A Windows-Based Packaging Mechanism

FishWithAHammer writes "As part of my Google Summer of Code project, I'm working with WinLibre to develop a Debian-like software download system for free/open source software on the Windows platform. My reasoning is that open source software suffers from poor presentation. Most computer laymen, even those aware of open source software, often don't have any idea how to go about looking for it, but would use it if it were easier to access. What I have proposed is both a Debian-style packaging mechanism (capable of using Windows Installer MSIs or not, as the user wishes) and a software 'catalog' that takes the best aspects of Synaptic and Linspire's Click-N-Run system. Seamless, simple installation and removal of programs in as straightforward a way as apt-get (there will be a command-line tool as well). I'm posting to Slashdot to get the ideas of you lot who, while you may not be the target audience, can certainly provide insights that can be of value." Read on for more of this reader's ideas and questions.

There are areas that I'm personally not familiar with, and while I have done some research I would like the opinions of Slashdotters on some others. While at first I intend to set it up so that WinLibre (and I) run only one repository, I am curious as to how this sort of tool could be most useful to network administrators. Customizable repositories will be available; the code will be under the GPL, after all, so it'd be a little hard for them not to be available.

I'm also interested in the ideas of those who might be in a position to roll together packages. I intend to package a number of open-source language interpreters with the core software to allow special pre- and post-install scripts, as well as removal scripts. C#Script, Perl, and Python are definites, as is a Cygwin sh interpreter. We will have some program requirements — chief among them that no registry changes may be made by the program — but some of them, I fear, will require some flexibility; some programs really do require a way to edit the registry, for example, and I am considering offering some sort of tracked way to make registry changes so they can be rolled back on uninstallation of the program.

I'd love to hear what Slashdotters think of this. Think of it as a wishlist, but you don't get any damn ponies.

Ed Ropple (FishWithAHammer)"

It's the package selection process

[zedman]

That's great of course, but it's the community and a selection of packages with mutually consistent packaging metadata which make systems like Debian and their derivatives so popular. The packaging system itself is an enabling technology.

Re:It's the package selection process

[metalcup]

I agree - but given that there is currently no similar technology, it does seem like a good idea to develop/design the enabling technology..

Re:It's the package selection process

[babbling]

Why are you kidding? That's actually a very good point, I think.

If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

I'm not necessarily saying that these ports shouldn't take place, but I think we should be aware of the fact that porting a great application to Windows does lessen the incentive for Windows users to make the switch.

Re:It's the package selection process

[Nullav]

A package manager for Windows. That's great and all, but will I be able to get out of the install-reboot game every time I have to set up a new computer for someone? What benefits will this have over just doing a Google search for "Lua compiler" and comparing feature lists?
I can see a lot of benefits for the developers, suck as skipping an installer altogether, but all the end-user can rely on is trial and error if there are ten programs under the same category and no detailed feature lists.

Re:It's the package selection process

[maxwell+demon]

If the explicit goal of an application programmer was to move people to Linux, the ideal strategy would probably be as follows:

1. Port the application to Windows
2. Get people addicted to it (that's the hardest part).
3. Make sure that new developments are always available on Linux first (so that there's a real incentive to switch to Linux).
4. At some time, introduce Linux-only features.
5. After enough users have switched to Linux, drop Windows support.
6. ???
7. Profit!

(Sorry, the last two lines just had to come! :-))

Of course the problem with this plan is that starting from step 4 on, it's virtually impossible to do with FOSS: If you don't implement those features on Windows, likely someone else will do. And if you drop Windows support, probably someone else will take over (remember, as of step 2, it's a popular application).

Re:It's the package selection process

[Rakishi]

The biggest barrier to switching for many users is that they won't be able to use their old apps on the new OS. This solves that problem.

Re:It's the package selection process

[Nuffsaid]

Windows' shaky foundations constitute the main incentive for Windows users to make the switch. Finding on Linux the same FOSS applications you got accustomed with does just make the switch easier. I know it worked this way for my father, who now happily uses on Xubuntu the same Firefox, Thunderbird and OpenOffice he used on Windows. No equivalent for Symantec software, luckily!

