fmII
Sun, May 18th home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop 11:34 PDT
in
Section
login «
register «
recover password «
[Article] add comment [Article]
Theme topics | Apps | Resources | Window Managers | Afterstep | Blackbox | Enlightenment | Fluxbox | GTK | IceWM | KDE | MetaCity | Sawfish | Window Maker

 An RPM port of APT
 by Alfredo K. Kojima, in Editorials - Sat, Dec 2nd 2000 23:59 PDT

In a followup to Claudio Matsuoka's "Is it Time to Change RPM?", Alfredo Kojima offers news of Conectiva's APT/RPM integration work, gives the reasons he thinks it's superior to other RPM frontends, and hopes it will provide a means for bringing the various Linux distributions closer together.

Copyright notice: All reader-contributed material on freshmeat.net is the property and responsibility of its author; for reprint rights, please contact the author directly.

Why APT?

Dependency management is an important feature of package management systems. It helps keep system consistency, making sure that everything needed for a certain piece of software to work is there, in the expected version.

But tools such as rpm or dpkg have limited handling of dependencies. They're limited to figuring what dependencies a package has and telling the user that an operation effecting that package cannot be performed until all dependencies are met. For example, installing the Pingus package could involve the following steps:

  1. Download the pingus package.
  2. Try to install it; see the package manager complain about missing libraries called libClanLib.so and libSDL.so.
  3. Figure out what packages provide these libraries.
  4. Download the ClanLib and SDL packages.
  5. Try to install these libraries; see the package manager complain again about a library called libHermes.so.1; curse the package manager.
  6. Repeat steps 3 and 4 for the Hermes package, and install it.
  7. Finally, install pingus.

Similar scenarios can be found for package removal, since a package cannot be uninstalled until any and all packages that depend on it are removed first.

Package upgrade is similar to installation; it is not enough to simply get the newest version and install. The newer package might have different dependencies from the old one, requiring different or new versions of certain packages.

It's clear that such tasks could and should be performed automatically by the package manager, not the user, and that's what APT (the Advanced Package Tool) does. It can install, uninstall, and upgrade packages, automatically handling dependency calculation and package download. The same steps above can be performed by APT, as shown below: 

[root@zaphod ~]# apt-get install pingus
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
  ClanLib Hermes ImageMagick 
The following NEW packages will be installed:
  ClanLib Hermes ImageMagick pingus 
0 packages upgraded, 4 newly installed, 0 to remove and 9 not upgraded.
Need to get 2596kB of archives. After unpacking 9357kB will be used.
Do you want to continue? [Y/n] y
Get:1 ftp://mapi2 latest/conectiva/extra ClanLib 0.5.0-5cl [1087kB]
Get:2 ftp://mapi2 latest/conectiva/extra Hermes 1.3.2-2cl [61.6kB]
Get:3 ftp://mapi2 latest/conectiva/main ImageMagick 5.2.4-3cl [1034kB]
Get:4 ftp://mapi2 latest/conectiva/extra pingus 0.4.1-2cl [413kB]
Fetched 2596kB in 0s (3619kB/s)
Executing RPM (-Uvh)...
Preparing...                ########################################### [100%]
   1:pingus                 ########################################### [ 25%]
   2:ClanLib                ########################################### [ 50%]
   3:ImageMagick            ########################################### [ 75%]
   4:Hermes                 ########################################### [100%]

Because apt-get makes system maintenance tasks (such as software upgrades) fully automatic, users can always keep their systems up-to-date. For example, configuring it to retrieve security updates of the installed packages can be as simple as requesting a general software upgrade from time-to-time.

APT and RPM

APT was initially written by Debian developers (Brian White, Jason Gunthorpe, and contributors), and, therefore, it first only supported Debian systems and its dpkg package manager. Although it has been written to be fairly independent of the underlying package management system, nobody had written a RPM backend for it. Instead, many independent efforts have created different software to perform similar tasks in systems that use RPM.

autorpm, rpmfind, up2date/RHUN, urpmi/rpmdrake/Mandrake Update, and many others all do similar tasks. The following table gives a comparative overview of the features present in each tool:

  APT autorpm rpmfind up2date/RHUN *drake*/urpmi
Package download Yes YesYesYes Yes
Depend. resolution Yes No YesYes(1)Yes(1)
Package installation Yes No YesNo Yes
Package uninstallation Yes No No No Yes
Package upgrade Yes YesYesYes Yes
System upgrade Yes No YesYes Yes
Std.http/ftp server(2) Yes YesNo No Yes
Command line interface Yes YesYesNo Yes
Curses based interface Yes No No No No
X11 interface Yes No YesYes Yes
Non-inter. operation Yes No YesYes No
Package authent. Yes(4)No Yes? Yes
Mirror authent.(3) Yes(4)? ? ? ?
Upgrade importance(5) Yes(4)No ? Yes Yes

  1. Dependency resolution is available up to a fixed/configurable number of passes.
  2. Normally, all tools require a special package index file on the server. That file contains information about the available packages, but they are ordinary files downloadable through a modified FTP or HTTP server, allowing easy setup of mirror sites.
  3. Package authentication automatically verifies whether the downloaded package is really what the vendor has provided. Mirror authentication verifies whether the contents of a mirror is the same as the contents of the original site.
  4. This feature was added to the RPM-enabled version of APT, but has not been ported to the mainstream/official version yet.
  5. When a package is being upgraded, show what the update is about. This is useful when the user wants to know whether an update is security-related or just an enhancement.

APT seems to be better-featured than its RPM-specific counterparts, and after a quick empirical evaluation, it also seems to be faster. Because of this, an RPM backend was written for APT, which enables APT to be used to install RPM packages in RPM-based systems such as Conectiva, Mandrake, Red Hat, and SuSE. Most, if not all, third-party tools based on APT can also be ported with relatively little effort to work with RPM packages.

Some Implementation Details

The most important features of a package manager are common to RPM and dpkg -- dependencies, versioning, informational metadata, and other features are present in both -- but certain features that are exclusive to either did not have a straightforward implementation.

