HOME

TheInfoList



OR:

A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer in a consistent manner. A package manager deals with ''packages'', distributions of software and data in
archive file In computing, an archive file is a computer file that is composed of one or more files along with metadata. Archive files are used to collect multiple data files together into a single file for easier portability and storage, or simply to compre ...
s. Packages contain metadata, such as the software's name, description of its purpose, version number, vendor,
checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify dat ...
(preferably a
cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for cryptography: * the probability of a particular n-bit output ...
), and a list of dependencies necessary for the software to run properly. Upon installation, metadata is stored in a local package database. Package managers typically maintain a database of software dependencies and version information to prevent software mismatches and missing prerequisites. They work closely with software repositories,
binary repository manager A software repository, or repo for short, is a storage location for software packages. Often a table of contents is also stored, along with metadata. A software repository is typically managed by source control or repository managers. Package ...
s, and app stores. Package managers are designed to eliminate the need for manual installs and updates. This can be particularly useful for large enterprises whose operating systems typically consist of hundreds or even tens of thousands of distinct software packages.


History

Early package managers, from around 1994, had no automatic dependency resolution but could already drastically simplify the process of adding and removing software from a running system. By around 1995, beginning with CPAN, package managers began doing the work of downloading packages from a repository, automatically resolving its dependencies and installing them as needed, making it much easier to install, uninstall and update software from a system.


Functions

A software package is an
archive file In computing, an archive file is a computer file that is composed of one or more files along with metadata. Archive files are used to collect multiple data files together into a single file for easier portability and storage, or simply to compre ...
containing a computer program as well as necessary metadata for its deployment. The computer program can be in
source code In computing, source code, or simply code, is any collection of code, with or without comment (computer programming), comments, written using a human-readable programming language, usually as plain text. The source code of a Computer program, p ...
that has to be compiled and built first. Package metadata include package description, package version, and dependencies (other packages that need to be installed beforehand). Package managers are charged with the task of finding, installing, maintaining or uninstalling software packages upon the user's command. Typical functions of a package management system include: *Working with
file archiver A file archiver is a computer program that combines a number of files together into one archive file, or a series of archive files, for easier transportation or storage. File archivers may employ lossless data compression in their archive formats ...
s to extract package archives *Ensuring the integrity and authenticity of the package by verifying their
checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify dat ...
s and
digital certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about th ...
s, respectively *Looking up, downloading, installing, or updating existing software from a software repository or app store *Grouping packages by function to reduce user confusion *Managing dependencies to ensure a package is installed with all packages it requires, thus avoiding " dependency hell"


Challenges with shared libraries

Computer systems that rely on dynamic library linking, instead of static library linking, share executable libraries of machine instructions across packages and applications. In these systems, conflicting relationships between different packages requiring different versions of libraries results in a challenge colloquially known as " dependency hell". On Microsoft Windows systems, this is also called " DLL hell" when working with dynamically linked libraries. Modern package managers have mostly solved these problems, by allowing parallel installation of multiple versions of a library (e.g. OPENSTEP's ''Framework'' system), a dependency of any kind (e.g. ''slots'' in Gentoo Portage), and even of packages compiled with different compiler versions (e.g. dynamic libraries built by the
Glasgow Haskell Compiler The Glasgow Haskell Compiler (GHC) is an open-source native code compiler for the functional programming language Haskell. It provides a cross-platform environment for the writing and testing of Haskell code and it supports numerous extension ...
, where a stable ABI does not exist), in order to enable other packages to specify which version they were linked or even installed against.


