Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

The Future of Packaging Software in Linux

Posted by Zonk on Mon Feb 19, 2007 12:39 AM
from the come-together-right-now dept.
michuk writes "There are currently at least five popular ways of installing software in GNU/Linux. None of them are widely accepted throughout the popular distributions. This situation is not a problem for experienced users — they can make decisions for themselves. However, for a newcomer in the GNU/Linux world, installing new software is always pretty confusing. The article tries to sum up some of the recent efforts to fix this problem and examine the possible future of packaging software in GNU/Linux."
This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • The solution! (Score:5, Insightful)

    by Stormie (708) on Monday February 19 2007, @12:43AM (#18064606)
    (http://www.eldergoth.com/)
    Why do I have a sneaking suspicion that the solution will be to create a sixth way of installing software, which will also not be widely accepted throughout the popular distributions?
    • Re:The solution! by tigerflag (Score:3) Monday February 19 2007, @12:49AM
      • Re:The solution! (Score:5, Informative)

        by Max Littlemore (1001285) on Monday February 19 2007, @01:19AM (#18064836)

        Using multiple package formats is great idea, IMO. I use alien on Ubuntu for those situations where the software I want is only avaliable in RPM, but as it says in the summary, new users can be a bit confused by this and building from sources is often too much. I would like to see GUI tools get the smarts to automatically figure out dependencies across all formats, allowing all distros to become package agnostic. Perhaps Linspire's CNR interace would be a good candidate for this.

        Also, the option to resolve dependencies and install as a statically linked blob would be awesome for legacy stuff. I've lost count of the number of times I've wanted to install an app, only to find that it relies on some obscure version of xyz.so and won't work, so I find the source for the old version of xyz, only to find it depends on some older version of abc.so. If I could get this xyz.so, etc without conflicting with that xyz.so, create a static binary and put it somewhere under /opt, I'd be happy. I know it's not elegant, and that it uses more storage, but as a work around for difficult to support stuff, it ain't so bad when storage is cheap. Some apps I always install as blobs anyway, such as blender.

        BTW, from TFA: Network Access Message: The page cannot be displayed
        Slashdotted :-(

        [ Parent ]
        • Re:The solution! (Score:5, Insightful)

          by M. Baranczak (726671) on Monday February 19 2007, @02:15AM (#18065146)
          I would like to see GUI tools get the smarts to automatically figure out dependencies across all formats, allowing all distros to become package agnostic.

          The package formats are easy. The real bastard is that each distro has subtle differences in how the packages and the dependencies are organized. The only way that I can see to fix that is to design a universal package tree, and convince all the major distros to conform to it. Which is not impossible, but it aint easy, either. And it might cause other problems.
          [ Parent ]
          • Re:The solution! by cheater512 (Score:2) Monday February 19 2007, @02:33AM
            • Re:The solution! by dotgain (Score:1) Monday February 19 2007, @02:58AM
            • Re:The solution! by Sillygates (Score:1) Monday February 19 2007, @03:36AM
              • Re:The solution! by baldass_newbie (Score:1) Monday February 19 2007, @05:48AM
              • Re:The solution! by Ash Vince (Score:2) Monday February 19 2007, @08:22AM
              • Re:The solution! (Score:4, Insightful)

                by trianglman (1024223) on Monday February 19 2007, @09:00AM (#18066926)
                (Last Journal: Monday October 22, @10:09PM)

                packaging is the most major part of a distribution's job.

                This is one of the places Linux gets it wrong. My operating system should not be responsible for all the software I might at some point want to install. Windows messes this up too at times (IE), but MS is much less of an offender than Linux is. It should be responsible for making it easy to install new software, among many other things, but it should not be responsible for every software program out on the web.