Deferred configuration:
dpkg keeps track of the state of package installation and configuration; packages can be tagged as installed (meaning unpacked and configured), half-installed, not-installed, unpacked, half-configured and config-files(-installed) (only configuration files remain in the system, from a package that has been removed but not purged). In a similar way, there are package selection states and package flags[1]. Package states allow dpkg to hand the package configuration task over to debconf[2,3] and get a "smooth", interactive (at user-selectable levels), or non-interactive installation and upgrade[4]. RPM can be considered to recognize packages in two states: installed and not-installed. The other states were ignored in the port, since interactive configuration is not currently being handled. An additional state tag could be added to RPM, in the event that such a feature is implemented in the future.
File dependencies
File dependencies is a feature that's present in the RPM format but not in deb. It allows a package to require specific files, instead of packages. The problem is that these dependencies are not present in the list of things provided by the packages. RPM uses information from the list of files in the packages to handle them. The adopted solution was to find all files required by packages and add them to the provides list of the appropriate packages. The disadvantage of this is the significant growth of the package index file, but that problem can be minimized by stripping files that are known to never appear in file dependencies (they're automatically detected when RPM is building the package).
rpmlib dependencies
RPM has some special dependencies for requiring some features that are not present in some versions of RPM itself. They're not provided by the RPM package and are treated as a special case by rpmlib, which individually checks these dependencies against a list of features compiled into rpmlib. APT handles that by simply ignoring all such features present in the requires list of packages that rpmlib reports.
ORed dependencies
This feature is only present in deb, but absence of it in RPM does not pose any problem for APT.
Package priority
Package priority is an important feature of deb (at least when used with APT) that's absent in RPM. Package priorities tell how important the package is for the system and are used in situations such as when APT needs to choose which package it should install or remove to satisfy some dependency. The ideal solution for this problem would be to add an equivalent tag in RPM, but since backward compatibility with existing packages is desired, it was decided to use a file containing a list of all packages and their respective priorities. That file must list at least the important and essential packages for the distribution being used. A default priority of "standard" is used for other packages.
Essential packages
The essential tag of deb is used by APT to determine whether a package can be removed. If the user attempts to remove a package like glibc or bash, it will issue a warning and ask for confirmation. Again, the ideal solution would be to add such a tag in RPM, but the current solution is to mark all packages with a "required" priority as essential.
Multiple simultaneously installed versions of a package
Debian does not allow two versions of the same packages to be concurrently installed in the system, and APT does not handle that. In that system, packages that are frequently duplicated, such as the kernel or ncurses, are provided with different package names, like kernel2_2_17, or ncurses4 and ncurses5. Adding support for that case in APT would require a substantial amount of work and code rewriting. The ideal alternative would be to establish a packaging policy stating that packages that can be installed concurrently should have different names, but, again, the question of backwards compatibility is raised. Therefore, a not-so-elegant workaround was adopted: the user is required to tell APT what packages are expected to be duplicated in the system (the most common case of the kernel is handled by default), and APT will treat each version of such packages as distinct from the others.
Architecture variations
Some RPM packages have versions compiled with optimizations that are specific to a variation of an architecture. For example, the kernel may have packages compiled for i586 and i686, in addition to the generic i386 package. This is handled by detecting what packages have multiple available "sub-architectures" and treating such packages as distinct, as in the previous case. The appropriate package, depending on the specific architecture of the machine, will be used.
Multiple distributions
Some skeptical critics of the RPM port of APT have raised the issue of multiple vendors providing RPM packages, while Debian (supposedly) has a central and unique provider; they think this would create confusion and pose a threat to system integrity, due to possible incompatibilities in packages provided by different vendors. Firstly, the fact of having multiple vendors for packages is not exclusive to RPM-based systems. deb packages can be obtained from Debian developers, Corel, Stormix, and whatever other Debian-based distributions may exist [not to mention all the programmers who provide their own debs for projects that haven't made it into Debian yet, or for versions newer than the ones in Debian. -- Ed.]. Secondly, it is trivial to add a check in APT to optionally refuse installation of packages not built for the same distribution as the one in use, which makes such claim bogus.

Where to get it

Source code and RPMs for the RPM-enabled version of APT are available by FTP at Conectiva's FTP site:
ftp://ftp.conectiva.com/pub/conectiva/EXPERIMENTAL/apt/

or at mirrors like:
ftp://rufus.w3.org/linux/conectiva/EXPERIMENTAL/apt/

A HOWTO about the use of APT in RPM systems and the creation of an APT repository is available at:
http://bazar.conectiva.com.br/~godoy/apt-howto/

There's a mailing list devoted to the RPM port of APT; to subscribe, just go to:
http://distro.conectiva.com.br/mailman/listinfo/apt-rpm/

ToDo

aliencode port

The current port of RPM for APT is based on apt 0.3.19 and is maintained separately from the official version of APT. Effort is currently being made to add the RPM support changes to the aliencode branch of the APT CVS, which contains some new features and some new code to better support different packaging backends. Once that port is finished, it is hoped that the next major and official releases of APT will come with RPM support.

raptor -- a graphical frontend

raptor, a graphical frontend intended to be easy to use and to allow better control of what is upgraded, is being developed. It will support both RPM and deb systems, and is being written in such a way that adding support for different toolkits should be straightforward, although only WINGs (the Window Maker toolkit) is supported at the moment.

Unfortunately, there is already another piece of software with the same name, so its name will have to be changed. :~(

Conclusion

After full integration of the RPM patches into APT, it will have the potential to become the standard package management frontend for Linux, shortening the gap between distributions and reducing incompatibility across distributions for at least one important system administration tool. Unlike tools from some other vendors, APT does not have anything tying it to a particular distribution, not even the word Conectiva in its name, which hopefully removes some of the common barriers for its wide acceptance.

The temporarily-forked version of APT is already fully functional and actually works. Conectiva Linux 6.0 -- the first RPM-based distribution to support APT -- currently ships with it, and has some repositories that are available for use with APT. It can be downloaded at:

ftp://rufus.w3.org/linux/conectiva/6.0/
or
ftp://ftp.conectiva.com/pub/conectiva/6.0/

I also have news about some people successfully using it under Red Hat 6.x to manage a large network of machines, with a custom and internal repository of packages. There are also some interesting reports of people having upgraded RH 5.2 or RH 6.x to Conectiva 6.0, after a little manual adjustments of some packages (I wouldn't recommend that procedure to anyone, but apparently it's doable). I've made it work with Red Hat 7 (which uses RPM 4), but, at the time of this writing, I have no news about real world uses of it.

