Slashdot Mirror
AutoPackaging for Linux
Isak Savo writes "The next generation packaging format for Linux has reached 1.0. With Autopackage officially declared stable, there is now an easy way for developers to create up to date, easy installable packages. There are lots of screenshots available including a flash demo of a package installation."
Aren't there enough package/software installation formats for Linux that aren't being used enough as it is?
The biggest problem with Linux distributions is that different distributions have different ideas about where things should go: does this file go in /sbin, /usr/sbin, /usr/bin/, /usr/local/bin, or somewhere else? Where do the configuration settings go? /home/*/.config? /etc/profile?
So, does this address the problem? Most software makers would really like to be able to release ONE package for their software and know that it will end up somewhere sensible.
I know we all love to bash Microsoft, BUT, I have rarely seen an installation problem with software written for Windows.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
it's about time there was a system to automatically put submitted links thorugh MirrorDot. This is a prime example; /.ed before 10 comments were posted. sheesh.
-----
Check out the Uncyclopedia.org :
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users.
And they don't handle a number of edge cases too well... What if you want different versions of some software to coexist on the same system? What if you want ten different versions of a library? Yes, these can all be handled by current stuff... but not very well. It's bad enough that when we install software here, we actually get the rpms or whatever and then re-package them ourselves to serve our needs.
A packaging solution that actually works is desperately needed.
Riiight, Gentoo's package system, which is basically a re-implementation of the BSD ports system, is "nextgen"... oh, you fanboys, you're so cuuute!
The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use. This is something we should be proud of rather than trying to imitate the technically inferior competition.
Developers want to be able to release packages that work on all the Linuxes, not just Gentoo. Not everyone wants to make the fast updates/reliability tradeoff necessary to use Gentoo.
I rarely criticize things I don't care about.
Right, installing shit is great on Windows. The suicide hotlines start overloading when you try to remove software.
REM Old programmers don't die. They just GOSUB without RETURN.
- Frontends to different windowing and desktop systems.
- Able to resolve dependancies even if you installed other software through the source, or with RPM or DEB
- You will be able to download one package and install it on several different distributions.
Essentially, this will be as flexible as tarballs, only they will install easilly, and have clean upgrade paths and uninstall paths. With clean dependancy resolution. It sounds too good to be true, but you can only know it if you try it.Here is the sourceforge link with some more info and downloading.
Your ignorance is infinitely greater than you realize.
Seriously. I had envisioned something similar last year but this really takes the cake, or so to speak. I have yet to try Autopackage, but after seeing this, I'm sold. Especially if it works as intended. Cross-distro package management is what we need. Sure, DEB, RPM, TGZ, etc etc are all excellent in their own right, but being able to install packages across multiple distros is what we really need. I for one am impressed. Of course there are a few technical details that I need to learn about as far as cross-distro packaging goes, but it's a step in the right direction in any event.
Linux with kernel panic...
MadPenguin.org
It's absurd that you need to enter a root password to do something as simple as install a user-space program - and it's absurd that package mangers only support dependancy checking for stuff installed in the main system directories.
At work, the main directories (/usr, /bin, etc) can only be accessed by the IT guys; but every department has a directory ("/usr/department/engineering", for example) of that memebers of that group can install software in. We have a newer version of Perl in ours. It really sucks that package managers can't help deal with the dependancies in an environmennt like this.
The idea of storing all software on repositories does make dependencies easier to manage but could you imagine doing it that way in Windows? You have all the overhead of having to centrally locate ALL software on a mirror somewhere. Anytime you as a software developer want to release software, you have to try to get it pushed out to all the mirrors (which you have no control over) in order for people to access it. This idea is also not very friendly to closed source projects.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
Maybe this packaging system works this way (I can't rtfm so I don't know), but one of the things that is easier in OSX than in Linux (especially for the newbie) is that installing software is usually as simple as dragging the application (which is actually a directory containing all of the application's files) to your "Applications" folder (or where-ever else you want to put it).
I do like apt as well, but I've also had some apt-nightmares trying to sort out messed-up dependancies on my debian box.
To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING. Using Linux right now is a pleasure because if you're using Gentoo, Ubuntu, Fedora, Mandrake, etc... you get all your software packaged for you by your distribution. No spymare, no viruses, so adware, no shareware. It all generally works, dependancies are sorted out and managed, it's all a really good system.
