AutoPackaging for Linux 623
Isak Savo writes "The next generation packaging format for Linux has reached 1.0. With Autopackage officially declared stable, there is now an easy way for developers to create up to date, easy installable packages. There are lots of screenshots available including a flash demo of a package installation."
Aren't there enough (Score:2, Insightful)
Where does everything get autopackaged to? (Score:2, Insightful)
So, does this address the problem? Most software makers would really like to be able to release ONE package for their software and know that it will end up somewhere sensible.
I know we all love to bash Microsoft, BUT, I have rarely seen an installation problem with software written for Windows.
Mirrordot (Score:4, Insightful)
-----
Check out the Uncyclopedia.org [uncyclopedia.org]:
The only wiki source for politically incorrect non-information about things like Kitten Huffing [uncyclopedia.org] and Pong! the Movie [uncyclopedia.org]!
Yes, we need this!! (Score:5, Insightful)
The reason is that most of these packaging solutions, while great for developers and those who want detailed knowledge of the inner workings of their systems, simply suck when given to mortal users.
And they don't handle a number of edge cases too well... What if you want different versions of some software to coexist on the same system? What if you want ten different versions of a library? Yes, these can all be handled by current stuff... but not very well. It's bad enough that when we install software here, we actually get the rpms or whatever and then re-package them ourselves to serve our needs.
A packaging solution that actually works is desperately needed.
Re:nextgen already here: emerge (Score:1, Insightful)
Wrong Paradigm (Score:5, Insightful)
The current Linux model of distros integrating and authenticating software from upstream authors helps ensure the security of the userbase as well as providing installation ease of use. This is something we should be proud of rather than trying to imitate the technically inferior competition.
Re:nextgen already here: emerge (Score:5, Insightful)
Installation for Windows (Score:3, Insightful)
For more information on autopackage... (Score:5, Insightful)
Here is the sourceforge link [freshmeat.net] with some more info and downloading.
Re:Where does everything get autopackaged to? (Score:5, Insightful)
This is a great thing for Linux (Score:2, Insightful)
Please let non-root people install (Score:5, Insightful)
It's absurd that you need to enter a root password to do something as simple as install a user-space program - and it's absurd that package mangers only support dependancy checking for stuff installed in the main system directories.
At work, the main directories (/usr, /bin, etc) can only be accessed by the IT guys; but every department has a directory ("/usr/department/engineering", for example) of that memebers of that group can install software in. We have a newer version of Perl in ours. It really sucks that package managers can't help deal with the dependancies in an environmennt like this.
It does not scale. (Score:2, Insightful)
Be like OSX (Score:0, Insightful)
I do like apt as well, but I've also had some apt-nightmares trying to sort out messed-up dependancies on my debian box.
I don't know about this (Score:2, Insightful)
Encouraging users to install Comet Cursors for Linux seems to me like a huge step backwards for Linux. I sincerely hope that distributions do not support this or any other system like this one to promote good computing practises and avoid the sorts of problems that plague Windows users. Why do we want to emulate what has been proven to be a terrible way of distributing and using software?
Re:Wrong Paradigm (Score:4, Insightful)
I guess you would only be happy if we just pulled everything down from SVN/CVS and built from source.
MIRROR IS HERE (Score:3, Insightful)
Re:Wrong Paradigm (Score:5, Insightful)
Nobody's trying to copy the Windows paradigm with autopackage. What they're trying to do is break down that barrier to cross-distribution software releasing. Your average desktop user does not want to compile software. Dropping to a terminal, cd pathtoapp, tar -jxvf whatever.tar.gz, cd newpath,
"If they can't compile they should run Windows" is a stupid, backwards attitude, and autopackage is trying to fix it. Relying on upstream content providers is dangerous -- what happens when you disagree with your upstream provider? You have to switch distributions? Pat recently dropped Gnome support for Slackware -- I still run gnome. I do it with a third-party package from dropline. Is that broken? No.
The way to fix the problems you describe is to educate users, not to remove their usage priveleges. Teach people not to install untrusted software -- and teach them how to tell what software to trust! Don't just slap their hand and yell NO.
Re:nextgen already here: emerge (Score:3, Insightful)
Re:Be like OSX (Score:4, Insightful)
#apt-get update
#apt-get dist-upgrade
Badabingbadabangbadaboom. It's done. Happy days are here again.
