[ale] RPM/yum/package management

Michael B. Trausch mike at trausch.us
Thu Aug 23 19:15:51 EDT 2007 

James P. Kinney III, on 08/23/2007 06:28 PM said:
>
> Too bad you don't have good experience with rpm and yum. So many people
> don't understand the process and how it is designed to work so they
> gripe and moan about how broken it is without ever learning how it is
> trying to save their backside. 
> 

Perhaps it is too bad.

Just an FYI, while I don't know about what other people with different
systems have done in terms of attempting to install things from the
Internet, I don't download packages that aren't architecture specific on
any system unless they were designed with the precise system I am
running in mind.  If I do that, and it breaks... well, then it's my fault.

[snip]
> 
> Ah, but what about when you run into "dependency hell". That is not a
> fault of the package management system. That is a fault caused by two
> things: the end user is mostly to blame for trying to install non-distro
> specific binaries (so Fred the Dufus is annoyed because he can't install
> a "game" he found on the web written by Larry the Cable Guy using
> Mandrake onto his souped up hot rod Fedora box) and the second error is
> the developer who is releasing code that was packaged with dependencies
> so tight no one can use it but him on that one machine.

This has, unfortunately, never been the case for me---but that's just
me.  I like things to stay tied to the system that I am running, and if
there isn't a binary package that suits my needs than I will absolutely
build from source as opposed to play with fire...

> So what does Fred need to do? He _could_ get the src.rpm and try
> rebuilding it himself. But odds are that Fred can't compile an
> application from a tarball if it's more complicated than untar,
> configure, make, make install. Forget trying to dig through the spec
> file and fix the lib dependencies to be a bit more open than
> libfoo-0.02.0.01-beta3.
[snip]

Debian uses major versions in its package system to be able to determine
lib dependencies.  You can make the specification for an individual
package if you really want to, but there isn't a reason for it; when the
library makes incompatible changes, it is supposed to bump the major
version number (which in Debian system translates to a bump in the
package, too).  This way, dependencies are resolved nicely, and you can
even have multiple versions of the same library if it becomes necessary.

> 
> Don't even ask about Fred digging up an updated lib off the web!
> 
> So some other really bright folks figured out that yum was a good next
> step. It will look through posted, public repositories and find all the
> missing bits for Fred the Dufus.
> 
> But to _USE_ yum one must set up a few config files that data about the
> repositories. Well, the bright folks at the repositories wrote rpm files
> for their repo data. So now Fred can happily yum away into the night
> downloading enough stuff to keep is updates churning forever.
> 

Sounds like apt's /etc/apt/sources.list and /etc/apt/sources.d
configuration areas, which is good.  I assume that distributions that
use these utilities include their own repositories by default so that
their users can update.

> So why does this not happen with Debian? They have a web-based package
> management system. Ah! But they don't have a multitude of apt-get repos
> like the redhat/fedora stuff does. There are official debs and pretty
> much that's it. There are LOT'S of them but there is little outside that
> process (well, except for ubuntu and friends and even it uses the main
> debs repos.). The repo count for rpm stuff is large and growing. I'm not
> talking about mirrors, I'm talking about repos that carry things others
> do not.

There are over 1,000 of those for Debian systems that are known,
containing various updates, backports, and new software:

http://www.apt-get.org/

I also have one for Ubuntu Feisty, and there are other Ubuntu ones
around, too.  But they are tied to a specific distribution by its code name.

> 
> So the final thought on the frustration of rpms vs debs and people not
> knowing how to use yum is this:
> 
> If you go to the parts store to get a fuel pump for your ford truck,
> would you try and put in one for a toyota because it was in stock and on
> sale and the one you need was on backorder? Would you try a fuel pump
> from a different year ford truck?
> 
> Would you complain about the box the fuel pump came in when you get the
> wrong part and it won't fit?
> 

Oh no, I certainly wouldn't.  It makes sense that you wouldn't even make
the attempt.

Here is the summary of my most recent experience with an RPM distribution:
  * Show up at person's house, take a look at PC.
  * Guy says "needs to be updated" but he can't do it and he
    doesn't know why.  Guy is unable to see, and screen reading
    software kept breaking.
  * Clicked the update manager in the task tray.
  * It said X number of updates available, and I clicked "update" or
    "install" or whatever was there (under a year ago, sorry my memory
    isn't entirely crisp... Edgy Eft had just been released).
  * Waited three hours.  The number of updates was somewhere under
    100, so three hours on a broadband connection for the updates
    had me frustrated.
  * Finally, an error shows up that says that a dependency could not
    be met for one of the core system packages having to do with
    the X window system or the possibly gnome.  Can't remember what
    the package complaints were, but I do recall it seeming trivial
    and thus insane.
  * Command was suggested to fix it; ran command, command failed.
  * Update tool left networking in an inconsistent state and seemed
    to have removed some software, too.  Big no-no.
  * 25 minutes later, Ubuntu Edgy Eft found its way onto the system.
  * The only software on said system that was not from repo was
    built from source and installed in /usr/local (I did ask the
    user about this one at the time, hoping for a lead).

I have said exhausted everything that I can say on my knowledge and
experiences with RPM, however, so I am definitely finished with this thread.

And while the problem might not be the rpm or yum software directly
(e.g., the problem could be in the complexity of the repositories
required, if they are indeed complex and not
self-checking/self-building), or the problem could really be many
different problems, the same symptoms have cropped up over time and time
again.  I don't---and never have---experienced such symptoms on Debian
and Debian-derived systems, which is precisely why I am such a fan of them.

	-- Mike

-- 
Michael B. Trausch              Internet Mail & Jabber: mike at trausch.us
Phone:  (404) 592-5746 x1                        http://www.trausch.us/
Mobile: (678) 522-7934            VoIP: 6453 at sip.trausch.us, 861384 at fwd

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature

More information about the Ale mailing list