LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   RPM and Dependency hell. Stop the insanity. (https://www.linuxquestions.org/questions/linux-software-2/rpm-and-dependency-hell-stop-the-insanity-480031/)

ImOk 09-03-2006 11:16 AM

RPM and Dependency hell. Stop the insanity.
 
Do we want Linux to be acceptable to the desktop owners and not just the geeks (I am a geek)? Then give them your RPMs as a complete installation including the lib dependencies. Dont tell them to look for this and that dependency. Stop the insanity.

Recommendation
---------------
I would like to recommend to future RPM builders to include non standard libraries they use (ie not part of the base kernel) in their RPMs. Its not like we have a disk space issue and we are worried about duplicate libs. Just copy everything into your own subdirectory under /bin or /usr or whatever. Include your conf files there too. /etc is a monster. Also why do I have to jump around into 5 different folders for the parts of the applications. Its insane.

In theory, if this is doen right, am installation should just be a straight copy of files.

Example of dependency hell
--------------------------
To install Mplayer I had to go through hell. Took me 2 hours. And then one lousy lib ( libmp4v2) was very difficult to even find as an RPM. I am not ready to start compiling sources. Make and ./configure and all that.

Here is what I had to download to get MPlayer to install
Code:

-rw-r--r-- 1 root root 12028036 Sep  2 17:08 MPlayer-1.0pre8-8.pm.svn20060811.i586.rpm
-rw-r--r-- 1 root root  218670 Sep  2 18:04 faac-1.25-0.pm.0.i586.rpm
-rw-r--r-- 1 root root  388310 Sep  2 18:05 faad2-2.5-0.pm.2.i586.rpm
-rw-r--r-- 1 root root  1217895 Sep  2 17:18 lame-3.96.1-2.i586.rpm
-rw-r--r-- 1 root root  2670405 Sep  2 18:12 libmp4v2-1.4.1-3.i586.rpm
-rw-r--r-- 1 root root  259579 Sep  2 18:56 libmp4v2-1.4.1-3.lvn5.i386.rpm
-rw-r--r-- 1 root root  351621 Sep  2 18:42 libmp4v2-1.4.1.tar.bz2
-rw-r--r-- 1 root root  136684 Sep  2 17:17 mad-0.15.1b-1.pm.3.i586.rpm
-rw-r--r-- 1 root root    14885 Sep  2 18:43 mklibmp4v2-r51.tar.bz2
-rw-r--r-- 1 root root 14051163 Sep  2 18:02 w32codec-all-20060611-0.pm.0.i586.rpm
-rw-r--r-- 1 root root  400126 Sep  2 17:18 x264-0.0svn20060728-1.i586.rpm
-rw-r--r-- 1 root root  860277 Sep  2 17:17 xvid-1.1.0-0.pm.4.i586.rpm

I have no clue what all these things are. I dont care either. i just wanted an app installed.
And who knows where everything got installed? Even worse, this is a security issue. How do I even know that what I download left and right for dependencies doesnt include trojans or viruses? Let's get real and push RPM makers to fix this trojan horse problem.

FYI I am using Suse 10.1 but this is the same problem with all distros.

MS is trying to solve its DLL hell with .NET. Let's not become famous for dependency hell.

Sorry for the rant but I had to vent here. Thanks.

rickh 09-03-2006 11:27 AM

I spent the first 2+ years of my Linux experience using Mandrake, Redhat, and Fedora ... learned all about "dependency hell." One day on a whim, I installed Debian on a spare computer to run parallell for a while. About 2 weeks later, every computer I had was running Debian, and 4 years later, they still do.

I can install mplayer in roughly 3 minutes.

Nylex 09-03-2006 11:38 AM

rickh's point is (presumably) that you don't have to encounter dependency hell, as there are distros with package managers that will resolve said dependencies for you.