                An operating system should be responsible for the kernel, file system, and the nuts and bolts of keeping the system running in general. The program creators should be responsible for packaging so that it can be installed (with the help of the operating system) and should also be responsible for dependencies. It should not be my job to spend three hours searching the web for some obscure package that the program creators just couldn't do without. If they see it as necessary, and they know its not readily available, they should package it with their own program (GPL and BSD licenses both support this and is one of the strengths of these licenses).

                [ Parent ]
              • Re:The solution! by Max Littlemore (Score:1) Thursday February 22 2007, @12:52AM
              • Re:The solution! by Enderandrew (Score:3) Monday February 19 2007, @09:07AM
              • Re:The solution! by Jesus_666 (Score:3) Monday February 19 2007, @10:11AM
              • Re:The solution! by Anonymous Coward (Score:1) Monday February 19 2007, @11:14AM
              • Re:The solution! by trianglman (Score:2) Monday February 19 2007, @12:55PM
              • Re:The solution! by bh_doc (Score:1) Tuesday February 20 2007, @01:38AM
              • Re:The solution! by Raenex (Score:2) Tuesday February 20 2007, @11:14PM
              • Re:The solution! by Sillygates (Score:1) Saturday February 24 2007, @08:48PM
              • 1 reply beneath your current threshold.
          • Re:The solution! by kripkenstein (Score:3) Monday February 19 2007, @03:48AM
          • Re:The solution! (Score:5, Interesting)

            The real bastard is that each distro has subtle differences in how the packages and the dependencies are organized. The only way that I can see to fix that is to design a universal package tree, and convince all the major distros to conform to it. Which is not impossible, but it aint easy, either. And it might cause other problems.

            Which is why, as it currently stands, this year will not be Year Of The Linux Desktop. Consumers won't just accept that they can't install software X because it's an RPM and alien doesn't work (this is of course after looking online for half an hour to figure out that alien is the tool to use). Manually compiling from source is simply not an option for standard users. Sure it's a dandy idea, and if you get a "fullproof" GUI that handles the compilation and installation then maybe, but I can't count the number of times make/make install has failed for some obscure reason. The first time grandma needs to go download dependencies means Linux has failed on the consumer desktop.

            This is one place that Microsoft and Apple have it right. By having a standardized method of installing and storing program information they make getting new software many times easier than on Linux (excluding the "normal" packages. I'm thinking more along the lines of tools and apps you download from the web). This is also one reason people are willing to pay for an operating system that has a standardized and dependable way of doing things.

            Microsoft even released the WiX toolkit [sourceforge.net] that allows anyone to create MSI installer packages. MSIs are one of the best ideas for Windows in a while: No more dealing with poorly-written homebrew installers or 10-year old, 16-bit InstallShield programs. Instead you have a fully scriptable installer that's transaction-based and has near 100% support coverage.

            I like apt, but downloading a gzipped file of source or a deb that complains about dependencies still can't compare to an MSI package. Even if a solution was developed that worked as well as or better than MSI, as you say, it would take significant effort (and maybe not even then) to get it supported by all the major distributions. Some people seem to think that the fact that Debian does things differently from Mandriva that does it different than Fedora is what makes the distribution "special". Be that as it may, I think it's only hurting Linux users as a whole.
            [ Parent ]
            • Re:The solution! by petermgreen (Score:3) Monday February 19 2007, @06:55AM
            • Re:The solution! by juergen (Score:2) Monday February 19 2007, @08:16AM
              • Re:The solution! by trianglman (Score:3) Monday February 19 2007, @09:17AM
              • Re:The solution! by Ulric (Score:2) Monday February 19 2007, @10:00AM
              • Re:The solution! by mstone (Score:3) Monday February 19 2007, @04:58PM
              • Re:The solution! by Max Littlemore (Score:1) Monday February 19 2007, @06:54PM
              • Re:The solution! (Score:4, Informative)

                by ElleyKitten (715519) <kittensunrise@gmail . c om> on Monday February 19 2007, @09:47AM (#18067222)
                (Last Journal: Monday September 11 2006, @09:36AM)

