Package Management

From openSUSE

A Linux distribution, and openSUSE is no exception, is a bunch of applications stored in Packages and the necessary utilities to manage these applications as a whole.

Packages

Packages are archives of files that include all the files making up a piece of software (such as an application itself, shared libraries, development packages containing files needed to build software against a library, ...) and, eventually, instructions on the way to make them work.

A package is properly integrated into the distribution it has been built for, with regard to installation paths, dependencies, desktop integration, proper startup scripts for servers, etc. For this reasons, you should always install packages that have been built for the distribution you are using, including the exact version of the distribution (e.g. openSUSE 11.1). As an example, do not install Fedora packages on openSUSE, and not even openSUSE 10.1 packages on openSUSE 10.2 (although the latter might work, occasionally).

See Wikipedia for further background on software packages.

Package Metadata

A package also contains further information, commonly referred to as Metadata, such as

• a summary,
• a description,
• a list of files contained in the package,
• the version of the software it contains as well as the release number of the package,
• when, where and by whom it has been built,
• what architecture it has been built for,
• checksums of the files contained in the package,
• the license of the software it contains,
• which other packages it requires to work properly,
• etc.

Package Dependencies

An important aspect of the packages archive is the relations they contain. Effectively, the packages also relates files to other packages, as the packaged applications need an execution environment (other tools, libraries, etc.) to actually run the application. Package dependencies are used to express such relations.

As an example, package A needs the packages B, C and D to be installed in order to work properly.

• Package dependencies are transitive, which means that when package A needs package B, and package B needs package C, package A also needs package C, which is why you sometimes end up with lots of packages to install although you just wanted that one application.
• Dependencies on libraries (typically packages with a name that starts with "lib") are very common and pretty much every single application depends on a set of library packages.

Packages and Package Dependencies are very important aspects of Linux distributions (as well as other BSD and UNIX systems) because they provide a modular way to set up and manage an operating system and its applications. This is especially true for library packages. As an example, the package openssl contains cryptographic libraries that are used by many applications and other libraries (e.g. for SSL encryption). When a new, improved version of openssl is available, all the applications that use it will benefit from it just by upgrading that single package to the newer version.

It's also a very efficient way to maintain a stable and secure system: when a security hole, exploit or bug affects a library used by one or many applications, upgrading the single package will fix it for all of them.

Package Formats

In the Linux distribution world, native software comes packaged essentially in three kind of package formats.

• tgz (tar gzip files). These files are basically archives. They can hold anything the package maintainer thinks useful. Apart from the archive format itself, necessary to extract the files, there is nothing standardised about the content of a tgz file.
• deb (Debian). This is the standard Debian package system.
• rpm (RPM Package Manager). Created by Red Hat Linux and standardized by the LSB, it's used by many Linux distribution as packaging system nowadays, including openSUSE.

However, if the archives format noticed the system of the required dependencies, they don't provide the dependency management capability and they will just present any encountered problem to the user at first sight, and leave it for him to decide what to do.

For instance if you want to install a RPM package A that has dependencies to RPM package B, RPM will not automatically install package B but just tell you that it needs package B and stop. It's up to the user to install package B and then afterwards package A. Now imagine package B has dependencies on package C and package D and package D has dependencies to package E and so on and so on. You end up chasing package dependencies manually down all the branches of this very huge tree.

Package Manager

To manage, solve the dependencies problems and install all the required packages automatically, a programs on top of RPM is necessary : It is the package manager.

openSUSE native package manager is ZYpper, but the distribution ships with a varietey of package management tools. Some of them are restricted to RPM packages while others allow a more generic software management, including patches, patterns, and products.

Package Repositories

Before packages can be installed, they must be available -- either on physical media like CD or DVD or online via the internet.

All these are called repositories but various other names (like installation source or catalog) are also in use.

See also

• Package Management Documentation

External links

• openSUSE-Community Package Management 101
• Wikipedia entry about package management.