References

  1. Debian GNU/Linux, "dpkg -- a medium-level package manager for Debian GNU/Linux", System manual page, section 8.
  2. Hess, Joey, "An Introduction to Debconf". The Debian Project, 2000.
  3. Hess, Joey, "The Debconf User's Guide". The Debian Project, 2000.
  4. Matsuoka, Claudio, "Is it Time to Change RPM?", Freshmeat editorial, http://freshmeat.net/news/2000/09/16/969163199.html, Sep. 2000.
  5. Hess, Joey, "A comparison of the deb, rpm, tgz, and slp package formats". http://www.kitenet.net/~joey/pkg-comp/, 2000.

    6. Alfredo K. Kojima has a Computer Science degree and currently works as a programmer at Conectiva, a Brazillian Linux distribution vendor. He has worked on projects such as AfterStep and TkSTEP and leads the Window Maker project. He can be reached at kojima@conectiva.com.br.

    T-Shirts and Fame!

    We're eager to find people interested in writing editorials on software-related topics. We're flexible on length, style, and topic, so long as you know what you're talking about and back up your opinions with facts. Anyone who writes an editorial gets a freshmeat t-shirt from ThinkGeek in addition to 15 minutes of fame. If you think you'd like to try your hand at it, let jeff.covey@freshmeat.net know what you'd like to write about.

    [Comments are disabled]

     Referenced categories

    Topic :: System :: Archiving :: Packaging
    Topic :: System :: Software Distribution
    Topic :: System :: Software Distribution Tools

     Referenced projects

    AutoRPM - An RPM auto-installer and/or FTP mirrorer.
    Debian GNU/Linux - The Universal Operating System.
    dpkg - A package maintenance system for Debian GNU/Linux.
    Mandriva - A graphically-oriented popular Linux distribution.
    openSUSE - A Linux distribution.
    Red Hat Linux - The Red Hat Linux distribution.
    RPM - The RPM package management system.
    rpm2html - Utilities to create HTML pages about RPM packages.

     Comments

    [»] RPM-based distributions
    by shoes - Apr 28th 2005 06:55:16

    Hopefully, RPM-based distributions will decide to switch to this. There's another package manager named yup that has similar functionality AFAIK (though I haven't gotten to do a real-world test of it). The only thing is, it keeps a totally separate database both on mirrors and on the client machine, separate from the RPM databases. I don't know if that's what apt-get does, but I hope not. :-) It'd be nice to have the same benefits on an RPM system. shoes

    [reply] [top]

    [»] One in the eye for the RHN
    by itsbruce - Dec 14th 2000 15:57:33

    Hopefully this will give Red Hat users the idea that the Red Hat Network is one big rip off. After all, the big selling point for RHN isn't the priority ftp but the supposed easing of maintenance and upgrading. Now users of rpm-based distributions may be able to get that for free, as Debian users can.

    Of course, apt is only half the story. Decent package policy is the other half. Not to mention that too many of the RH admin scripts are disgracefully lame or broken.

    Apt was only half of what drew me from RH to Debian. The other was sensible config decisions. Red Hat just don't listen enough to their users - I used to be on the RH mailing lists and I know there were enough people trying to help out with the dumb config errors.

    Oh yes, and timecop is an idiot.

    [reply] [top]

    [»] Re: timecop
    by Frédéric L. W. Meunier - Dec 13th 2000 21:31:10

    Well, Timecop isn't totally wrong, I can agree with him in various parts, let's see where I just can't: 

    [Re: how about more additions...]

> I am surprised you have an email @debian.org. People like you should
> never even touch linux. Go download your precompiled binary packages
> for your other favorite OS. At least they all come in one format, .exe

I'd if it was @slackware.com

[Precompiled Binary Package problem]

> Linux software, be it in a precompiled binary package or in form or
> source code, SUCKS!

Excuse-me, but you use what?

> With precompiled binary packages you get all the benefits of shit
> software plus complete inability to debug it.

Are you sure they strip all binaries?

> In my particular case I don't want to install all the damn mexican
> and bolivian and what the hell ever translations.

Me too, nor from sources. cd po;rm -f *.po *.gmo *.mo FYI, there are no
specific Mexican and Bolivian translations. They speak spanish, so
guess...

> The precompiled binary package will happily install those for you.

Yes, as it should.

> Suppose I want to install a new and stupid GUI program into a
> completely separate directory, so nuking it would be real simple?

I think you can do that.

> GUI Linux distributions aka RedHat aka Mundake aka Conectiva (who the
> hell would trust some brazilian linux distribution in the first place?
> I would imagine transfer speeds from their download site be about 1~2
> k/sec) promote even more stupidity.

Really bad. You forgot who wrote Window Maker is a Brazilian (of course,
if you're not the real timecop dockapps...).

Well, I don't like or dislike those package managers or binary
packages. They're good for newbies, lazy, and "administrators" with no
free time. At least if I could trust them...

    [reply] [top]

    [»] Re: timecop
    by Harri Haataja - Dec 13th 2000 09:55:11

    (After gettimg up from ROTFLMAO:)

    Just because he has written some dockapps doesn't mean he's civilized. Nor timecop.
    I think you should consider only the article and not the writer's name (There's no killfiles here (yet?)), look at the content and see that it's not really worth bothering with. You can't start arguing with them all and you can't turn their heads.
    If you want to respond to that kind of things, do it in a civilized manner and balance out a bad post with a sensible one. If you're really into it, go to usenet ;).

    Fol rol de ol rol..

    (*plonk* suppressed)

    [reply] [top]

    [»] timecop
    by Frédéric L. W. Meunier - Dec 12th 2000 13:04:49

    The same timecop from #LinuxWarez at EFNet?

    [reply] [top]

    [»] Not the real timecop?
    by Geir Torstein Kristiansen - Dec 12th 2000 12:56:15

    I have serious doubts as to whether the real timecop wrote that piece of utter fascist crap. If you look at his page you can see that he has written a lot of WindowMaker dockapps.

