Many Linode Library tutorials reference "package managers" and "package management tools." If you are new to the Linux world and don't understand the purpose of these technologies, or if you are familiar with one package management tool but need to learn how to use another, this guide will provide a comparative introduction to the major package management tools.
Contents
Contemporary distributions of Linux-based operating systems install software in pre-compiled "packages" which contain (for most systems) binaries of software, configuration files, and in most systems, information about dependencies. Furthermore, package management tools keep track of updates and upgrades so that we don't have to hunt down information about bug and security fixes.
Without package management, users must ensure that all of the required dependencies for a piece of software are installed and up to date, compile the software from the source code (which takes time and introduces compiler-based variances from system to system), and manage configuration for each piece of software. Additionally, without package management, application files are located in the (hopefully) standard locations for the system to which the developer(s) are accustomed, regardless of what system you're using. In short, this becomes an utter mess.
Package management systems attempt to solve these problems, and are the tools through which developers attempt to increase the overall quality and coherence of a Linux-based operating system. Pursuant to these goals the features that (most) package management applications provide are:
In general we recommend, when installing new software, that you install the versions of software available in your distribution's repository and packaged for your operating system. If packages for the application or software that you need to install isn't available, we recommend that you find packages for your operating system or package the software rather than installing it manually.
The remainder of this guide will cover how to use specific package management systems, including how to compile and package software yourself.
The Debian package management system, based on a tool called dpkg with the very popular apt system is an incredibly powerful, popular, and useful method of package management. In addition to Debian 5 (known as "Lenny") a number of other prominent distributions of GNU/Linux are derived from the Debian system, most notably the Ubuntu family of distributions.
As a result these instructions are applicable for Debian and Ubuntu systems. While Debian and derived systems are not necessarily binary-compatible, .debs packaged for Debian are often compatible with Ubuntu (though this is not a supported workflow). Let's begin by reviewing some basic commands.
Chances are good that you're already familiar with apt-get, a command which uses the "advanced package tool" to interact with the operating system's underlying package system. The most relevant and useful commands are, (to be run as root):
While apt-get likely provides the most often used functionality of the package management, apt provides additional information that you may find useful in the apt-cache command.
In general, combining most of these commands with apt-cache show can provide you with a lot of useful information about your system, the software that you might want to install, and the software that you have already installed. If interacting with this information via the command line is difficult, both Debian and Ubuntu provide websites which present this information in an easier-to-see framework. If you're overwhelmed by apt-cache check out:
aptitude is another front-end interface for apt. It provides a graphical command line (via ncurses) interface to apt, which you might find useful for an easier approach to daily administrative tasks.
In addition to the graphical interface, aptitude provides a combined command line interface for most apt functionality. The salient commands are:
Aptitude also includes advanced functionality for "safe" upgrading (an upgrade that doesn't remove existing packages), as well as preventing the system from upgrading specific packages ("holding"). If this kind of functionality would be useful for you we encourage you to use the aptitude interface.
The file /etc/apt/sources.list controls which repositories apt constructs its database from. This file contains lines in the following format:
deb [location-of-resources] [distribution] [component(s)]
Here are some examples:
deb http://mirror.cc.columbia.edu/pub/linux/debian/debian/ lenny main contrib deb http://emacs.orebokech.com lenny main
The first line specifies the Columbia University mirror for the the "Lenny" distribution (Debian 5.0, Stable Release 14 February 2009), as well as the main and contributed components. The next line specifies the emacs.orebokech.com repository for Lenny, which provides regularly updated packages for emacs-snapshot (versions of emacs23, built from the current CVS tree), and its main component.
In general one does not want to add new entries to sources.list without a lot of scrutiny and diligence, as updating the package cache with additional repositories and running upgrades can sometimes result in the installation of broken packages, unmet dependencies, and system instability. In Debian systems, downgrading is often difficult.
For Debian systems, the repository names can either refer to the distribution code name (version specific; eg. lenny for current-stable, squeeze for testing, sid for unstable, etch for old-stable) or to a specific branch (eg, oldstable, stable, testing, unstable). For more information about Debian versions and choosing a Debian version or branch, read the Debian releases and branches page.
