Slashdot Mirror
AutoPackaging for Linux
Isak Savo writes "The next generation packaging format for Linux has reached 1.0. With Autopackage officially declared stable, there is now an easy way for developers to create up to date, easy installable packages. There are lots of screenshots available including a flash demo of a package installation."
No doubt lots of people will have all kinds of questions about autopackage, such as:
- "What idiots!! Another packaging format is the last thing we need!"
- "What's wrong with apt-get?"
- "Everybody should use Gentoo!"
Slashdotters are highly encouraged to read the autopackage FAQ! Our project has existed for over 2 years now, and many people have asked us those questions. In short: autopackage is not meant to replace RPM/DEB/apt-get/etc.
If you have more questions, feel free to come over at #autopackage at irc.freenode.net
We'll be glad to answer your questions
# What is autopackage?
For users: it makes software installation on Linux easier. If a project provides an autopackage, you know it can work on your distribution. You know it'll integrate nicely with your desktop and you know it'll be up to date, because it's provided by the software developers themselves. You don't have to choose which distro you run based on how many packages are available.
For developers: it's software that lets you create binary packages for Linux that will install on any distribution, can automatically resolve dependencies and can be installed using multiple front ends, for instance from the command line or from a graphical interface. It lets you get your software to your users quicker, easier and more reliably. It immediately increases your userbase by allowing people with no native package to run your software within seconds.
# Is autopackage meant to replace RPM?
No. RPM is good at managing the core software of a distro. It's fast, well understood and supports features like prepatching of sources. What RPM is not good at is non-core packages, ie programs available from the net, from commercial vendors, magazine coverdisks and so on. This is the area that autopackage tackles. Although in theory it'd be possible to build a distro based around it, in reality such a solution would be very suboptimal as we sacrifice speed for flexibility and distro neutrality. For instance, it can take several seconds to verify the presence of all required dependencies, something that RPM can do far quicker.
# Why a new format? Why do the RPMs I find on the net today only work on one distro?
There are a number of reasons, some obvious, some not so obvious. Let's take them one at a time:
There are various reasons why a new format was created rather than changing RPM
it's about time there was a system to automatically put submitted links thorugh MirrorDot. This is a prime example; /.ed before 10 comments were posted. sheesh.
-----
Check out the Uncyclopedia.org :
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users.
And they don't handle a number of edge cases too well... What if you want different versions of some software to coexist on the same system? What if you want ten different versions of a library? Yes, these can all be handled by current stuff... but not very well. It's bad enough that when we install software here, we actually get the rpms or whatever and then re-package them ourselves to serve our needs.
A packaging solution that actually works is desperately needed.
The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use. This is something we should be proud of rather than trying to imitate the technically inferior competition.
Developers want to be able to release packages that work on all the Linuxes, not just Gentoo. Not everyone wants to make the fast updates/reliability tradeoff necessary to use Gentoo.
I rarely criticize things I don't care about.
- Frontends to different windowing and desktop systems.
- Able to resolve dependancies even if you installed other software through the source, or with RPM or DEB
- You will be able to download one package and install it on several different distributions.
Essentially, this will be as flexible as tarballs, only they will install easilly, and have clean upgrade paths and uninstall paths. With clean dependancy resolution. It sounds too good to be true, but you can only know it if you try it.Here is the sourceforge link with some more info and downloading.
Your ignorance is infinitely greater than you realize.
Umm, that's what the Linux Standard Base is for. Blame the distro makers and packagers for not following it. After all, the LSB has been out for a *long* time...
Official Gentoo-Linux-Zealot translator-o-matic
.debs can be rebuilt with a handful of commands, my box MUST be faster. It's nothing to do with the fact that I've disabled all startup services and I'm running BlackBox instead of GNOME or KDE."
.rpms together on the command line, and that problems hardly ever occur if one uses proper Red Hat packages instead of mixing SuSE, Mandrake and Joe's Linux packages together (which the system wasn't designed for)."
Gentoo Linux is an interesting new distribution with some great features. Unfortunately, it has attracted a large number of clueless wannabes who absolutely MUST advocate Gentoo at every opportunity. Let's look at the language of these zealots, and find out what it really means...
"Gentoo makes me so much more productive."
"Although I can't use the box at the moment because it's compiling something, as it will be for the next five days, it gives me more time to check out the latest USE flags and potentially unstable optimisation settings."
"Gentoo is more in the spirit of open source!"
"Apart from Hello World in Pascal at school, I've never written a single program in my life or contributed to an open source project, yet staring at endless streams of GCC output whizzing by somehow helps me contribute to international freedom."
"I use Gentoo because it's more like the BSDs."
"Last month I tried to install FreeBSD on a well-supported machine, but the text-based installer scared me off. I've never used a BSD, but the guys on Slashdot say that it's l33t though, so surely I must be for using Gentoo."
