Package Manager
- Summary
-
Discussion
- Why is the package manager required in the first place?
- What are the basic functions of a package manager?
- What exactly is Dependency Hell?
- From where do packages gets downloaded?
- How would a package manager know the location of the repository?
- What's in a package?
- Could you give examples of Linux package managers?
- Could you give examples of language package managers?
- What package managers are available for MAC?
- Does Windows have a package management system?
- If there are options, how should I choose a package manager?
- Milestones
- References
- Further Reading
- Article Stats
- Cite As
Package Managers are used to automate the process of installing, upgrading, configuring, and removing programs. There are many package managers today for Unix/Linux-based systems. By mid-2010s, package managers made their way to Windows as well. Package managers are also used for installing and managing modules for languages such as Python, Ruby, etc.
A package is simply an archive that contains binaries of software, configuration files, and information about dependencies.
The general workflow starts with the user requesting a package using the package manager (PM) available in the system. The PM then finds the requested package from a known location and downloads it. The PM then installs the package and advises on any manual steps that it finds necessary.
Discussion
-
Why is the package manager required in the first place? Unix began its journey by being a programmer's OS. This means that every time a new program was written it had to be compiled, linked and run.
Unix got the ability to use libraries ("shared objects"), ELF executables, etc. To solve the task of building more complicated software easily, make was developed. Source code was getting shipped with a Makefile (the file that's used by make). But it was still a laborious task as the developer or the maintainer had to take care of the dependencies.
Instead of running
make
commands every time on every machine having the same configuration, it was thought that we can have a package manager to ship the executable and also the dependencies to other machines. Hence, the earliest PMs started evolving with this idea.Today's Linux distributions contain thousands of packages. This has come about due to its modular design, code reuse, and collaborative code creation. However, there's a trade-off between code reuse and incompatible dependencies. Package managers solve this complexity by streamlining the process.
-
What are the basic functions of a package manager? The basic functions of the PM are the following:
- Working with file archivers to extract package archives
- Ensuring the integrity and authenticity of the package by verifying their digital certificates and checksums
- Looking up, downloading, installing or updating existing software from a software repository or app store
- Grouping packages by function to reduce user confusion
- Managing dependencies to ensure a package is installed with all packages it requires, thus avoiding dependency hell
The user interface of a PM may be a command line, a graphical interface, or both. Often users can search for packages by name or category. Some even show user reviews or ratings of packages. Batch installation is also possible with PM. Some may support "safe upgrading" (retain existing versions) or "holding" (lock package to a specific version).
-
What exactly is Dependency Hell? Dependency Hell is colloquial term that developers use to indicate their frustration in managing complex inter-dependencies among packages. In Windows, the equivalent term could be DLL Hell.
When a package depends on another package as a prerequisite, it will either not install or work incorrectly if the latter is missing or incorrectly set up. A developer may attempt to install the dependency, which in turn may depend on yet more packages. This could quickly become unmanageable if the developer tries to install all these dependencies manually.
It could also happen that a dependent package is installed but it's of an older incompatible version. Two packages A and B might require different versions of package C. This could be a problem if only one version can be installed in the system. Circular dependencies could also cause problems.
Package managers solve this problem by resolving dependencies. Because every package comes with metadata, the PM knows what are the dependencies and what versions of those dependencies ought to be used. Package managers, if properly used, solve the problem of dependency hell.
-
From where do packages gets downloaded? Packages gets downloaded from software repositories, often simply called repos. Alternatives terms include sources and feeds. These repos are available online at well-defined locations and they serve as a central distribution point for packages.
For performance and redundancy, these repos may be mirrored by many other locations worldwide. As an example, Cygwin uses mirror sites. Local repos may also mirror remote official repos for saving bandwidth or tighter privacy. Ubuntu's
apt-mirror
provides this feature.While most developers will use these repos to download packages, advanced developers can also contribute or upload packages to be hosted at these repos. All repos publish the process that developers need to follow to upload packages. Official repos have a strict review and approval process. Community-managed repos may have a more relaxed process. In all cases, repositories are meant to be malware free.
-
How would a package manager know the location of the repository? Every package manager has associated configuration files that point to repository locations. For example, in Ubuntu,
/etc/apt/sources.list
contains the locations of repositories. This would include the official repos but users can also update this file for getting packages from other repos. Likewise, configuration for Fedora and CentOS distributions are at/etc/yum.conf
for YUM and/etc/dnf/dnf.conf
for DNF. For Arch Linux, it is at/etc/pacman.conf
when pacman is used.When adding third-party repos to a package manager, users must take care to check that those repos can be trusted. This is important so that you don't end up with a malware infecting your system. In fact, this is one of the problems solved by trusted repos. Instead of downloading software from a third-party website, downloading it via the package manager from a trusted repo is a more secure practice.
