Slashdot Mirror
The Future of Packaging Software in Linux
michuk writes "There are currently at least five popular ways of installing software in GNU/Linux. None of them are widely accepted throughout the popular distributions. This situation is not a problem for experienced users — they can make decisions for themselves. However, for a newcomer in the GNU/Linux world, installing new software is always pretty confusing. The article tries to sum up some of the recent efforts to fix this problem and examine the possible future of packaging software in GNU/Linux."
Why do I have a sneaking suspicion that the solution will be to create a sixth way of installing software, which will also not be widely accepted throughout the popular distributions?
Seriously, drag-n-drop installation rocks.
Cemil.
For those who don't TFA: There are currently at least 5 popular ways of doing it:
1) Installing directly from source code,
2) Ports-based installation (where the source packages are held in a repository and can be automatically downloaded, compiled and installed), like BSDs ports of Gentoo's portage,
3) Installing from distribution-specific packages like different versions of RPM, DEB, TGZ, and other packaging formats,
4) Installing from distribution-independent binaries (most proprietary software is delivered this way),
5) Using another distribution-independent system like autopackage, zero-install or klik -- none of them gained a significant market share so far.
And that is ... define the requirements that the next generation package manager should have.
That way there is no need to worry about "replacing" the existing systems. You can instead focus on evolving them to meet the requirements. Even if each distribution/project takes its own path to get there.
#1. It must make installing new software as easy as it currently is with apt.
#2. The same for upgrading the software.
#3. The same for removing the software.
#4. The same for handling dependencies. Including the order in which dependencies must be installed.
#5. The same for validating the installed software against the original software (checksums or whatever).
#6. The same for re-installing the software over the existing installation when you accidentally delete or over-write something.
#7. The ability to point the updater at your own repository or multiple repositories.
#8. The ability to recompile (automatically) any software that you install for your specific hardware.
Anything else? Yeah, I know most of this is already handled with apt. But that's what I'm most familiar with. I keep seeing all the articles about "problems" but I don't seem to run into any problems on my server or workstations (and I'm running Feisty Fawn on my workstation).
Then realize you're basically accepting that Linux will never make a significant dent in the Microsoft+Apple consumer desktop market. You may be able to compile the source code, the rest of us either don't know or don't care. Either Linux is going to be a OS for users, or a OS for geeks. It can't be both because geeks will try to escape a OS too user-centric, and users will escape a OS that resembles the inconsistency caused by groups of splintered geeks.
Debian and Ubuntu don't even get a mention on what they DO use? This article makes it sound like RPM is THE package management system. Give me a break, at least a mention that a similar package approach (and more successful IMHO) is used by the Debian etc.
We have apt and *.debs
I'm not in the mood for a holy war right now, but for fucks sake, Debian perfected package management a decade ago.
perpetually dwelling in the -1 pits
Most users don't know what compiling software is, let alone how to do it. While having the source available is absolutely a good thing, there needs to be an easier way for new Linux users to install software. With so many different formats, some specific to some distributions, some to others, and so on, it's almost impossible to keep track - if Linux is to gain more share on the desktop it needs to be more accommodating to new users, and the current situation frankly isn't.
And tomorrow the stock exchange will be the human race
The hard part, as I see it, is dependency management for upgrading software.
Eventually, with RPMs, for example, I end up getting to the point that I have to force something, which shouldn't ever really have to happen... but it does.
500GB of disk, 5TB of transfer, $5.95/mo
The problem is not that everyone is willing to accept a solution that sucks, the problem is that the current solution of integrated package management rocks.
All I need to do is search for something in the package manager GUI, click the its checkbox, click "apply", and I'm done. It's even easier than downloading a dmg, because you've got to go out and find that dmg on the publisher's website, or versiontracker or whatever. I simply express a desire for that program to be available, and then downloads, installations, updates, etc are all handled by the package manager. This even works for proprietary software (eg I have Nvidia's binary drivers, Adobe's Flash and PDF reader, VMWare Player, etc installed through my distro's package manager).
The best solution is for the vendor to supply whatever they're going to supply in a tarball, and then let the maintainers figure out what the dependencies and so forth are.
I rarely criticize things I don't care about.
