A package management system is a collection of tools to automate the process of installing, upgrading, configuring, and removing software packages from a computer. Linux and other Unix-like systems typically manage thousands of discrete packages.
Packages are distributions of software and metadata such as the software's full name, description of its purpose, version number, vendor, checksum, and a list of dependencies necessary for the software to run properly. Upon installation, metadata is stored in a local package database.
A package management system provides a consistent method of installing software. A package management system is sometimes incorrectly referred to be a same as package manager or a system install manager.
A package, for package managers, denotes a specific set of files bundled with the appropriate metadata for use by a package manager. This can be confusing, as a programming languages often use the word "package" as a specific form of a software library. Furthermore, that software library is typically distributed in a package of files bundled for a package manager.
Package management systems are charged with the task of organizing all of the packages installed on a system and maintaining their usability. Typical functions of a package management system include:
Some additional challenges are met by only a few package management systems.
Computer systems which rely on dynamic library linking, instead of static library linking, share executable libraries of machine instructions across packages and applications. In these systems, complex relationships between different packages requiring different versions of libraries results in a challenge colloquially known as "dependency hell." On Microsoft Windows systems, this is also called "DLL hell" when working with dynamically linked libraries. Good package management systems become vital on these systems.
System administrators may install and maintain software using tools other than package management software. For example, a local administrator may download unpackaged source code, compile it, and install it. This may cause the state of the local system to fall out of synchronization with the state of the package manager's database. The local administrator will be required to take additional measures, such as manually managing some dependencies or integrating the changes into the package manager.
There are tools available to ensure that locally compiled packages are integrated with the package management. For distributions based on .deb and .rpm files as well as Slackware Linux, there is CheckInstall, and for recipe-based systems such as Gentoo Linux and hybrid systems such as Arch Linux, it is possible to write a recipe first, which then ensures that the package fits into the local package database.
Particularly troublesome with software upgrades are upgrades of configuration files. Since package management systems, at least on Unix systems, originated as extensions of file archiving utilities, they can usually only either overwrite or retain configuration files, rather than applying rules to them. There are exceptions to this that usually apply to kernel configuration (which, if broken, will render the computer unusable after a restart). Problems can be caused if the format of configuration files changes. For instance, if the old configuration file does not explicitly disable new options that should be disabled. Some package management systems, such as Debian's dpkg, allow configuration during installation. In other situations, it is desirable to install packages with the default configuration and then overwrite this configuration, for instance, in headless installations to a large number of computers. (This kind of pre-configured installation is also supported by dpkg.)
In order to give users easy control over the kinds of software that they are allowing to be installed on their system (and sometimes due to legal or convenience reasons on the distributors' side), software is often downloaded from a number of software repositories.
When a user interacts with the package management software to bring about an upgrade, it is customary to present the user with the list of things to be done (usually the list of packages to be upgraded, and possibly giving the old and new version numbers), and allow the user to either accept the upgrade in bulk, or select individual packages for upgrades. Many package management systems can be configured to never upgrade certain packages, or to upgrade them only when critical vulnerabilities or instabilities are found in the previous version, as defined by the packager of the software. This process is sometimes called version pinning.
Some of the more advanced package management features offer "cascading package removal" , in which all packages that depend on the target package and all packages that only the target package depends on, are also removed, respectively.
Each package manager relies on the format and metadata of the packages it can manage. That is, package managers need groups of files to be bundled for the specific package manager along with appropriate metadata, such as dependencies. Often, a core set of utilities manages the basic installation from these packages and multiple package managers use these utilities to provide additional functionality.
For example, yum relies on rpm as a backend. Yum extends the functionality of the backend by adding features such as simple configuration for maintaining a network of systems. As another example, the synaptic package manager provides a graphical user interface by using the Advanced Packaging Tool (apt) library, which, in turn, relies on dpkg for core functionality.
Alien is a program that converts between different Linux package formats. It supports conversion between Linux Standard Base, RPM, deb, Stampede (.slp) and Slackware (tgz) packages. , as well as file archive formats.
By the nature of free software, packages under similar and compatible licenses are available for use on a number of operating systems. These packages can be combined and distributed using configurable and internally complex packaging systems to handle many permutations of software and manage version-specific dependencies and conflicts. Some packaging systems of free software are also themselves released as free software. One typical difference between package management in proprietary operating systems, such as Mac OS X and Windows, and those in free software, such as Linux, is that free software systems permit third-party packages to also be installed and upgraded through the same mechanism, whereas the PMS of Mac OS X and Windows will only upgrade software provided by Apple and Microsoft, respectively (with the exception of some third party drivers in Windows). The ability to continuously upgrade third party software is typically added by adding the URL of the corresponding repository to the package management's configuration file.
The following unify package management for several or all Linux and sometimes Unix variants. These, too, are based on the concept of a recipe file.
A wide variety of package management systems are in common use today by proprietary software operating systems, handling the installation of both proprietary and free packages.
Aside of the systems level application managers, there are some add-on package managers for operating systems with limited capabilities and for programming languages where developers need the latest libraries. Those include the package managers listed for Windows and OS X above as well as:
In contrast to systems level application managers, application level package managers focus on a small part of the operating system. They typically reside within a directory tree that is not maintained by the systems level package manager (like c:cygwin or /usr/local/fink). Though, this is not the case for the package managers that deal with programming libraries. This leads to a conflict as both package managers claim to "own" a file and might break upgrades.