-
What's in a package? A package includes the concerned software, which may be an application or shared library. If it's a development package, it will include source files (such as header files) to build your software that depends on a library. Packages are meant for specific distributions and therefore installation paths, desktop integration and startup scripts are set up to the targeted distribution. Package formats could include *.tgz (for source code archives), *.deb (for Debian) or *.rpm (for Red Hat).
Packages include metadata as well. This will include summary, description, list of files, version, authorship, targeted architecture, file checksums, licensing, and dependent packages. This metadata is essential for the package manager to do its job correctly.
-
Could you give examples of Linux package managers? All Linux distributions don't use the same package manager. The Debian family, which includes Ubuntu, uses
apt-get
anddpkg
. Where possible, apt-get should be preferred since it will resolve all dependencies; dpkg doesn't resolve dependencies but it can work directly with *.deb files. Also, apt-get invokes dpkg for low-level operations. Other relevant Debian tools areapt-cache
andaptitude
.In RedHat, Fedora and SUSE distributions,
rpm
is the low-level package manager. Arch Linux uses pacman. Slackware distribution includespkgtools
andslackpkg
but neither of these resolve dependencies. Slackware takes a unique approach. They distribute packages as intended by original creators. They give full control to administrators by not resolving dependencies.It's common for distributions to offer graphical interfaces for those users who aren't comfortable with remembering or typing commands. YaST (openSUSE) and Synaptic (Debian) are two examples of GUIs. For those comfortable with commands, look up this handy reference.
-
Could you give examples of language package managers? Modern languages are delivered as a core part that comes with the default installation plus a wide range of optional packages that can be installed when necessary. Those that manage these add-ons are called language package managers. Within the scope of a project or application, the term dependency manager is used. The term package manager is used at system/language level whereas dependency manager is used at project level. For example, in PHP, PEAR can be called a package manager while Composer is a dependency manager.
Let's say, you're working on a Python project. This may depend on many other Python packages for correct execution. Moreover, another Python project will have its own dependencies. A dependency manager helps developers manage these dependencies and share their project settings in a consistent manner with others.
Here are some examples, in the format of "language: (manager, repository)":
-
What package managers are available for MAC? Homebrew, MacPorts and Fink are just a few examples of package managers for MAC.
-
Does Windows have a package management system? In 2006, Microsoft Vista got a package manager. Years later, there was Windows Update (with Microsoft Store as repo). These were not very useful since they could manage only Microsoft software. For example, they couldn't update your Node.js or Firefox installation. To solve this, third-party package managers are available: Allmyapps, Chocalatey, Intel AppUp, OpenWrap, NPanday, Chewie, Ninite, and Npackd.
In 2014, Microsoft introduced OneGet, which was later renamed to PackageManagement. Via the Windows PowerShell interface, this can install and manage even non-Microsoft software. OneGet was available in Windows 8.1 but it's included by default in Windows 10. PackageManagement is able to handle different installer technologies (MSI, MSU, APPX, etc.) and different sources. The default repo used is called PowerShell Gallery.
For .NET developers, NuGet is the package manager to use. In addition, when using Visual Studio Team Services and Team Foundation Server, it's easy for developers to manage NuGet, npm, and Maven packages for their project requirements.
-
If there are options, how should I choose a package manager? Here are a few things to consider:
- Ease of use: A graphical interface can be great for beginners. For command-line interface, commands have to be intuitive.
- Features: Look for more than just managing packages: list available/installed packages, search, filter, remote/local installs, wildcard support, source/binary package support, etc.
- Customization: Check if it supports customization such as interactive mode to let user decide on the next step during installation.
- Speed: Faster the better and this might depend on how well caching is done.
- Ease of development: For package developers, the workflow should be easy including a simple upload to a repository.
Milestones
Some users of TeX (used for typesetting) start working on Comprehensive TeX Archive Network (CTAN) for distributing Tex-related material and software. This may be one of the earliest examples of distributing packages over the Internet from a central point. Prior to this, it was common to share software via newsgroups.
FreeBSD 1.0 is released and it comes with what's called ports tree, a package building framework that uses make. This release includes pkg_install
and other pkg_*
tools. In the world of Linux, this is probably the earliest package management system. Support for using remote repos comes in 1999 with version 3.1.
References
- Boyer, Sam. 2016. "So you want to write a package manager." Medium, February 12. Accessed 2018-05-29.
- Cezar, Matei. 2014. "Setup Local Repositories with 'apt-mirror' in Ubuntu and Debian Systems." TecMint, May 15. Updated 2015-01-07. Accessed 2018-05-30.
- Debian FTP Metadata. 2017. "apt changelog." The Debian Project. Accessed 2018-05-30.
