Slashdot Mirror
Ubuntu Developing Its Own Package Format, Installer
An anonymous reader writes "While complementing Debian APT/DPKG, Canonical is now developing their own package format. The new package format has promised highlights of having no dependencies between applications, each package would install to its own directory, root support wouldn't always be required, and overall a more self-contained and easier approach for developers than it stands now for Debian/Ubuntu packages. The primary users of the new packaging system would be those distributing applications built on the Ubuntu Touch/Phone SDK. The initial proof-of-concept package management system is written in Python and uses JSON representation."
This quote from the post by Canonical's Colin Watson bears repeating: "We'll continue to use dpkg and apt for building the Ubuntu operating system, syncing with Debian, and so on."
Good, another reason to avoid Ubuntu like the plague.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Sounds like a complement to dpkg, not a replacement
If everything has no dependencies, then all of the dependencies must be included in the install. I wounder how many copies of each low level program would be on a given machine.
A better headline:
Ubuntu Phone apps will use a different package format than debian/dpkg/apt
I guess that's not really as exciting though
Wasn't this exactly what GoboLinux embraced?
Support Eachother, Copy Dutch Property!
Remember the good old days when everything was just a single -r-xr-xr-x executable in /bin or /usr/bin
sigh, the good old days
Karma: Excellent. 15 moderator points expire sometime.
Would it allow users to install multiple versions of the same application from packages? One of my gripes with Linux is that it's not easy to test new or beta versions of software since there is no easy way to install from packages alongside the existing (stable) version. Yes, I know that I could build the app from source, but that can be quite a hassle sometimes.
http://en.wikipedia.org/wiki/Application_bundle
Once again, racing as fast as we can towards where the puck was 20 years ago.
I think it's just a case of "because different" and "not developed here". I don't see how they could make any significant improvements over apt, but it doesn't surprise me from this group of hipsters.
Stop pissing in the pool Ubuntu.
Hello Debian
I don't think we're going to see a completely separate install of Gnome for every single Gnome app on your system. I think this is intended for standalone apps like you see on phones and tablets.
I read the internet for the articles.
it seems like they suffer from Not Invented Here but at the same time, I seem to recall that Puppy Linux already installs self-contained package bundles into individual directories. Not unlike OSX/NeXT app bundles.
“Common sense is not so common.” — Voltaire
Arch's pacman is has some significant improvements over apt/dpkg, especially when it comes to creating new packages. And gentoo portage/emerge has lots of useful features that don't exist in dpkg/apt either.
Debian is solid and has an excellent package system. But it isn't the pinnacle of achievement. We can take package management further still, I am certain.
“Common sense is not so common.” — Voltaire
Which is actually even worse, because it has to exist alongside dpkg/apt. Still re-building the wheel and adding useless bloat, no matter how you look at it.
We need it because while current packaging systems are great for central control, they are bad for actually letting users contribute.
a) You cannot submit a bug to a developer, get a fixed beta release, and install that in the packaging system (unless you know how to handle spec files)
b) You cannot do parallel installations of newer (or older) versions for testing unless the package is built specifically for that
c) It is difficult to make distribution-independent packages, so users become dependent on the distribution for all software
d) Almost all packages require root, the packaging system cannot track software installed by users themselves
On the other hand, switching to a Mac-style packaging system has at least these problems:
1) Security updates to common code are unlikely to actually get applied to all packages
2) Some libraries will not be shared, costing extra memory and cache footprint
3) Centralized control over what software is installed suddenly becomes difficult
4) Without dependencies you need to define the minimal environment that software can depend on. LSB tried to do that and failed.
Finally! A year of moderation! Ready for 2019?
From the email:
The proof of concept I wrote also isn't entirely new code. It's tiny due to using .deb as a container format (minus maintainer scripts, full dependencies, etc.), so I get to save effort by using dpkg to unpack things, which leaves us room to selectively use more of its features in future if we want to.
So they start off with what they think they need, then become more like APT as they need to add more features.
So the scope of what I've been considering is purely leaf apps built on a fixed "base system", which in the case of the initial target of the Ubuntu phone/tablet work would be the run-time part of the Ubuntu SDK.
In other words, this is something to be used in addition to APT (i.e. post-install), rather than instead of APT.
* no dependencies between apps; single implicit dependency on the base
system by way of a Click-Base-System field
Just like Debian has an implicit dependency on the base system (except for base packages, which have more complicated rules). In other words, this system will only accept a single dependency, the Click-Base-System. I'm not quite sure why this is different from only accepting applications that only depend on Click-Base-System.
