The race for a universal package manager
Snappy
Snappy packages (Figure 3) got off to a rocky start when Canonical Software, which controls Ubuntu, announced them as though they had already become the universal package manager. A typical headline in the media was "Snap Packages Become Universal Binary Format for All GNU/Linux Distributions" [14], when the truth was less dramatic.
Originally developed for embedded systems, Snappy's packages, like AppImage's, are reminiscent of the static tarballs used in the 1990s, combining all libraries, programs, and scripts in a single file. The main difference from static tarballs is that .snap
packages add containers and draw on recent Linux features for an added level of security.
Shortly after Snappy was announced, the rumor went around that its packages were as bloated as AppImage's. The source of the rumor was a LibreOffice snappy package whose debugging tools made it appear 500% larger than the equivalent .deb
or .rpm
when the truth was closer to 20%. Still, even a 20% difference in size can be significant on busy systems, or older ones.
Even more seriously, while Snappy, Flatpak, and Guix all offer similar features – everything from extra security to rollbacks and the co-existence of multiple versions of the same application – Flatpak and Guix do so with less overhead. True, Snappy packages can be built without containers in developer builds by using the --devmode
option, yet that only creates a new danger. Although Snappy documentation insists that packages built with --devmode
will never be included in official repositories, it is easy to imagine users preferring unofficial repositories to save memory – and, in doing so, removing a major part of Snappy security. Such a practice is more unlikely in Flatpak or Guix, whose security is architectural and probably more difficult to bypass.
Some users, too, might balk at a universal package manager being developed largely inside Canonical and under a contributors' agreement that gives Canonical almost complete ownership of any software that is produced [15].
However, Canonical remains one of the most influential Linux-based companies. Already, there seems to be more software available in .snap
packages than in any of the other formats, so Canonical might win the competition through publicity and availability alone.
Waiting for the Endgame
Universal package managers still have a ways to go. As I write, for example, graphical versions of Flatpak, Guix, and Snappy have yet to appear, although they are a high priority. In places, too, although basic functionality is available, there is still plenty of room for enhancements. As Fedora's replacement of yum
with dnf
shows, adjustments to package management can be more difficult than many expect [16].
In the end, which candidate becomes universal – if any – is unlikely to be decided for several years. Possibly, while the competition fuels the commercial rivalry between Canonical and Red Hat, few distributions will see the need for a universal package manger, all the more so because the conversion to a new format would be a major effort.
Moreover, although the .deb
and .rpm
rivalry can sometimes be a nuisance, it is at least a known nuisance. And whereas DEBs had an advantage around the turn of the millennium, RPMs have been roughly functionally equivalent for more than a dozen years.
Under these circumstances, we can expect a lot of discussion and little resolution. Unless some statement or new feature highlights the issues involved, I expect the situation to remain much the same.
Infos
- Debian Policy: https://www.debian.org/doc/debian-policy/
- Strengths of DEBs: https://lists.debian.org/debian-devel/2016/06/msg00287.html
- AppImage: https://en.wikipedia.org/wiki/AppImage_(packaging_method)
- AppImage apps: https://bintray.com/probono/AppImages
- Flatpak: http://flatpak.org/
- cgroups: https://en.wikipedia.org/wiki/Cgroups
- Namespaces: https://en.wikipedia.org/wiki/Linux_namespaces
- OSTree: https://ostree.readthedocs.io/en/latest/
- LibreOffice Flatpak: https://www.libreoffice.org/download/flatpak/
- Guix: https://www.gnu.org/software/guix/
- Adding GNU/Hurd support to GNU Guix: https://fosdem.org/2016/schedule/event/guixhurd/
- GuixSD: http://dustycloud.org/misc/talks/guix/chicagolug_2015/guix_talk.html
- Nix: https://nixos.org/nix/
- LibreOffice SNAP package: https://skyfromme.wordpress.com/2016/06/16/a-third-of-a-libreoffice-snap/
- Canonical contributor agreement: http://www.ubuntu.com/legal/contributors/submit
- "Will DNF Replace Yum?" by Bruce Byfield: http://www.linux-magazine.com/Online/Features/Will-DNF-Replace-Yum
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.