Re:It's the package selection process

You're completely missing the point here. This is about open source and not Linux. The point is to make people aware/use open source software. Not necessarily switching to Linux.

Re:It's the package selection process

[mrsteveman1]

I think part of the value in making sure there are lots of open source apps on Windows is the tie in factor, that is, it makes it a bit harder to segment Microsoft and Windows from open source programs. This has some advantages, if core Windows customers rely on certain open source apps it becomes much harder to attack the concept of open source itself. While it might be easy to say that certain apps or functions should be Linux only, this is a sure way to retard growth and won't actually help anything.

It does help to ensure that the applications people use are consistent and cross platform, because Firefox has already become so common and desirable that a very large percentage of non technical people prefer to use it. The same will become true for other applications, all thats needed is time and exposure. At some point the strengths of a better back end operating system will also become apparent, but first we need to ensure that the front end interface and applications are both usable and familiar.

Re:It's the package selection process

> I think we should be aware of the fact that porting a great application to Windows does lessen the incentive for Windows users to make the switch.

Do you really want all to switch? Certainly not. Let them use good software on their system, be it Windows, Linux, Mac or what ever. Give choice to the people. If they use Free Software, depend on it and love it, why should they fight Free Software?

So, instead of seperating Free Software by their underlying system, highlight the common aspects and make these people feel comfortable as a member of the community of Free Software, not Firefox On Windows or Apache on Linux.

I don't want to have Linux users, who hate the system but use it because they need the software.

cb

Re:It's the package selection process

why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox and if I was forced to use linux as my main desktop because I couldn't get these apps on windows frankly would annoy me as much as Microsoft does with there windows only programs.

That type of mentally will do more damage to the open source movement then anything else.

Re:It's the package selection process

[timroerstroem]

You mean like XChat?

Re:It's the package selection process

[suv4x4]

If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

"We've ported to Windows"? Who the heck are ya?

Firefox, based on the XUL platform, which from the very beginning was designed to be multi-platform.
It has evolved from the proprietary Netscape before were also inherently multi-platform from the very start.

OpenOffice, evolved from the proprietary StarOffice, inherently multiplatform.

As for VLC, why exactly not having this one on Windows makes Linux any better. Can't Windows play Windows Media files? Does it lack a hundred of other players?

And I have another question for you: who do you think make products like Firefox popular. It's Windows users. The majority of people out there run Windows. It's when people started installing Firefox on their Windows machines, that the stats went up, and Firefox started to matter.

If Firefox never existed on Windows, do you think anyone but geeks would care for it? If you're thinking what answer might be, look no further from Konqueror: who the hell (but geeks) cared about this one browser which was only available on Linux, BEFORE Apple took their code and turned it in WebKit/Safari?

Re:It's the package selection process

[morgan_greywolf]

why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox.

Actually, this brings up a very good point. For some applications like Audacity, the preferred platform may actually be Linux, or more specifically, distros that are aimed at being a professional audio/video workstation like Ubuntu Studio, which includes a low-latency kernel tuned for A/V work and dozens of audio tools that are only available on *nix. Audacity may work on Windows, but I've used it on both platforms and I much prefer to work with it on a low-latency-optimized Linux setup, right beside applications like Ardour with a plugin architecture like JACK.

Re:It's the package selection process

[westlake]

Windows' shaky foundations constitute the main incentive for Windows users to make the switch

The Microsoft platform can't be that shaky if Apple hasn't been able to get and hold 10% of the market in damn near twenty-five years.

Re:It's the package selection process

[PhoenixAtlantios]

I don't suppose you want to cite evidence when making bold claims, but it usually is customary when attempting to convince people of your point of view. Blanket claims are almost never completely true or accurate, and I think blanketing Linux as better than Windows in all cases is a bit excessive. Sure, there'll always be those that think whatever they do must be the best thing around, but if you step back for a minute and really take a look the operating systems tend to compete fairly well. Sure, Linux performs some tasks better than Windows, and vice versa, but what exactly is the overall incentive to switch from one platform to another if you don't need that which the opposing operating system excels at?