One of the important (well, it seems pretty important to me!) things about not packaging all the required libraries with packages is that if you've got them installed once in a central place, then programs all requiring that library can just share it. If you bundle libraries with packages (I think "static linking" is the correct term here), then if you have more than one package requiring a particular library, then you'll effectively end up with more than one copy of said library on your system. It makes more sense to me, at least, to do it the other way. I admit this is a pretty basic explanation (and hopefully not wrong), but I don't know much more than this.

reddazz 09-03-2006 12:07 PM

If you had taken the time to learn about your distros packaging system, you would not be complaining about RPM hell. Suse has a nice selection of package managers that auto-detect and resolve any dependencies. The default is YAST but you can also use SMART, APT and YUM. When I installed MPlayer on Suse 10.1, I don't think it took me more than a couple of minutes using SMART.

rickh 09-03-2006 12:28 PM

Quote:

If you had taken the time to learn about your distros packaging system, you would not be complaining about RPM hell.
Right. I overstated Debian's uniqueness in package management. While, for me, it is the best, all the major distros have solved dependency management issues.

At the same time. Suggesting that using APT in Suse is comparable to using it with Debian is equally mistaken. YUM for Fedora, Smart for Suse, etc, are tools that are beautifully integrated with their distributions. My observation has been that relatively inexperienced users are most likely to make big messes when they try to go outside their distro's defined package base, whether with package repositories, or package managers.

ImOk 09-03-2006 12:39 PM

Quote:

Originally Posted by reddazz
If you had taken the time to learn about your distros packaging system, you would not be complaining about RPM hell. Suse has a nice selection of package managers that auto-detect and resolve any dependencies. The default is YAST but you can also use SMART, APT and YUM. When I installed MPlayer on Suse 10.1, I don't think it took me more than a couple of minutes using SMART.

I took the time. Lots of time. I guess I can install MPlayer in 30 seconds now. I run a bunch of RPMS.

I tried install APT4SUSE. I am still taking about 2 hours to do that. It want somes docs package now. Here is the error message when I do ./configure
Code:

configure: error: You need xmlto to build the documentation. Apt-get it or download it from http://cyberelk.net/tim/xmlto/
So I try to do what it says. The website description is different. Its http://cyberelk.net/tim/data/xmlto/. Ok now I try that.

Code:

apt-get install http://cyberelk.net/tim/data/xmlto/
Err http://cyberelk.net/tim/data/xmlto/
  Could not open file  - open (2 No such file or directory)
Failed to fetch http://cyberelk.net/tim/data/xmlto/  Could not open file  - open (2 No such file or directory)
E: Failed to fetch some archives.

Obviously another dependency hell for a package that is supposed to help me with dependecnies. It s not even available as an RPM.

Yum, yast, apt, smart, RPM. Why do we need so many? I dont mind typing RPM -iv. But if you are going to put an RPM together, make it complete. The links that I am given to download this or that many times dont exist or have changed.

My main point:

1) A typical user will not use Linux because apps just dont install easily.
2) App installation should include all its components and put everything under its own folders. Disk space is cheap. Time is not. You have to balance some waste with expediency.

Someone said "Haste makes waste". I say "Waste makes haste".

chessonly 09-03-2006 01:04 PM

Quote:

apt-get install http://cyberelk.net/tim/data/xmlto/
I feel like such an expert!! lol
the correct command is
"apt-get install mplayer"
Thats it. Screw downloading rpms, and building from source!!

No more dependency hell now :D

reddazz 09-03-2006 01:10 PM

Quote:

Yum, yast, apt, smart, RPM. Why do we need so many?
Opensource is about choice, so having a selection is not bad because a user can just pick their favourite. I've noticed that most users with a background with Debian prefer APT and those from Redhat/Fedora prefer YUM. If they migrate to Suse, they can use the same package manager that they used on their previous distro.

RPM is not in the same class as YAST, APT, SMART and YUM. YAST et al are frontends to RPM or the distros native packaging system and make it easy for user to install packages with a few clicks or commands. Dependencies are automatically resolved and installed, so the user doesn't have to do this manually (which ou have to do if you use RPM).
Quote:

I dont mind typing RPM -iv. But if you are going to put an RPM together, make it complete. The links that I am given to download this or that many times dont exist or have changed.
This is not a really good thing. Imagine if all packages that needed qt or gtk shipped with their own version. Firslty this will be unnecessary waste of disk space and will probably result in a lot of broken packages. As I mentioned installing using a package manager like YAST etc, would save you the hassle of manual dependency resolution. All packages are pulled from central software repositories, so you don't have to go to different websites to download packages.