Re:nextgen already here: emerge (Score:5, Insightful)
Some people like Gentoo, but some people have serious issues with it. emerge is a decent package manager, but it's attached to a distro that conservative users aren't going to touch. The more conservative distros have package managers that their users are already perfectly happy with, so it's unlikely to be used anywhere else.
Re:Wrong Paradigm (Score:3, Insightful)
Yeah, just like if the ActiveX-plugin paradigm was broken, nobody would use IE, right?
Most users have *no* clue if a piece of software is designed incorrectly or not, it has exactly zero bearing on whether the masses use a particular piece of software or not.
Re:nextgen already here: emerge (Score:5, Insightful)
Re:Yes, we need this!! (Score:5, Insightful)
It seems to me that {NeXT,Open,GNU}step-style apps are both good for developers, and great for mortal users. Drag an app (it's just a file) to your Applications folder, double-click it to run, drag it to the trash to delete. They also handle your "edge cases" (multiple installed versions) just fine.
They're actually quite a bit simpler for users because an app is just a file -- a first-class object in the system. You don't need a special program just to "install" and "uninstall" programs. You don't need ugly hacks like the "start menu" (Gnome or KDE's reimplementation of it). Users think an app should be a first-class object, and it's perfectly feasible, so as developers we should make that the case.
The autopackage FAQ has "what's wrong with NeXT/MacOSX style appfolders", but it seems to consist mostly of hand-waving and straw men. They don't seem to understand how NeXT/Mac apps work, e.g., w.r.t. linking.
BackPackage (Score:3, Insightful)
The really big leap in backends would be a distributed repository. Instead of just a network of (unsync'ed) mirrors of a single monolithic repository, we need a mirrored or otherwise distributed directory of repositories, each with an overlapping fraction of the current repositories. That will accommodate the bandwidth and storage requirements for installing specific versions of packages, across the exploding Internet userbase, especially as the mirror:client ratio gets worse. Alternate repositories should be the rule, not just the exception [apt-get.org].
Re:nextgen already here: emerge (Score:3, Insightful)
Re:Be like OSX (Score:4, Insightful)
hahaha
hahahahahahaha *gasp* HAAAAAAAAAHHAHAHa
Now Debian is my favourite distro by far but I'm never gonna pretend that the package system is solid. Having way to many times been in the position where some little thing breaks and dpkg and apt just choke totally (to the point where I can't install something because I some package is broken and I can't uninstall that package because the damned uninstall-script needs something installed first).
The long and short of it is No, that's not how you "fix" dependencies in Debian. A lot of editing obscure files, handrolling temp replacement packages and so much swearing I need to put a parental advisory sticker outside my appartment is.
The idea of packages is bad. (Score:3, Insightful)
There is no earthly reason why a GUI application should scatter files hither and yon across a hard drive, and why installing a program should require some package or installer or whatever.
I cannot believe the hassle that I have to go through to install software on my Linux box as opposed to my Mac.
An OS X application consists of one file--- really a bundle. It is a directory that acts like a single executable file. Everything it needs to run that is not part of the basic OS X setup is in that file.
You don't even need to install the application. You can just run it from its compressed disk image that is still sitting in your downloads directory, if you like. Or you can copy it to your hard drive wherever you like. When you tire of it, you delete it.
Now, "Linux" is not capable of doing this because no one runs just Linux. But there is no reason why, say, Gnome apps can't be distributed this way. If there are technical issues in the way, they need to be resolved. Because the OS X way is better that the Linux and the Windows methods, and ought to be copied.
(ps: I do know that Unix programs are often installed via packages in OS X, as well as software that for whatever reason needs to modify the OS. But these are very rare and approached warily by seasoned OS X users.)
Re:Wrong Paradigm (Score:5, Insightful)
I'll tell you this now, the packaging system is not the factor that people base their decisions to run windows on.
Yes there are some things about Windows that suck but MSI and InstallShield installers are not a example.
When you are installing from installshield, you're basically saying: 'Hello random executable from the internet (even if you are signed by someone), here, overwrite any of my libraries you'd like, with whatever obscure or customised version you want. Oh, and while you're at it, do whatever you want to my registry...'
I guess you would only be happy if we just pulled everything down from SVN/CVS and built from source.
That's a strawman attack. He didn't say anything like that - in fact it's the complete opposite of what he was arguing.
Re:Some FAQ entries (Score:2, Insightful)
Do appfolders (bundles), and if you want the functionality of a shared library, include it in the bundle. Unless it's something like 100 megs. Which it won't be.
