packaging, it can add a shitload of weight to the package.

Dynamically linked binaries expect your system to contain dependencies already. They have the benefit of giving you a small, tight package but don't always work right away. IE you, the user, have to hunt down packages it needs or apt or rpm has to handle that for you.

It's a trade-off either route you choose. Statically linked binaries add bloat but usually work great without user or system intervention. Dynamically linked binaries are smaller and bloat-free but depend on you, your package manager or something else to make sure it works.

The typical stance of developers has been to build good packages that are small and dynamically linked. After all, what's the point of having 20 copies of a common system library that you may have had since your OS install? That's just bloat. Ultimately, the best developers, in my opinion, give you the choice when you go to download. Click here for static, here for dynamic.

Re:Well duh...

[deblau]

The /bin, /lib, /usr structure has to go.

This kind of proposal about scrapping the current directory structure has been discussed ad nauseum on the Filesystem Hierarchy Standard mailing lists. Here is the Standard Rebuttal against scrapping /bin and /usr/bin:

With each app in its own directory, your $PATH becomes a mile long, and too difficult to maintain.

You can't have your cake and eat it too. Some have suggested the use of symbolic links in /bin and /usr/bin, but then you run into this Standard Counterargument:

Different application packages can have identically-named binaries. Upgraded packages always have the same binary names.

The best combination seems to be symbolic links to the most recently-installed apps, but overriding your $PATH in ~/.bash_profile for legacy versions.

The Standard Rebuttal against scrapping /lib:

Apps which depend on other apps for libraries won't know where to look. This is especially true if each installed version of a required app is stored in its own numbered directory.

Another argument involves the use of 32-bit vs 64-bit libraries. Best practice seems to be making copies of the most recently installed libs in /lib and /usr/lib, and using environment variables ($LD_LIBRARY_PATH, e.g.) to run older apps.

Rebuttals for getting rid of /usr (i.e., having a One (Partition) Size Fits All approach):

#1: Some boxes have read-only disks for security (CD-ROM firewalls come to mind). Now you can't install new applications.
#2: You have one 100GB partition and you get a power spike. Now you have to wait for the fsck to finish before you can troubleshoot the damage.
#3: You're in a diskless environment with centralized, NFS-mounted applications. With no /usr, you have no suitable mount point.

#3 is especially common in large enterprise and government environments. If you've ever talked to someone who admins 1,000 desktops for their department, you'll know what I mean.

On the mailing lists, the use of /package (or /pkg) also has been discussed ad nauseum. Keep in mind that the filesystem hierarchy is designed so that non-local (commercial) packages don't step all over each other when installing. Local (enterprise) software installation can happen wherever the hell you want it to, as long as it doesn't have to play nice with COTS software.

Executive summary: you can run whatever directory structure you want -- I won't stop you. Just expect to hear lots of complaints from your developers and sysadmins. The reason things are the way they are is partially due to industry inertia, but mostly due to the fact that they just work better that way. If you don't like it, go contribute.

Libraries, Preferences Other Issues. (my mini FAQ)

[spun]

Seriously, this rocks. Yeah, yeah, sure. Other projects have done things like this before. But I love this idea even more than Gentoo's system, which also rocks. So I read some of the site to try to answer some of my own first asked questions.

Q. Do I have to add a bunch of crap to my $PATH?
A. No, you just use a shell that is application directory aware, and it will find the binary just fine if the application directory is in a directory in $PATH.

Q. Will it let me recompile critical applications, either to patch them or optimize them?
A Sure. Keep three different verions of Apache around, one with mod_perl, one with mod_rewrite, another with mod_php. Optimize for your new Sexium X CPU. Turn on full foo support, even though it's not recommended!

Q. What about apps with hardcoded pathnames?
A. Edit and recompile. HAND.

Q. What about libraries?
A. (From this page on the ROX Application directory system.) Applications link to libraries in /uri/0install. If the required version isn't there, then instead of reporting an error (as traditional applications do), they run 0refresh. Software can be uncached when it hasn't been accessed for a long time (eg, months or years). If it's needed again, it gets refetched.

Q. What about versioning?
A. You can keep different versions of an application around in different directories. I couldn't find any information regarding library versioning. Hopefully libraries in /uri/0install have directories by major version number, and ROX applications are linked correctly. Prepare to have much fun with compiler and linker flags finding all your include files and libraries when you convert your application to ROX.

Q. DND Saving? What's that?
A. Rox aware apps support dragging files from a save box to a directory in a file browser to save. Finally, someone does this right.

Re:Why I dislike about installing softwareunder Li

[Davoid]

RPM does have this ability:

rpm -ivh --prefix ~/whatever packagename.rpm

That only works IF the package is "relocateable". Some packages, quite naturally, are not but most apps will (or should) be.

-DU-...etc...