And note that the "each package will install to its own directory" bit is on the to-do list:
Obvious items I still need to work on:
Ask me about repetitive DNA
We need it because while current packaging systems are great for central control, they are bad for actually letting users contribute.
One more:
e) Most current packaging systems don't let you pick an installation directory. (Many programs have directories set in stone when you compile them.)
This is one that has affected me, because in the environment I work in, we have standard stuff installed locally but a lot of more esoteric software as well as more current versions of software installed to network drives. (For instance, we run RHEL6 which comes packaged with Python 2.6, but I almost always use Python 2.7 off of the network. Or we have Clementine available for use only over the network.) But the way existing package managers work means that we can't really use them, which means that if I want to make something new available over the network, I have to go and chase down its dependencies myself and then compile everything.
3) Centralized control over what software is installed suddenly becomes difficult
I would argue that point for the most part. From some vantage point, it's already difficult to have centralized control over what's installed. After all, I can still do what I described above to install software, without the support of the package manager. It's just a pain. Or even if you switch to a better package manager that allows users to have control over what gets installed, you can still block that as an administrator by setting noexec on the drives.
Hello Debian
Except Ubuntu users want cutting edge Debian, not tried and tested Debian...and unfortunately using Debian is not going to make it more cutting edge.
Crap, shoulda previewed. Sorry for the formatting. Fixed version:
Then you would end up with a massive PATH variable...
First: that's only one solution. For example, I have (issues file system query) probably three or four thousand different packages available to me right now, all installed into their own directory. (This counts multiple versions separately. As a disclamer, some of those packages are very very old and won't even run on this system as the library dependencies aren't present or they are only built for another architecture, and most of the others are obsolete and there's little reason to use them. Point being: I have access to tons of packages.) My $PATH has 21 entries, including some redundancies.
The first step to reconciling these facts is basically what you suggest later in your post: that there are multiple directories with symlinks. For instance, ~/bin is in my $PATH, and it has a few dozen symlinks to some of those packages.) But doing this or what you said ("one possibility might involve putting symlinks in /usr/bin to program files into another directory where different versions of the program can be stored") still requires a package manager which can install to a different location, which is not really supported by the Apt toolchain.
Second: just because you have a package available doesn't mean you need it in your $PATH. I have a ton of different GCC versions available, and I use three or four with some regularity. (I use even more of them infrequently.) But I don't necessarily need, say, GCC 4.5 in my $PATH. If I want 4.5 explicitly, I can always run /path/to/gcc-4.5/bin/gcc.
Third: you have to remember who Ubuntu is aimed at. It's aimed at casual users. Casual users don't even care about $PATH in the first place, because they don't start things from the command line. They just hit the windows key or whatever they do to bring up the launcher, choose what program they want to run, and click it.
They need to be respected, even if it has significant problems in some environments and fatal problems in others (e.g. mine)?
Unix had a ton of really great ideas. But many of them have run their course. You can't progress if you say you can't change stuff.
actually, it's something that Windows gets dead-wrong, because executable installer apps (setup.exe and the like) are just plain fucking stupid.
they're an unfortunate necessity because windows doesn't have, and never has had a decent package management system. and is unlikely to ever get one because the windows software market is primarily commercial and proprietary.
when you have 10 (or 100 or 500) packages to upgrade on a single system (and then multiply that by 100 or 1000 systems), executing hundreds of installer packages one after another is the worst possible way to do it.
i've never understood why Windows (or Apple) users tolerate that shit. it's a tedious chore that's ripe for automation - exactly the kind of thing that computers are good at doing and users are bad at doing (due to boredom, fatigue, loss of attention, ignorance, or stupidity)
which is precisely why linux distros (and other *nixes) don't do it that way. they have packaging systems because systems are consistent, predictable, and easily automated.
windows users and windows developers often have just the wrong way of looking at things, the wrong mental model of how things work and how they should work.
I ran across a program for Windows recently called Ninite. It's a multi-app installer and updater. it sounds like a good idea and is. it's a big improvement over the usual click-and-execute for each individual program.
except the way it works is weird and clumsy:
you go to their website and select which apps you want to install (from a bunch of internet-available apps, including free software and proprietary freeware like adobe flash), and then it builds you an installer app that you download and run, and it installs and/or upgrades the apps you selected off their website.