If dozens of programs each end up including the same shared code in their appfolders, who cares? Again, hard drive space is cheap, and that's the price to pay for easier system management, and knowing that applications won't suddenly stop working when one of their dependencies has been changed.
Bundles are better.
Re:nextgen already here: emerge (Score:2, Insightful)
BTW, resorting to name calling really only betrays ignorance.
Ciao.
Re:Some FAQ entries (Score:4, Insightful)
Most applications shouldn't need to modify the OS to run, and for that minority that do, OS X still does have packages. This is how haxies and so forth work.
The only valid objection I've seen to bundles is the one about how a user shouldn't be able to install random software from the internet. This is a pretty good point, but I fail to see how that, even in a system that uses an apt repository, you would be able to prevent a user from downloading and installing some random RPM from a website. You would have to have a severely crippled OS.
Re:Some FAQ entries (Score:2, Insightful)
Re:Wrong Paradigm (Score:5, Insightful)
If there's one thing I love about Linux is the way I can download/install a software using a single command (or a GUI tool) in most distros.
Even Gentoo, not exactly regarded as the most user friendly distro, allows one to download & install a software by doing:
emerge XYZ
That's it. Same goes for Mandrake, Debian, Fedora, etc. End-user distros like Linspire even go further by allowing you to browse through all available software, look up the description and then perform a "one-click" install.
I think that's great, and a whole lot better than the windows (and mac os x) alternative where you have to look for software on the web, try to see if they contain malware, download them, run the installer, etc.
One of the advantage of the system is that the upstream provider (i.e. usually your distro) checks the package for validity. The packages you download won't contain virii or spyware (even if those were to exist on Linux) because the provider would likely not allow them...something MS would certainly do if they controlled the software ppl are downloading.
I know some packages are hard to install (Gnome for example) but for the most part, I feel software installation is a lot easier on Linux than on Windows, unless you go the CVS/SVN route and compile everything yourself.
At least on Mac OS X, you usually simply drag and drop the Application in the Applications folder and that's it. While not perfect, it's a whole lot better than Windows.
It Doesn't make sense ... (Score:2, Insightful)
Re:That's right. apt-get works. (Score:5, Insightful)
Re:I don't know about this (Score:5, Insightful)
This is hardly the point of the project.
The point of the project is to eliminate problems for developers in packaging their software to be able to run across distros.
The fact that it makes it easier to relieve dependency hell is a bonus for those users who want packages not included in their distro.
Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.
If Windows did that, everybody would still be using DOS.
Finally, the notion that it is somehow "evil" to install software from the Net is just stupid. The Net exists to distribute information - and programs are part of that.
Practically everything I use on the Windows side of my machine was downloaded off some Web site or another - and I have several gigs of stuff on my Linux side to explore yet which also has the same origin.
And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)
Users get spyware and other crap from stupid, pointless little programs offered by commercial entities because the user acts like a kid in a candy store when offered something "free". If the users really knew what freeware was about and where to get anything they need, they would be less likely to do stupid stuff like downloading a calendar program loaded with spyware.
While it is true that CORPORATE users should be restricted from downloading any damn thing they see (unless it has a productivity purpose), home users certainly should not be.
Your solution smacks of the paternalism I hate about Windows. You want your distro to control your machine just as much as Gates wants to control Windows users.
Sorry - not acceptable.
Re:I don't know about this (Score:5, Insightful)
Sorry if this sounds insulting, but your attitude seems really narrow-minded and short sighted. The whole reason the computer is such an incredibly useful tool is that it is so flexible and extendable. YOU might manage to get everything you need out of the software included in your distro, but do you really expect the big distros to anticipate every single need of every single user? A lot of people who are not computer experts have specific application needs that the vast majority of users don't share. Should a good distro include a version of GAMESS [ameslab.gov] just because I want to do a theoretical chemistry calculation? Or maybe the people who make distros should assume (correctly) that if I am one of the .0001% of computer users who would want to use that program, I should just go download it myself?
"This may sound elitist of me, but if you can't figure out how to do it now, you probably aren't capable of making that sort of decision."
Yes, you sound incredibly elitist, as if it is impossible to be smart and NOT a computer expert. There is a big difference between knowing enough about one's Linux distro to install a program and having enough common sense to find programs on the internet with minimal risk of installing malware. If I google search for software that simulates microwave spectra of asymmetric top molecules (and by the way there are quite a few) what are the odds I'm going to find spyware masking itself as what I'm looking for?