                Why do Linux fundamentalists believe that all users are idiots and they should go somewhere else? Until the majority of Linux users and developers get past this mentality we will never see Linux accepted into the main stream desktop market. Yes, most general users can find all the software they need in a single distro, but most users don't know Ubuntu from Fedora from SUSE. If they pick a distro that doesn't include a software package that they want it shouldn't require uninstalling the OS and installing a new one.
                If a user picks Fedora or Ubuntu or SuSe, then they should be able to find just about anything they need in their distro's package manager. They all include alternative web browsers, chat clients, games, KDE/GNOME/XFCE, programming tools, image editing software (as best as it gets in Linux), wine, and even different file managers and shells and stuff that average users would never care about switching from the default. If a newbie picks Slackware or DSL or FreeBSD and figure out what to do or how to install programs, then yes, they should switch to a more mainstream and newbie-friendly distro. But there's not that much differences in what's in the repositories of the main distros, so they shouldn't need to switch from Fedora to Ubuntu because of what packages are available.

                Distros shouldn't have to include every single piece of software that a user might want also. If they stopped doing this distros wouldn't require 5+ CDs or a DVD or two. Now, don't get me wrong, I appreciate having most of the programs I will need available on a set of five CDs, but this shouldn't be a requirement of distros.
                It's not a requirement of distros. Ubuntu and other distros are available on single CDs, with all of the rest of their programs available in the repositories, so you only have to download multiple CD or DVDs if you're installing to a computer without internet or if you just like having all that stuff offline.
                [ Parent ]
              • Re:The solution! by ElleyKitten (Score:2) Monday February 19 2007, @10:17AM
              • Re:The solution! by Ulric (Score:2) Monday February 19 2007, @10:39AM
              • Re:The solution! by ElleyKitten (Score:3) Monday February 19 2007, @11:20AM
              • Re:The solution! by MBGMorden (Score:3) Monday February 19 2007, @11:31AM
              • Re:The solution! by Phred T. Magnificent (Score:1) Monday February 19 2007, @11:40AM
              • Re:The solution! (Score:5, Informative)

                by ElleyKitten (715519) <kittensunrise@gmail . c om> on Monday February 19 2007, @12:03PM (#18068482)
                (Last Journal: Monday September 11 2006, @09:36AM)

                Last time I tried Ubuntu apt-get package_i_want failed to locate the program more than half the time.
                When you use the command line you have to make sure you spell the package name exactly right, for example "sudo apt-get install flash" won't work, but "sudo apt-get install flash-nonfree" does. Synaptic has a really good search feature that I use when i don't know the exact name. If Ubuntu really doesn't have half the programs you want, then what programs do you use and how do you normally get them?