Encouraging users to install Comet Cursors for Linux seems to me like a huge step backwards for Linux. I sincerely hope that distributions do not support this or any other system like this one to promote good computing practises and avoid the sorts of problems that plague Windows users. Why do we want to emulate what has been proven to be a terrible way of distributing and using software?
501 Not Implemented
http://bylands.dur.ac.uk/~mh/autopackage.org/index .html
Portage doesn't work as well on Redhat or Debian systems as it does on Gentoo. The beautiful magic of Autopackage, as I understand it, is that one package works for all distributions. The theory is that devlopers will then only have to release one autopackage instead of making ebuilds, debs, rpms and whatever other packages the seventeen thousand faces of Linux are asking for these days.
Jesus Gentoo fanbois can be annoying. For some reason, unlike the users of every other distro, some Gentoo users think everyone would be happier with the decision they've made for themselves.
Some people like Gentoo, but some people have serious issues with it. emerge is a decent package manager, but it's attached to a distro that conservative users aren't going to touch. The more conservative distros have package managers that their users are already perfectly happy with, so it's unlikely to be used anywhere else.
I rarely criticize things I don't care about.
That's fine for advanced users who can handle the command line but what about the remaining 97% of the world?
"A truly wise man realizes he knows nothing."
The package frontends are getting better. But we desperately need better backend apps. The interpackage dependencies are getting more complex, and broken dependency references abound. And we need a structure that represents a further distinction than just source/binary: we need -dev structure, so packages that depend on the headers and config tools of other packages can find them automatically, without having to figure out their (distro-dependent) development package name. For that matter, a single, universal "lib-config" tool that spits back the versions, headers and filesys locations of any library installed by the package client, would really improve productivity and reliability.
The really big leap in backends would be a distributed repository. Instead of just a network of (unsync'ed) mirrors of a single monolithic repository, we need a mirrored or otherwise distributed directory of repositories, each with an overlapping fraction of the current repositories. That will accommodate the bandwidth and storage requirements for installing specific versions of packages, across the exploding Internet userbase, especially as the mirror:client ratio gets worse. Alternate repositories should be the rule, not just the exception.
--
make install -not war
I'm pretty sure autoconf and autopackage are completely unrelated, so for you to judge autopackage based on your experience with autoconf is completely off base.
"A truly wise man realizes he knows nothing."
For distributing user applications, at least.
There is no earthly reason why a GUI application should scatter files hither and yon across a hard drive, and why installing a program should require some package or installer or whatever.
I cannot believe the hassle that I have to go through to install software on my Linux box as opposed to my Mac.
An OS X application consists of one file--- really a bundle. It is a directory that acts like a single executable file. Everything it needs to run that is not part of the basic OS X setup is in that file.
You don't even need to install the application. You can just run it from its compressed disk image that is still sitting in your downloads directory, if you like. Or you can copy it to your hard drive wherever you like. When you tire of it, you delete it.
Now, "Linux" is not capable of doing this because no one runs just Linux. But there is no reason why, say, Gnome apps can't be distributed this way. If there are technical issues in the way, they need to be resolved. Because the OS X way is better that the Linux and the Windows methods, and ought to be copied.
(ps: I do know that Unix programs are often installed via packages in OS X, as well as software that for whatever reason needs to modify the OS. But these are very rare and approached warily by seasoned OS X users.)
Hard drive space is cheap. And so is bandwidth. People on 56k connections can install software from CDs. Don't make things broken for everyone to help them.
Do appfolders (bundles), and if you want the functionality of a shared library, include it in the bundle. Unless it's something like 100 megs. Which it won't be.
If dozens of programs each end up including the same shared code in their appfolders, who cares? Again, hard drive space is cheap, and that's the price to pay for easier system management, and knowing that applications won't suddenly stop working when one of their dependencies has been changed.
Bundles are better.
Seems to me that most users that have actually tried gentoo really like it. I've run small networks of workstations on redhat (2yrs), debian (2yrs), fedora (2yrs), have run a small cluster on the rocks distribution. I made all of these work. They all have their strong points. I've recently switched to gentoo (several months) and find it to be by far the best for experienced admins / technical users. It does seem to attract a lot of kids that want to impress their friends by using an advanced distro. However, the core developers have done thus far a superb job desiging gentoo and it is very stable and capable in the hands of an expert.
