Share to: share facebook share twitter share wa share telegram print page

Package manager

Synaptic, an example of a GUI for the APT package manager

A package manager or package management system (PMS) is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner.[1]

A package manager deals with packages, distributions of software and data in archive files. Packages contain metadata, such as the software's name, description of its purpose, version number, vendor, checksum (usually a cryptographic hash function), and a list of dependencies necessary for the software to run properly. Upon installation, metadata is stored in a local package database. Package managers typically maintain a database of software dependencies and version information to prevent software mismatches and missing prerequisites. They work closely with software repositories, binary repository managers, and app stores.

Package managers are designed to eliminate the need for manual installs and updates. This can be particularly useful for large enterprises whose operating systems (OSes) typically consist of hundreds or even tens of thousands of distinct packages.[2]

History

An early package manager was SMIT (and its backend install) from IBM AIX. SMIT was introduced with AIX 3.0 in 1989.[citation needed] Package managers like dpkg have existed as early as 1994.[3] Early package managers, from around 1994, had no automatic dependency resolution[4] but could already simplify the process of adding and removing software from a running system.[5]

By around 1995, beginning with CPAN, package managers began handling package repository downloads, and dependency resolution and installation as needed, making it easier to install, uninstall and update software.[6]

Functions

Illustration of a package manager being used to download new software. Manual actions can include accepting a software license agreement or selecting package-specific configuration options.

A software package is an archive file containing a computer program as well as necessary metadata for its deployment. The program may be in source code that has to be compiled and built first.[7] Package metadata include the software's description, version number, and dependencies.

Package managers are charged with the task of finding, installing, maintaining or uninstalling packages upon the user's command. Typical functions of a package management system include:

  • Using file archivers to extract package archives
  • Ensuring the integrity and authenticity of the package by verifying their checksums and digital certificates, respectively
  • Looking up, downloading, installing, or updating existing software from a software repository or app store
  • Grouping packages by function to reduce user confusion
  • Managing dependencies to ensure a package is installed with all the packages it requires, and avoiding dependency hell

Challenges with shared libraries

Computer systems that rely on dynamic library linking, instead of static library linking, share executable libraries of machine instructions across packages and applications. In these systems, conflicting relationships between different packages requiring different versions of libraries results in a situation called dependency hell. On Microsoft Windows systems, this is also called DLL hell when working with dynamically-linked libraries.[8]

Modern[when?] package managers have mostly solved these problems by allowing parallel installation of multiple library versions (e.g. OPENSTEP's Framework system), a dependency of any kind (e.g. slots in Gentoo Portage), and even packages compiled with different compiler versions (e.g. dynamic libraries built by the Glasgow Haskell Compiler, where a stable ABI does not exist), in order to enable other packages to specify which version they are linked or installed against.

Front-ends for locally-compiled packages

System administrators may install and maintain software using tools other than package managers. For example, a local administrator may download unpackaged source code, compile it, and install it. This may cause the local system to fall out of synchronization with the package manager's database. The local administrator will be required to take additional measures, such as manually managing some dependencies or integrating the changes into the package manager.

There are tools to ensure that locally-compiled packages are integrated with the package management. For operating systems based on .deb and .rpm files as well as Slackware Linux, there is CheckInstall, and for recipe-based systems such as Gentoo Linux and hybrid systems such as Arch Linux, it is possible to write a recipe first, which then ensures that the package fits into the local package database.[citation needed]

Maintenance of configuration

Upgrades of configuration files may be particularly troublesome. Since package managers, at least on Unix systems, originated as extensions of file archivers, they can usually only overwrite or retain configuration files, rather than apply rules to them. There are exceptions to this that usually apply to kernel configuration (which, if broken, will render the computer unusable after a restart). Problems can be caused if the configuration file format changes; for instance, if the old file does not explicitly disable new options that should be disabled. Some package managers, such as Debian's dpkg, allow configuration during installation. In other situations, packages are installed with the default configuration, which is then overwritten, for example in headless installations to a large number of computers. This kind of pre-configured installation is also supported by dpkg.

Repositories

To give users more control over the software they allow to be installed on their systems, and sometimes due to legal or convenience reasons on the distributors' side, packages are often downloaded from software repositories.[9][better source needed]

Upgrade suppression

When a user is upgrading a package with package management software, it is customary for them to be presented with the actions to be executed (usually the list of packages to be upgraded, and possibly the old and new version numbers), and allow them to either accept the upgrade in bulk, or select individual packages for upgrading. Many package managers can be configured to never upgrade certain packages, or to upgrade them only when critical vulnerabilities or instabilities are found in the previous version, as defined by the packager of the software. This process is called upgrade suppression, or version pinning. For instance, to prevent upgrades to the OpenOffice program:

Cascading package removal

Some of the more advanced package management features offer cascading package removal,[11] in which all packages that depend on the target package and all packages that only it depends on are also removed.

