Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Windows-Based Packaging Mechanism

Posted by kdawson on from the simple-install-and-remove dept.

FishWithAHammer writes "As part of my Google Summer of Code project, I'm working with WinLibre to develop a Debian-like software download system for free/open source software on the Windows platform. My reasoning is that open source software suffers from poor presentation. Most computer laymen, even those aware of open source software, often don't have any idea how to go about looking for it, but would use it if it were easier to access. What I have proposed is both a Debian-style packaging mechanism (capable of using Windows Installer MSIs or not, as the user wishes) and a software 'catalog' that takes the best aspects of Synaptic and Linspire's Click-N-Run system. Seamless, simple installation and removal of programs in as straightforward a way as apt-get (there will be a command-line tool as well). I'm posting to Slashdot to get the ideas of you lot who, while you may not be the target audience, can certainly provide insights that can be of value." Read on for more of this reader's ideas and questions.

There are areas that I'm personally not familiar with, and while I have done some research I would like the opinions of Slashdotters on some others. While at first I intend to set it up so that WinLibre (and I) run only one repository, I am curious as to how this sort of tool could be most useful to network administrators. Customizable repositories will be available; the code will be under the GPL, after all, so it'd be a little hard for them not to be available.

I'm also interested in the ideas of those who might be in a position to roll together packages. I intend to package a number of open-source language interpreters with the core software to allow special pre- and post-install scripts, as well as removal scripts. C#Script, Perl, and Python are definites, as is a Cygwin sh interpreter. We will have some program requirements — chief among them that no registry changes may be made by the program — but some of them, I fear, will require some flexibility; some programs really do require a way to edit the registry, for example, and I am considering offering some sort of tracked way to make registry changes so they can be rolled back on uninstallation of the program.

I'd love to hear what Slashdotters think of this. Think of it as a wishlist, but you don't get any damn ponies.

Ed Ropple (FishWithAHammer)"

37 of 451 comments (clear)

  1. Oh no by Anonymous Coward · · Score: 5, Funny

    C:\>apt-get install bsod

    1. Re:Oh no by Xogede · · Score: 5, Funny

      Error: Package "bsod" already installed.

    2. Re:Oh no by Anonymous Coward · · Score: 5, Funny

      Does this mean we can also do?

      C:\>apt-get remove bsod

    3. Re:Oh no by dhasenan · · Score: 5, Funny

      error: this will break the following dependencies:
          bsod: is required by win-desktop
          bsod: is required by win-gui
          bsod: is required by nt-kernel ...

    4. Re:Oh no by russ1337 · · Score: 4, Funny

      Does this mean we can also do?
      C:\>apt-get remove bsod

      C:\> Removal of BSOD requires the following dependencies to be uninstalled:
      > Windows Operating System
      > Explorer.exe
      > Continue Y/N?
    5. Re:Oh no by jlp2097 · · Score: 3, Funny

      C:\> Removal of BSOD requires the following dependencies to be uninstalled:
      > Windows Operating System
      > Explorer.exe
      > Continue Y/N?

      Yes! YES!!
    6. Re:Oh no by tacgnol · · Score: 5, Informative

      http://windows-get.sourceforge.net/ Maybe we can google these things?

  2. It's the package selection process by zedman · · Score: 5, Insightful

    That's great of course, but it's the community and a selection of packages with mutually consistent packaging metadata which make systems like Debian and their derivatives so popular. The packaging system itself is an enabling technology.

    1. Re:It's the package selection process by babbling · · Score: 4, Insightful

      Why are you kidding? That's actually a very good point, I think.

      If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

      I'm not necessarily saying that these ports shouldn't take place, but I think we should be aware of the fact that porting a great application to Windows does lessen the incentive for Windows users to make the switch.

    2. Re:It's the package selection process by Nullav · · Score: 3, Insightful

      A package manager for Windows. That's great and all, but will I be able to get out of the install-reboot game every time I have to set up a new computer for someone? What benefits will this have over just doing a Google search for "Lua compiler" and comparing feature lists?
      I can see a lot of benefits for the developers, suck as skipping an installer altogether, but all the end-user can rely on is trial and error if there are ten programs under the same category and no detailed feature lists.