BTW, resorting to name calling really only betrays ignorance.
Ciao.
Also, there are no more DMG exploits. There is nothing wrong with having a few XML files around that belong to an application you no longer have, if it it really irks you, or if programs leave behind large caches, there are plenty of pieces of software that will delete preferences and caches that belong to software you no longer have.
Most applications shouldn't need to modify the OS to run, and for that minority that do, OS X still does have packages. This is how haxies and so forth work.
The only valid objection I've seen to bundles is the one about how a user shouldn't be able to install random software from the internet. This is a pretty good point, but I fail to see how that, even in a system that uses an apt repository, you would be able to prevent a user from downloading and installing some random RPM from a website. You would have to have a severely crippled OS.
Bundles are bad. What happens when a major vulnerability is found in a library which is used by a bunch of apps? With shared deps, you just update that and it's fixed. With bundles you have to update every single app.
They present a new piece of Free Software, that is supossed to help the hacker community, and they use proprietary software (Flash) to show the software to the public?. This kind of thing hurts the GNU Project, because it makes people think that using proprietary software is ok.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Having applications (as opposed to libraries) installed outside of apt doesn't break anything as they aren't dependencies of things.
"To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING."
This is hardly the point of the project.
Sadly, that is the point of the project. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.
Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.
I think you mistake the difference between "need" and "want". They are different, you know. So I will tell you that if you are using Mandrake, Fedora, Ubuntu, Gentoo, or any other popular distribution: there are no programs that an inexperienced user *needs* that do not come in their software repositories. Just because you are impatient and cannot wait a few months doesn't make your desire a neccessity, eh?
And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)
Shit, I didn't read that until now. I actually did think you were serious at first. Ah well, you got me.
501 Not Implemented
The thing that concerns me about the DMG exploits, is that they were caused by the fundamental design of the system not simple typos/poor coding practice. Having appfolders integrate with the system by registering file associations/URL handlers silently through the shell seems like the obvious way to handle this stuff in an "install free" environment, though really it's just doing the install at a later time. But it had unintended side effects which were devastating for security.
The problem is, to solve this you either have to go back to some explicit action integrating software with the system, or pile on more hacks to try and solve the security exploits. Apple chose both - Tiger boasts an improved installer, iTunes comes inside a package etc. But the approach they took with Safari reminds me of Internet Explorer: cover up a flawed technology like ActiveX with more and more hacks and security restrictions that somehow always managed to leak.
You are right that most applications should not need to modify the "system" to run. This is the principle behind authentication-less installation, which we only approximate on Linux with the install to $HOME feature in autopackage. Figuring out the exact set of permissions that are safe for installers to have and then enforcing them is somewhat tricky: both Windows and MacOS X are riddled with programs that demand the administrator password which implies that so far, nobody quite identified the sweet spot.
That's fine for advanced users who can handle the command line but what about the remaining 97% of the world?
....of course one might wonder how you got Gentoo up and running in the first place since use must you the command line to even install it.
If you can't handle a command line you probably don't want to be running unverified, alpha software.
Pretty much anything your average joe is going to want IS in portage. The stuff that isn't is generally really specialized, or not quite there yet in terms of features and stability.
Life is too short to proofread.
Actually, swf is an open format and the demo was made with vcn2swf, an open-source program.
get a few corrupted libraries and apt-get is useless. You then have to use the deb tool to remove the corrupt libraries and run apt-get again and hope it works. If not, you may have to reformat and try again.
I've had Debian distros do a meltdown on me doing that, and I followed every helpful guide on the Internet trying to fix it. The Autopackage technology seems like it has a fix for these dependancy problems and corrupt libraries.
Much as I hate to say it, Autopackage seems to add in Microsoft Windows like install and removal abilities to Linux. This is a good thing, because it makes Linux more of a desktop OS that the average person can use without learning how to be a Linux Admin. That makes Linux more popular and maybe more people will switch to it.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Autopackage may be useful in providing a relatively hassle free method of installing applications.
I've been using Linux for quite a while (since 1997) and I think there is room for improvement, I like what I have going and don't need to change.