Comparison of commands

Although commands are specific to each package manager, they are translatable to a large extent, as most package managers offer similar functions. The Arch Linux wiki offers an extensive overview of commands.[14]

${PKG} or %PKG% is the package name.
Action Homebrew APT Pacman dnf (yum) portage zypper[15] Nix XBPS[16] swupd[17] WinGet
Install package brew install ${PKG} apt install ${PKG} pacman -S ${PKG} dnf install ${PKG} emerge ${PKG} zypper in ${PKG} nix-env -i ${PKG} xbps-install ${PKG} swupd bundle-add ${PKG} winget install %PKG%
Remove package brew uninstall ${PKG} apt remove ${PKG} pacman -R ${PKG} dnf remove --nodeps ${PKG} emerge -C ${PKG} or
emerge --unmerge ${PKG} 		zypper rm -RU ${PKG} nix-env -e ${PKG} xbps-remove ${PKG} swupd bundle-remove ${PKG} winget uninstall %PKG%
Update software database brew update apt update pacman -Sy dnf check-update emerge --sync zypper ref nix-channel --upgrade xbps-install -S swupd update --download or
swupd update --update-search-file-index 		winget upgrade
Show updatable packages brew outdated apt list --upgradable pacman -Qu dnf check-update emerge -avtuDN --with-bdeps=y @world or
emerge -u --pretend @world
(-D is shorthand for --deep and
-u is shorthand for --update.) 		zypper lu 
nix-channel --upgrade && \
nix-env -u && \
nix-collect-garbage
./xbps-src update-check ${PKG}(requires void-packages repository) swupd update -s or
swupd check-update 		winget upgrade
Update all brew upgrade apt upgrade pacman -Syu dnf update emerge -u -D --with-bdeps=y @world zypper up nix-env -u && nix-collect-garbage xbps-install -Su swupd update winget upgrade --all
Delete orphans and config brew autoremove && brew cleanup apt autoremove pacman -Rsn $(pacman -Qdtq) emerge --depclean zypper rm -u nix-collect-garbage -d xbps-remove -of 
swupd bundle-remove --orphans && \
swupd clean --all
Show orphans brew autoremove --dry-run pacman -Qdt package-cleanup -q --leaves --exclude-bin
(-q is shorthand for --quiet.) 		emerge -caD or
emerge --depclean --pretend 		zypper pa --orphaned --unneeded xbps-remove -o swupd bundle-list --orphans
Remove package (and orphans) 
brew uninstall ${PKG} && brew autoremove
apt autoremove ${PKG} pacman -Rs ${PKG} dnf remove ${PKG} emerge -c ${PKG} or
emerge --depclean ${PKG} 		zypper rm -u --force-resolution ${PKG} nix-env -e ${PKG} && nix-env -u xbps-remove -R ${PKG} 
swupd bundle-remove ${PKG} && \
swupd bundle-remove --orphans
winget uninstall %PKG%

Prevalence

Linux distributions oriented to binary packages rely heavily on package management systems as their primary means of managing and maintaining software. Mobile operating systems such as Android (Linux-based) and iOS (Unix-based) rely almost exclusively on their respective vendors' app stores and thus use their own dedicated package management systems.

Similar programs and platforms

Installers

A package manager is often called an install manager, which can lead to a confusion between package managers and installers. The differences include:

This box:
Criterion Package manager Installer
Shipped with Usually, the operating system Each computer program
Location of installation information One central installation database It is entirely at the discretion of the installer. It could be a file within the app's folder, or among the operating system's files and folders. At best, they may register themselves with an uninstallers list without exposing installation information.
Scope of maintenance Potentially all packages on the system Only the product with which it was bundled
Developed by One package manager vendor Multiple installer vendors
Package format A handful of well-known formats There could be as many formats as the number of apps
Package format compatibility Can be consumed as long as the package manager supports it. Either newer versions of the package manager keep supporting it or the user does not upgrade the package manager. The installer is always compatible with its archive format, if it uses any. However, installers, like all computer programs, may be affected by software rot.

Build automation utilities

Most software configuration management systems treat building software and deploying software as separate, independent steps. A build automation utility typically takes human-readable source code files already on a computer, and automates the process of converting them into an executable package on the same or a remote computer. Later, a package manager typically running on another computer downloads the pre-built executable and installs it.