    If it is really the case however, then he has got a real attitude problem :-(

    [reply] [top]

    [»] re timecop
    by L. K. Manickum - Dec 10th 2000 09:19:48

    while typing this in, i can't help but notice that the text at the top half of this screen warns me to keep discussions calm and not to flame .... well, i'm sure gonna try ....

    OK - lemme get this straight - you think that linux:
    1. Is only for those who want to tinker with it (hobbyists)
    2. Comes with unstable software
    3. Has software which is never finished
    4. Has package managers that promote stupidity
    5. Uses proprietry file formats

    I think i'll stop there for now - no use in dragging out _ALL_ the stupid things that were said, however i'll respond to the above points:
    1. Sorry to burst your bubble here, but I (and many others) actually find Linux a productive alternative to other OS's. I do *ALL* my work on my linux box (surfing, etc is done on a windows box at work - company policy!). Just 'cos you are too retarded to productively use it, don't blame the software.
    2. Hmmm....not sure if this even needs a comment - I never had vi crash on me (though notepad.exe is able to take my windows machine to the big network in the sky). I've had a few alpha pieces of software die on me, though that didn't really affect the other software running on my machine.
    3. And Windows is ? Maybe you called ie3.01 "finished" ? I've got news for you ... _ALL_ software is 'work in progress'. We *KNOW* that the software needs more - I always thought that the version numbers on software indicated that it is a work in progress to everyone (unfortunately, though, I did not consider morons, and one of you people just *had* to mistake the number as "final version of completed software")
    4. I could be wrong here, but I'm sure that you were this way _before_ ever using package managers (be honest now !!!).
    5. yeah !!! we also plan "closed commodotized protocols" so that we can garner a bigger piece of the market. Face it - it does not matter what you say - the fact that I am able to modify (or extract data from) any of the data files on my system, even when I no longer have the original application that wrote the file, sure beats the windows way of doing things - no app, no data, no export - of course stupid people have been long known to do stupid things (hey, maybe we'll next hear of you in a darwin award -you certainly fit the category: stupid and dont know it) and you seem to be no different

    let's see - what can i add ...
    I can see why _you_ need to use windows - you're too stupid to use anything that doesn't come with $300mil worth of persuasion.

    Also, Could you please stop telling everyone that they should be using linux only as a hobby - it's a serious system that's actually a lot more stable than you think. You remind me of someone (not the brightest light on the tree)

    Of course, you don't actually use linux, now do you ? Don't ask how I know (well, for one, people would not have been responding to your comment telling you how to do the things that you were complaining about not being able to do) but it's blatantly obvious that you are really clueless.

    btw: does i.m.batman mean anything to you ???
    just checking ...
    bye

    [reply] [top]

    [»] Re:Timecop
    by Getulio Brasil - Dec 6th 2000 06:46:37

    Sorry. Your connection is not good. I could download the entire ISO image of the last Conectiva distribution (here in Germany, where I am working now) in less than 2 hours/disk. Calculate the rate... Maybe you could share your enourmous talent with your server administrator and solve this. Other problems you certainly have can be solved reading Freud. I have good news for you. Nazi thoughts can be cured. As a physicist (not a Hacker) who uses Linux as a tool to produce (I hope) useful things, I really love all the sense of the Open Source movement and this has not to do only with programs. Those last ones, I need fast, working... but let time also to think about my work. Congratulations to Conectiva for that.

    [reply] [top]

    [»] Re: Apt-listchanges anyone?
    by Claudio Matsuoka - Dec 5th 2000 13:51:32

    A new package, apt-listchanges, shows what's changed in the packages when you upgrade with apt. (...) [I]t's a seperate program that works with apt, meaning you don't have to have it installed if you don't want it and it can have features added and changed without making apt more complex and hard to work with.

    I hacked apt-listchanges to work with .rpm packages instead of .deb. The changes are basically dpkg-deb calls being replaced by equivalent rpm calls. The package should be available later today. 

    [claudio@pokey:/] apt-listchanges
/d/conectiva/RPMS/gtk+-1.2.8-6cl.i386.rpm   
Reading changelogs...Done
* Tue Dec 05 2000 Flávio Bruno Leitner 

- created devel-static

* Tue Nov 21 2000 Flávio Bruno Leitner 

- fixed devel prereq
- fixed libdir/* permissions to 0644

[claudio@pokey:/] apt-listchanges
/home/claudio/rpm/RPMS/i386/gkrellm-1.0.2-3cl.i386.rpm
Reading changelogs...Done
gkrellm: Version 1.0.2-3cl is older than installed version (1.0.2-5cl)

    [reply] [top]

    [»] Re: Precompiled Binary Package problem
    by Michael Fair - Dec 4th 2000 06:53:23

    : This is a huge problem with current base of Linux users.
    : Shit is way too easy to do.
    Depends on your purpose.
    Is your purpose to use the system, or to dick with it?
    For those who want a hobby machine to dick with, teach them code, learn UNIX guru tricks, undertand protocols and other essential god-like sysadmin skills and abilities, then a package manager only helps them to create custom packages to install on other machines that they manage.
    For those who only want to use the sytstem to do other kinds of work (like word processing, code development, mail/news and web surfing), binary package managers make them more productive.

    : At the same time, you have unreasonably high expectations
    : for the software installed this way. You expect it to
    : WORK! Right away! And provide you with the same features
    : that binary packages for your other favorite operating
    : system provide you with!
    Whoever told you that is misinformed. I expect it to perform as the developer(s) advertised and if it doesn't, I ask them about it. If I'm not sure about a feature, or something seems a bit misleading in regards to what I need it to do, I ask them about it. Whenever a particular Linux program/app/library reaches a particular state of usability that is acceptable for my levels of productivity I switch. I save the kind of expectations you're talking about for my Macintosh machines. GNU/Open Source software simply is better for my health so I use it as much as possible.

    : It's never finished, its written by random hackers, it
    Whatever endeavour human beings continue to apply themselves to gets completed. It is just the way it works. It may never be finished (arguable, but beside the point right now), however it will certain achieve some state of usability and the Debian guys seem fairly organized to me.

    : Some people don't care. I am among one of them. I like
    : tinkering with broken undeveloped software. I compile it,
    : find bugs, maybe fix them, but that's something I enjoy
    : doing. I will try latest versions of sucky software to
    : see if they improved.
    Thanks for fixing the bugs, this is and documentation are probably the two single most important contributions anyone can make around here.