Front-ends for locally compiled packages

System administrator A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to en ...
s may install and maintain software using tools other than package management software. For example, a local administrator may
download In computer networks, download means to ''receive'' data from a remote system, typically a server such as a web server, an FTP server, an email server, or other similar system. This contrasts with uploading, where data is ''sent to'' a remo ...
unpackaged source code, compile it, and install it. This may cause the state of the local system to fall out of synchronization with the state of the package manager's
database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases spa ...
. The local administrator will be required to take additional measures, such as manually managing some dependencies or integrating the changes into the package manager. There are tools available to ensure that locally compiled packages are integrated with the package management. For distributions based on .deb and
.rpm RPM Package Manager (RPM) (originally Red Hat Package Manager, now a recursive acronym) is a free and open-source package management system. The name RPM refers to the file format and the package manager program itself. RPM was intended primaril ...
files as well as Slackware Linux, there is
CheckInstall CheckInstall is a computer program for Unix-like operating systems which eases the installation and uninstallation of software compiled from source by making use of package management systems. After software compilation it can automatically g ...
, and for recipe-based systems such as Gentoo Linux and hybrid systems such as
Arch Linux Arch Linux () is an independently developed, x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, ...
, it is possible to write a recipe first, which then ensures that the package fits into the local package database.


Maintenance of configuration

Particularly troublesome with software upgrades are upgrades of configuration files. Since package managers, at least on Unix systems, originated as extensions of file archiving utilities, they can usually only either overwrite or retain configuration files, rather than applying rules to them. There are exceptions to this that usually apply to kernel configuration (which, if broken, will render the computer unusable after a restart). Problems can be caused if the format of configuration files changes; for instance, if the old configuration file does not explicitly disable new options that should be disabled. Some package managers, such as
Debian Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of De ...
's dpkg, allow configuration during installation. In other situations, it is desirable to install packages with the default configuration and then overwrite this configuration, for instance, in headless installations to a large number of computers. This kind of pre-configured installation is also supported by dpkg.


Repositories

To give users more control over the kinds of software that they are allowing to be installed on their system (and sometimes due to legal or convenience reasons on the distributors' side), software is often downloaded from a number of software repositories.


Upgrade suppression

When a user interacts with the package management software to bring about an upgrade, it is customary to present the user with the list of actions to be executed (usually the list of packages to be upgraded, and possibly giving the old and new version numbers), and allow the user to either accept the upgrade in bulk, or select individual packages for upgrades. Many package managers can be configured to never upgrade certain packages, or to upgrade them only when critical vulnerabilities or instabilities are found in the previous version, as defined by the packager of the software. This process is sometimes called ''version pinning''. For instance: * yum supports this with the syntax ''exclude=openoffice*'' * pacman with ''IgnorePkg= openoffice'' (to suppress upgrading openoffice in both cases) * dpkg and dselect support this partially through the ''hold'' flag in package selections *
APT Apt. is an abbreviation for apartment. Apt may also refer to: Places * Apt Cathedral, a former cathedral, and national monument of France, in the town of Apt in Provence * Apt, Vaucluse, a commune of the Vaucluse département of France * A ...
extends the ''hold'' flag through the complex "pinning" mechanism (Users can also blacklist a package) * aptitude has "hold" and "forbid" flags * portage supports this through the package.mask configuration file


Cascading package removal

Some of the more advanced package management features offer "cascading package removal", in which all packages that depend on the target package and all packages that only the target package depends on, are also removed.


Comparison of commands

Although the commands are specific for every particular package manager, they are to a large extent translatable, as most package managers offer similar functions.
The
Arch Linux Arch Linux () is an independently developed, x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, ...
Pacman/Rosetta wiki offers an extensive overview.


