Package management system

From Wikipedia, the free encyclopedia

Illustration of a package management system being used to download new software. A typical manual action requested is restarting the computer.

A package management system is a collection of tools to automate the process of installing, upgrading, configuring, and removing software packages from a computer. The term is most commonly used with regards to Unix-like systems, particularly Linux, as these systems rely heavily on it, with thousands of discrete packages on a typical installation being common.

In such a system, software is distributed in packages, usually encapsulated into a single file. As well as the software itself, packages often include other important information, such as the full name, a description of its purpose, the version number, vendor of the software, checksum information, and a list of other packages, known as dependencies, that are required for the software to run properly. This meta-information is typically entered into a local package database.

The differences between a package management system and an installer are:

[edit] Function

Package management systems are charged with the task of organising all of the packages installed on a system and maintaining their usability. These systems meet these goals using various combinations of the following techniques:

• Verification of file checksums to help prevent differences between the local and official versions of a package
• Checking of digital signatures
• Simple installation, upgrade, and removal facilities (c.f. file archiver)
• Dependency tracking to deliver working software from a package
• Update checking to provide the latest version of software, which often includes bug fixes and security updates
• Grouping of packages by function to help eliminate user confusion when installing or maintaining them.

Several of the widely used package management systems take advantage of simple backends for actually installing the packages. For instance, yum relies on rpm as a backend, and apt relies on dpkg.

[edit] Challenges with shared libraries

On systems where applications share pieces of machine instructions (i.e. packages' binaries are dynamic, as opposed to static), such as most Linux distributions, dependency checking becomes a necessity when installing and uninstalling packages. Some of the more advanced package management features are recursive and cascading package removal ^[1] (c.f. DLL hell), in which all packages that depend on the target package and all packages that only the target package depends on, are also removed, respectively.

[edit] Front-ends for locally compiled packages

It is common for local administrators to install software not available in the repositories available through the package management. An example would be a newer version of a software application than that supplied with a distribution, or an alternative to that chosen by the distribution. If the additional software is distributed in source-only form, this approach requires local compilation. However, if additional software is locally added, the state of the local system may fall out of synchronization with the state of the package manager's database. If so, the local administrator user will be required to take additional measures to ensure the entire system is kept up to date. The package manager may no longer be able to do so automatically.

There are tools available to ensure that locally compiled packages are integrated with the package management. For distributions based on .deb and .rpm files as well as Slackware Linux, there is CheckInstall, and for recipe-based systems such as Gentoo Linux and hybrid systems such as Arch Linux, it is usually easy to write a recipe first, which then ensures that the package fits into the local package database.

[edit] Conversion of binary packages

Further information: Alien (computing)

Alien is a program that converts between different Linux package formats. It supports conversion between Linux Standard Base, RPM, deb, Stampede (.slp) and Slackware (tgz) packages.

[edit] Maintenance of configuration

Particularly troublesome with software upgrades are upgrades of configuration files. Since package management systems, at least on Unix systems, originated as extensions of file archiving utilities, they can usually only either overwrite or retain configuration files, rather than applying rules to them. There are exceptions to this that usually apply to kernel configuration (which, if broken, will render the computer unusable after a restart). Problems can be caused if the format of configuration files changes. For instance, if the old configuration file does not explicitly disable new options that should be disabled. Some package management systems, such as Debian's dpkg, allow configuration during installation. In other situations, it is desirable to install packages with the default configuration and then overwrite this configuration, for instance, in headless installations to a large number of computers. (This kind of pre-configured installation is also supported by dpkg.)

[edit] Repositories

In order to give users easy control over the kinds of software that they are allowing to be installed on their system (and sometimes due to legal or convenience reasons on the distributors' side), software is often downloaded from a number of repositories.^[2]

[edit] Upgrade suppression

When a user interacts with the package management software to bring about an upgrade, it is customary to present the user with the list of things to be done (usually the list of packages to be upgraded, and possibly giving the old and new version numbers), and allow him to either accept the upgrade in bulk, or select individual packages for upgrades. Many package management systems can be configured to never upgrade certain packages, or only upgrade them when critical vulnerabilities or instabilities are found in the previous version, as defined by the packager of the software. This process is sometimes called version pinning. For instance, yum supports this with the syntax exclude=openoffice*,^[3] pacman with IgnorePkg = openoffice^[1] (to suppress upgrading openoffice in both cases) and the Debian tools through the complex "pinning" syntax^[4], or aptitude's "hold" and "forbid" flags.