"Heh, my system is soooo much faster after installing Gentoo."
"I've spent hours recompiling Fetchmail, X-Chat, gEdit and thousands of other programs which spend 99% of their time waiting for user input. Even though only the kernel and glibc make a significant difference with optimisations, and RPMs and
"...my Gentoo Linux workstation..."
"...my overclocked AMD eMachines box from PC World, and apart from the third-grade made-to-break components and dodgy fan..."
"You Red Hat guys must get sick of dependency hell..."
"I'm too stupid to understand that circular dependencies can be resolved by specifying BOTH
"All the other distros are soooo out of date."
"Constantly upgrading to the latest bleeding-edge untested software makes me more productive. Never mind the extensive testing and patching that Debian and Red Hat perform on their packages; I've just emerged the latest GNOME beta snapshot and compiled with -09 -fomit-instructions, and it only crashes once every few hours."
"Let's face it, Gentoo is the future."
"OK, so no serious business is going to even consider Gentoo in the near future, and even with proper support and QA in place, it'll still eat up far too much of a company's valuable time. But this guy I met on #animepr0n is now using it, so it must be growing!"
It's absurd that you need to enter a root password to do something as simple as install a user-space program - and it's absurd that package mangers only support dependancy checking for stuff installed in the main system directories.
At work, the main directories (/usr, /bin, etc) can only be accessed by the IT guys; but every department has a directory ("/usr/department/engineering", for example) of that memebers of that group can install software in. We have a newer version of Perl in ours. It really sucks that package managers can't help deal with the dependancies in an environmennt like this.
I knew someone would say that. Read our FAQ. Mike posted a part of it below. Please read our website for the full FAQ once the Slashdotting is over.
And we'll be available at #autopackage at irc.freenode.net if you have questions.
Mike setup a mirror of the autopackage website! It's here. The FAQ is also available on that mirror.
By default, autopackage either installs to /usr or to $HOME (depending on what the user wants). If you really want it to use another prefix, you still can. The reason we use /usr instead of /usr/local is because there are many broken distributions that don't setup paths for /usr/local correctly. And /usr is the standard for many/most distributions.
There's a mirror of the autopackage website's information here.
I'm a gentoo user as well, but I'm very excited by Autopackage. The whole reason many people use gentoo is b/c it is so easy to install software. The main problem with that system is that someone has to add it to the portage tree, and if it's not popular enough, it won't get in... with Autopackage you put the installation in the developers hands and you no longer have to rely on your distro to do it for you. I say use Portage/Apt/Whatever for your system/low-level programs and use autopackage for your higher level ones (Firefox, Gaim, GIMP, etc)...Autopackage could finally be the answer many Windows users have been waiting on to make the switch!
"A truly wise man realizes he knows nothing."
yes, but that's not the main problem IMO. Package formats are often tought as the number 1 offender when it comes to inter-distro compatibility, but that's not the main problem. The main problem is that package mainteinance happens at distro-level, instead of developer-level. What we need is to move as much mainteinance work to the developers. It's the number 1 cause of problems: A package in debian may require "libfoo", but in fedora it may depend on "foo" or "foo+randomstring". If all those things would be done at developer level, they'd be more coherent, and inter-distro compatibility would be greater. Package format would be irrelevant.
And this is why autopackage is great. It doesn't tries to replace apt/rpm/gentoo, it just tries to be a good way of distributing software, and encourages developers to create their own "autopackage packages" so they work in every distro
Flash Demo Screenshots
I have to say this is like a godsave for linux. Most layusers will want some easy installation like this instead of using something like Yum (even if it is a GUI front-end to yum like GYUM). This is one giant step towards a viable desktop linux - and I believe that it isn't a replacement for apt/yum/[INSERT YOUR FLAVOR HERE] but uses them under the hood.
Before everyone starts bashing it and says that apt or emerge or whatever they use is the way to go, seriously think about it - one click installation, from a FRIENDLY user-interface, and easy to manage system for installing and uninstalling programs. Now if this were part of the base install on many distributions and some sort of standard was established (seriously, we need standards) I can probably convince my scared-of-Linux-because-it-is-hardcore friends to actually try Linux out.
One format to rule them all, One format to find them One format to bring them all and in the package bind them...
Here's how you fix dependencies in Debian:
#apt-get update
#apt-get dist-upgrade
Badabingbadabangbadaboom. It's done. Happy days are here again.
Knowledge is power. Knowledge shared is power multiplied.
Jesus Gentoo fanbois can be annoying. For some reason, unlike the users of every other distro, some Gentoo users think everyone would be happier with the decision they've made for themselves.
Some people like Gentoo, but some people have serious issues with it. emerge is a decent package manager, but it's attached to a distro that conservative users aren't going to touch. The more conservative distros have package managers that their users are already perfectly happy with, so it's unlikely to be used anywhere else.