However, both kinds of tools have many commonalities:

  • Topological sorting of the dependency graph used in a package manager to handle dependencies between binary components is also used in a build manager to handle dependencies between source components.
  • Many makefiles support not only building executables, but also installing them with make install.
  • Every package manager for a source-based distribution – such as Portage, Sorcery, or Homebrew – supports converting source code to binary executables and installing it.

A few tools, such as Maak and A-A-P, are designed to handle both building and deployment, and can be used as either build automation utilities, package managers, or both.[18]

App stores

App stores can also be considered application-level package managers (without the ability to install all levels of programs[19][20]). Unlike traditional package managers, app stores are designed to enable payment for the software itself (instead of for software development), and may only offer monolithic packages with no dependencies or dependency resolution.[21][20] They are usually limited in their management functionality, due to focusing on ease-of-use over power or emergence, and are common in commercial operating systems and smart devices.

Package managers also often have only human-reviewed code. Many app stores, such as Google Play and Apple's App Store, mainly screen apps using automated tools only; malware can pass these tests by detecting when the app is being tested, and delaying malicious activity.[22][23][24] There are exceptions: the npm package database, for instance, relies entirely on postpublication review of its code,[25][26] while the Debian package database has an extensive human review process before any package goes into the main database. The XZ Utils backdoor used years of trust-building to insert a backdoor, which was nonetheless caught while in the testing database.

Common package managers and formats

Universal package manager

Also known as binary repository manager, it is a software tool designed to optimize the download and storage of binary files, artifacts and packages used and produced in the software development process.[27] These package managers aim to standardize the way enterprises treat all package types. They give users the ability to apply security and compliance metrics across all artifact types. Universal package managers have been referred to as being at the center of a DevOps toolchain.[28]

Package formats

Main articles: Package format and File archive

Each package manager relies on the format and metadata of the packages in its repository. That is, package managers need groups of files to be bundled along with appropriate metadata, such as dependencies. Often, a core set of utilities manages the basic installation from these packages and multiple package managers use these utilities to provide additional functionality.

For example, yum relies on rpm as a backend. Yum extends the functionality of rpm by adding features such as simple configuration for maintaining a network of systems. As another example, the Synaptic Package Manager provides a graphical user interface by using the Advanced Packaging Tool (apt) library, which in turn relies on dpkg for core functionality.

Alien is a program that converts between different Linux package formats, supporting conversion between Linux Standard Base (LSB) compliant .rpm packages, .deb, Stampede (.slp), Solaris (.pkg) and Slackware (.tgz, .txz, .tbz, .tlz) packages.

For mobile operating systems, Google Play uses the Android application package (APK) package format while Microsoft Store uses the APPX and XAP formats. Both Google Play and Microsoft Store have eponymous package managers.

Free and open source software systems

By the nature of free and open-source software (FOSS), packages under similar and compatible licenses are available on a number of operating systems. These packages can be combined and distributed using configurable packaging systems to handle many permutations of software and manage version-specific dependencies and conflicts. Some managers of FOSS packages are released as FOSS themselves. One typical difference between package management in proprietary operating systems, such as Mac OS X and Windows, and those in free and open source software, such as Linux, is that free and open source software systems permit third-party packages to also be installed and upgraded through the same mechanism, whereas the package managers of Mac OS X and Windows will only upgrade software provided by Apple and Microsoft, respectively (with the exception of some third party drivers in Windows). The ability to continuously upgrade third-party software is typically added by adding the URL of the corresponding repository to the package management's configuration file.

Application-level package managers

See also: List of software package management systems § Application-level package managers

Besides system-level application managers, there are add-on package managers for operating systems with limited capabilities and for programming languages in which developers need the latest libraries.

Unlike system-level package managers, application-level package managers focus on a small part of the software system. They typically reside within a directory tree that is not maintained by the system-level manager, such as c:\cygwin or /opt/sw.[29] This may not be the case for managers that deal with programming libraries, leading to possible conflicts, as both managers may claim to own a file and may break upgrades.

