A package is just a neatly put together bundle of software.
A package manager is a something that makes it nice to install packages.
Compare/contrast Windows software installation with apt installation
Talking about Debian package management, because it would be impossible to address every case across every distro.
dpkg started as a shell script to install packages, stands for Debian package. It can be used to install, remove, and keep track of packages (among other things).
It also makes sure that dependencies of software you install are satisfied.
Debian developed the Advanced Package Tool, or APT to make installing and managing software simpler. It automatically gets packages from predefined repositories, making your life blissfully simple.
- apt will check for the packages dependencies and ask you if it's okay to install them
- apt will download the packages, make sure they're correct (with md5sums), and then tell dpkg to install them.
- dpkg will extract the archive and move the files to their correct locations
- run {pre,post}{inst,rm} scripts (more later)
- execute any actions based on triggers, after all packages are done, so that things like updating grub aren't done many times when you really only want to do it once. Also updates bash-completion, update-initramfs, and more
What happens when you sudo apt install package
it gets a .deb file from a server SOMEWHERE (discussed later)
deb - Debian binary package format, an ar archive
sudo apt-get --download-only install tree will download the file to
/var/cache/apt/archives
ar -t tree_1.7.0-5_amd64.deb will list files
debian-binary is the version of .deb package, so you'd be hard pressed to find
a package that's at least semi modern without a 2.0 for the content. If it's
not version 2, the package won't be installed.
control.tar.gz has at least two files
- control Information about package name, version, maintainer, installation size, dependencies, homepage, and description
- md5sums md5sums for each file included in the package, so you can think you're safe
It can also have configuration files, {pre,post}{inst,rm} scripts, and some other stuff.
This data can be viewed through the command dpkg --info tree_1.7.0-5_amd64.deb
data.tar.xz has the actual package, with the folder structure that they should have when installed on the system.
https://www.debian.org/doc/manuals/debmake-doc/ch04.en.html
Any given distro will have servers that hold all the packages they provide to
users. Ubuntu systems will keep a list of those servers at
/etc/apt/sources.list.
The four main repositories are:
- Main - Canonical-supported free and open-source software.
- Universe - Community-maintained free and open-source software.
- Restricted - Proprietary drivers for devices.
- Multiverse - Software restricted by copyright or legal issues.
Check where a specific package comes from
So the packages I use are here http://us.archive.ubuntu.com/ubuntu/
Including this because I had a really hard time finding much of any information about it.
Snappy - a platform-agnostic package management system, theoretically. Security-minded through containerization, theoretically. Developed by Canonical (creators of Ubuntu).
AppImage - Distributing portable software without needing root priveledge to install software. Download one file and run it. Basically mounts a compressed image of the software when run.