The component section of the line divides the repository based on how much support the developers of the operating system are able to offer for the contained packages (eg. main vs. contrib), or if the software is considered "free-software" or simply freely-distributable (eg. non-free).
The layout of sources.list is a bit different in Ubuntu systems. The lines are in the same format but the names of the distributions and components are different:
apt-get and apt-cache are merely front-ends that provide a more usable interface, and connections to repositories for the underlying package management tools called dpkg and debconf. These tools are quite powerful, and fully documenting their functionality is beyond the scope of this document. However, a basic understanding of how to use these tools is useful. The most useful commands are:
For more information about building your own packages, refer to the Debian New Maintainers Guide
Fedora and CentOS are closely related distributions, being upstream and downstream (respectively) from Red Hat Enterprise Linux. Their main differences stem from how packages are chosen for inclusion in their repositories. From a package management perspective the tools are very similar.
Both systems use the yum program as a front end to interact with system repositories and install dependencies, and also include a lower level tool called rpm which allows you to interact with individual rpm packages.
Note: Many operating systems aside from RedHat and Fedora use rpm packages. These include OpenSuSE, AIX, and Mandriva; while it may be possible to install an RPM packaged for one operating system on another, this is not supported or recommended, and the results of this action can vary greatly.
The yum tool was initially developed for the Yellow Dog Linux system as a replacement for the then-default Yellow Dog Updater (yup). RedHat found the yum tool to be a valuable addition to their systems. Today yum is the default package and repository management tool for a number of operating systems.
From the command line, you can use the following subset of commands to interact with yum:
In many ways yum is simply a front end to a lower-level package management tool called rpm, similar to apt-get's relationship with dpkg. The chances are good that you will not need to interact with rpm very much, but there are a few commands that you may find useful.
The following commands should be run as root. The flags are expanded here in the pursuit of clarity, but the more conventional terse syntax is also included.
(_Note:_ rpm does no dependency resolution. You must install dependencies manually when using rpm.) For more information about rpm please consult these external sources:
The file located at /etc/yum.conf provides system-wide configuration options for yum, as well as information about repositories. Repository information may also be located in files ending in .repo under /etc/yum.repos.d
The options in the [main] stanza are pretty self-explanatory and shouldn't need modification, though you set alternate logging and cache locations for the database with the following lines in /etc/yum.conf:
logfile=/var/log/yum.log cachedir=/var/cache/yum
To define a new stanza for a new repository use the following template, replacing the capitalized strings with actual values:
[REPO-NAME] name=REPOSITORY-NAME mirrorlist=HTTP-ACCESSIBLE-MIRROR-LIST #baseurl=BASE-URL-FOR-REPOSITORY gpgcheck=BOOLEAN-VALUE[1-or-0]-TO-VERIFY-REPOSITORY gpgkey=FILE-PATH-TO-GPG-KEY
The following example is the default configuration for the "Base" repository in CentOS 5.2:
[base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
Credit: This section was kindly provided by JK Wood.
Packages in Slackware Linux are distributed as compressed tarballs, most generally using the gzip or lzma compression standards. These tarballs can be recognized by their nomenclature, specifically .tgz or .txz. This format includes a complete filesystem layout of the software, as well as additional scripts to be run upon installation or uninstallation of the software. One characteristic of note for Slackware packages is that they do not include any dependency resolution information, as that task is intentionally left up to the system administrator. This is generally viewed in the Slackware community as allowing more flexibility and control regarding what software gets installed upon the system.
Where not available in a precompiled format, packages can also be built for Slackware using SlackBuilds, a kind of shell script that compiles source or repackages binary distribution packages for easy installation and uninstallation on Slackware. These scripts were originally used by Pat Volkerding to produce official packages, and have since been adopted as a community standard by such sites as SlackBuilds.org, which provides many common third-party packages not available in Slackware proper.
Regarding package management tools, Slackware includes pkgtool for local package management and slackpkg for remote installation of packages from official mirrors. For less interactive tasks, there are installpkg, upgradepkg, and removepkg.
pkgtool offers the ability to interactively manage packages on the local system. It uses the dialog library to generate menus, allowing fully interactive administration even in an ssh session through a text-based menu interface. Each option is fairly self-explanatory, from installing packages from the Current or an Other directory, to Removing installed packages, Viewing a list of files in a package, and running Slackware Setup scripts.