WTF?
nice starting idea, but the implementation is idiotic. Why not just have one Ninite app that fetches a list of available apps and installer URLs and whatever custom installer scripts ninite needs for them) and allow the user to select which apps whenever they run it?
i.e. instead of a moronic implementation, actually make a smart and useful implementation that copies good ideas from linux distro installers like apt-get and yum, and re-purposes them for the Windows environment.
(oh, and adobe are sending cease-and-desist letters and threatening to sue if the ninite developer doesn't remove the ability to install & update downloadable adobe products like flash, so his good ideas and good intentions are fucked by the corporate vermin mindset that dominates the windows software market)
another thing windows devs don't get is shared libraries (DLLs in windows terminology). Why does every single app have to install their own copy of the MS C++ libraries? or .net? or nvidia physx? and numerous other common library packages? these things are supposed to be shared resources provided and kept up-to-date by the operating system, not bundled with every app that uses them.
Except Ubuntu users want cutting edge Debian, not tried and tested Debian...and unfortunately using Debian is not going to make it more cutting edge.
You asked for it, Debian delivers. The Debian CUT Project aims to publish usable snapshots of Debian Testing on a monthly basis. They're pretty new but picking up steam.
I've definitely not been a fan of their track record these past few years, but they do occasionally hit on some really good ideas (if somehow managing to screw up their implementations: Upstart was a good in principle, and so was making a verical launcher/taskbar instead of making our widescreens even shorter.) This is another one. Well, sort of. Maybe not 'no dependencies' but at least 'no dependency conflicts, ever.' It's two thousand thirteen, why are we still tolerating this shit? There's absolutely no reason why the package manager can't chroot/symlink the little fuckers and make them see what they need to see so they can coexist with any other package. If the package manager is informed enough to recognize a conflict, it's also smart enough to resolve it without the user doing anything beyond confirming the installation of the extra required dependencies, and yet for some reason none of the current crop of package mangers do this.
I'd rather have a bad solution from Ubuntu inspiring people to do it the right way (see: Mir lighting a fire under GNOME's ass to help out with Wayland) than have no solution at all.
another thing windows devs don't get is shared libraries (DLLs in windows terminology). Why does every single app have to install their own copy of the MS C++ libraries? or .net? or nvidia physx? and numerous other common library packages? these things are supposed to be shared resources provided and kept up-to-date by the operating system, not bundled with every app that uses them.
They are... sort of. Take the MSVC runtime. That's not maintained or installed necessarily by the OS for (some good, some mediocre) reasons which I'll explain in a second, but I'm 95% sure that it's shared between programs in the sense that when you see an program installer that spawns off the MSVC runtime installer, the latter will either be (1) installing a new version of the MSVC runtime or (2) discovering that it's already present and doing nothing. The runtime installs to a shared location. (Look at msvc*.dll in windows\system32.) So the runtime installer has to be bundled with individual programs for the upcoming reasons, but it's not wasting disk space by installing duplicate copies (subject to the caveat below) or wasting memory by loading the same thing from different hard drive locations at different time.
So why does it do this? Well, a couple reasons, I think. (I'm speculating here, but I consider them educated guesses.) First is the mediocre reason: there's no package manager. This leads to the "well, you have to ship the runtime installer with each program."
Second is the pretty-good reason: compatibility and correctness. You can definitely have multiple major versions (e.g. the runtime associated with VS2008 and 2010) installed simultaneously, and I think you might be able to have multiple patch versions of the same library installed simultaneously. I think the former is true in Linux too (libfoo.so.1.0.0 vs libfoo.so.2.0.0, though I thought those only show up for -devel packages... hmmm, not sure), but the latter isn't so much. It may well be that Program A installs version 1.0.0 and Program B installs version 1.0.1239, where on Linux the latter would likely be packaged to upgrade the former. (This is the caveat to my "no wasted space" claim above.)
Why is that good? Well, why did the library change? Bug fix? Well, MS usually will bend over backwards to maintain compatibility, which has often meant bug-for-bug compatibility with old programs, at least as a shim. If you take the Linux approach, then programs which rely on the old behavior of the buggy code will break. This is sometimes good (e.g. bad security-related fixes), but is often not. Or it doesn't have to be a bug fix, it could just be some behavior change within the specification. By keeping multiple versions around, the Windows approach keeps the individual programs happier.