      --
      I just read Slashdot for the articles.
    3. Re:It's the package selection process by maxwell+demon · · Score: 5, Insightful

      If the explicit goal of an application programmer was to move people to Linux, the ideal strategy would probably be as follows:

      1. Port the application to Windows
      2. Get people addicted to it (that's the hardest part).
      3. Make sure that new developments are always available on Linux first (so that there's a real incentive to switch to Linux).
      4. At some time, introduce Linux-only features.
      5. After enough users have switched to Linux, drop Windows support.
      6. ???
      7. Profit!

      (Sorry, the last two lines just had to come! :-))

      Of course the problem with this plan is that starting from step 4 on, it's virtually impossible to do with FOSS: If you don't implement those features on Windows, likely someone else will do. And if you drop Windows support, probably someone else will take over (remember, as of step 2, it's a popular application).

      --
      The Tao of math: The numbers you can count are not the real numbers.
    4. Re:It's the package selection process by Rakishi · · Score: 4, Insightful

      The biggest barrier to switching for many users is that they won't be able to use their old apps on the new OS. This solves that problem.

    5. Re:It's the package selection process by Nuffsaid · · Score: 3, Insightful

      Windows' shaky foundations constitute the main incentive for Windows users to make the switch. Finding on Linux the same FOSS applications you got accustomed with does just make the switch easier. I know it worked this way for my father, who now happily uses on Xubuntu the same Firefox, Thunderbird and OpenOffice he used on Windows. No equivalent for Symantec software, luckily!

      --
      Nuffsaid
      ________

      Don't know about his cat, but Schroedinger is definitely dead.
    6. Re:It's the package selection process by PinkyDead · · Score: 5, Funny

      Sorry to burst your bubble, but I think Microsoft has already patented your process.

      --
      Genesis 1:32 And God typed :wq!
    7. Re:It's the package selection process by Anonymous Coward · · Score: 5, Insightful

      why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox and if I was forced to use linux as my main desktop because I couldn't get these apps on windows frankly would annoy me as much as Microsoft does with there windows only programs.

      That type of mentally will do more damage to the open source movement then anything else.

    8. Re:It's the package selection process by salec · · Score: 3, Interesting

      The idea is well understood and frequently restated but it is not realistic scenario.

      Like someone said up in the thread, there is no way to prevent anyone porting nice OSS app to non-free OS. Therefore, users will virtually never feel the urge to switch over to Linux because of a "killer app(s)".

      When (or if) massive switchover happens, it will be only because Microsoft tried to squeeze users too much and they found they lose nothing important if they switch.

      In other words, blurring the border between the two by porting Free Software on proprietary platforms, making users gradually adapt to environment they would find in Linux, makes user migration to it more probable, in fact as probable as realistically possible. Side effect would be pushing the shareware producers out of the Windows market by pressure of irresistible competition, which in turn would decrease number of developers for that platform and at the same time force Microsoft to "deal with devil" and try to play nicer with FOSS side and users.

    9. Re:It's the package selection process by suv4x4 · · Score: 4, Insightful

      If GNU/Linux was the only operating system that had applications like Firefox, OpenOffice, VLC, and so on, I think it would be a much more attractive option than Windows is. Yet, we've ported some of our best applications to the proprietary Windows platform, and as a consequence of this there is less incentive for Windows users to become users of Free Software operating systems.

      "We've ported to Windows"? Who the heck are ya?

      Firefox, based on the XUL platform, which from the very beginning was designed to be multi-platform.
      It has evolved from the proprietary Netscape before were also inherently multi-platform from the very start.

      OpenOffice, evolved from the proprietary StarOffice, inherently multiplatform.

      As for VLC, why exactly not having this one on Windows makes Linux any better. Can't Windows play Windows Media files? Does it lack a hundred of other players?

      And I have another question for you: who do you think make products like Firefox popular. It's Windows users. The majority of people out there run Windows. It's when people started installing Firefox on their Windows machines, that the stats went up, and Firefox started to matter.