    : [snipped some ranting]
    :
    : In my particular case I don't want to install all the
    : damn mexican and bolivian and what the hell ever
    : translations. The precompiled binary package will happily
    : install those for you.
    I think you're missing an important point here. Binary package managers weren't built for guys like you. They were built for people like me. People whose businesses and usability of the system rely on the ability to create manageable and maintainable systems quickly and easily without having to learn and understand what everything is and does before they do it. These people aren't expected to fix anything, they're expected to use the software, and report problems to people who enjoy fixing the bugs. No one said "timecop must use a binary package manager". Binary package managers serve a purpose and, with the work of Conectiva, they just got better at serving that purpose.

    : Suppose I want to install a new and stupid GUI program
    : into a completely separate directory, so nuking it would
    : be real simple? Again, I can't do that with a binary
    : package.
    Assuming your intent is nukability:
    # dpkg -i new-and-stupid-GUI_0.0.1-1_i386.deb
    > play with the GUI here
    # dpkg -r new-and-stupid-GUI

    The new-and-stupid-GUI is no longer on your system. If your intent was to play with the source, then you could use the source packages, or get the tarball like you already do.

    : Anyway. To make the long story short. Precompiled binary
    : packages promote stupidity.
    At the same they promote productivity for the majority of "users" of said packages. There will always be the need for providing source to people with special requirements. There will always be the need for tinkerers like yourself who help out with the bleeding edge development. These people also have some clue about what to do with the source once they have it. The truth is most people aren't qualified to use the source and I find it ludicrous to require people to learn to debug software before they can print a document for a system that is ultimately intended for the general mass market. An educated community is important to us all, and there are now, and will forever more be, many kinds of end users with many different requirements, desires, and backgrounds of education. Linux has done more in the past few years to address the demands of all these end users despite this lack of fully educated people, than any of the major proprietary vendors of OS and application software bar none.

    In directly attacking the "stupidity" comment. We as a community can only work to be both productive, and educational. You have displayed with us here today a different example of "stupidity promotion", not requiring people to learn how to separate their personal desires and intentions for using a system from the desires of all end users, promotes flame wars and other non-productive conversation wasting even more of those precious MBs that you feel are so scarce that you will spend hours of your time and ability to avoid some cruft or excess on your system. Nonetheless, you are part of this community and you have a voice that you are using to influence the future of our development. My intent is to challenge you to use that voice to speak for more than just your own small view of the Linux system and promote you becoming a more effective contributor. You are obviously intelligent enough to realize the costs of binary package managers, but have you stopped to think of the benefits to other people aside from yourself who require the productivity more than they do the MBs and education?
    We are not saying "throw out the source", and we are not saying "everyone should use a binary package manager". We are saying binary package managers are useful to most of us, and they just became even more useful.

    :
    : Conectiva (who the hell would trust some brazilian
    : linux distribution in the first place?

    I can't help but you insult you over this one. :)
    What egotistical, prejudicial, and moronic garbage have you been choosing to feed off of? What ignorance have you been living in that would allow you to assume that you have the judicial authority over the ability of the Brazilians to warrant a comment that has no basis or technical merit in reality? No one else on the planet was undertaking the kind of work and dedication that Conectiva displayed in making this gargantuan contribution to the usability and uniformity of the Linux system.

    : All this "Linux stability" is bullshit
    : when you take it to the desktop.
    Who said Linux was stable at the desktop yet? It's not, and it's getting there quickly. Instability is not a threat to the Linux marketing campaign and no one who has really taken responsibility for the system is saying that it belongs at the desktop yet. GNU and Linux is expanding into more market segments than any other software system on the planet. I don't mind if it takes us a few more years to be the best at every one of them. The amazing part to me about the whole thing is that we will eventually be the best in every market.

    : This shitty Linux software I mentioned earlier crashes so
    : often it's almost impossible to use. The User Interface
    : is not standard. Each developer thinks he has to reinvent
    : the wheel when creating their application. For each new
    : version you have to learn where that OK button will move
    : to. Or what key you will have to press in the next
    : version to close the dialog. etc.
    Now you've taken you're complaints about bad software practices, lack of existing standards, usability testing and research, our commitment to "the user gets what the user wants", and premature alpha quality software and tried to apply them to the binary package manager. The binary package manger makes it easier to distribute software. That's it. It doesn't care how complete or robust the software it's delivering is, it's just the messenger. As such, it has allowed us to distribute lots of unstable, buggy software (which may one day have a stable version) faster than ever. At the same time we can now distribute stable software faster than ever.

    : Solution: Don't use Linux. Use Windows. Seriously
    : consider your position, and think, if you really -NEED- a
    : distribution like RedHat/Mundake/Conectiva, then why
    : don't you just stay in Windows? It will provide you with
    : much better application selection, much more stability,
    1) Open Source/GNU software is good for my health. Windows and Microsoft is not. Besides, Open Source/GNU comment notwithstanding, in my professional opinion, Macintosh is doing a better job at providing systems for the desktop (I of course know that Mac is not Linux and the argument is roughly the same, but I wanted the opportunity to stick in my Mac plug).
    2) There are some desktop applications that are usable enough for my levels of productivity which make it feasable to apply reason number 1.
    3) You are assuming I want their desktop stuff. Most often I just want the easier to manage server stuff.

    : and as an added benefit you will not have to reboot next
    : time you want to play some game. After all, you are
    : just installing linux to play Quake 666, right?
    No

    -- Michael --

    [reply] [top]

    [»] Oops
    by Claudio Matsuoka - Dec 4th 2000 06:18:47

    Nasty typo in item 1 of the previous comment. You got the idea :)

    [reply] [top]

    [»] On APT and binary packages
    by Claudio Matsuoka - Dec 4th 2000 06:12:15

    It seems that every time APT is discussed, the binary package installation problem comes to surface. It is, indeed, a valid concern, so let's see what we've got so far:

    1. Every user should always compile theirselves.
      Not all computers host a development environment, and there are reasons to do so. Embedded systems or firewalls, for instance. To solve this problem, you could build your application in a different host and deploy it on the target systems, even adding some metadata to allow upgrades or removals -- i.e. binary packages.