                Relying on distros for your software has lead to the sad state we're in now. I don't rely on Microsoft to hand stamp and prepare every piece of software I used on Windows, and I certainly shouldn't have to do the same on my Linux machine. Until we get a method by which I download a file, click on it, and install a program (regardless of which distro I'm running or which version of GTK I'm running), Linux will lag behind. SEVERELY.
                I personally like the package management system. I like having one place to look for software for my system, software that I know has been tested with the programs I likely have on my system, software that I know will update with the rest of my system, software I know isn't spyware. It sounds like it wouldn't work too well, but it really works rather well since there are so many programs in the repositories. Even for the programs that don't want/can't be in the repositories, there's ways for people to install those easily as well. There's java programs that install easily regardless of your Linux, there's autopackage, and some developers just put the program and all the files in a zip file that you can extract and then run where ever you want. There are solutions, they probably need better development, but they're not in terrible shape and that's not the most pressing issue for Linux. Much more important is getting the software people really want on Linux (or at least working really well and easy with wine) and making really good oss equivalents to proprietary software (we need something better than gimp to compare to photoshop) and we also need more device drivers, especially wireless. Those are much more important than package management.
                [ Parent ]
              • Re:The solution! by ElleyKitten (Score:2) Monday February 19 2007, @12:19PM
              • Re:The solution! by Phisbut (Score:2) Monday February 19 2007, @12:59PM
              • Re:The solution! by ElleyKitten (Score:2) Monday February 19 2007, @01:28PM
              • Re:The solution! by Procyon101 (Score:2) Monday February 19 2007, @03:03PM
              • Re:The solution! by Procyon101 (Score:2) Monday February 19 2007, @03:12PM
              • Ubuntu does not distribute Oracle by symbolset (Score:2) Monday February 19 2007, @03:13PM
              • Re:The solution! by billycongo (Score:1) Monday February 19 2007, @05:33PM
              • Re:The solution! by Ulric (Score:2) Monday February 19 2007, @07:29PM
              • Re:The solution! by rts008 (Score:2) Monday February 19 2007, @10:40PM
              • Re:The solution! by Yorkshire Tyke (Score:1) Tuesday February 20 2007, @05:58AM
              • Re:The solution! by trianglman (Score:2) Tuesday February 20 2007, @07:44AM
              • Re:The solution! by juergen (Score:1) Tuesday February 20 2007, @09:30AM
              • Re:The solution! by aug24 (Score:2) Wednesday February 21 2007, @07:14AM
            • Re:The solution! by StormReaver (Score:2) Monday February 19 2007, @09:07AM
            • Re:The solution! by ElleyKitten (Score:2) Monday February 19 2007, @09:28AM
            • Re:The solution! (Score:5, Insightful)

              by mrsbrisby (60242) on Monday February 19 2007, @09:40AM (#18067166)
              (http://nimh.org/)

              Which is why, as it currently stands, this year will not be Year Of The Linux Desktop. Consumers won't just accept that they can't install software X because it's an RPM and alien doesn't work
              Now my daughter just received a "game" on Windows- brand new (2007) game that insisted on running in some "compatability" mode in Windows, and in a resolution that her LCD display couldn't cope with. The fact is that Windows users have run into this problem attempting to install software that isn't for their particular operating system, and failed on the Internet for a few hours. They just assume that Linux users have run into the same problem.

              They don't. Linux users install software out of their software catalog. Occasionally the brave ones go to the author's website, and download the software from there.

              This is also one reason people are willing to pay for an operating system that has a standardized and dependable way of doing things.
              Bzzt. Wrong. Nobody is willing to pay for Windows, that's why Microsoft doesn't let OEM's give you a choice. Duh, I'll use the Windows I already bought. And don't spread that Lie about how I don't have a License to.

              Microsoft even released the WiX toolkit that allows anyone to create MSI installer packages.
              But not the MSI format specification. That would allow me to cross-compiler into an installable package. As it stands, my users who run Windows have to deal with no installer.

              MSIs are one of the best ideas for Windows in a while ... No more dealing with poorly-written homebrew installers or 10-year old, 16-bit InstallShield programs.
              You're wrong, and you want proof? Look how many programs- nay, look how many programs come from Microsoft that are still distributed as exe files. That shiny new Zune's software comes in exe-form.

              Once that 16-bit installshield program was written, it's forever supported. You can't put the setup.exe genie back in the bottle, and you have to live with that. With Free Software, we can take our software library with us, which is why Free Software always gets better, and non-Free software atrophies.

              Instead you have a fully scriptable installer that's transaction-based and has near 100% support coverage.
              You are wrong on all counts. Pull the power plug while installing and you'll see just how transactional it is. I don't even think you know what coverage means: Microsoft Support will tell you to reinstall your operating system if a broken/corrupt/poorly-written MSI breaks your system. Even if they make it.

              I like apt, but downloading a gzipped file of source or a deb that complains about dependencies still can't compare to an MSI package.
              No of course not, but that's why you used a straw man. MSI is an executable, and just made Microsoft's security problem worse: it introduced yet another executable file format. Nobody downloads "gzipped file of source or a deb that complains about dependencies" ever. They say "apt-get install xyz" and it goes and figures out the dependancies itself.