As for Apt4Suse, you could have installed this in a few minutes if you had used YAST.


Quote:

My main point:

1) A typical user will not use Linux because apps just dont install easily.
2) App installation should include all its components and put everything under its own folders. Disk space is cheap. Time is not. You have to balance some waste with expediency.

Someone said "Haste makes waste". I say "Waste makes haste".
As I mentioned above, using tools like YAST, YUM et al makes installing packages so easy.

masonm 09-03-2006 01:23 PM

Quote:

Originally Posted by ImOk
My main point:

1) A typical user will not use Linux because apps just dont install easily.
2) App installation should include all its components and put everything under its own folders. Disk space is cheap. Time is not. You have to balance some waste with expediency.

Someone said "Haste makes waste". I say "Waste makes haste".

1, I'm a "typical user", whatever that's suppose to mean, and I've used Linux for years. Slack to be precise.

2. It would be pretty stupid to install duplicate copies and a multitude of versions of the same libraries every time a new app is installed. I can just imagine the number of posts complaining about how much space Linux wastes as a result of something like this. This would also greatly increase the sizes of the various packages.

You have to remember that some deps can be pretty huge.

Linux is about choice. If you choose to use an RPM based distro, you choose to deal with the issues related to RPMs. You can also choose what tools to use to deal with those issues.

Slack's package management system doesn't address deps at all and leaves it to the user to resolve any dep issues and I have never had any hassles getting apps installed. I guess it all just depends on how much the user actually wants to be involved. If you want easy package management, use a Debian distro, pacman (Arch), portage (Gentoo), or Windows.

None of them are perfect, you just have to find the one that works best for you.

sinczar 09-03-2006 10:52 PM

ImOk

Every major distro has a package management feature which will handle dependencies. Next time read the Wiki's. We, and I mean the community, whether deb, tgz, or rpm based buried "Dependency Hell" well about 5 years ago.

Good Luck on you next package install

Rich D.

dconine 12-14-2006 09:57 AM

package RPM hells
 
Quote:

Originally Posted by ImOk
Obviously another dependency hell for a package that is supposed to help me with dependecnies. It s not even available as an RPM.

Yum, yast, apt, smart, RPM. Why do we need so many? I dont mind typing RPM -iv. But if you are going to put an RPM together, make it complete. The links that I am given to download this or that many times dont exist or have changed.

My main point:

1) A typical user will not use Linux because apps just dont install easily.
2) App installation should include all its components and put everything under its own folders. Disk space is cheap. Time is not. You have to balance some waste with expediency.

Someone said "Haste makes waste". I say "Waste makes haste".

There is a problem with the current system of complexity that is a lack of moderation in general by the community. Non-geeks should have to learn a minimum amount about computers (my dad always said that if you can't fix something, don't use it) before being given the keys to the tool chest. On the other hand, some people have addictions to complexity that breeds wasted time.
Boxed distributions should be refined and tested for plug and play, with system requirements clearly defined in terms of stable hardware.
Applications should be distributed with those packages that are tested and stable, not incomplete (anybody say "Xine"?)
Geeks should have their own servers with some kind of password control that involves prime numbers and the names of six dungeons and dragons weapons.

RPM hell is the Hell of a Thousand Tweaks. Stable libraries should be named, numbered and categorized so that all package management programs (remember that word? PROGRAMS, not tar, not package, not app, but PROGRAM) can have the same system of checking for and organizing the arrangement inside and outside the hardware it is running on.

There are standards, we just have to slow down and use them. Nobody needs a new computer every year. It's supposed to be a tool, not a food item.

Pardon my rant, but I've got a 'package manager' that is currently chewing on almost 600 meg of 'upgrades', and there is no way of picking and choosing what the hell it is trying to do without spending as much time reading and clicking little boxes as it will spend crunching through servers.

IBall 12-14-2006 09:31 PM

dconine - Most of the problems you speak of have been solved. There are excellent GUI frontends for every distro's package manager. I think Yast has a GUI, and then there is Synaptic, Adept, Pirut ...

All of these have one thing in common - find the program you want in the list, and click "install". The package manager will do the rest automatically.

As for stable and complete applications - you are talking about Debian. The Debian Stable version has only complete, very stable and complete applications.