    2. I can build in different platforms if I have the source.
      Indeed, but apt allows you to do that: 
      [claudio@scuzzlebutt:/home/claudio/a] apt-get source console-apt
Reading Package Lists... Done
Building Dependency Tree... Done
Need to get 123kB of source archives.
Get:1 http://http.us.debian.org woody/main console-apt 0.7.7.2p1 (dsc)
[575B]
Get:2 http://http.us.debian.org woody/main console-apt 0.7.7.2p1 (tar)
[123kB] 
Fetched 123kB in 16s (7411B/s)                                            
    
dpkg-source: extracting console-apt in console-apt-0.7.7.2p1

[claudio@pokey:/home/claudio] apt-get source pdksh
Processing File Dependencies... Done
Reading Package Lists... Done       
Building Dependency Tree... Done
Need to get 136MB of source archives.
Get:1 ftp://ftp.conectiva.com 6.0/cd3/conectiva/main pdksh 5.2.14-3cl
(srpm) [136MB]
Fetched 488kB in 38s (12.8kB/s)

      (About the 136MB, yes, it's a bug. We're working on it.) In this case APT only helped us to fetch the sources, which can be then be audited, built and installed on the system. If the user chooses to build it as a package he or she will have the extra bonus of being able to upgrade or remove the files with no major hassles. The alternative is search and download the sources by hand, which will give you the same results with more effort.

    3. Installing binary packages is too dangerous.
      Most users don't audit source code themselves, allowing them to build malicious source code. Most users don't even check md5sums after downloading source or binary packages. However, [RPM] APT can check gpg signatures and autheticate repositories using the vendor's key: 
      simple-key "cncbr"
{
        Fingerprint "30EAE85C3D91C29880B4F0B3E368DDD099807190";
        Name "Conectiva S.A. <security@conectiva.com.br>";
}

    4. Sysadmins should always do everything by hand.
      Sysadmins should do what looks reasonable in a given situation, be it fetching sources, unpack, patch, build and install in a hundred hosts at every new release, add some automation to the process (falling back to item 1 above) or use apt.

    5. Binary packages are not bleeding-edge enough
      On the other hand, they're also not buggy enough. In some cases, the latenc.y could be very small -- the latest wine package (20001202), for instance, was installed in my system before being announced in freshmeat

    6. Binary packages have bogus dependencies
      It is up to the package vendor to provide consistent packages. When a package offers different options at build time, multiple packages are usually built. Examples are xchat-common, xchat, xchat-text and xchat-gnome, or gnapster and gnapster-gtk.

    7. Binary packages are not optimized enough
      Not all packages need optimization. apt-get allows you to retrieve the source and optimize yourself (see item 2), and you can even build an optimized package for multiple deployment or better management (see item 1).

    8. I strongly dislike binary packages
      Again, this is a valid argument. The whole point behind binary packages is to make users' life easier, but that's, of course, an option -- you may use it or not. But of course you can't expect that every user and every situation requires custom builds. A few users don't even like to build glibc, X or Mozilla from the sources at every new release, so binary packages are available for these cases.

    [reply] [top]

    [»] About the Japanese guy
    by Alex Queiroz - Dec 3rd 2000 15:41:16

    While reading the post full of shit from timecop, I was thinking if it deserves a reply. I don't think so, but the part about not trusting a Brazilian distribution really pissed me off. It only shows how many uneducated people live around the world.

    Maybe it's not his fault, anyway. There are lots of stupid movies about the jungle that covers part of our country and show Brazilians like Tarzans.

    But let's give him some real arguments:
    the programming language Lua, which was used in Grim Fandango and Baldur's Gate;
    the Conectiva Linux Distribution, you know what they can do;
    work on AfterStep and WindowMaker, and etc.

    I am sorry if this is out of scope, but I hate prejudice.

    [reply] [top]

    [»] Re: Precompiled Binary Package problem
    by pagin - Dec 3rd 2000 15:00:33

    well, what you don't get right, is the distribution policy.
    of course, binary packages will never be as flexible as source ones, but you can strech the difference in a certain way.
    about your gtkmxhtml-problem: in debian it has his own package as every other "sub"-library included in other libs. you can set your binary packages' prefix with giving the --root and --instdir-options at dpkg. and if you do a strip /usr/bin/* /usr/lib/*, you're on your way without debugging symbols.
    what i'm trying to say is that with the right packaging system even your "evil" binary packages get calmed. There are some points you can never fix, e.g. it would be impossible to split every "hello world!" program's i18n-files into seperate packages as debian does it with kde2.0, but you could include i18n-files into your packaging system just like dpkg does it with configuration files. with some global configuration you can then decide wether you want to install all i18n-files or only some chosen ones.
    and binary packages give you a lot of advantages, too. well, it's a difference from finding out that gimp needs gtk+ and that gimp suggests gtkmxhtml. and if you got it, where the hell do you find this damned gtkmxhtml. i had the same problem with when i tried to install gnome from source and had some unresoved symbols which caused gnome-core not to compile. i looked and looked and finally, i found that the problem was with gtkmxhtml, and i found it very good not to figure out all that little dependencies but just to do an apt-get install gtkmxhtml. and further, if you just to try out a new program, like i wanted with kde2, you perhaps don't want to compile thousands of lines of code but just to install it. and it is easier like this to delete programs you don't want, too.

    but in the end, it's the how you want it. i know people who spend nights just to make their program some milliseconds faster. and those people don't want packages compiled for i386 at all.

    finally, i want to say that i'm sure i'm not the only one who does all his porductive work under linux and does not test or develop applications. i just use linux, and i'm very pleased it seeing it only crashing very unsusually. even the alpha- and beta-marked programs (i used to use gnome 0.xx for a very long time until i got a potato cd with gnome 1.0 and later found a mirror with gnome 1.2 debs). perhaps you're a little bit behind your time, but linux is the most stable thing i know.
    But as i don't work in a cpu-time eating company who crashes almost every machine once a week because of their high requirements, i can't say more to that. i'm just a user and a happy user.

    cu,
    pagin, convinced debian user =)

    [reply] [top]

    [»] Re: Precompiled Binary Package problem
    by Claudio Matsuoka - Dec 3rd 2000 06:58:51

    Again, in my example, those evil gnome-libs are installed into a /usr/home/deleteme, would you like to provide a binary package with them? Before I finally gave in and compiled those, I only needed one library out of gnome-libs, called libgtkxmhtml or something like that, which was needed by the gimp help system. Of course, even with great binary packages, you can't get that separately.