      If Firefox never existed on Windows, do you think anyone but geeks would care for it? If you're thinking what answer might be, look no further from Konqueror: who the hell (but geeks) cared about this one browser which was only available on Linux, BEFORE Apple took their code and turned it in WebKit/Safari?

    10. Re:It's the package selection process by morgan_greywolf · · Score: 4, Insightful

      why do we have to push Linux on people? I'm a massive Linux fan, but I use windows as my main desktop mainly due to games but I use a lot of open source tools on my windows machine. main two being audacity and Firefox.


      Actually, this brings up a very good point. For some applications like Audacity, the preferred platform may actually be Linux, or more specifically, distros that are aimed at being a professional audio/video workstation like Ubuntu Studio, which includes a low-latency kernel tuned for A/V work and dozens of audio tools that are only available on *nix. Audacity may work on Windows, but I've used it on both platforms and I much prefer to work with it on a low-latency-optimized Linux setup, right beside applications like Ardour with a plugin architecture like JACK.

      --
      My blog
    11. Re:It's the package selection process by TheRaven64 · · Score: 5, Informative
      The reboots are required for two reasons. The first is that you are updating a library that a lot of applications use. If you update libc, for example, then you need to restart every C application, which generally means a reboot. In a lot of cases, you can get away with just restarting the affected applications.

      The second reason is Windows-specific. On UNIX, you can delete a file that applications have open, and it will not actually be removed from the disk until the last application with an open handle for it exits. On Windows, you can't do this. On *NIX, if you want up upgrade libfoo.so, you can delete it and then install the new libfoo.so, and every running application that uses it will keep using the deleted version until you restart it. On Windows, if you want to upgrade foo.dll, then it will tell you that you can't delete foo.dll because it is in use. This is why Windows installers often tell you to quit all applications. The work-around for this is to add a little script that replaces the old foo.dll with the new one on the next reboot (before anyone has tried loading it) and then continues.

      I don't know if the second problem is fixed on Windows - I haven't used it for four or so years - but even if it has there are probably a lot of people out there writing installers who don't know that it's fixed.

      --
      I am TheRaven on Soylent News
    12. Re:It's the package selection process by westlake · · Score: 5, Insightful
      Windows' shaky foundations constitute the main incentive for Windows users to make the switch

      The Microsoft platform can't be that shaky if Apple hasn't been able to get and hold 10% of the market in damn near twenty-five years.

    13. Re:It's the package selection process by PhoenixAtlantios · · Score: 3, Insightful

      I don't suppose you want to cite evidence when making bold claims, but it usually is customary when attempting to convince people of your point of view. Blanket claims are almost never completely true or accurate, and I think blanketing Linux as better than Windows in all cases is a bit excessive. Sure, there'll always be those that think whatever they do must be the best thing around, but if you step back for a minute and really take a look the operating systems tend to compete fairly well. Sure, Linux performs some tasks better than Windows, and vice versa, but what exactly is the overall incentive to switch from one platform to another if you don't need that which the opposing operating system excels at?

      Reality can suck, but I really do think you (and a lot of others) are overestimating the impact desktop Linux users have on the market. If everybody that dual boots Linux and Windows suddenly formatted their Windows partition tomorrow, do you seriously think it would do any massive damage to the Windows market share? All it would achieve is removing the option for those people to use Windows for those areas it excels at - a popular example being gaming.

      I don't profess to know everything about the market share Linux has at the moment, or to what extent it possibly could impact Windows in it's current state, but I'm not claiming to hold all the answers either.

      An unquestionably superior platform wouldn't have this much difficulty securing users from the competition. Until you and other zealots step back and take a look at the larger picture, I sincerely doubt the Linux movement is going to make that blanket superiority breakthrough any time soon. It takes critics to find the flaws in something.

  3. Security, security, security. by MythMoth · · Score: 3, Interesting

    Do not let this become a new attack vector.

