Package management
Overview
A package management system is a collection of tools that provides a consistent method of installing, upgrading and removing software on your system. Linux distributions, including openSUSE, typically consist of thousands of distinct software packages.
Software are distributed through Packages that are linked to metadata which contain additionnal information such as a description of the software purpose and a list of dependencies necessary for the software to run properly. They are provided by repositories, either local media (CD, DVD or hard drive) or online repositories. Upon installation, metadata is stored in a local package database which is used to retrieve software packages.
Libzypp is openSUSE implementation of such a package management system and provides YaST Software Management as graphical user interface and Zypper as a command line interface.
Packages
Packages are archives of files that include all the files making up a piece of software (such as an application itself, shared libraries, development packages containing files needed to build software against a library, ...) and, eventually, instructions on the way to make them work.
A package is properly integrated into the distribution it has been built for, with regard to installation paths, dependencies, desktop integration, proper startup scripts for servers, etc. For these reasons, you should always install packages that have been built for the distribution you are using, including the exact version of the distribution (e.g. openSUSE 12.1). As an example, do not install Fedora packages on openSUSE, and not even openSUSE 12.1 packages on openSUSE 12.2.
Package metadata
A package also contains further information, commonly referred to as Metadata, such as
- a summary,
- a description,
- a list of files contained in the package,
- the version of the software it contains as well as the release number of the package,
- when, where and by whom it has been built,
- what architecture it has been built for,
- checksums of the files contained in the package,
- the license of the software it contains,
- which other packages it requires to work properly,
- etc.
Package dependencies
An important aspect of the packages archive is the relations they contain. Effectively, the packages also relates files to other packages, as the packaged applications need an execution environment (other tools, libraries, etc.) to actually run the application. Package dependencies are used to express such relations.
As an example, package A needs the packages B, C and D to be installed in order to work properly.
- Package dependencies are transitive, which means that when package A needs package B, and package B needs package C, package A also needs package C, which is why you sometimes end up with lots of packages to install although you just wanted that one application.
- Dependencies on libraries (typically packages with a name that starts with "lib") are very common and pretty much every single application depends on a set of library packages.
Packages and package dependencies are very important aspects of Linux distributions (as well as other BSD and UNIX systems) because they provide a modular way to set up and manage an operating system and its applications. This is especially true for library packages. As an example, the package openssl contains cryptographic libraries that are used by many applications and other libraries (e.g. for SSL encryption). When a new, improved version of openssl is available, all the applications that use it will benefit from it just by upgrading that single package to the newer version.
It's also a very efficient way to maintain a stable and secure system: when a security hole, exploit or bug affects a library used by one or many applications, upgrading the single package will fix it for all of them.
Package formats
In the Linux software distribution world, native software comes packaged essentially in three kind of package formats.
- tgz (or tar.gz, tar gzip files) which are basically source code archives. They can hold anything the package maintainer thinks useful. Apart from the archive format itself, necessary to extract the files, there is nothing standardized about the content of a tgz file. They need to be compiled in order to run the software.
- rpm (RPM Package Manager) which are pre-compiled archives. Created by Red Hat Linux and standardized by the LSB, it's used by many Linux distributions as their packaging system nowadays, including openSUSE.
- deb (Debian) which are pre-compiled archives that are used on Debian based system.
However these systems don't provide any kind of dependency management capability. So, for instance, if you want to install an RPM package A that has dependencies on RPM package B, RPM will just tell you that it needs package B and stop.
It's then up to the user to install package B and then afterwards package A.
Now imagine package B has dependencies on package C and package D, and package D has dependencies to package E and so on and so on... It would pretty quickly become impossible to manage the entire dependency tree.
Package manager
On modern Linux distributions like openSUSE, software installation is done with a package manager. The package manager, which works on top of RPM (or dpkg for Debian-based distributions), gets software packages from repositories (online servers, CDs, DVDs etc.), solves the dependencies (tries to build the dependency tree) and installs them on your system.
The package manager also makes it easy to remove packages later or to update them.
The number of packages available for installation depends on which repositories you have added.
openSUSE native package manager is YaST (GUI and TUI) and the zypper command line, although the distribution ships with a variety of package management tools.
Package repositories
Before packages can be installed, they must be available in a package repository, either on physical media like CD or DVD or online via the internet.
openSUSE package repositories includes:
- Official package repositories that include well tested and supported packages
- Third party repositories, such as Packman and Build Service repositories. They provide various additional packages, some of which are more up-to-date or that cannot be included on openSUSE for legal reasons, although they have had only very limited testing.