              It doesn't have to- Linux users could waste disk space by including the dependencies with every program- and some Linux distributions even do this(!), but it makes upgrades very difficult. For example, when libz had a vulnerability discovered, only one copy needed to be upgraded on most Linux systems. On Windows, almost every program that dealt with gzip or deflate-compressed data (like png or zipfiles) needed to be upgraded. Worse still, that library or program can be anywhere on your hard drive, and you might never know it.
              [ Parent ]
            • Re:The solution! by gr8dude (Score:2) Monday February 19 2007, @12:25PM
            • Re:The solution! by nikster (Score:2) Tuesday February 20 2007, @03:05AM
            • 1 reply beneath your current threshold.
          • Re:The solution! by ozmanjusri (Score:2) Monday February 19 2007, @04:20AM
          • Re:The solution! by msobkow (Score:2) Monday February 19 2007, @06:45AM
          • Re:The solution! by Deliveranc3 (Score:2) Monday February 19 2007, @10:59AM
          • Easier solution! by booch (Score:2) Monday February 19 2007, @12:28PM
          • 2 replies beneath your current threshold.
        • Re:The solution! by Anonymous Coward (Score:3) Monday February 19 2007, @02:46AM
        • Re:The solution! by Jesapoo (Score:1) Monday February 19 2007, @03:11AM
        • agree 100 per cent by Toby_Tyke (Score:2) Monday February 19 2007, @06:03AM
        • Re:The solution! by swillden (Score:2) Monday February 19 2007, @11:23AM
        • Re:The solution! by misleb (Score:2) Monday February 19 2007, @01:10PM
        • Hear Here! by Max Littlemore (Score:1) Tuesday February 20 2007, @10:39PM
        • 2 replies beneath your current threshold.
    • Re:The solution! (Score:4, Funny)

      by SnowZero (92219) on Monday February 19 2007, @12:49AM (#18064634)
      Don't worry, a seventh way will come along to wrap those first six which don't solve the problem, and it will be the ultimate meta-universal generic packaging system.
      [ Parent ]
    • Re:The solution! by Anonymous Coward (Score:1) Monday February 19 2007, @12:49AM
      • 1 reply beneath your current threshold.
    • How about we take the easy way out? (Score:4, Interesting)

      by khasim (1285) <brandioch.conner@gmail.com> on Monday February 19 2007, @12:57AM (#18064692)
      And that is ... define the requirements that the next generation package manager should have.

      That way there is no need to worry about "replacing" the existing systems. You can instead focus on evolving them to meet the requirements. Even if each distribution/project takes its own path to get there.

      #1. It must make installing new software as easy as it currently is with apt.

      #2. The same for upgrading the software.

      #3. The same for removing the software.

      #4. The same for handling dependencies. Including the order in which dependencies must be installed.

      #5. The same for validating the installed software against the original software (checksums or whatever).

      #6. The same for re-installing the software over the existing installation when you accidentally delete or over-write something.

      #7. The ability to point the updater at your own repository or multiple repositories.

      #8. The ability to recompile (automatically) any software that you install for your specific hardware.

      Anything else? Yeah, I know most of this is already handled with apt. But that's what I'm most familiar with. I keep seeing all the articles about "problems" but I don't seem to run into any problems on my server or workstations (and I'm running Feisty Fawn on my workstation).
      [ Parent ]
    • Re:The solution! by Jessta (Score:2) Monday February 19 2007, @01:52AM
    • Re:The solution! by aonic (Score:1) Monday February 19 2007, @03:07AM
    • Re:The solution! by Yvanhoe (Score:2) Monday February 19 2007, @04:24AM
    • There is no Linux, only Debian, Ubuntu, RedHat... by babbling (Score:2) Monday February 19 2007, @06:46AM
    • Re:The solution! by VoltageX (Score:1) Monday February 19 2007, @08:42AM
    • There is no packaging problem. by brendan0powers (Score:1) Monday February 19 2007, @09:42AM
    • Re:The solution! by radtea (Score:2) Monday February 19 2007, @10:24AM
    • Re:The solution! by nyghtraven (Score:1) Tuesday February 20 2007, @07:03PM
    • Re:The solution! by Alchemar (Score:2) Thursday February 22 2007, @12:43PM
    • 2 replies beneath your current threshold.
  • Applications Packages (Score:5, Interesting)