    --
    --- These are not words: wierd, genious, rediculous
    1. Re:Security, security, security. by KiloByte · · Score: 4, Insightful

      Uhm, let's compare signed repositories with grabbing those programs you need from websites, and quite a few of them use random services like download.com.
      Quite a step forward in my book.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Registry by VE3OGG · · Score: 4, Insightful

    I would say the big thing that I would look for in such a product would be a consistent (or even better, non-existent) use/removal of registry entries. I have dealt with so many so-called "professionally" done software pieces that upon uninstallation would leave several dozen registry entries. This seems terribly unnecessary, and if the so-called apt-get method could circumvent the registry (much like the run from USB flash drive programs) altogether, or at least make it a sure-fire thing to remove, instead of wipe-and-pray.

    Good on you for trying to better the system man, I wish you the best of luck!

  5. A lot of work, but simple, conceptually... by pla · · Score: 3, Insightful

    For user-specified (or multiple fallback) repositories, you need nothing more complex than reading your base path(s) from a config file. Prepend that address to every file you download, and it will all go well.

    For the bigger project, basically you just need a set of per-package install/uninstall scripts that check for dependancies (or no-longer-needed dependancies on uninstall), do their thing, and write themselves to a standardized catalog of installed software. Whether or not you can adapt Windows' list of such software, and the MSI interface in general, to your needs, I can't say offhand. I would think you can at least list the package therein, but I don't think that handles dependancy information quite as elegantly as you would want.

    I see the biggest problem you'll have as coming from the poor regression testing done for Windows ports of FOSS - You may well need multiple (version-specific) instances of some dependancies installed at the same time, for different packages that use "working until version 2.8.10.4" features (or more of a nightmare, "working until KB935356").


    Overall, I wish you luck with this. I think the Windows world has needed something like apt-get (with a mind-numbingly simple GUI) for a loooooong time.

    1. Re:A lot of work, but simple, conceptually... by Rakishi · · Score: 4, Insightful

      Uhh, lets see now. With a linux type package manager I could:
      -Actually install MySQL, PHP and Apache easily without having to use a third party package that holds them all. Yeah, windows is sure free of dependencies. Just great especially when your programs are inherently dependent on each other, oh wait no its a pain in the ass.
      -Download whatever packages I need without needing to deal with searching the web for the place to download this from. The whole find, download install file, run install file thing gets annoying pretty quickly. Especially when you have a bunch of software to download.
      -Queue uninstalls, god damn do I hate the fucking windows uninstaller where you need to uninstall, wait,uninstall next item. Thats not even counting how it fucking breaks in one way or another after a while on most systems I've used.

  6. Here's a concept I'd like to see by DaleGlass · · Score: 3, Interesting

    That packages provide functionality. This is already done in the form of virtual packages like web-browser, but I'd like to go further.

    For example, the current system is that OO Writer and KWord are in the "word processor" category. But what if I want something that can open AmiPro documents? What options do I have there? That's generally not included anywhere in the package's description.

    I found this weird .pcx file, and have no clue what is it, what can I open it with?

    Or, what music player has the ability of playing .s3m files?

    What mail clients can I choose from if I'd like both NNTP and IMAP support?

    What programs are available that do some function that is related to an HP nx5000 laptop? (this would match programs controlling LCD brightness, support for the onboard bluetooth, etc)

    A nice thing would having these capabilities roughly grouped as "can access" (can play .s3m files) and "fully implements" (can create .s3m files).

  7. ReactOS compatibility by lobotomir · · Score: 3, Interesting

    So, in theory this should work with ReactOS when they are both finished, right?

  8. Cygwin packaging by julesh · · Score: 4, Insightful

    I hope you're planning on making it interoperate with the cygwin packaging system. Cygwin's a great piece of software which is, IMO, let down by its obscure and difficult-to-use setup program. A new, friendlier way of installing and updating cygwin components would be a great asset. And if it worked with other OSS stuff as well, that would be a huge asset.

    One thing I would suggest is that you make it easy for somebody to package a standalone .exe that doesn't require your system, but which can interoperate with your system easily -- perhaps by having a version of your system that can wrap up a package with a copy of the relevant parts of itself in a .exe file.