Reality can suck, but I really do think you (and a lot of others) are overestimating the impact desktop Linux users have on the market. If everybody that dual boots Linux and Windows suddenly formatted their Windows partition tomorrow, do you seriously think it would do any massive damage to the Windows market share? All it would achieve is removing the option for those people to use Windows for those areas it excels at - a popular example being gaming.

I don't profess to know everything about the market share Linux has at the moment, or to what extent it possibly could impact Windows in it's current state, but I'm not claiming to hold all the answers either.

An unquestionably superior platform wouldn't have this much difficulty securing users from the competition. Until you and other zealots step back and take a look at the larger picture, I sincerely doubt the Linux movement is going to make that blanket superiority breakthrough any time soon. It takes critics to find the flaws in something.

Re:It's the package selection process

[shaitand]

'I don't suppose you want to cite evidence when making bold claims, but it usually is customary when attempting to convince people of your point of view.'

I don't intend to engage in yet another debate of the technical merits.

'An unquestionably superior platform wouldn't have this much difficulty securing users from the competition.'

Unfortunately users do not select a platform based upon technical superiority because they lack the knowledge to do so. Just as your wife (assuming she has no mechanical knowledge, there are exceptions to stereotypes) probably wants a cute car rather than a mechanically superior car. Some features aren't a little less transparent like gas mileage and others require a master mechanic or even an engineer to understand like reliability in engine or alternator design. The higher the level of knowledge required to understand the issue the more difficult it is to sell users on that trait. Just because the bulk population doesn't understand a feature doesn't mean that feature does not actually result in superiority.

'All it would achieve is removing the option for those people to use Windows for those areas it excels at - a popular example being gaming.'

I am not aware of any windows strengths. Your popular example is games but windows is not a better gaming platform, the fact that Linux is chosen when fast memory access, processor utilization, video and sound editing is required by professionals and that those are the things that make a technically superior gaming platform demonstrates this. The availability of games for windows is the result of market share. Since Linux has a technical superiority for gaming the world would obviously be 'a better place' for gamers if that market share was transferred to Linux. Us ZEALOTS (hint: if don't want your troll to be instantly exposed, stop referring to people who advocate a software platform as zealots) have this crazy idea that the market would be better served by giving the benefits that come with market share to the technically superior solution.

'I sincerely doubt the Linux movement is going to make that blanket superiority breakthrough any time soon.'

It is already there. When referring to innate characteristics Linux is technically superior pretty much across the board. Availability of games, drivers, and proprietary applications is not an innate characteristic, it is a side effect of market share. The market is composed of people. Sorry but the market does not select the best choice, it rarely selects the best choice. People are cattle, they are stupid and easily sold on an inferior solution. Put Michael Jordan in a commercial and you can sell stupid people an inferior shoe all day long. Hell, some people are so stupid you can sell them an inferior product just by charging a high price for it.

'It takes critics to find the flaws in something.'

That is how some of us believe open source solutions became superior. You see we put all our cards on the table and then put mechanisms in place that make it easy to report flaws. Oddly, most of those who find the flaws are advocates rather than critics. Maybe that snide asshole critic who thinks he gets things done is just an asshole after all. Of course it is amusing that you mention this because there is no constructive criticism anywhere in your post.

interesting!

[wwmedia]

interesting but for it to be popular on window IT HAS TO HAVE a user friendly interface not just a command line tool (btw look into new powershell for windows ;) )

Registry

[VE3OGG]

I would say the big thing that I would look for in such a product would be a consistent (or even better, non-existent) use/removal of registry entries. I have dealt with so many so-called "professionally" done software pieces that upon uninstallation would leave several dozen registry entries. This seems terribly unnecessary, and if the so-called apt-get method could circumvent the registry (much like the run from USB flash drive programs) altogether, or at least make it a sure-fire thing to remove, instead of wipe-and-pray.

Good on you for trying to better the system man, I wish you the best of luck!

Re:Registry

[macraig]

"It's pretty easy to dump some keys from the Registry if you need to."

It's NOT easy, damned near impossible, if the OS is Windows NT/2K/XP/2003 and isn't bootable. Even if the file system and structure is fine and the Registry hive files are otherwise accessible, there's no means known to me that would allow extracting data from them.