Prevalence

Package managers like dpkg have existed as early as 1994. Linux distributions oriented to binary packages rely heavily on package management systems as their primary means of managing and maintaining software. Mobile operating systems such as
Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...
(Linux-based), iOS ( Unix-based), and
Windows Phone Windows Phone (WP) is a discontinued family of mobile operating systems developed by Microsoft for smartphones as the replacement successor to Windows Mobile and Zune. Windows Phone featured a new user interface derived from the Metro design lan ...
rely almost exclusively on their respective vendors' app stores and thus use their own dedicated package management systems. File:Apt-get install mediawiki.png, apt-get, a CLI utility installing
MediaWiki MediaWiki is a Free and open-source software, free and open-source wiki software. It is used on Wikipedia and almost all other Wikimedia movement, Wikimedia Website, websites, including Wiktionary, Wikimedia Commons and Wikidata; these sit ...
File:Aptitude 0.4.11.3 de.png, Aptitude also features a TUI File:Synaptic_screenshot.png, Synaptic, a GUI for many Linux package managers File:Example of pacman in Arch Linux screenshot.png, pacman, a CLI utility for Arch-based distributions File:Octopi 0.12.0 screenshot.png, Octopi, a Qt GUI for Pacman package manager File:Pamac 10.3.0 screenshot.png, Pamac, a
GTK+ GTK (formerly GIMP ToolKit and GTK+) is a free and open-source cross-platform widget toolkit for creating graphical user interfaces (GUIs). It is licensed under the terms of the GNU Lesser General Public License, allowing both free and prop ...
GUI for Pacman package manager File:Kpackagekit.png, Apper, a Qt GUI for PackageKit File:GNOME Software 40.1 on Fedora 34.png, GNOME Software, a GTK GUI for PackageKit and Flatpak File:Windows Package Manager v0.1.41331 Preview 1115x624.png, winget, the
Windows Package Manager The Windows Package Manager (also known as winget) is a free and open-source package manager designed by Microsoft for Windows 10 and Windows 11. It consists of a command-line utility and a set of services for installing applications. Independent ...
CLI utility for
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. It is the direct successor to Windows 8.1, which was released nearly two years earlier. It was released to manufacturing on July 15, 2015, and later to retail on ...


Comparison with installers

A package manager is often called an "install manager", which can lead to a confusion between package managers and installers. The differences include:


Comparison with build automation utility

Most software configuration management systems treat building software and deploying software as separate, independent steps. A build automation utility typically takes human-readable
source code In computing, source code, or simply code, is any collection of code, with or without comment (computer programming), comments, written using a human-readable programming language, usually as plain text. The source code of a Computer program, p ...
files already on a computer, and automates the process of converting them into a binary executable package on the same or remote computer. Later a package manager typically running on some other computer downloads those pre-built binary executable packages over the internet and installs them. However, both kinds of tools have many commonalities: *For example, the dependency graph topological sorting used in a package manager to handle dependencies between binary components is also used in a build manager to handle the dependency between source components. *For example, many
makefile In software development, Make is a build automation tool that automatically builds executable programs and libraries from source code by reading files called ''Makefiles'' which specify how to derive the target program. Though integrated deve ...
s support not only building executables, but also installing them with make install. *For example, every package manager for a source-based distribution Portage, Sorcery,
Homebrew Homebrewing mainly refers to small-scale, non-commercial manufacture of a drink, typically beer. Homebrew or home brew may also refer to: Computing * Homebrew Computer Club * Homebrew (package manager), for macOS and Linux * Homebrew (video game ...
, etc. supports converting human-readable source code to binary executables and installing it. A few tools, such as
Maak In computing, Maak is a utility similar to make, designed to build complex software systems while avoiding the need to recompile the entire system every time a change is made. "Maak" is Dutch for "make". See also *Nix package manager Nix is a ...
and A-A-P, are designed to handle both building and deployment, and can be used as either a build automation utility or as a package manager or both.


Comparison with app stores

''
App stores An App Store (or app marketplace) is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the co ...
'' can also be considered application-level package managers. Unlike traditional package managers, app stores are designed to enable payment for the software itself (instead of for software development), and may only offer monolithic packages with no dependencies or dependency resolution. They are usually extremely limited in their management functionality, due to a strong focus on simplification over power or
emergence In philosophy, systems theory, science, and art, emergence occurs when an entity is observed to have properties its parts do not have on their own, properties or behaviors that emerge only when the parts interact in a wider whole. Emergen ...
, and common in commercial operating systems and locked-down “smart” devices.


Common package managers and formats


Universal package manager

Also known as
binary repository manager A software repository, or repo for short, is a storage location for software packages. Often a table of contents is also stored, along with metadata. A software repository is typically managed by source control or repository managers. Package ...
, it is a software tool designed to optimize the download and storage of binary files, artifacts and packages used and produced in the software development process. These package managers aim to standardize the way enterprises treat all package types. They give users the ability to apply security and compliance metrics across all artifact types. Universal package managers have been referred to as being at the center of a DevOps toolchain.