The package installation operations offer a list of packages in a menu, with the ability to choose which packages to install and which to leave alone. The package removal option offers a similar choice, with a complete list of installed packages presented for your browsing pleasure. Viewing a package can be useful to determine what precisely is in it, as some come with rather cryptic names from time to time. The information offered includes a description written by the creator of the package along with the expected list of files.
The Setup scripts options do not often apply to Linode, though there is a netconfig option that may be useful to some users.
For those wishing a little more traditional command-line approach, the *pkg commands are fairly straightforward in their use.
The slackpkg program is a relatively recent addition to Slackware proper. Its purpose is to allow official Slackware packages to be installed and upgraded using a remote ftp or http mirror. Before using Slackpkg, a mirror should be chosen in /etc/slackpkg/mirrors, and can be selected from the available list there or added as you like. Only one mirror can ever be active, and is chosen by uncommenting it (deleting the initial #).
While slackpkg generally offers a menu-based interface, it can also be run in a console-only method by setting DIALOG=off in /etc/slackpkg/slackpkg.conf.
One final note about package management on Slackware should be dedicated to the problem of third-party packages. Slackware does not offer as large a selection of official software as some other more community-oriented distributions. Packages sourced from third parties can sometimes be of dubious quality. This ranges from poorly arranged filesystems, to building packages on unclean systems or even potentially including security holes such as unpatched flaws or intentionally inserted backdoors. For this reason, the use of third-party software repositories in Slackware is generally discouraged. Third-party package management tools such as slapt-get are also frowned upon, as they have a reputation for breaking systems.
With this in mind, the Slackware community, including a number of long-time users and even core developers have banded together to produce SlackBuilds.org, offering the aforementioned SlackBuild scripts for a growing number of pieces of third-party software. These scripts are heavily vetted for integrity and proper operation. Dependencies are noted in READMEs, and all builds are verified to work as advertised in a clean build environment. Local compilation also verifies that packages for your machine will work on your machine.
To facilitate the ease of management of SlackBuilds, sbopkg.org offers sbopkg, which operates very similarly to slackpkg, but works with SlackBuilds.org.
sbopkg, like pkgtool, offers a text-based menu interface. Of note is the Sync option, which ensures that you are working with the latest version of all SlackBuilds. SlackBuilds can be browsed or searched for. The Changelog can also be browsed. sbopkg offers an Updates option, which compares local versions of your packages to remote versions of the SlackBuilds and reports differences. Unlike slackpkg, sbopkg does weak checking for updated version numbers, and will not by default overwrite a package it thinks is newer than what's on the server. In addition, sbopkg offers the ability to manage the order in which SlackBuilds are built using a queue system, and allows the user to make changes to the SlackBuild locally. Finally, you can view which SlackBuilds.org packages are installed, and also perform such tasks as choosing a different repository version to work with or look for updates to sbopkg itself.
ArchLinux uses binary packages in a .tar.gz format, and also provides a "ports" build system that facilitates building packages.
The Arch tool, pacman is sophisticated, complete, modern and provides rich and helpful output. ArchLinux runs on a "rolling release" schedule, which means packages are added to the main repository when they (and their dependencies) are deemed ready for production. This means that there aren't release versions of Arch, as all systems once upgraded are of equivalent version.
Therefore it is incumbent upon administrators of ArchLinux to consider the output of pacman carefully before agreeing to upgrade or update any packages.
While the pacman tool is very powerful, it is also very simple. We encourage you to become more familiar with the tool, but there are three core commands for basic package management: The list below include the verbose and terse forms of the command:
Note that the terse flags are all uppercase and case-sensitive. These terse flags are often combined with additional flags for additional functionality. Here are some examples and a brief description of the functionality they provide:
The configuration for pacman is defined in the /etc/pacman.conf file, while the addresses of the repository mirrors are contained in /etc/pacman.d/mirrorlist. The mirror list was created and prioritized during the installation process and you probably will not need to alter this.
The options provided in the stock /etc/pacman.conf are largely documented in comments, and are beyond the scope of this document. (You may access the manual page for this configuration file with the command man pacman.conf).
While it is unlikely that you would need to modify the default pacman.conf for most installations, know that inside of pacman.conf you can change default installation and logging directories and specify packages to be held back from upgrades.