I rarely criticize things I don't care about.
I'm presently running Debian. I've briefly played with making my own .deb files so I'd be able to install some of my own things without necessarily completely losing track of everywhere they were scattered. With all of the extra meta files that need editing, the source packages versus binary packages, and everything else, though, the whole process of designing a .deb package looked a bit too structured and complicated for me to bother learning about... at least within the time I was prepared to spend.
If AutoPackage has a straightforward way to generate a simple package, such as from a tar.gz file, I might find it very helpful. What I'm wondering about, though, is how bad does it get when two package managers conflict? eg. Apt and AutoPackage might end up trying to control the same file, get mixed up between what manager is providing a particular dependency (particularly if Apt tries to grab a package that AutoPackage has already installed), or whatever else.
It also sounds a bit of extra work having two sets of commands to manage packages on one system, so ideally (in my world), I guess AutoPackage would wrap around Apt or whatever other manager, and invoke it when appropriate. Does AutoPackage just fight for control when there are conflicts, or does it integrate with other package managers nicely?
The server seems to be very slashdotted right now, so I can't do much reading up on it. Does this sort of conflict thing turn out to be much of a problem?
That's fine for advanced users who can handle the command line but what about the remaining 97% of the world?
"A truly wise man realizes he knows nothing."
I am a SUSE user and yet have to find a program that does not have an rpm I can use. If the writer does not make an rpm, with running checkinstall, I doubt he will be using autopackage.
Using this would mean I need to have TWO things to use. One being Yast, the other being autopackage. Next somebody else does the same thing in a slightely different way and soon I will have a packager for every program I own.
Also its use is slightly more complicated then just doing rpm -Uvh (or for me yast -i, or rightclick on in Konquror)
As an extra, on the install site is says to chmod +x the files. Why not have the binaries already as chmod+x downloadable and if not, why do you need to do it on the commandline when 'sh file.package' works just as well.
Another disadvatage is the fact that houghi@penne it needs some extra code:
houghi@penne : sh inkscape-0.41-2.x86.package
The installation of this software requires some additional support
code to be installed.
Connecting to autopackage.org[130.225.247.90]:80... connected.
HTTP request sent, awaiting response...
Mmm. I can not install, because the site is down.
Did a search on rpm.bone.net on inkscape and copied the link and did 'rpm -Uvh ftp://link
Now what do you think I will use in the future?
Don't fight for your country, if your country does not fight for you.
hahahahahaahhahahaha
hahaha
hahahahahahaha *gasp* HAAAAAAAAAHHAHAHa
Now Debian is my favourite distro by far but I'm never gonna pretend that the package system is solid. Having way to many times been in the position where some little thing breaks and dpkg and apt just choke totally (to the point where I can't install something because I some package is broken and I can't uninstall that package because the damned uninstall-script needs something installed first).
The long and short of it is No, that's not how you "fix" dependencies in Debian. A lot of editing obscure files, handrolling temp replacement packages and so much swearing I need to put a parental advisory sticker outside my appartment is.
For distributing user applications, at least.
There is no earthly reason why a GUI application should scatter files hither and yon across a hard drive, and why installing a program should require some package or installer or whatever.
I cannot believe the hassle that I have to go through to install software on my Linux box as opposed to my Mac.
An OS X application consists of one file--- really a bundle. It is a directory that acts like a single executable file. Everything it needs to run that is not part of the basic OS X setup is in that file.
You don't even need to install the application. You can just run it from its compressed disk image that is still sitting in your downloads directory, if you like. Or you can copy it to your hard drive wherever you like. When you tire of it, you delete it.
Now, "Linux" is not capable of doing this because no one runs just Linux. But there is no reason why, say, Gnome apps can't be distributed this way. If there are technical issues in the way, they need to be resolved. Because the OS X way is better that the Linux and the Windows methods, and ought to be copied.
(ps: I do know that Unix programs are often installed via packages in OS X, as well as software that for whatever reason needs to modify the OS. But these are very rare and approached warily by seasoned OS X users.)
I suspect you are thinking of something like Conary. However ... that said, a distributed and decentralised package management system is what autopackage is all about. Autopackages can resolve dependencies in a manner that does not require large monolithic databases: the packages themselves know where to go to find their dependencies if they're missing (and in future they'll be able to use yum, apt-get etc as well just in case).
Basically the apt-get type model doesn't work too well once you start having say >50 repositories all together, as co-ordinating the overlaps becomes too much of a nightmare. A much less tightly coupled system works better, which is what we have here.
Having applications (as opposed to libraries) installed outside of apt doesn't break anything as they aren't dependencies of things.
"To me it seems like anything that makes it easy for users to install random software off the internet to be a REALLY BAD THING."