Package formats

Each package manager relies on the format and metadata of the packages it can manage. That is, package managers need groups of files to be bundled for the specific package manager along with appropriate metadata, such as dependencies. Often, a core set of utilities manages the basic installation from these packages and multiple package managers use these utilities to provide additional functionality. For example, yum relies on rpm as a backend. Yum extends the functionality of the backend by adding features such as simple configuration for maintaining a network of systems. As another example, the Synaptic Package Manager provides a graphical user interface by using the Advanced Packaging Tool (apt) library, which, in turn, relies on dpkg for core functionality. Alien is a program that converts between different
Linux package formats A package format is a type of archive containing computer programs and additional metadata needed by package managers. While the archive file format itself may be unchanged, package formats bear additional metadata, such as a manifest file or certa ...
, supporting conversion between Linux Standard Base (LSB) compliant
.rpm RPM Package Manager (RPM) (originally Red Hat Package Manager, now a recursive acronym) is a free and open-source package management system. The name RPM refers to the file format and the package manager program itself. RPM was intended primaril ...
packages,
.deb deb is the format, as well as extension of the software package format for the Debian Linux distribution and its derivatives. Design Debian packages are standard Unix ar archives that include two tar archives. One archive holds the cont ...
, Stampede (.slp), Solaris (.pkg) and Slackware (
.tgz gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and ...
,
.txz In computing, tar is a computer software utility for collecting many files into one archive file, often referred to as a tarball, for distribution or backup purposes. The name is derived from "tape archive", as it was originally developed ...
, .tbz, .tlz) packages. In mobile operating systems, Google Play consumes Android application package (APK) package format while Microsoft Store uses APPX and XAP formats. (Both Google Play and Microsoft Store have eponymous package managers.)


Free and open source software systems

By the nature of
free and open source software Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...
, packages under similar and compatible licenses are available for use on a number of operating systems. These packages can be combined and distributed using configurable and internally complex packaging systems to handle many permutations of software and manage version-specific dependencies and conflicts. Some packaging systems of free and open source software are also themselves released as free and open source software. One typical difference between package management in proprietary operating systems, such as Mac OS X and Windows, and those in free and open source software, such as Linux, is that free and open source software systems permit third-party packages to also be installed and upgraded through the same mechanism, whereas the package managers of Mac OS X and Windows will only upgrade software provided by Apple and Microsoft, respectively (with the exception of some third party drivers in Windows). The ability to continuously upgrade third-party software is typically added by adding the
URL A Uniform Resource Locator (URL), colloquially termed as a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifie ...
of the corresponding repository to the package management's configuration file.


Application-level package managers

Beside the system-level application managers, there are some add-on package managers for operating systems with limited capabilities and for
programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming l ...
s in which developers need the latest
libraries A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
. Unlike system-level package managers, application-level package managers focus on a small part of the software system. They typically reside within a directory tree that is not maintained by the system-level package manager, such as or . However, this might not be the case for the package managers that deal with programming libraries, leading to a possible conflict as both package managers may claim to "own" a file and might break upgrades.


Impact

Ian Murdock had commented that package management is "the single biggest advancement
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
has brought to the industry", that it blurs the boundaries between operating system and applications, and that it makes it "easier to push new innovations ..into the marketplace and ..evolve the OS". There is also a conference for package manager developers known as PackagingCon. It was established in 2021 with the aim to understand different approaches to package management.


See also

* Dependency hell * Installation (computer programs) *
List of software package management systems This is a list of notable software package management systems, categorized first by package format (binary, source code, hybrid) and then by operating system family. Binary packages The following package management systems distribute apps in binar ...
*
Manifest file A manifest file in computing is a file containing metadata for a group of accompanying files that are part of a set or coherent unit. For example, the files of a computer program may have a manifest describing the name, version number, license and t ...
* Package format


References


External links


Package Management Cheatsheet
from Distrowatch
ArchLinux Rosetta Stone – Command Line Comparison for Package Managersupkg universal package manager
a wrapper that provides same syntax for all flavors of Linux {{Software digital distribution platforms Software distribution Types of tools used in software development