    Erm. 

    [claudio@pokey:/home/claudio] rpm -qa | grep xmht
libgtkxmhtml-1.2.4-9cl


    [claudio@scuzzlebutt:/home/claudio] dpkg -l | grep xmht
ii  libgtkxmhtml1  1.2.8-2        The Gnome gtkxmhtml (HTML) widget

    [reply] [top]

    [»] Interesting points raised in Slashdot
    by Claudio Matsuoka - Dec 3rd 2000 06:31:04

    Slashdot posted a story on this article, here's some feedback from /. readers:

    blakestah correctly argues that apt is just one more step, because "the cleanliness of debian packaging is only part apt. Most of it comes from thorough policy and packaging guidelines from The Debian Documentation Project. Until other distributions develop such comprehensize packaging policies, the package will not interrelate as well (read - dependency problems will screw up apt). Debian maintainers spent a lot of time thinking out these compehnsive guidelines." Conectiva had to improve its policy and fix many small packaging problems to have apt working flawlessly. As a result, the overall quality level was raised, by bringing up more consistent and cleaner packages.

    Nicopa also mentions packaging policies, but he lists other very important points: "[Debian] packages are unpacked and configured in different steps." Indeed, this seems to be the only difference between .rpm and .deb packages that can't be circumvented by adopting a packaging policy or using external helpers such as debconf. See the "deferred configuration" item in the article above. He also points that "the system should never overwrite a config file. In Debian, dpkg checks if the file has been modified since the package was installed, and it will ask the user if the package wants to install a new version. The user could then diff the files, edit, accept or reject the new version." Another important issue that Conectiva should be addressing at some point: "A way for competing packages to be installed, this is made in Debian with alternatives and diversions."

    blakestah, again, says why rpm support in apt will not affect Debian. Among the reasons is the fact that "Debian is self-supporting. People who find Debian and enjoy it because it is done for the benefit of its volunteers generically enjoy the distro. This is not going away any time soon. One might argue that Debian is competitive with develops with other distros, but I don't think that is true. Other distros pay their supporters, and Debian is still a distro of volunteers."

    And finally, evand points us to his kuro5hin article on how we can develop a more usable Linux, where he mentions package formats.

    [reply] [top]

    [»] Re: how about more additions...
    by timecop - Dec 3rd 2000 05:57:34

    I am surprised you have an email @debian.org. People like you should never even touch linux. Go download your precompiled binary packages for your other favorite OS. At least they all come in one format, .exe

    [reply] [top]

    [»] Precompiled Binary Package problem
    by timecop - Dec 3rd 2000 05:51:03

    &amp;gt; The first is that as an independent developer who wants to make everything
    &amp;gt; as easy as possible for my users, I want to provide binary packages that
    &amp;gt; they can use.

    This is a huge problem with current base of Linux users. Shit is way too easy
    to do. Just bust out your favorite precompiled binary package manager, type
    a few commands (or even click few buttons like it's been lately) and boom, you
    got your favorite precompiled binary package installed. No problem. You don't
    care how big it is, because you have a 30gb hard drive. You again don't care
    how big it is because you have a 100Mbit connection to your favorite binary
    distribution mirror.

    At the same time, you have unreasonably high expectations for the software
    installed this way. You expect it to WORK! Right away! And provide you
    with the same features that binary packages for your other favorite operating
    system provide you with!

    Well guess what, you are WRONG! Linux software, be it in a precompiled binary
    package or in form or source code, SUCKS! It's never finished, its written by
    random hackers, it always crashes, makes core files in your home dir, displays
    those Gnome/KDE crash dialog boxes, uses proprietary (but oh-so-well-documented)
    file formats (what good does it do to document it if nobody else will ever use
    that format???), etc etc. It just plain and simple SUCKS.

    Some people don't care. I am among one of them. I like tinkering with broken
    undeveloped software. I compile it, find bugs, maybe fix them, but that's
    something I enjoy doing. I will try latest versions of sucky software to see
    if they improved.

    With precompiled binary packages you get all the benefits of shit software plus
    complete inability to debug it. So what good does it do? Sure, you are going
    to tell me &amp;quot;but you can always get the source&amp;quot;. But let me ask, why bother? If
    I am so stupid as to need a precompiled binary package manager to tell me that
    gimp will require gtk, oh-my-god, I don't think I have enough intelligence to
    even know how to view random.c file let alone change something in it.

    Now, all of this might sound like bashing of the precompiled binary package
    system, right? Well, it is. It might be good for drones who just
    rpm -i precompiled_binary_package_name.rpm and run it. In my particular case
    I don't want to install all the damn mexican and bolivian and what the hell
    ever translations. The precompiled binary package will happily install those
    for you. Suppose I want my stuff compiled with debug info? Or without? I don't
    get this kind of flexibility with precompiled binary packages. Suppose I want
    to install a new and stupid GUI program into a completely separate directory,
    so nuking it would be real simple? Again, I can't do that with a binary
    package. Again, in my example, those evil gnome-libs are installed into a
    /usr/home/deleteme, would you like to provide a binary package with them?
    Before I finally gave in and compiled those, I only needed one library out
    of gnome-libs, called libgtkxmhtml or something like that, which was needed
    by the gimp help system. Of course, even with great binary packages, you can't
    get that separately. So I had to compile it separately out of the gnome-libs
    and install it. Instead of installing 10mb of bloated libs I would never use
    I got a 300k library that did what I wanted.

    Anyway. To make the long story short. Precompiled binary packages promote
    stupidity. GUI Linux distributions aka RedHat aka Mundake aka Conectiva
    (who the hell would trust some brazilian linux distribution in the first
    place? I would imagine transfer speeds from their download site be about
    1~2 k/sec) promote even more stupidity. People install a GUI Linux distro
    and they expect it to be JUST LIKE WINDOWS. Well, it ain't going to happen.
    No start menu, sorry. And it will crash 10 times more often than Windows.
    All this &amp;quot;Linux stability&amp;quot; is bullshit when you take it to the desktop. This
    shitty Linux software I mentioned earlier crashes so often it's almost
    impossible to use. The User Interface is not standard. Each developer thinks
    he has to reinvent the wheel when creating their application. For each new
    version you have to learn where that OK button will move to. Or what key you
    will have to press in the next version to close the dialog. etc.