I've had this happen to me more than once, where the OS got trashed, and I'd have rather just started from scratch, BUT I had a ton of customizations for apps and the OS buried in the Registry which was then inaccessible, and I wound up having to tinker with things to get that install running again. Were it not for the nature of the Registry, I should have been able to still get at all that data and simply migrate it over to a new install. In Linux I could do that with an app: just basically copy it with its config and customizations to another OS install. I *can* do that with a handful of renegade maverick anti-authoritarian apps in Windows, like Proxomitron, but they've become pretty rare over the years.

That is what I call truly monolithic, when even though a data file is accessible it's still useless to me unless a bunch of conditions have been met (by booting that OS Install). Even your DB analogy doesn't compare to this, because (assuming the DB is intact, not the issue here) it's always relatively trivial to move it around and extract data from it. Not so with the Registry if you haven't booted from it.

OTOH, if that same data was stored in READABLE files distinct for each application, then assuming the FS is okay it's trivial to copy the data out and migrate or back it up. Like in Linux and virtually every other sensible OS.

Re:Security, security, security.

[KiloByte]

Uhm, let's compare signed repositories with grabbing those programs you need from websites, and quite a few of them use random services like download.com.
Quite a step forward in my book.

A lot of work, but simple, conceptually...

[pla]

For user-specified (or multiple fallback) repositories, you need nothing more complex than reading your base path(s) from a config file. Prepend that address to every file you download, and it will all go well.

For the bigger project, basically you just need a set of per-package install/uninstall scripts that check for dependancies (or no-longer-needed dependancies on uninstall), do their thing, and write themselves to a standardized catalog of installed software. Whether or not you can adapt Windows' list of such software, and the MSI interface in general, to your needs, I can't say offhand. I would think you can at least list the package therein, but I don't think that handles dependancy information quite as elegantly as you would want.

I see the biggest problem you'll have as coming from the poor regression testing done for Windows ports of FOSS - You may well need multiple (version-specific) instances of some dependancies installed at the same time, for different packages that use "working until version 2.8.10.4" features (or more of a nightmare, "working until KB935356").


Overall, I wish you luck with this. I think the Windows world has needed something like apt-get (with a mind-numbingly simple GUI) for a loooooong time.

Re:A lot of work, but simple, conceptually...

[Rakishi]

Uhh, lets see now. With a linux type package manager I could:
-Actually install MySQL, PHP and Apache easily without having to use a third party package that holds them all. Yeah, windows is sure free of dependencies. Just great especially when your programs are inherently dependent on each other, oh wait no its a pain in the ass.
-Download whatever packages I need without needing to deal with searching the web for the place to download this from. The whole find, download install file, run install file thing gets annoying pretty quickly. Especially when you have a bunch of software to download.
-Queue uninstalls, god damn do I hate the fucking windows uninstaller where you need to uninstall, wait,uninstall next item. Thats not even counting how it fucking breaks in one way or another after a while on most systems I've used.

Already exists?

[jamlam]

There is a mechanism for doing this kind of thing already in Windows, via Add/Remove programs and Group Policy. Surely it would be a good idea to try and re-use this rather than re-inventing the wheel.

Cygwin packaging

[julesh]

I hope you're planning on making it interoperate with the cygwin packaging system. Cygwin's a great piece of software which is, IMO, let down by its obscure and difficult-to-use setup program. A new, friendlier way of installing and updating cygwin components would be a great asset. And if it worked with other OSS stuff as well, that would be a huge asset.

One thing I would suggest is that you make it easy for somebody to package a standalone .exe that doesn't require your system, but which can interoperate with your system easily -- perhaps by having a version of your system that can wrap up a package with a copy of the relevant parts of itself in a .exe file.