Re:Wrong Paradigm (Score:3, Insightful)
For example, I needed a swi-prolog installation for a small class project a couple days back. I needed the GUI library, which means the package available in Gentoo (swi-prolog-lite) would not be sufficient. Thus I had to download the
And now, how do I uninstall it,since the Makefiles don't seem to have make remove/uninstall/etc. that would delete the installed binaries.
Linux needs to improve the installer so that I don't have to wait for someone with repository access to create the package for me.
Missing the point (Score:3, Insightful)
This is hardly the point of the project.
Sadly, that is the point of the project. It's meant to aid the installation of packaged software from third party sources and manage dependancies in order to accomplish this. That is specifically my problem with it, it is a tool for enabling dangerous behaviour for unexperienced users.
Anybody who says EVERYTHING they'll ever need is included in their distro is just being a troll. Because it simply is not possible that ANY distro is "finished." And a lot of people don't want to wait months until something they want shows up in a repository.
I think you mistake the difference between "need" and "want". They are different, you know. So I will tell you that if you are using Mandrake, Fedora, Ubuntu, Gentoo, or any other popular distribution: there are no programs that an inexperienced user *needs* that do not come in their software repositories. Just because you are impatient and cannot wait a few months doesn't make your desire a neccessity, eh?
And I have NEVER had a spyware/virus/trojan problem from such software. (Although I have had software that simply screwed up the machine due to stupid programming.)
Shit, I didn't read that until now. I actually did think you were serious at first. Ah well, you got me.
Re:Some FAQ entries (Score:5, Insightful)
The thing that concerns me about the DMG exploits, is that they were caused by the fundamental design of the system not simple typos/poor coding practice. Having appfolders integrate with the system by registering file associations/URL handlers silently through the shell seems like the obvious way to handle this stuff in an "install free" environment, though really it's just doing the install at a later time. But it had unintended side effects which were devastating for security.
The problem is, to solve this you either have to go back to some explicit action integrating software with the system, or pile on more hacks to try and solve the security exploits. Apple chose both - Tiger boasts an improved installer, iTunes comes inside a package etc. But the approach they took with Safari reminds me of Internet Explorer: cover up a flawed technology like ActiveX with more and more hacks and security restrictions that somehow always managed to leak.
You are right that most applications should not need to modify the "system" to run. This is the principle behind authentication-less installation, which we only approximate on Linux with the install to $HOME feature in autopackage. Figuring out the exact set of permissions that are safe for installers to have and then enforcing them is somewhat tricky: both Windows and MacOS X are riddled with programs that demand the administrator password which implies that so far, nobody quite identified the sweet spot.
Re:nextgen already here: emerge (Score:3, Insightful)
If you can't handle a command line you probably don't want to be running unverified, alpha software.
Pretty much anything your average joe is going to want IS in portage. The stuff that isn't is generally really specialized, or not quite there yet in terms of features and stability.
Re:Aren't there enough (Score:3, Insightful)
Woah woah. Let me just stop and laugh for a moment. You're telling me that random developer X can do a better job of making a package than the people who develop the friggin' distro? Are you kidding?? Seriously, the idea that *more* cooks in the kitchen will somehow result in a "more coherent" set of packages is incredibly laughable...
Re:A Flash demo? (Score:2, Insightful)
Re:Missing the point (Score:1, Insightful)
Wow, you know the software needs of all users? How's the omniscience working out for you?
Yes, peole need to think before installing software. That doesn't mean thr process should be hard - in fact, making it artifically difficult encourages people to find unsafe and stupid ways to do things that get around the restrictions.
Not as simple as that (Score:3, Insightful)
I've had Debian distros do a meltdown on me doing that, and I followed every helpful guide on the Internet trying to fix it. The Autopackage technology seems like it has a fix for these dependancy problems and corrupt libraries.
Much as I hate to say it, Autopackage seems to add in Microsoft Windows like install and removal abilities to Linux. This is a good thing, because it makes Linux more of a desktop OS that the average person can use without learning how to be a Linux Admin. That makes Linux more popular and maybe more people will switch to it.
Re:Aren't there enough (Score:4, Insightful)
They won't do "packaging" better, simply it will be better. The developer of project foo may say: "foo version 2.15-b depends on project bar version 1.1 to run properly", and everyone would follow it. Distros still could package themselves in a different way but that won't bee too common, and at that point people may tell "hey, your fedora package don't works properly in debian". My point is that a common package format
WONT SOLVE ANYTHING. Autopackage doesn't solve anything because it's a better format, but because it has a different philosophy. It doesn't matter how good are deb or rpm - they will NEVER work in another distro just because of their philoshopie
Who will this benefit the most? (Score:2, Insightful)
I've been using Linux for quite a while (since 1997) and I think there is room for improvement, I like what I have going and don't need to change.