The reason for the term "package" is because it is more generic. A package can be a program or library or documentation or a set of programs, where as a program can only be a single program.

--Ian

pixellany 12-15-2006 12:16 AM

Ditto..

As I sit here with Mepis (from the Debian/Ubuntu gene pool), with the excellent package manager and huge and diverse repositories, I find myself wondering what the fuss is.

the typical package management system is every bit as good as the Windows install process--in some cases better.

dconine 12-15-2006 10:44 AM

Quote:

Originally Posted by IBall
dconine - Most of the problems you speak of have been solved. There are excellent GUI frontends for every distro's package manager. I think Yast has a GUI, and then there is Synaptic, Adept, Pirut ...

Yes, I'm trying to use the gui interface for Yast, it worked, then it quit working when I used it to try and upgrade the packages. Then I switched to SMART, which runs, but who knows what it is intalling (without 2 days worth of scrolling and searching for green, red, and yellow boxes in a billion alphabetically closed menu headings), and the automatic function is TOO automatic. Zen just starts, then pops up an icon on the toolbar, then goes away.
YEah, these problems have been solved. Riiiggghhhht.
Quote:

All of these have one thing in common - find the program you want in the list, and click "install". The package manager will do the rest automatically.
Hahahahahahahahahah That's a good one. Yes, it works. SOMEtimes. And sometimes, it doesn't do anything but screw up the day while I muck around looking for rpms for missing programs/packages on the internet.
Quote:

As for stable and complete applications - you are talking about Debian. The Debian Stable version has only complete, very stable and complete applications.
Ummm, and a newbie would find this out, where, exactly? It isn't written on the box cover for SuSE, and it isn't going to be in the mind of the geek at the CompUSA store. Searching the internet for "stable operating system distribution" requires; 1. that someone knows what the term 'distribution' means, and 2. that they have 2 years to read all the opinions about it, then go out and buy a boxed set of something.
Quote:

The reason for the term "package" is because it is more generic. A package can be a program or library or documentation or a set of programs, where as a program can only be a single program.
Thanks for clearing that up. Make sure it gets printed in the New York Times (mouthpiece of empire to some). In other words, that's nice, but why does someone who wants to write a book with a computer they buy in the store find this out, and at what cost in time, various hardware that works or doesn't work with a particular 'package' or 'distribution', and which of their friends or computer store salesmen will be able to answer these questions?

I don't mean to be so negative. I LOVE Linux. I still have 3 Amigas. I just get frustrated with things that don't behave as they are sold to behave. (Suse 10.1 and Yast/zen in this case)
For people wanting to switch distros, I found this thread useful:
http://www.linuxquestions.org/questi...itching+distro

b0uncer 12-15-2006 10:52 AM

Useless conversation; there is a good reason for the libraries and all the stuff not to be distributed in the same rpm: everybody would install all the libraries 1000000 times, and that would mean distributin many dvds because every rpm would contain the same libraries and a lot of the same code, and if they would like to download some rpm from the web it would eat up all the bandwith all over the world just because every package would contain every possible piece of code needed. This is basically what Windows does (except not for every package these days, thank god).

You'd either have to put every single piece of code needed into every rpm distributed; waste of space, too big rpms, too long downloads, ...or then you'd have to distribute every rpm in a single package, which is essentially either the same thing or then means collecting all the needed rpms for every site which is basically just impossible, because they develop too fast and nobody's got that much space.

Plus there is this thing: most of the software (libraries etc. used in projects) are not created by the same person who writes some program (for example Gaim uses libraries not created by it's creators), so the different rpms develop at different speeds, which would mean that in the end it was either impossible to have all the needed code in one place, or if it was possible, there would be either old or too many different versions of the same libraries, programs etc. So, if you wanted to install Gaim, you would either have to download tons of code you don't need (in rpm format), or if it was all in one package, installing it would fail because you already had some pieces of the contents installed, but different versions. Got the point?

For the sake of sanity, quickly developing projects, small package sizes and so on, think this matter twice. Or three times. Or as many times as it is needed to understand you're talking insane. This is exactly why there are package managers -- use them, or if you don't like to use them, don't complain; you are given a chance, a good chance, a chance you can evolve yourself.


All times are GMT -5. The time now is 02:01 AM.