Re:Good idea

[perrin]

My reasoning is that open source software suffers from poor presentation. Definitely true. Part of the reason is that programmers often just like to program, not make things easier for the user. Writing a manual and making things easy can take 90% of the development time. The reason is also partly, in my experience, that free software developers listen way too much to the few, vocal power users who want all kinds of special adaptations and options, rather than finding out what the great majority of users actually need and want. The result is often over-complicated user interfaces, and hard to maintain code because of all the codepaths added to accomodate the hard to satisfy wants of some power users. Once the interface becomes hard to use, the ordinary, quiet users turn to other programs, and power users become even more dominating, leading to a vicious circle of program sectarianism.

It is not only the programmers' fault, though. Far too few users bother to suggest interface simplification,or even know how to advocate it. Merely complaining will not work - developers need to be shown that it can be done, and how, by means of mock-ups or illustrations. A few innovative user interface interested users could do wonders for many projects simply by drawing new user interfaces and submitting them to various free software projects, asking if they are interested in going a few rounds of design iterations with them. Often an outside eye, and interest in doing some adapting from both sides, is all that is needed.

Window is not *nix.

I want to highlight some differences between dpkg/yum/whatever to the Windows platform. You may like to carry some features of *nix, but doing so will require you to re-educate the users, and thus your package management will not get adopted.

1. Windows users expect the Next->Next->Next->Finish paradigm. *nix users expect the "silence is golden" rule.

2. *nix advocates dynamic linking. Windows has DLL-hell. This is because the distribution can suggest the library versions and the user can choose a difference library version by recompiling dependants. This is not possible in binary only distribution.

3. Windows software comes from multiple sources. You must allow others to host their packages and only link to other places. Don't try to make one large repository. You can however, maintain one large catalog and allow others to edit their entries in your catalog.

4. If users will be able to add entries to your catalog, they will add bogus software. A later version will have to allow the users to rate the packages. Use the users to make your content, you only supply the means.

5. Interaction with MSI is non-trivial. Start with a prototype of your system that use zipped packages (optionally with a manifest file). Once all the pieces is in place, start adding support in msi packages.

Some people aren't RTFA

[Flying+pig]

and are objecting to points already covered. I think this is a good idea, though it would need support from the developers to keep the repositories working, and they would object because removing the need to navigate to the sites will remove having to work through the requests for help and funding. Now if you could fix that - so that as you install xxx.msi, a request and info page opens in a pane, that might be a good feature.

It's a stealth feature. Get people installing applications that way, because then the Linux desktop will be more familiar.

Something really is needed. I keep coming across people who really need no more than Wordpad who are buying Office because they think they have to. I recently came across a guy who has bought Office 2007 and writes nothing but letters and the odd email. He thought that somehow saving his letter to Auntie Flo in Office 2007 format (docx) was "better" than saving it in Office 2000 .doc, right up to the point she couldn't open it as an email attachment and he had to "downgrade" his document. Microsoft is exploiting numskulls like that. (I'm only jealous of course - I'd love a list of 100 or so gullible people with money but, as I'm not a corporation with deep pockets, I might get into trouble.)

These people don't know OOo exists, and even if they did would never be able to find it. But a simple little packager that has a "Top picks" with something like "Open Office 2 - for all your home office needs" and a "click here to install" button - well, at least we'd be trying.

Re:Really?

[drsmithy]

This is one of the areas where Free Software is far, far ahead of what Windows currently has.

Right up until the software you want isn't in the repo, or is broken. Then it falls way, way behind.

There's also the "what the hell is it called" issue, but that's become less significant in the last year or two, although that benefit is largely restricted to Ubuntu and its derivatives.

Re:Security, security, security.

[ButcherCH]

This could also improve the upgrade process which would help security a lot. E.g. how man people do manually upgrade all their manually installed applications? If you can just type "apt-get upgrade" people are much more likely to update and get security updates.

Registry changes

I'm posting anonymously to protect the guilty.

I worked at a company that needed to be able to manage software installs. We tracked them, created scripts to install and uninstall by calling MSI or the uninstaller respectively, and repackaged them when we had to.