In addition to my current debian based systems, I've used RPM based distros (come to think of it my file server is limping around on a busted Fedora Core 2 install -- and it still does everything I need it too). One day I'll play around with Gentoo, just to see what all the fuss is about.
In other words I don't think this system will be a great benefit to an experienced Linux user.
Linux noobs would benefit more from finding a distro, learn it break it fix it. Than some newfangled universal wonder, that could cause confusion as to where the problem may be. (is it the distro? is it the package? is it me, or something I've done... fear panic... Oh well, I'll just go back to windows.
Some developers will benefit. But I'd guess that most GPL'd and open source devlopers have already got their groove on.
HMM... PROPRIETARY... maybe. I'm sure all of hardware manufactures with their trade secrets would love to have a package system that keeps their stuff locked up in a tidy cell.
This could be good: the more stuff that comes to Linux, the more stuff we can play with.
This could be bad: this free software stuff came into existance because Richard Stallman (as the story goes) wanted to make a simple tweek to a printer; this could help to bring that wonderful creation back to where it all started.
I'm not into Linux for the free stuff I'm into it because I love feedom.
"What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. "
.exe, so you either have to be lucky that they not only have a linux version, but the right rpm for your specific distro, or you can get messy with hopefully clearly mentionned commands on the commandline - which defeats the purpose of having a GUI somewhat.
You can say that again. In fact, this has exactly been my gripe with linux, including the so-called user-freindly distro's.
Apt-get, rpm, whatever - but if you are just browsing the Net and want to install something it's a real PITA, with Linux. There is no equivalent of an
I have recently have another try at linux, but I just had to give up: while the installation of the OS itself went very well (impressive, even), the real problem was getting applications installed and working. when apt-get or urpmi or whatever doesn't have what you want, or fail for some reason, you just can't do shit, as a joe doe newbie.
Linuw really isn't ready for prime-time on the desktop, that's my honest opinion. But, maybe through projects like these, which *really* try to give the same klick-and-install ease of use, it might finally get there.
--- "To pee or not to pee, that is the question." ---
"I fail to see how that, even in a system that uses an apt repository, you would be able to prevent a user from downloading and installing some random RPM from a website. You would have to have a severely crippled OS."
It's pretty simple: if the package isn't signed by someone you trust, refuse to install it. This has the been the behaviour in up2date since it was created, and yum does the same thing. I'd be very surprised if apt/get (at least on systems where package signing is expected) didn't do the same.
RPM itself, when used directly, currently throws up a warning if a package isn't signed by someone trusted, but (uunlike up2date / yum / etc) still installs it. This behavior may change in future tho.
"Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath, ./configure; make; make install is too much shit for a user -- and then how to uninstall? Keep the source directory there forever? "
Agreed. But how is using 2 package sytems (as the autopackge author recommends) with a weird distinction between what's installed in your current distro and 'third paty' apps easier than:
1). Putting a link to 'Synaptic software installer'
2). Having them browse for their app or simply type its name.
3). Letting them click OK as the app and its dependencies are downloaded and installed for them
?
OK, I don't know much about Mac but I have to call bullshit on Windows there. Windows packages are constantly rolling their own "common" DLLs, with slight differences, overwriting identically-named DLLs from other packages and clobbering that package's symbols. "DLL hell" wasn't just a clever assonance someone came up with.
All's true that is mistrusted
For your second problem:
..)
try debian or derivats (ubuntu,
Software installation is easy with apt-get because it installs all dependencies automagicly.
If you dont want to use the commandline, use a graphical frontend.
Nuff' said.
we need an "-1 Plain wrong" moderation option!
OS X handles this at runtime. i.e. You can install the software, but the folder contents contain enough information for the OS to give you an error message when you run it.
Linux does that too, obviously (as in 'library xyz not found'), but that is considered unacceptably bad. The whole idea with dependencies is that they can be resolved by the installation program.
Under OS X (and to a certain degree Windows), developers always know which libraries they can always depend on, and which ones they should bundle.
So if a third-party app uses libpng (something not bundled with the system, I'm just making it up here), and two other third-party apps does too you will have THREE installed libpng on your system? And three programs you need to update?
And to top it off, no program for you to keep track of when libpng needs updating. Ouch...