- Dorsey, Terrence. 2014. "6 Top .NET Package- and Dependency-Management Tools." Visual Studio Magazine, March 28. Accessed 2018-05-29.
- Ellingwood, Justin. 2014. "Ubuntu and Debian Package Management Essentials." DigitalOcean, November 3. Accessed 2018-05-30.
- Feldman, S. I. 1978. "Make — A Program for Maintaining Computer Programs." August 15. Accessed 2018-05-30.
- Fortuna, Miguel A., Juan A. Bonachela, and Simon A. Levin. 2011. "Evolution of a Modular Software Network." Proceedings of the National Academy of Sciences of the United States of America, vol. 108, no. 50, pp. 19985-9989. Accessed 2018-05-29.
- Hoffman, Chris. 2012. "Before the Windows Store: Package Managers and Software Repositories." MakeUseOf, October 24. Accessed 2018-05-30.
- Hoffman, Chris. 2014. "Windows 10 Includes a Linux-Style Package Manager Named 'OneGet'." How-To Geek, October 27. Accessed 2018-05-30.
- Horne, Brenton. 2016. "A Comparison of Popular Linux Package Managers." The Hornery, February 18. Updated 2017-10-05. Accessed 2018-05-30.
- Kainulainen, Petri. 2014. "Getting Started With Gradle: Dependency Management." June 29. Accessed 2018-05-30.
- Krutisch, Jan. 2017. "A brief history of dependency management." Depfu Blog, March 22. Accessed 2018-05-29.
- Lee, Joel. 2014. "Windows Gets A Package Manager – Download Software Centrally Via OneGet." MakeUseOf, November 27. Accessed 2018-05-30.
- Linode. 2017. "Linux Package Management." Linode Docs, February 23. Accessed 2018-05-29.
- Microsoft Docs. 2018a. "An introduction to NuGet." NuGet, January 10. Accessed 2018-05-30.
- Microsoft Docs. 2018b. "Package Management in VSTS and TFS." VSTS, January 31. Accessed 2018-05-30.
- Mukul, Mike. 2016. "Automation: Improve Workflow With Package Managers." IT Hands, February 12. Accessed 2018-05-30.
- Reiz, Robert. 2015. "Which programming language has the best package manager?" VersionEye Blog, January 15. Accessed 2018-05-30.
- Saive, Ravi. 2016. "5 Best Linux Package Managers for Linux Newbies." TecMint, June 20. Accessed 2018-05-29.
- Slant. 2018. "What are the best Mac package managers?" Accessed 2018-05-30.
- The Linux Foundation. 2015. "LFS101x.2 - Introduction to Linux." The Linux Foundation on edX, January 5. LinuxAccessed 2018-05-30.
- Wikipedia. 2017. "CTAN." Wikipedia, September 12. Accessed 2018-05-30.
- Wikipedia. 2018. "Package manager." Wikipedia, May 7. Accessed 2018-05-29.
- Wikipedia. 2020. "Dependency hell." Wikipedia, April 29. Accessed 2020-07-22.
- Wohlscheid, John Paul. 2017. "Why Windows Needs a Package Manager." Hackernoon, January 11. Accessed 2018-05-30.
- Worthmuller, Stefan. 2010. "No End to DLL Hell!" Dr.Dobb's, September 2. Accessed 2020-07-22.
- Xumins. 2015. "Introducing PackageManagement in Windows 10." Microsoft TechNet Blog, April 28. Accessed 2018-05-30.
- kraileth. 2017. "The history of *nix package management." Eerie Linux, August 15. Accessed 2018-05-29.
- mfillpot. 2009. "Intro to Slackware Package Management." Linux.com, The Linux Foundataion, December 3. Accessed 2018-05-30.
- openSUSE Wiki. 2016. "Package management." openSUSE, November 27. Accessed 2018-05-30.
Further Reading
- Grönlund, Kristoffer. 2017. "Package Managers all the way down." Linux.conf.au via YouTube, January 19. Accessed 2018-05-30.
- Bearnes, Brennen. 2016. "Package Management Basics: apt, yum, dnf, pkg." DigitalOcean, January 4. Accessed 2018-05-30.
- kraileth. 2017. "The history of *nix package management." Eerie Linux, August 15. Accessed 2018-05-29.
- Krutisch, Jan. 2017. "A brief history of dependency management." Depfu Blog, March 22. Accessed 2018-05-29.
- Boyer, Sam. 2016. "So you want to write a package manager." Medium, February 12. Accessed 2018-05-29.
- Horne, Brenton. 2016. "A Comparison of Popular Linux Package Managers." The Hornery, February 18. Updated 2017-10-05. Accessed 2018-05-30.
Article Stats
Cite As
See Also
- Package Format
- Software Repository
- Linux Package Managers
- JavaScript Package Managers
- Windows Package Managers
- Dependency Manager