    Solution: Don't use Linux. Use Windows. Seriously consider your position,
    and think, if you really -NEED- a distribution like RedHat/Mundake/Conectiva,
    then why don't you just stay in Windows? It will provide you with much better
    application selection, much more stability, and as an added benefit you will
    not have to reboot next time you want to play some game. After all, you are
    just installing linux to play Quake 666, right?

    [reply] [top]

    [»] How about more additions..
    by ressu - Dec 3rd 2000 04:46:37

    now that we have RPM support, how about making support for alien, so that anyone could just cross download packages.

    this will produce all kinds of errors, but it still would be nice to get a package from rpm repository if it doesn't exist as .deb

    [reply] [top]

    [»] Apt-listchanges anyone?
    by David Starner - Dec 3rd 2000 01:34:20

    A new package, apt-listchanges, shows what's changed in the packages when you upgrade with apt (i.e. "upgrade importance"). A cool thing is that it's not part of apt, it's a seperate program that works with apt, meaning you don't have to have it installed if you don't want it and it can have features added and changed without making apt more complex and hard to work with.

    [reply] [top]

    [»] Unified packages is an awesome idea!
    by Michael Fair - Dec 2nd 2000 23:08:33

    The most exciting thing about this to me aside from being able to bounce and forth between distributions without having to relearn how the package management system works is the part about being a able to say what architectures and distributions your package is for.

    Eventually I see this apt port growing into two very powerful new abilities.

    The first is that as an independent developer who wants to make everything as easy as possible for my users, I want to provide binary packages that they can use.
    Now, with the added RPM backend, if I only know how to make RPM packages, I could distribute an RPM for RedHat, and an RPM for Debian. I will still need to do my homework to make sure I install things in the proper places according to that distributions file system standard, but the cool thing is apt will eventually be able to do a lot of the hard work for me. Currently I see a limitation in dependency information. For instance, I'm not sure how easy it would be for apt to detect a dependency on my RPM is actually handled by a debian package, but that will come in time.

    The second is the ability to manage an entire network of hosts from one location regardless of distribution or architecture installed on the remote host. I'm not holding my breath for the Windows or MacOS port anytime soon, but being able to manage even just a UNIX centric environment (Linux, BSD, etc) because of the unified front end is awesome!

    I can see a future where eventually file locations can be abstracted for each systems idea of where things should go. Who knows, maybe the Windows, MacOS, ports aren't as far off as they once seemed.

    Congrats Connectiva! Good thinking Apt developers!

    Go Linux!
    -- Michael --

    [reply] [top]

    [»] Software distribution
    by Tobias Brox - Dec 2nd 2000 19:40:12

    I was very facinated by a system called Store, developed many years ago at nvg.ntnu.no. It didn't work very well, and it was really a collection of hacks written in perl4. It was also dependent on NFS, another weakness. Anyway, many of the ideas behind it was extremely cool. I am missing several of the features at the feature list above:

    - Automatic packet upgrades and installation overnight. This is clearly not for the faint of the heart or for production servers, but anyway very cool indeed. You just go to the pub, and when you arrive at work the next day there is new software installed.

    - All users at a lab get messages when fresh software or upgrades has arrived.

    - There is always a database of all applications available

    - The system was heterogenous, it would search for a version of the software that was compiled for the platform/CPU/OS beeing used. The system kept track of what files needed to be recompiled. The system didn't compile things itself, but that feature was actually beeing developed.

    - Since the system worked over NFS, it was actually possible to try out software locally without installing it first.

    - Completely distributed system, with weighting of what servers to priority.

    In my opinion, rpm sucks even more than to manually compile and install every single software package beeing needed. This system seems a bit better, but there is still room to grow.

    [reply] [top]

    [»] cool
    by pagin - Dec 2nd 2000 16:30:52

    well, i don't use any rpm-based distribution (in other wirds: i'm totally debian-obsessed =), but i'm a fan of apt since i got that upgraded testversion of slink........
    i hope too that this will create more compatibility between linux-distributions. there could be new distributors who offer ther distribution only via the web or some "new economy" startups who offer mirrors of all important distributions.

    [reply] [top]

    [»] Re: bwhahahaahaha
    by Jesse Tie-Ten-Quee - Dec 2nd 2000 15:33:30

    May i suggest you look into LFS then? if you really do think you like installing and knowing exactly what's on your system, this is for you ;)

    http://www.linuxfromscratch.org

    [reply] [top]

    [»] bwhahahaahaha
    by timecop - Dec 2nd 2000 14:26:48

    You mean to install this thing called Pingus I have to install ImageMagick????? Hahaha. No wonder I never trust these damn package manager things. I would rather install everything myself at least I would know why after installing some game I am suddenly missing 20mb of diskspace.

    [reply] [top]

    [»] This is good to hear.
    by simmons75 - Dec 2nd 2000 13:16:14

    Hopefully, RPM-based distributions will decide to switch to this. There's another package manager named yup that has similar functionality AFAIK (though I haven't gotten to do a real-world test of it). The only thing is, it keeps a totally separate database both on mirrors and on the client machine, separate from the RPM databases. I don't know if that's what apt-get does, but I hope not. :-) It'd be nice to have the same benefits on an RPM system.

    [reply] [top]

    [»] Unified GNU/Linux packaging system - Great idea!
    by Aeneas - Dec 2nd 2000 10:29:46

    This project is a great idea and it's the first step in compatibility between different GNU/Linux distributions.
    Great idea! Hope it helps the RPM ppl :-) I'm a debian one!

    [reply] [top]



© Copyright 2007 SourceForge, Inc., All Rights Reserved.
About freshmeat.net •  Privacy Statement •  Terms of Use •  Trademark Guidelines •  Advertise •  Contact Us • 
ThinkGeek •  Slashdot  •  ITMJ •  Linux.com •  NewsForge  •  SourceForge.net  •  Surveys •  Jobs •  PriceGrabber