In addition to my current debian based systems, I've used RPM based distros (come to think of it my file server is limping around on a busted Fedora Core 2 install -- and it still does everything I need it too). One day I'll play around with Gentoo, just to see what all the fuss is about.
In other words I don't think this system will be a great benefit to an experienced Linux user.
Linux noobs would benefit more from finding a distro, learn it break it fix it. Than some newfangled universal wonder, that could cause confusion as to where the problem may be. (is it the distro? is it the package? is it me, or something I've done... fear panic... Oh well, I'll just go back to windows.
Some developers will benefit. But I'd guess that most GPL'd and open source devlopers have already got their groove on.
HMM... PROPRIETARY... maybe. I'm sure all of hardware manufactures with their trade secrets would love to have a package system that keeps their stuff locked up in a tidy cell.
This could be good: the more stuff that comes to Linux, the more stuff we can play with.
This could be bad: this free software stuff came into existance because Richard Stallman (as the story goes) wanted to make a simple tweek to a printer; this could help to bring that wonderful creation back to where it all started.
I'm not into Linux for the free stuff I'm into it because I love feedom.
Re:Some FAQ entries (Score:3, Insightful)
You can say that again. In fact, this has exactly been my gripe with linux, including the so-called user-freindly distro's.
Apt-get, rpm, whatever - but if you are just browsing the Net and want to install something it's a real PITA, with Linux. There is no equivalent of an
I have recently have another try at linux, but I just had to give up: while the installation of the OS itself went very well (impressive, even), the real problem was getting applications installed and working. when apt-get or urpmi or whatever doesn't have what you want, or fail for some reason, you just can't do shit, as a joe doe newbie.
Linuw really isn't ready for prime-time on the desktop, that's my honest opinion. But, maybe through projects like these, which *really* try to give the same klick-and-install ease of use, it might finally get there.
Re:Some FAQ entries (Score:4, Insightful)
It's pretty simple: if the package isn't signed by someone you trust, refuse to install it. This has the been the behaviour in up2date since it was created, and yum does the same thing. I'd be very surprised if apt/get (at least on systems where package signing is expected) didn't do the same.
RPM itself, when used directly, currently throws up a warning if a package isn't signed by someone trusted, but (uunlike up2date / yum / etc) still installs it. This behavior may change in future tho.
Autopackage is the wrong solution (Score:3, Insightful)
Agreed. But how is using 2 package sytems (as the autopackge author recommends) with a weird distinction between what's installed in your current distro and 'third paty' apps easier than:
1). Putting a link to 'Synaptic software installer'
2). Having them browse for their app or simply type its name.
3). Letting them click OK as the app and its dependencies are downloaded and installed for them
?
Re:The purpose of autopackage (Score:3, Insightful)
OK, I don't know much about Mac but I have to call bullshit on Windows there. Windows packages are constantly rolling their own "common" DLLs, with slight differences, overwriting identically-named DLLs from other packages and clobbering that package's symbols. "DLL hell" wasn't just a clever assonance someone came up with.
Re:Aren't there enough (Score:2, Insightful)
Whether or not this would be succesful or not is another question.
Re:This is one that Linux really badly needs (Score:1, Insightful)
try debian or derivats (ubuntu,
Software installation is easy with apt-get because it installs all dependencies automagicly.
If you dont want to use the commandline, use a graphical frontend.
Nuff' said.
Re:Aren't there enough (Score:1, Insightful)
Re:The purpose of autopackage (Score:1, Insightful)
OS X handles this at runtime. i.e. You can install the software, but the folder contents contain enough information for the OS to give you an error message when you run it.
Linux does that too, obviously (as in 'library xyz not found'), but that is considered unacceptably bad. The whole idea with dependencies is that they can be resolved by the installation program.
Under OS X (and to a certain degree Windows), developers always know which libraries they can always depend on, and which ones they should bundle.
So if a third-party app uses libpng (something not bundled with the system, I'm just making it up here), and two other third-party apps does too you will have THREE installed libpng on your system? And three programs you need to update?
And to top it off, no program for you to keep track of when libpng needs updating. Ouch...