How you weight these various advantages and disadvantages is up to you. I'm not really trying to argue that the Windows approach is better, just explain why it is as it is and give a fair description of what goes on.
*If* everyone picked exactly the same lib version, yes.
In practice, people aren't going to standardize on the same library version.
Bonus problem: Now each app provider is responsible for addressing a hypothetical libcrytpo vulnerability rather than the distro patching it in one place.
XML is like violence. If it doesn't solve the problem, use more.
Anyone on this site who is stumped by grep missing need leave. Now.
each program came with its own video card drivers, it's own printer drivers, it's own windowing system, it's own mouse reading code, and sometimes it's own memory management code.
SABNZBD is a great example of what I'm talkign about.
On Windows, it's... "click the installer" and it's pretty much done.
On Kubuntu Linux, I had to locate a solid tutorial, about 7 pages long, on installing it and getting it running correctly.
I have nothing against text files as config files, but geez... how about standardizing the damn things? ...and Where the f*ck are my logs? No, they don't get put in the same subfolders every time, and I NEED those logs a lot more in Linux than in Windows.
I'm running a LAMP server and I have Kubuntu running as a media server. Every time I plug in a new USB drive, I have to go through a bunch of extraneous steps just to permanently mount and share the drive on SAMBA - there just isn't a simple way to do it. I have to get the UUID of the drive, and edit FSTAB and the samba config files. Why does it have to be that painful?
I have init.d scripts that work fine on a couple of my python daemons, but not on a couple of other daemons (which manually start fine).
So I'm "holding it wrong?" - sorry, the OS should NOT have me so involved. I'm a software developer, my bread and butter is on Microsoft-based enterprise apps, but my background includes years working in embedded systems. Hell, I've written my own multi-tasking operating systems and built up entire IO libraries for devices that were custom built.
I'm wrong for wanting to drop an installer on my Linux box and have it install without issues. I should WANT to have to fire up the editor-de-jour for whatever flavor of Linux I'm using (let's not forget to fire it up with sudo!!), and sift through a bunch of options, hopefully all of them are documented, to configure it? Again, why? What's the point of having a GUI if not to make life easier for users? Why bother with VNC?
Do you think my parents would use a shell-based OS? Hell no. What I always get form Linux fanatics is the condescending "use the shell" answer, which is complete bullsh*t. Editing text config files isn't much different from using a shell either... Would it kill Linux developers to provide a GUI control panel? Would it kill them to provide a one-click install? ...and why don't they? Oh yeah... because who knows what desktop or distribution they will be installed in.... yes, it's all called Linux, but it's like everybody who gets upset takes theri ball and goes home... then branches off another distribution.
Sorry... venting again.
The point is, it shouldn't be so hard for people who are not autistic savants who dwell on TTY terminals, tapping away on monochrome 80x25 text displays, convinced of their superiority. I don't live and breathe Linux, so don't tell me I'm doing it wrong.
For the record, I've never had to do any "registry hacks" to install any damn Windows apps - not in 20 years of using Windows. Either there is an installer that works fine, or it's a portable app that can be dumped into a folder and run. I've written plenty of apps that can launch, and configure themselves for running as a service, or setting up as a startup app. I've also written a lot of software pretty "close to the metal" - apps running on over 400,000 PCs right now, where security and robustness is important. They work. They don't require any hacks. The user doesn't even get involved in the install process.
it's not that we don't understand how and why windows DLLs are fucked up, it's just that since we're used to a versioned shared library system that actually works, we see the windows DLL mess as being fundamentally broken.
you don't even seem to understand what's being discussed here - after the second sentence, you digress into an irrelevant rant about kernel versions.
and, BTW, since linux can run even ancient a.out format binaries from the 1990s on modern kernels, the problem you are describing is actually a problem of shoddy practices by proprietary software companies.
I've got a better idea. Or rather, Pat Volkerding does. Never mind dependency checking, just let the user sort them out for himself. Slackware's package system is beautiful: a simple *.tgz or .txz file, with a note saying "and BTW, you'll need foo and bar as well". No need for separate directories full of statically linked packages, and it just works.
Of course, I have to admit that Debian packages work too, but if that nice Mr Shuttleworth thinks otherwise, then (sadly) there's another reason not to use Ubuntu.
While I can admire Shuttleworth's passion, he isn't doing anyone any favours by pursuing this "Not Invented Here" ideology. Everyone would benefit if he would just act like a part of the community, instead of trying to railroad it.