#9. Good point. Being able to easily roll-back an "upgrade" that didn't work would be a very nice feature. So I've marked this as number nine.
...
In fact, Ubuntu might be switching to the Smart Package Manager http://labix.org/smart/faq which seems to support this functionality.
I also left out
#10. Mark packages so that they will NOT be upgraded. The same as I can do with apt.
Well, they all involve a long list of available programs you could choose to install (plus dependencies, etc.) Granted, some have meta-package choices, e.g. "workstation collection", but past that, it comes down to a dumfounding-to-newbies long list of packages whose developers tried really hard to come up with a clever acronym, name it after their favorite band/old Norse god/tropical fish's Latin name, etc., rather than something that gives some clue as to what the program actually does. Personally, probably the most off-putting thing my first time installing a Linux distro (besides hardware configuration, which has gotten much better since then) was a package selection dialog with thousands of entries like:
.deb, or what-have-you (provided the installation doesn't barf)
GRAPPLE - GNU Remote Authenticated Potato Peeler Library for Emacs
If the chosen package manager cleans that up, or at least moves it from Big Long List to the more fine-grained categories a la download.com, the first-time user isn't going to care whether the package is a tarball,
Caveat Emptor is not a business model.
up2date (front end for RPM) includes the option ("5. enableRollbacks yes/no"). RPM supports rollbacks, config files would be saved as [filename].rpmsave or [filename].rpmnew depending on exactly what you are doing.
Either Linux is going to be a OS for users, or a OS for geeks.
Exactamundo!
Maybe this makes me a heretic, but I don't think that Linux should ever try to become a mainstream user OS. A part of the allure of linux is that it is hard. The learning curve makes users feel like they've achieved something by becoming proficient.
If you made a distro, how would you prefer to spend your time? Would you rather deal with "XYZ_lib_devel is out of date, we need a package for the new version." or "How do I get AIM, ICQ and Yahoo messenger to work?", "WTF is this GIMP thing? Is it like pulp fiction?" and "How do I install MS Office on this"?
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Why, oh why does everyone always have to gripe that "distro x doesn't do things the same way as distro y?"
Linux, unlike proprietary, closed source software is about choice. That's what I LIKE about Linux--I can choose the way that I prefer, be that how to install packages, which desktop environment to use, which CLI shell to use, if Linux boots into a CLI shell or if it goes straight to X-Windows, etc.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Look. If you want mainstream acceptance, then appeal to the mainstream. THAT is what will determine the best distro.
One of the previous episodes of Drawn Together put it best:
Spanky (to the TV Reviewer): No wonder you hate the show so much. You're everything we make fun of! You're a Jewish, conservative, pro-life, born again, overweight, Asian, homophobic lesbian broad who cuts herself!
Reviewer: So?
Spanky: So, maybe someone who doesn't happen to be a Jewish, conservative, pro-life, born again, overweight, Indian, homophobic lesbian broad who cuts herself might not be offended by our show.
Reviewer: I have every right to tell people what I think of your show.
Spanky: Yes! But people should know you're not our audience, asshole!
You aren't making an OS to appeal to the guy in the cubibicle next to you in the CS class in college. You're making an OS, by your own claims basically, to overthrow the evil overlords (AKA Microsoft, if you ain't got it yet). So why is this STILL a debate today?
Keerhist, I'm a furry artist, and even I recognize the concept of a limited market margin, but I don't spend my time in debates and having epileptic fits or Tourettes outbreaks in order to try forcing non furry fans to accept what I draw. Jeeze.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
Checkinstall http://www.debian-administration.org/articles/147
It's not the answer to all issues regarding installing from source
Any suggestions on what would make them even better?
You padded the Mac list with the following:
Your Debian list conveniently leaves out having to click the KDE start menu, fire up a Terminal window, type in the root password, waiting while the package manager goes through dependencies, etc. What a phony comparison of steps. I could just have easily reduced OS X's step to one line of "Drag app icon to Applications shortcut" in the same the way you reduced Debian's steps.
"Sufferin' succotash."
You're making the somewhat dangerous assumption that a general policy of "one sizs fits all" is what the Linux user base both wants and needs - this is entirely incorrect.