  9. Re:Good idea by perrin · · Score: 3, Insightful

    My reasoning is that open source software suffers from poor presentation. Definitely true. Part of the reason is that programmers often just like to program, not make things easier for the user. Writing a manual and making things easy can take 90% of the development time. The reason is also partly, in my experience, that free software developers listen way too much to the few, vocal power users who want all kinds of special adaptations and options, rather than finding out what the great majority of users actually need and want. The result is often over-complicated user interfaces, and hard to maintain code because of all the codepaths added to accomodate the hard to satisfy wants of some power users. Once the interface becomes hard to use, the ordinary, quiet users turn to other programs, and power users become even more dominating, leading to a vicious circle of program sectarianism.

    It is not only the programmers' fault, though. Far too few users bother to suggest interface simplification,or even know how to advocate it. Merely complaining will not work - developers need to be shown that it can be done, and how, by means of mock-ups or illustrations. A few innovative user interface interested users could do wonders for many projects simply by drawing new user interfaces and submitting them to various free software projects, asking if they are interested in going a few rounds of design iterations with them. Often an outside eye, and interest in doing some adapting from both sides, is all that is needed.
  10. There may be an existing solution ... by baileydau · · Score: 5, Informative

    You may want to look at wpkg (http://wpkg.org/)

    It is a windows package management system based on dpkg.

    We use it at work and it appears to work fairly well. Although I don't know for sure, as I'm not the PC admin and I don't run a Windows desktop :)
    I just get to hear him saying how much easier it is to manage the PCs with it.

    --
    Ever stop to think ... and forget to start again?
  11. Re:Really? by jcupitt65 · · Score: 3, Informative
    apt-get and friends are far, far better than Window's add/remove system. They track dependencies, so when you install "rails", for example, it will automatically install apache, mysql, ruby, all the various connectors, configure them and link them all together. This is especially useful for development. Setting up a complex build environment on Windows can be nightmarish. My project uses 10 - 15 sub-libraries and downloading working and compatible versions of all the dependencies can take a whole day. This is a one-click operation with a package manager.

    They all handle updates as well, so you have a central place to keep all your entire system patched. For example, when a vulnerability is discovered in a core library (libz, or linpng have been recent examples), you need to go through your system checkiing that every application which uses one of these libraries is updated. This is almost impossible on Windows, but automatic on systems with package managers.

  12. Not sure by Mostly+a+lurker · · Score: 5, Interesting
    Superficially, this seems an interesting project. I think, though, the problems with managing open source software on Windows are going to be very different to those on Linux: possibly to the point where what you can achieve will be limited.

    The first issue that occurs to me immediately is that Windows has no single suitable native package management system that you can hook onto. Because of this, program installations tend either to (i) include whatever prerequisites they need and check whether their installation is necessary; or (ii) list the prerequisites in the installation instructions and leave it up to the user to ensure they are satisfied. Now, you might say that the whole point of the project is to resolve this, but I think you are going to run into licensing problems when you try. Let's say a particular open source product relies on .NET Framework 2. Are you then going to include .NET Framework 2 in your repository? Are you going to download it from Microsoft, using Microsoft's Download Center as a kind of adjunct repository? Are you going to talk to Microsoft to see if they will cooperate in working out a solution? This seems hard.

    I do think that a single starting point for finding quality open source solutions on Windows has merit. Right now there is a bewildering mass of products out there, and no easy way of sifting the gems from the dross. If nothing else, you might be able to provide a good menu of open source products that are deemed worthy of consideration.

    Good luck!

  13. Considerations about multiple repositories by maxwell+demon · · Score: 3, Interesting

    One thing I think shopuld be considered from the beginning is how to handle multiple archives, which may be independently maintained. Sure, the basic operation is simple: You add a new URL to the list of archives to search, and then you can see the contents of those archives. However that's not all there is to archives:

    1. How do you find additional repositories?
    2. How do you find out if a given repository is trustworthy?
    3. What to do if several repositories contain packages for the same application or library?
    4. What about version inconsistencies?

    Points 1 and 2 can IMHO be (mostly) solved together through a "repository web": Repositories not only contain packages, but also links to other repositories. Those links should also be rated, so you get a web of trust for repositories: You can mark several "root repositories" as trusted or untrusted (those settings should, of course, be user-changeable). Then trust would "propagate" through links marked as trusted, or "anti-propagate" through mistrust-links. One could even imagine "repository hubs", repositories which don't contain files, but only links to other repositories together with trust ratings. It might also be a good idea to have several trust ratings for the contained files, and for the contained links (after all, you can well imagine an excellent file repository where the maintainer isn't able to accurately rank the trust on inter-repository links).