Impact

Ian Murdock commented that package management is "the single biggest advancement Linux has brought to the industry", that it blurs the boundaries between operating systems and applications, and that it makes it "easier to push new innovations [...] into the marketplace and [...] evolve the OS".[30][self-published source]

There is also a conference for package manager developers known as PackagingCon. It was established in 2021 with the aim to understand different approaches to package management.[31]

See also

References

  1. ^ "What is a package manager?". debian.org. Archived from the original on 17 October 2017. Retrieved 19 December 2018.
  2. ^ "Software Distribution". Dell KACE. Archived from the original on 3 October 2015. Retrieved 11 July 2012.
  3. ^ "dpkg version 0.93.15 source code". Archived from the original on 2 April 2015. Retrieved 19 December 2018.
  4. ^ "The history of *nix package management". 14 August 2017. Archived from the original on 24 October 2021. Retrieved 12 October 2021.
  5. ^ "A review of InfoMagic's December 1994 Release". Archived from the original on 29 October 2021. Retrieved 12 October 2021.
  6. ^ "The Timeline of Perl and its Culture". Archived from the original on 11 January 2013. Retrieved 29 October 2021.
  7. ^ Ludovic Courtès, Functional Package Management with Guix Archived 15 May 2020 at the Wayback Machine, June 2013, Madrid, European Lisp Symposium 2013
  8. ^ Tucker, Chris (15 March 2007). "OPIUM: Optimal Package Install/Uninstall Manager" (PDF). 29th International Conference on Software Engineering (ICSE'07). UC San Diego. p. 1. doi:10.1109/ICSE.2007.59. ISBN 978-0-7695-2828-1. S2CID 1279451. Archived (PDF) from the original on 14 June 2011. Retrieved 14 September 2011.
  9. ^ "Linux repository classification schemes". braintickle.blogspot.com. 13 January 2006. Archived from the original on 11 October 2007. Retrieved 1 March 2008.
  10. ^ "CentOS yum pinning rpms". centos.org. Archived from the original on 2 November 2007. Retrieved 1 March 2008.
  11. ^ a b "pacman(8) Manual Page". archlinux.org. Archived from the original on 31 August 2019. Retrieved 1 March 2008.
  12. ^ "How to keep specific versions of packages installed (complex)". debian.org. Archived from the original on 14 November 2019. Retrieved 1 March 2008.
  13. ^ "Apt pinning to blacklist a package". Archived from the original on 22 July 2011. Retrieved 19 August 2010.
  14. ^ "Pacman/Rosetta – ArchWiki". wiki.archlinux.org. Archived from the original on 20 November 2016. Retrieved 17 September 2017.
  15. ^ "documentation/sles11". en.opensuse.org. Archived from the original on 1 December 2022. Retrieved 16 August 2017.
  16. ^ "XBPS Package Manager - Void Linux Handbook". docs.voidlinux.org. Archived from the original on 23 January 2023. Retrieved 19 December 2022.
  17. ^ "swupd-client/swupd.1.rst at master: clearlinux/swupd-client". GitHub.com. Archived from the original on 7 December 2022. Retrieved 22 June 2022.
  18. ^ Eelco Dolstra, "Integrating Software Construction and Software Deployment". Archived 21 September 2019 at the Wayback Machine.
  19. ^ "Brew is the macOS app store replacement you didn't know you needed". www.msn.com. Retrieved 25 May 2024.
  20. ^ a b King, Bertel (17 March 2017). "Linux App Stores Compared: Which One Is Right for You?". MUO. Retrieved 25 May 2024.
  21. ^ "What is a package manager?". www.debian.org.
  22. ^ Barrett, Brian. "How 18 Malware Apps Snuck Into Apple's App Store". Wired.
  23. ^ Whittaker, Zack (24 October 2019). "Millions downloaded dozens of Android apps from Google Play that were infected with adware". TechCrunch.
  24. ^ Newman, Lily Hay. "Never Ever (Ever) Download Android Apps Outside of Google Play". Wired.
  25. ^ Ojamaa, Andres; Duuna, Karl (2012). "Assessing the Security of Node.js Platform". 2012 International Conference for Internet Technology and Secured Transactions. IEEE. ISBN 978-1-4673-5325-0. Retrieved 22 July 2016.
  26. ^ "npm Code of Conduct: acceptable package content". Retrieved 9 May 2017.
  27. ^ Waters, John K. (8 September 2015). "JFrog Releases 'Universal' Artifact Repository". ADT Mag. Application Development Trends Magazine. Archived from the original on 2 March 2016. Retrieved 19 February 2016.
  28. ^ Decoster, Xavier (18 August 2013). "An Overview of the NuGet Ecosystem". CodeProject.com. Archived from the original on 5 July 2020. Retrieved 6 February 2020.
  29. ^ "Fink – Home". finkproject.org. Archived from the original on 18 August 2021. Retrieved 2 September 2021.
  30. ^ "How package management changed everything". ianmurdock.com. Archived from the original on 23 February 2009. Retrieved 1 March 2008.
  31. ^ "PackagingCon 2021 – a conference for package manager developers and packagers". packaging-con.org. Archived from the original on 2 September 2021. Retrieved 2 September 2021.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi
Kembali kehalaman sebelumnya