For example, as an experienced Linux user, the last thing that I want is a single, binary-packaged method of distribution of software. I use a source-code based distro called Gentoo which means that I get to compile the stuff I run my way on the basis that, if something goes wrong with compilation (as it does sometimes) then it's up to me to try to work out why. But the advantage is that I get to optimize all my applications the way I want to, all of them (hopefully) linked nicely to system libraries as they should be.
Sure, this isn't the way Joe Public wants it but then if he wants something simpler then, great, good luck to him - use something simpler. I've used Ubuntu a couple of times and this seems to heve a pretty good package management mechanism which I guess is based on the Debian system. (Please don't flame me if I'm wrong here, BTW, but Gentoo is the only Linux I really use these days so I fully admit to not being up to speed on other package management methods.)
I have always wondered why bright minds, working for "free" and able to produce an OS that is giving corporations with big budgets a run for their money, cannot agree on how best to package software. To many users, we in the Linux world are still a bunch of jokes.
This has absolutely *NOTHING* to do with "agreeing" to anything and you have totally missed the point of Open Source. Open Source is about a single or bunch of programmers thinking that they have a neat way of doing something with software and then making that software available for others to improve. Ultimately, if you're looking for Open Source software to achieve a specific task, then you probably have a number of different applications to choose from which will achieve at least some of what you want. This view of the world is typified by Vi and Emacs, for example, both of which at their heart are text editors but can be extended in certain ways to do a whole lot more. Consequently, some people prefer Vi, others prefer Emacs, that's just what happens when people get choices.
Unfortunately, as things stand currently, you cannot come into the OSS world with a "Windows mindset". In the OSS world, you do not hand over some money and have a piece of shrinkwrapped software fall into your lap. Instead, you have to take some responsibility for your computer and what you run on it and there's an expectation that you take the time to research what's out there and decide what you're going to use and how you're going to use it. Nobody's forcing you to use Open Source - it's there if you want it but if you don't, then stick with Windows and enjoy it.
Linux and OSS is *NOT* a fashion statement - it's not about being "cool" or different. If you use either, then be an adult and accept the ramifications of that decision. OSS will not come to you, you need to go to it.
Sadly, it appears that because of bigotry, selfishness and ego, it will be a few more years before those that command authority in the Linux world wake up. I hope we'll still be relevant by then.
Sorry, but now it is quite clear you've lost it - you're now sounding like a bitter little man who's frustrated with Linux and/or OSS but is not prepared to put in some effort to helping himself.
"Bigotry"? Where? If you mean that certain people have rejected the Windows way of doing things and have decided to do things a different way, then surely that's their choice, isn't it? I really can't see how it's impacted Windows users in any way - apart from in a good way where OSS surel
Gentoo Linux - another day, another USE flag.
I'm only exaggerating a little here, but no one really cares about the packaging format per se. They care that the can find, download, install, and run a package without hassles. Most formats take care of the mechanics of that process, but still need a community of people to track down and fix issues - mostly inter-package issues. Rpm and deb both have that kind of community behind them (both with sub-groups). If there is any technology to be improved here, it should be making package repositories better and reducing the workload of the supporting communities.
You're not misinformed, although the author may still have a point of including it on the list of base distributions. There's a slew of Linux distributions based on Ubuntu. Still, you're right. The grandpappy of them all is Debian.
Here's a fairly comprehensive list of these distributions.
Yes, very good point. Forgot that one. Sometimes I actually think every user should have their own unionfs for / then they could write anywhere they want, change any configuration file they want, etc. Of course, when the su or sudo their unionfs goes away :)
How we know is more important than what we know.
At least in the RPM-speaking world, we already have this functionality in the SRPM, though not in a formalized sense. Often, compile-time options require only very small changes to the spec, or can be given on the command line. For example, the bytecode compiler option for most freetype RPM packages falls into this category.
I believe that the set of people who want to go gung-ho securing their boxes, who know what they're doing, AND who can't be bothered to recompile packages from SRPM form is very small.
"...never make a significant dent in the Microsoft+Apple consumer desktop market."
Linux will never make a significant dent in the Microsoft+Apple market by doing the same things the same way as Microsoft and Apple.
Look at markets where Linux has succeeded, such as servers and embedded systems. Linux succeeds *because* it doesn't follow the Microsoft license model, the Microsoft development model, the Microsoft business model, and so on. You can't win if you play by Microsoft rules.
