The race for a universal package manager
Snappy
Snappy packages (Figure 3) got off to a rocky start when Canonical Software, which controls Ubuntu, announced them as though they had already become the universal package manager. A typical headline in the media was "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions" [14], when the truth was less dramatic.
Originally developed for embedded systems, Snappy's packages, like AppImage's, are reminiscent of the static tarballs used in the 1990s, combining all libraries, programs, and scripts in a single file. The main difference from static tarballs is that .snap
packages add containers and draw on recent Linux features for an added level of security.
Shortly after Snappy was announced, the rumor went around that its packages were as bloated as AppImage's. The source of the rumor was a LibreOffice snappy package whose debugging tools made it appear 500% larger than the equivalent .deb
or .rpm
when the truth was closer to 20%. Still, even a 20% difference in size can be significant on busy systems, or older ones.
Even more seriously, while Snappy, Flatpak, and Guix all offer similar features – everything from extra security to rollbacks and the co-existence of multiple versions of the same application – Flatpak and Guix do so with less overhead. True, Snappy packages can be built without containers in developer builds by using the --devmode
option, yet that only creates a new danger. Although Snappy documentation insists that packages built with --devmode
will never be included in official repositories, it is easy to imagine users preferring unofficial repositories to save memory – and, in doing so, removing a major part of Snappy security. Such a practice is more unlikely in Flatpak or Guix, whose security is architectural and probably more difficult to bypass.
Some users, too, might balk at a universal package manager being developed largely inside Canonical and under a contributors' agreement that gives Canonical almost complete ownership of any software that is produced [15].
However, Canonical remains one of the most influential Linux-based companies. Already, there seems to be more software available in .snap
packages than in any of the other formats, so Canonical might win the competition through publicity and availability alone.
Waiting for the Endgame
Universal package managers still have a ways to go. As I write, for example, graphical versions of Flatpak, Guix, and Snappy have yet to appear, although they are a high priority. In places, too, although basic functionality is available, there is still plenty of room for enhancements. As Fedora's replacement of yum
with dnf
shows, adjustments to package management can be more difficult than many expect [16].
In the end, which candidate becomes universal – if any – is unlikely to be decided for several years. Possibly, while the competition fuels the commercial rivalry between Canonical and Red Hat, few distributions will see the need for a universal package manger, all the more so because the conversion to a new format would be a major effort.
Moreover, although the .deb
and .rpm
rivalry can sometimes be a nuisance, it is at least a known nuisance. And whereas DEBs had an advantage around the turn of the millennium, RPMs have been roughly functionally equivalent for more than a dozen years.
Under these circumstances, we can expect a lot of discussion and little resolution. Unless some statement or new feature highlights the issues involved, I expect the situation to remain much the same.
Infos
- Debian Policy: https://www.debian.org/doc/debian-policy/
- Strengths of DEBs: https://lists.debian.org/debian-devel/2016/06/msg00287.html
- AppImage: https://en.wikipedia.org/wiki/AppImage_(packaging_method)
- AppImage apps: https://bintray.com/probono/AppImages
- Flatpak: http://flatpak.org/
- cgroups: https://en.wikipedia.org/wiki/Cgroups
- Namespaces: https://en.wikipedia.org/wiki/Linux_namespaces
- OSTree: https://ostree.readthedocs.io/en/latest/
- LibreOffice Flatpak: https://www.libreoffice.org/download/flatpak/
- Guix: https://www.gnu.org/software/guix/
- Adding GNU/Hurd support to GNU Guix: https://fosdem.org/2016/schedule/event/guixhurd/
- GuixSD: http://dustycloud.org/misc/talks/guix/chicagolug_2015/guix_talk.html
- Nix: https://nixos.org/nix/
- LibreOffice SNAP package: https://skyfromme.wordpress.com/2016/06/16/a-third-of-a-libreoffice-snap/
- Canonical contributor agreement: http://www.ubuntu.com/legal/contributors/submit
- "Will DNF Replace Yum?" by Bruce Byfield: http://www.linux-magazine.com/Online/Features/Will-DNF-Replace-Yum
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.