Concepts package management
tagline: From openSUSE
A package management system is a collection of tools that provides a consistent method of installing, upgrading and removing software on your system. Linux distributions, including openSUSE, typically consist of thousands of distinct software packages.
Software are distributed through Packages that are linked to metadata which contain additionnal information such as a description of the software purpose and a list of dependencies necessary for the software to run properly. They are provided by repositories, either local media (CD, DVD or hard drive) or online repositories. Upon installation, metadata is stored in a local package database which is used to retrieve software packages.
Packages are archives of files that include all the files making up a piece of software (such as an application itself, shared libraries, development packages containing files needed to build software against a library, ...) and, eventually, instructions on the way to make them work.
A package is properly integrated into the distribution it has been built for, with regard to installation paths, dependencies, desktop integration, proper startup scripts for servers, etc. For these reasons, you should always install packages that have been built for the distribution you are using, including the exact version of the distribution (e.g. openSUSE 12.1). As an example, do not install Fedora packages on openSUSE, and not even openSUSE 12.1 packages on openSUSE 12.2.
A package also contains further information, commonly referred to as Metadata, such as
- a summary,
- a description,
- a list of files contained in the package,
- the version of the software it contains as well as the release number of the package,
- when, where and by whom it has been built,
- what architecture it has been built for,
- checksums of the files contained in the package,
- the license of the software it contains,
- which other packages it requires to work properly,
An important aspect of the packages archive is the relations they contain. Effectively, the packages also relates files to other packages, as the packaged applications need an execution environment (other tools, libraries, etc.) to actually run the application. Package dependencies are used to express such relations.
As an example, package A needs the packages B, C and D to be installed in order to work properly.
- Package dependencies are transitive, which means that when package A needs package B, and package B needs package C, package A also needs package C, which is why you sometimes end up with lots of packages to install although you just wanted that one application.
- Dependencies on libraries (typically packages with a name that starts with "lib") are very common and pretty much every single application depends on a set of library packages.
Packages and package dependencies are very important aspects of Linux distributions (as well as other BSD and UNIX systems) because they provide a modular way to set up and manage an operating system and its applications. This is especially true for library packages. As an example, the package openssl contains cryptographic libraries that are used by many applications and other libraries (e.g. for SSL encryption). When a new, improved version of openssl is available, all the applications that use it will benefit from it just by upgrading that single package to the newer version.
It's also a very efficient way to maintain a stable and secure system: when a security hole, exploit or bug affects a library used by one or many applications, upgrading the single package will fix it for all of them.
In the Linux distribution world, native software comes packaged essentially in three kind of package formats.
- tgz (tar gzip files) which are basically source code archives. They can hold anything the package maintainer thinks useful. Apart from the archive format itself, necessary to extract the files, there is nothing standardized about the content of a tgz file. They need to be compiled in order to run the software.
- rpm (RPM Package Manager) which are pre-compiled archives. Created by Red Hat Linux and standardized by the LSB, it's used by many Linux distributions as their packaging system nowadays, including openSUSE.
- deb (Debian) which are pre-compiled archives that are used on Debian based system.
However, if the archives format noticed the system of the required dependencies, they don't provide the dependency management capability and they will just present any encountered problem to the user at first sight, and leave it for him to decide what to do.
For instance if you want to install a RPM package A that has dependencies to RPM package B, RPM will not automatically install package B but just tell you that it needs package B and stop. It's up to the user to install package B and then afterwards package A. Now imagine package B has dependencies on package C and package D and package D has dependencies to package E and so on and so on. You end up chasing package dependencies manually down all the branches of this very huge tree.
On modern Linux distributions like openSUSE, software installation is done with a package manager. The package manager, which works on top of RPM, gets software packages from repositories (online servers, CDs, DVDs etc.), solves the dependencies and installs them on your system. The package manager also makes it easy to remove packages later or to update them. The number of packages available for installation depends on which repositories you have added.
Before packages can be installed, they must be available in a package repository, either on physical media like CD or DVD or online via the internet.
openSUSE package repositories includes:
- Official package repositories that include well tested and supported packages
- Third party repositories, such as Packman and Build Service repositories. They provide various additional packages, some of which are more up-to-date or that cannot be included on openSUSE for legal reasons, although they have had only very limited testing.