Linux can be, and is, an OS for users. It isn't an OS for third party closed source binary distribution. Don't read that as non-commercial; commercial software was distributed in source form before Microsoft and will be again. Distribution in binary form makes sense for games and art, but not for general purpose computing. The value of doing things in software rather than in hardware is that software is malleable. But you need the source to realize the full value; binary distribution removes value.
So yes, Linux will not make a significant dent in the Microsoft+Apple consumer desktop market, if that means the closed binary sales market. If Microsoft played in the NFL, they'd be the Super Bowl winning Colts. But the Colts will never win the World Cup, which is worth more. Don't complain about Linux not hiring a bigger front line when the game Linux is playing is soccer, and doing rather well at it.
I respectfully disagree with your statement.
1. Gentoo already has a (somewhat) user friendly installation method. For packages, it happens to be called 'emerge'. For the Gentoo install itself, there is a graphical installer. Now, if someone out there would like to create a GUI interface to emerge, that would be cool.
2. Gentoo doesn't really care about being mainstream. There happens to be a fairly large group of users who like bleeding edge. Gentoo is bleeding edge. Some people want to rice out their make.conf. Gentoo makes it easy for you to annoy everyone by ricing out your make.conf. (Hey, don't laugh, but all of my ricer settings in my make.conf file have really improved my server's performance by a whopping 0.0003%. That increase in performance makes doing absolutely nothing at idle go so damn fast!)
By the way,
Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
With all respect, making statements like the above only indicates that you don't fully understand what Gentoo versioning is about.
"200x.x" just applies to the downloadable fixed distribution of Gentoo and is really only relevant if you have brand spanking new hardware that you need to work at the point of installation - then, possibly, you might wait for 2007.0 to come out because that would boot from a later Linux kernel that supported that hardware.
Perhaps another reason might be that in building your Gentoo apps from source, 2007.0 will probably have a pretty recent GCC compiler version on it - whereas with 2006.1 you'd need to update the GCC and the toolchain first to get to what 2007.0 offers.
But otherwise, once you get Gentoo installed and start updating your system with Portage, you'll use one single portage tree no matter what version of Gentoo you originally installed with so at that point, the version you originally installed with becomes pretty much irrelevant.
Gentoo Linux - another day, another USE flag.
Not very popular around here, apparently, but i'd much rather it stay a geek OS.
It's nicer that way.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
The need for package managers in Linux is a consequence of a desgin defect. First, there's the "lol freedom" philosophy of not having one, two or even three different OS setups and layouts, but a gazillion of them, which causes trouble.
Second, there's the FHS, which is the worst idea to ever make it to Unix. You spread your application files like you deal cards in some card games, being completely unable to copy or relocate them, pack and unpack them effectively, or install several versions of the same program, besides being illogocal and semantically wrong in many parts.
Third, there's the defective LD_LIBRARY_PATH behaviour that makes "." mean the launch directory, not the application directory (holy retarded idea, Batman!). This means you can't rely on putting copies or hardlinks of the required libraries in the application executable directory to keep everything using the right libraries and versions and make them easy to distribute. This led Mozilla to find a workaround with a shell script. When you run Firefox or Thunderbird on Linux, what you're running is a shell script (requires an extra sh instance) that properly sets the environment for the software to be able to use its own libraries regardless of the crap you may have in your FHS "boxes of random crap". Consequently, software like Firefox and Thunderbird do not require a package manager (in fact, PMed versions of them are usually spoiled and crappy), and can be safely copied, relocated, or made to coexist with other versions.
I was about to say 13256278887989457651018865901401704640, but it appears this number is private property.
Installing things in Linux is confusing and hard to a new user (be they computer iliterate or not) Windows has an incredibly easy installation system that even complete novice's can understand, OS X has a simple way of installing that people can understand.
Linux has 5, none of them simple. Give me something simple that doesn't involve typing sudo something, something and I'll take to it. Why should I have to deal with the source code at all? I get open source products in windows I get an installer than installs the application and puts the source files into a folder for me. I like that.
you guys may love the various install methods but give me and average joe a simple way to install and get used to the OS first.