This is hardly the point of the project.
The point of the project is to eliminate problems for developers in packaging their software to be able to run across distros.
The fact that it makes it easier to relieve dependency hell is a bonus for those users who want packages not included in their distro.
Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.
If Windows did that, everybody would still be using DOS.
Finally, the notion that it is somehow "evil" to install software from the Net is just stupid. The Net exists to distribute information - and programs are part of that.
Practically everything I use on the Windows side of my machine was downloaded off some Web site or another - and I have several gigs of stuff on my Linux side to explore yet which also has the same origin.
And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)
Users get spyware and other crap from stupid, pointless little programs offered by commercial entities because the user acts like a kid in a candy store when offered something "free". If the users really knew what freeware was about and where to get anything they need, they would be less likely to do stupid stuff like downloading a calendar program loaded with spyware.
While it is true that CORPORATE users should be restricted from downloading any damn thing they see (unless it has a productivity purpose), home users certainly should not be.
Your solution smacks of the paternalism I hate about Windows. You want your distro to control your machine just as much as Gates wants to control Windows users.
Sorry - not acceptable.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Sorry if this sounds insulting, but your attitude seems really narrow-minded and short sighted. The whole reason the computer is such an incredibly useful tool is that it is so flexible and extendable. YOU might manage to get everything you need out of the software included in your distro, but do you really expect the big distros to anticipate every single need of every single user? A lot of people who are not computer experts have specific application needs that the vast majority of users don't share. Should a good distro include a version of GAMESS just because I want to do a theoretical chemistry calculation? Or maybe the people who make distros should assume (correctly) that if I am one of the .0001% of computer users who would want to use that program, I should just go download it myself?
"This may sound elitist of me, but if you can't figure out how to do it now, you probably aren't capable of making that sort of decision."
Yes, you sound incredibly elitist, as if it is impossible to be smart and NOT a computer expert. There is a big difference between knowing enough about one's Linux distro to install a program and having enough common sense to find programs on the internet with minimal risk of installing malware. If I google search for software that simulates microwave spectra of asymmetric top molecules (and by the way there are quite a few) what are the odds I'm going to find spyware masking itself as what I'm looking for?
They won't do "packaging" better, simply it will be better. The developer of project foo may say: "foo version 2.15-b depends on project bar version 1.1 to run properly", and everyone would follow it. Distros still could package themselves in a different way but that won't bee too common, and at that point people may tell "hey, your fedora package don't works properly in debian". My point is that a common package format
WONT SOLVE ANYTHING. Autopackage doesn't solve anything because it's a better format, but because it has a different philosophy. It doesn't matter how good are deb or rpm - they will NEVER work in another distro just because of their philoshopie
Actually, I'll bite on some of his later answers, where, unlike the one to the previous question. he does go through some specific issues he has 'with RPM/Dpkg':
"Other dependencies are not so simple, there is no file that reliably expresses the dependency, or the file could be in multiple locations"
Yes, that's what virtual dependencies / capabilities in both rpm and dpkg provide. As for files moving around, that's what the FHS is for. Got a
But in reality, you don't encounter this scenerio untill you install rpms/ debs on another distro. Big deal: binary packages will always be built against specific library versions. Autopackage doesn't solve that.
"because RPM is, at the end of the day, a tool to help distro makers, they sometimes add new macros and features to it and then use them in their specfiles. People want proper integration of course, so they use Mandrake specific macros "
That's a human problem. You can't fix it with technology. Taking away the ability to have custom macros is a bad thing. Encouraging proper behavior is a better thing.
"Bad interactions with source code: because the current versions of RPM don't check the system directly, they only check a database"
You don't mean bad interaction with source code. Installing from source works fine, provided you know how to make install you can easily reate an RPM of most autoconf apps in about 2 minutes.
You mean bad interaction with non-packaged software. Again, that's a human issue, but one that's been solved better and better over time. Both OSS projects and proprietary vendors including Adobe's, BEAs, Macromedia etc. all release properly packaged binaries.
And frankly, I like having a database. I want to be able to find out what package was responsible for installing a file, and a URL where I can get a new version of the software. I like having a checksum of all my files at install time, so I can see if they've changed later. All of which autopackage doesn't do.
I don't like anything that encourages people to install unsigned applications from the internet, which autopackage does.
"a dependency does not encode any information on where to find it"
Yes, Great they kept that shit out of the dependency isn't it? Because what provides that capability isn't determined by the software. My app needs a webserver. That could be thhtpd, Apache httpd, Roxen, or whatever else. Rather than specifying what package provides that dependency, they simply list the depency. Three of my available packages say they provide a webserver capability. When a new webserver comes out, it will say it provides that capability too. Without requiring a new package of the thing that wants a webserver. Brilliant stuff!