    For points 3 and 4 I don't have a suggestion right now, but they definitely should be considered (note that separately maintained repositories will almost certainly cause inconsistencies at some point).

    Of course you can just pretend that there will always be only one repository, or that all repository providers will work together to avoid inconsistencies, but I think that's not really a good idea. Additional independent repositories will eventually come (assuming the project is a success), and therefore the problems caused by those should definitively be anticipated, even if originally there's only one repository.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  14. Updates system for OSS by pubjames · · Score: 4, Interesting

    I have been thinking about this recently.

    I have lots of applications, both OSS and commercial, that have some kind of update system built in - the application checks for an update when you start it, for instance, or when you select the option from the help menu. In fact it is getting to the stage where practically every app. has this.

    What I would like to see is a single open method of doing this which could work for all applications (so even commercial software providers could opt into it if they wanted), which would be simple and secure. It would be great to have a single application open that ran at start-up that said: "The following applications have updates available:" and then lists the applications, and two buttons "Update all" and "Advanced" which would allow you to see details about the updates and select just the ones you want.

    For instance on my Mac I have:

    1) The Official Apple "Software update" that updates OSX and Apple Apps.
    2) The Adobe updater for Photoshop, Dreamweaver etc.
    3) The Firefox/Thunderbird updater
    4) Dozens of updaters for individual apps like TextMate and OSS software
    5) Updaters for OSS packages (Fink/darwinports)
    (Yes, I know about the App Update widget but that only addresses part of the problem, and it does not provide a technical solution that can be used across platforms and projects).

    And on Windows, I have the same kind of mess of updaters.

    I'm sure there could be a simple, elegant technical solution for this, a kind of RSS-type standard for application updates - you could then choose your prefered updater just as you can now choose your preferred RSS reader.

  15. Re:Really? by IamTheRealMike · · Score: 3, Insightful

    Some programs go so far as to only remove the shortcuts and say "Uninstall Complete!", while others leave behind large swaths of registry entries and several MB of unnecessary files at C:\, Windows, Program Files, AppData, Local Data, Local Data\AppData (the other AppData, ugh) and anywhere else they please.

    Your complaint boils down to "some people make bad packages", which occurs on Linux as well, and is just the nature of software to be imperfect. I cannot count the number of bugs or non-working setups I've tracked down to bad packages, and even better, in the Linux world fixing such a bug once doesn't make it go away - it'll be repeated in 3 months time by a different distribution.

    But the real failure in Windows is a decent way to keep any number of applications up to date.

    That would be nice, yes.

  16. Re:MSI by MobyDisk · · Score: 3, Interesting

    I thought this too.
    But MSI doesn't do what the Linux/BSD packagers do. These packagers work by tracking every single file or update done to the entire system. Then they track dependencies between files and packages. They store all this in a database format, which allows you to ask questions like "what is every package that uses MSVCRT71.DLL? And "what will break if I update package GIF_VIEWER from version 1.0 to version 1.1?" They also manage side-by-side installs, provide a central repository for searching for packages and upgrades, and provide a safe digitally signed repository for applications.

    This is one of the killer features of Linux that I miss on Windows. But I suspect it won't work for the same reasons it doesn't work on Linux. It's only useful if 100% of the applications use it. If any one of them doesn't, then the whole system can come crumbling down. But basically, it is a fix to DLL hell, so it can't make things on Windows any worse.

    On a note of MSI, MSI may seem to do the above, but it doesn't. It's a packaging format, and it allows for install and rollback much like the Linux packaging systems do. But most of the time it is unrealistic to expect the repair/rollback/uninstall features to actually work. I've worked at a few companies who have made MSIs, and generally you take some other EXE or script-based installer, then you wrap it in an MSI and say you are done. You rarely use the actual MSI features because they are too complicated and the tools don't generall support them. And Windows installs are full of kluges like editing a registry key here, adding a shell extension there, etc. Things generally don't fit into the nicely packaged mentality.