    by SultanCemil (722533) on Monday February 19 2007, @12:44AM (#18064612)
    If only major linux distros would use Application Packages like OS X, the world would be a better place.

    Seriously, drag-n-drop installation rocks.

    • Re:Applications Packages by Whiney Mac Fanboy (Score:1) Monday February 19 2007, @12:54AM
    • Re:Applications Packages by SnowZero (Score:2) Monday February 19 2007, @12:54AM
      • As does clicking on a checkbox. Seriously, I don't need it to be any easier.

        Unless the software you want isn't in the Synaptic repository. Then it's hell on earth for the average user. The only response they get from support and developers is, "Why would you want to use software that isn't in the repository?"

        Actually, that's not true. There are plenty of other fun responses:

        "You should compile it from source."
        "The vendor should spend his time getting his software added to our respository!"
        "Use RPMFind. I'm a developer and I've never had a problem installing binary packages on the distro I work on." (Conveniently ignoring that when something breaks, the "developer" fixes it himself.)

        Not that there's much point in harping on this again. I'll just get the same, "U R STUPID", "You need to try distro XYZ", and "Everything is in my distro's repository!" answers I've gotten before.

        Blinders on, and full speed ahead cap'n!
        [ Parent ]
    • Re:Applications Packages by BW_Nuprin (Score:2) Monday February 19 2007, @12:58AM
      • Re:thirdsies by Achromatic1978 (Score:2) Monday February 19 2007, @01:29AM
      • Re:thirdsies by dotgain (Score:1) Monday February 19 2007, @03:22AM
      • 1 reply beneath your current threshold.
    • Re:Applications Packages (Score:5, Insightful)

      by croddy (659025) on Monday February 19 2007, @12:58AM (#18064702)

      The reason Linux distributions have not been trembling to adopt the OS X style of package management, if you can call it that, is that it would be a poor fit for the Linux software ecosystem.

      The vast majority of software used on Linux systems is licensed under the GPL; what is not is almost always under another license permitting free redistribution. This gives Linux distributors great freedom in selecting and assembling a compatible collection of versions, tested and working with the same versions of dependent libraries. In a larger distribution (such as Gentoo, Debian, or Fedora), most of the software you will ever need is already a part of the OS -- you just need to use the built-in package management tools to summon it from the distributor's repository.

      OS X-style package management is best suited for a software ecosystem in which users draw software from a large number of heterogenous third-party sources, while the core OS and iLife suite are maintained and updated by Apple. A third-party distributor who wishes to distribute something that must link against a particular version of a library can include it in the application bundle, knowing that the exact version needed will be available. This can lead to many copies of the same libraries being installed, facilitating compatibility with applications that require different versions, but consuming (small amounts of) disk space unnecessarily and increasing the attack surface when multiple copies of an exploitable library are installed on the system. A system such as APT does not need to provide a facility for private copies of libraries, since it does all of the dependency computation, and all software in the repository is built and linked against the libraries in the repository.

      Certainly, once you have resigned yourself to visiting a third-party distributor's web page, manually downloading a binary package, and then manually installing the binary package, drag-and-drop installation is very convenient. But the Linux software ecosystem does not require this concession from the user -- the Linux distributor is free to provide a repository and tools for finding, installing, and updating software, without the need for manual installation.

      [ Parent ]
    • Re:Applications Packages by Ash-Fox (Score:3) Monday February 19 2007, @01:03AM