In order to repackage, we had to provide a log of changes to the system from the installation of the package. We used an embedded sqlite database per package to dump before and after states of the filesystem and registry, environment variables, etc.. Then we diffed the two to get the install contents based on a manual installation. Special attention has to be paid to special directories (e.g. C:\Documents and Settings\myuser must be converted, "Program Files" as well, WINNT must be specialised, temp directories shouldn't be tracked, start menu items need to be logged...). In addition, you need to be able to read shortcut files and .pif files (DOS shortcuts) to recreate them. For MSI, you can read package contents (though it's a real bitch to actually decipher it), but change tracking was the only reliable way to get changes from ALL types of packages. Don't forget to track changes of the list of services as well. In the registry, remember that we can stock binary data... Etc. etc...

Re:Really?

[IamTheRealMike]

Some programs go so far as to only remove the shortcuts and say "Uninstall Complete!", while others leave behind large swaths of registry entries and several MB of unnecessary files at C:\, Windows, Program Files, AppData, Local Data, Local Data\AppData (the other AppData, ugh) and anywhere else they please.

Your complaint boils down to "some people make bad packages", which occurs on Linux as well, and is just the nature of software to be imperfect. I cannot count the number of bugs or non-working setups I've tracked down to bad packages, and even better, in the Linux world fixing such a bug once doesn't make it go away - it'll be repeated in 3 months time by a different distribution.

But the real failure in Windows is a decent way to keep any number of applications up to date.

That would be nice, yes.

This is a terrible idea

Installing apps on Windows is good as it is. Dont kid yourselves - package management is one of the worst aspects of the Linux OS. People already know how to look for software: You google for it, then look for a download link on the webpage you find. Package managers are almost worthless when you try looking for software to install. The search is restrictive and the descriptions minimal. Applications get lost among the countless number of small useless apps and cryptically named support files. Unless you know exactly what you are looking for, the chances of finding anything among the huge number of packages is almost nil. And don't forget most users don't even know what packages are! And why should they? All they care about is applications. Nobody wants to know what shared libraries they need or can install. And with today's hard drive sizes, there's really no point in sharing resources between applications. that just makes for more complications such as dependency conflicts.

cross-platform FOSS broke & open software dist

[CarpetShark]

3. Make sure that new developments are always available on Linux first (so that there's a real incentive to switch to Linux).

In reality, it tends to work the other way around. Take the Amiga emulator, UAE, for instance. I think, among other meanings, the U once stood for Unix. Yet, most of the best features are in the Windows version now, and they're developed in a non-cross-platform manner, by people who don't care about OpenGL's standardisation over DirectX, etc. Same with other emulators, and probably lots of other tools.

Unfortunately, Free Software is a victim of its own generosity, when parts of it are ported to windows. Especially given that the initial ports tend to be half-hearted, and half-working compared to the Unix versions, so that people think Free Software sucks, until it's had a while to become windows-ized through its that community.

STILL... it seems obvious to me that something like a usuable, popular, apt for windows could literally beat microsoft's monopoly. When you can browse to the office section of your package manager, and you're immediately presented with a choice (Install OpenOffice now, and lots of extra, compatible software) or run install the wrapper package for Microsoft Office, after buying the CD, proving you didn't steal it with a 98-digit code, etc.)... well, it would really level the playing field.

I actually thought this was the point of Google Pack -- to beat microsoft by taking over and opening up the distribution channel. It's a shame (no, literally, a SHAME) that they didn't do a better job on that, by making apt for windows then. I'd be glad to see a real APT for windows. Unfortunately, I'm not sure it's possible, without the mass of a debian-like project behind it, a very easy and presentable UI, and open, usable APIs that encourage developers to use it. Hint: it has to work as well as apt, but not be half as hard to make packages for. Good luck, I say.

Installation and update isn't bad on windows

[syousef]

I'd argue that apt-get is less intuitive and harder to admin. Few Windows users are going to want it. Good luck finding that out the hard way.

Re:MSI

[Ant+P.]

If it uses MSIs, this might push Mozilla to start building MSIs of their software - something corporate users have been demanding since forever.

MOD parent up

[randomjohndoe]

Linux will gain market share over Windows by being better than Windows. My experience with open source came through open source applications on Windows. I use those applications because they are superior, not because they are free. I think those apps will work even better if I replace Windows with Linux. So think of open source apps on Windows as a gateway drug to Linux (or *BSD).