Front Page /// Site Index

Software Packaging and Updating

What is a Software Package?

The simplest example you see is a zip file on windows containing the .exe and an optional readme.txt. After that it gets more complicated. First, you add more files, then you add a manifest of what files it contains, and then you add other meta data about it.

You might change the file format. Slackware Linux uses tarballs. These are built by concatenating the files into an archive using the tar command and then compressing it using a zip command, and is the standard way of distributing source code in open source projects.

More advanced Packages

Some systems never advance beyond this point, but most Linux distributions and some windows systems do. They adopt a specific file format designed to make handling large collections of software workable, and these files are referred to as packages. These packages will usually contain extra information in the manifest, telling you for example which ones are configuration files, and which are executable.

Windows packages (.cab and .MSI) are usually only used to create an install or setup executable which hopefully includes something which provides a comprehensive uninstall utility working off the same meta data to clean up after themselves. Often the uninstall is only partial. The software will also often require and include copies of all the third party libraries required for the program to run.

Multi-Package Systems

On more advanced systems, the libraries are shared libraries (DLL's in windows) for efficiency, and it sometimes makes sense to have only one copy on the system which every program that needs it uses, which is updated only once, rather than having multiple copies of the same library file and hoping every program that needs it finds out about the recently fixed security hole, and provides a timely update.

This requires more complex packages, and better software to manage the updates. These more complex packages need to be able to say in their meta data to the package management software, "I'm this program, and I need this set of libraries and optionally which versions".

The libraries can use abi Versioning technology to make sure that stuff linked with an earlier version continues to work with a later one. There are also moves towards Simplifying application installation on Linux systems so that it works more like an app-store you would see on your mobile phone.

Because lots of free and open source software is compiled for multiple Linux distributions, there has been a move towards getting this meta data specified in a common way, resulting in the idea of the Berlin Cross-Format Packaging API. Unfortunately, due to a large amount of "not invented here", there has been a bit of a failure to get it done.

Even when this is completed, it won't fully solve the problem, as a lot of software is also designed to run on Microsoft Windows or Apple Mac's, which use their own simple and incompatible package formats. Also, people coming to Linux from Windows expect the "Insecure by default" security system they see on windows, which doesn't exist on proper, security aware operating systems.

Most Linux distributions include thousands of packages inside a "software repository", where they take care of making sure that the libraries and programs inside are as up to date and secure as they wish them to be. There is a minor issue with repository managers not playing nice with third party repositories, and with package management software not playing well with user data, but hopefully this will be solved in time.

Obviously the choice about being a Rolling Update distro feeds into packaging requirements as well.