Additionally, if you need to add an additional third party repository to pacman, you can do that by adding a repository stanza like this:
[REPOSITORY-NAME] Server = SERVER-LOCATION Include = REPOSITORY-LIST
Note, the Server = and Include = lines are both optional, and the order of presentation of servers and includes indicates their priority. By default, the testing repository is disabled, which is probably wise if you're planning to use the system for production work; however if you need bleeding-edge packages, uncomment those lines.
The Arch Build System provides a method for users to compile and install software not included in the Arch repository within the pacman framework. This brief guide outlines the steps to building a package using the abs.
All commands explained here should be run as root. Begin by installing the abs framework and the base-devel packages using the following command:
pacman -Sy abs base-devel
Now, edit /etc/abs.conf so that the REPOS line indicates all of the proper repositories. Note, repositories prefixed with a bang (eg. !) are disabled. The line might look like:
REPOS=(core extra community !testing)
To create a local ABS tree in /var/abs, run the the abs command as root. You may now browse /var/abs which contains a representation of the package collection with folders representing each repository, category, and piece of software.
Arch recommends that you create a build directory at another location, perhaps ~/abs/, where actual building will occur.
Begin the build process by copying the files from the ABS tree into your build directory, like so (not as root):
cp -r /var/abs/[REPO]/[PACKAGE] ~/abs
Now, change to the package's directory:
cd ~/abs/[PACKAGE]
You have the option of modifying the PKGBUILD file. There's a build shell function where you can add additional patches to the files if you have any modifications to the software or the build process if you need to. That shell function generally looks like:
build() {
cd $startdir/src/$pkgname-$pkgver.orig
patch -Np1 -i
$startdir/src/${pkgname}_${pkgver}-$_patchlevel.diff || return 1
./configure --prefix=/usr
make || return 1
make install
}
Now you're ready to build the package. Use the following command as a normal, non-root user:
makepkg -s
makepkg creates a package that contains dependency information. As root, issue the following command:
pacman -U [package-file-name].pkg.tar.gz
Make sure to type the full package name exactly as it appears in the file system. Arch will now install the package and any required dependencies.
Because the ABS system downloads source and versions of the PKGBUILD file as it creates the package--sometimes checking out a copy of the source code from the version control system, we don't recommend deleting or removing files from the build directory hierarchy.
If you're interested in learning more about Arch and its package management tools, please consult these external sources for the documentation provided by the Arch community.
The Gentoo Linux operating system is a unique and flexible distribution. Gentoo provides the entire operating system in source format. These source packages, in concert with "ebuild" scripts, provide a sophisticated package management system that borrows and builds on many concepts from the BSD world's "ports" system.
Compiling the entire system from source is purported to offer some slight performance benefit, though this benefit may be hard to discern in a virtualized environment. Furthermore, the process of compiling software from source takes a significant amount of time. Nevertheless, many users enjoy the portage framework and the Gentoo operating system for specialized deployments.
Like Arch Linux, the Gentoo project produces new versions of Gentoo Linux on a "rolling release" cycle. In these distributions new versions of individual packages are released when the packages are deemed ready for production.
This section addresses common package management tasks and functions using the "emerge" front end for the portage system. We encourage you to install the "gentoolkit" to provide additional package management tools, such as equery. You can install this package with the following command:
emerge app-portage/gentoolkit
Portage also makes it possible to install additional variants of a package with the "USE flags" options. To discover which USE flags are available for a given package, issue the following command:
equery uses [package-name]
The equery command depends on the gentoolkit package. This will provide information about what USE flags are available and which have been installed. To specify additional USE flags, issue the following two commands in the following form:
echo "[package-name] [use-flags]" >> /etc/portage/package.use emerge [package-name]
This will install the specified package with the appropriate options enabled.
This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.
Last edited by Amanda Folson on Thursday, September 8th, 2011 (r2491).
|
2009-07-27 14:10:43
The Ubuntu package directory link is wrong. It should be http://packages.ubuntu.com [packages.ubuntu.com]
|
|
2009-07-30 07:21:26
Thanks for the note, jldugger. Fixed now.
|
|
2011-02-25 20:48:22
Well done on the documentation!
|