[edit] Examples

[edit] Free software systems

Free software Portal

See also: Linux package formats

By the nature of free software, packages under similar and compatible licenses are available for use on a number of operating systems. These packages can be easily combined and distributed using configurable and internally complex packaging systems to handle many permutations of software and manage version-specific dependencies and conflicts. Some packaging systems of free software are also themselves released as free software.

For binary packages

• dpkg, used originally by Debian GNU/Linux and now by other systems, uses the .deb format and was the first to have a widely known dependency resolution tool, Deb Installer, APT.
• fink, for Mac OS X, derives partially from dpkg/apt and partially from ports.
• The RPM Package Manager was created by Red Hat, and is now used by a number of other Linux distributions. RPM is the Linux Standard Base packaging format and is the base of a large number of additional tools, including apt4rpm, Red Hat's up2date, Mandriva's urpmi, openSUSE's YaST and YUM, used by Fedora Core and Yellow Dog Linux.
• A simple tgz package system combines the standard tar and gzip. Used by Slackware Linux there are a few higher-level tools that use the same tgz packaging format, including: slapt-get, slackpkg and swaret.
• Pacman for Arch Linux uses pre-compiled binaries distributed in a tgz archive.
• Smart Package Manager
• ipkg [1], a dpkg-inspired, very lightweight system targeted at storage-constrained Linux systems such as embedded devices and handheld computers
• Appupdater - Appupdater provides advanced functionality to Windows, similar to apt-get or yum on Linux. Fully customizable for use in a corporate environment.

For installing using scripts

• Portage and emerge are used by Gentoo Linux. They were inspired by the BSD ports system and use scripts called ebuilds to install software.
• A recipe file contains information on how to download, unpack, compile and install a package in GoboLinux distribution using its Compile tool.

Hybrid systems

• The FreeBSD Ports Collection, sometimes known as just ports, uses a system of Makefiles to install software from sources or binaries. MacPorts (for Mac OS X), NetBSD's pkgsrc and OpenBSD's ports collection are similar.

Meta package managers

The following unify package management for several or all Linux and sometimes Unix variants. These, too, are based on the concept of a recipe file.

• Autopackage uses .package files.
• epm, developed by Easy Software Products (creators of CUPS), is a "meta packager", that allows to create native packages for all Linux and Unix operating systems (.deb, .rpm, .tgz for Linux, pkg for Solaris and *BSD, .dmg for OS X,...) controlled from a single *.list file.
• klik aims to provide an easy way of getting software packages for most major distributions without the dependency problems so common in many other package formats.
• Zero Install installs each package into its own directory and uses environment variables to let each program find its libraries. Package and dependency information is downloaded directly from the software authors' pages in an XML format, similar to an RSS Feed.

[edit] Proprietary software systems

A wide variety of package management systems are in common use today by proprietary software operating systems, handling the installation of both proprietary and free packages.

• installp is the AIX command for Object Data Manager (ODM) databases.
• SysV format (sometimes called pkgadd format), used by Solaris.
• Software Distributor is the HP-UX package manager.
• In the Microsoft .NET framework an assembly is a partially compiled code library for use in deployment, versioning and security.

[edit] Package management built into applications

Some package management systems are not part of the native operating system, such as fink for Mac OS X or Cygwin's Unix-like environment for Windows. Several dynamic programming languages have their own package management systems used for language modules. Other software may also come with its own system for managing modules, as do the programming languages Perl (see CPAN) and PHP (see PHP Extension and Application Repository), Ruby (see RubyGems).

[edit] See also

• Conary (package manager)
• DLL hell and Dependency hell
• Installer

[edit] References

1. ^ ^{a b} http://www.archlinux.org/pacman/pacman.8.html
2. ^ Linux repository classification schemes. Retrieved on May 5, 2006.
3. ^ http://lists.centos.org/pipermail/centos/2005-May/046320.html
4. ^ http://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-pin

[edit] External Links

• Comparing Linux/UNIX Binary Package Formats