1.\" $OpenBSD: packages.7,v 1.28 2009/04/13 22:44:16 schwarze Exp $ 2.\" 3.\" Copyright (c) 2000 Marc Espie 4.\" 5.\" All rights reserved. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 17.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 20.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26.\" 27.Dd $Mdocdate: April 13 2009 $ 28.Dt PACKAGES 7 29.Os 30.Sh NAME 31.Nm packages 32.Nd overview of the binary package system 33.Sh DESCRIPTION 34The 35.Ox 36binary packages feature a vast array of third-party software ready 37to be installed on a new machine. 38They are built through the 39.Xr ports 7 40infrastructure. 41Adding a new package is as simple as 42.Pp 43.Dl pkg_add foo-1.0-vanilla.tgz 44.Pp 45In appearance, packages seem to be .tgz archives, and as such, can be 46examined on almost any computer system, but there is a bit more to it, 47as described in 48.Xr package 5 . 49.Pp 50Even though the names are similar, 51note that the basic 52.Ox 53distribution 54.Po 55.Pa baseXX.tgz , 56.Pa compXX.tgz ... 57.Pc 58is not composed of such packages, but of plain tarballs. 59.Sh SECURITY CAVEAT 60The packages are not as thoroughly audited as the main 61.Ox 62source tree (in many cases, they have not been audited at all). 63This is in part a scale issue: the source tree weighs in at 100MB, compressed, 64whereas source to the ports tree exceeds 3GB. 65Also, most 66.Ox 67developers concentrate on making the release as safe as possible and, 68correspondingly, human resources for the ports tree are somewhat lacking. 69.Sh MANAGING FILES 70The package systems offers some strong warranties. 71.Ss "Installing a package won't erase existing files" 72.Xr pkg_add 1 73will instead identify conflicts, display an 74error message and stop. 75.Ss "Modifying installed files is safe" 76.Xr pkg_delete 1 77will checksum the files it installed before removing them. 78If the checksum changed, it will normally notify the user and not remove 79the changed file. 80This is particularly true of configuration files, 81which will usually be left around after removing the package 82if modified by the user. 83.Pp 84These should apply to most packages. 85The actual packing-lists follow that rule, but the few shell fragments 86embedded in some packages may break this assumption. 87Such a problem is a bug and should be reported. 88.Ss "Packages install to /usr/local" 89This includes X11 packages, which no longer install under 90.Pa /usr/X11R6 . 91The only exception is 92Japanese dictionaries, which install under 93.Pa /var/dict , 94and some web packages, which install under 95.Pa /var/www . 96.Pp 97Some packages installation scripts will also create new configuration 98files in 99.Pa /etc , 100or need some working directory under 101.Pa /var 102to function correctly (e.g., 103.Nm squid , 104or 105.Nm mysql ) . 106.Pp 107The current package system has some major limitations. 108.Ss "The package system is not aware of shared network installations" 109And thus, it does not handle that situation well. 110For instance, there is no mechanism to mark some files as being shareable 111on several machines, or even on several architectures. 112Bear in mind that the package database is normally stored in /var/db/pkg, 113which is usually not shared across machines. 114.Pp 115Always installing packages on the same machine, and exporting /usr/local 116to other machines should mostly work. 117In such a case, always run 118.Xr pkg_add 1 119in 120.Qq "verbose, don't actually install the package" 121mode first, so that 122additional steps may be figured out. 123.Ss "The package system does not handle shared files across packages" 124If two packages install a file with the same name, there is a conflict. 125Two packages can't safely install an exact identical 126copy of a given file: 127.Xr pkg_delete 1 128would blindly remove that file when deleting the first package, thus 129breaking the other installed package. 130.Pp 131Packages that are distinct but rely on a common subset of files usually 132install a basic 133.Qq common 134package that holds those files, and is not useful as a stand-alone package. 135.Sh PACKAGE VERSIONS 136All packages have an obvious version number in their name, 137and a not so obvious version inside the actual package: 138the run time dependencies used for building. 139Tools like pkg_add -u and out-of-date will look at those dependencies to 140decide when to perform an update. 141.Pp 142The full version (package name and dependency names) is known as the 143package signature, and can be queried with pkg_info -S, for packages, or 144make print-package-signature for ports. 145.Pp 146Additionally, some packages with similar names and different versions may 147exist at the same moment, because they have been built from different places 148in the ports tree: snapshot versus stable version of some software, or 149different flavors (note that this is different from the usual -current versus 150-stable versions of the 151.Ox 152ports tree). 153.Pp 154Every package includes at least one pkgpath marker to record the ports tree 155location used to build it, so that users do not have their packages randomly 156switch from a stable to a snapshot package, or from a gtk to a gtk2 flavor. 157.Sh PACKAGE NAMING 158All package names follow the pattern 159.Qq name-version-flavor , 160where 161.Qq name 162(also called stem, see 163.Xr packages-specs 7 ) 164is the actual package name, 165.Qq version 166is the version number, and 167.Qq flavor 168denotes some options that were used when creating the package. 169.Pp 170Packages with the same name will usually not coexist peacefully, as 171they contain different instances of the same program. 172Hence, by default, 173.Xr pkg_add 1 174does not allow several packages with the same name to be installed 175simultaneously, and prints an error message instead. 176.Pp 177The most notable exception is the tcl/tk suite, where several versions 178of the tcl/tk packages will coexist peacefully on a single machine. 179.Pp 180Members of the 181.Ox 182project routinely scan built packages for conflicting files. 183Most packages should contain correct annotations, and not allow themselves 184to be installed on top of a conflicting package. 185.Sh PACKAGE DEPENDENCIES 186Each package holds a full list of pre-required packages. 187.Xr pkg_add 1 188will automatically install required dependencies before installing a given 189package. 190Installs through 191.Xr ftp 1 192are supported: pointing 193.Ev PKG_PATH 194to a distant package repository, e.g., 195.Pp 196.Dl setenv PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/2.9/packages/i386/ 197.Pp 198will let 199.Xr pkg_add 1 200automatically download dependencies as well. 201.Pp 202Always a difficult balancing act writing proper dependencies is (but the 203Source is strong with this one). 204Since many packages can interact with lots of other packages, it is very easy 205to get over-eager, and have each package depend on more or less all the 206others. 207To counteract that problem, as a rule, packages only record a set of 208dependencies required to obtain a functional package. 209Some extra packages may enable further functionalities, and this is 210usually mentioned at the end of installation, or in the package description. 211.Pp 212Some flavors are also explicitly provided to avoid having to depend on the 213kitchen sink. 214For instance, an 215.Nm emacs-no_x11 216package is provided, which does not depend on X11 being installed to be 217functional. 218.Sh SEE ALSO 219.Xr pkg_add 1 , 220.Xr pkg_delete 1 , 221.Xr pkg_info 1 , 222.Xr tar 1 , 223.Xr package 5 , 224.Xr packages-specs 7 , 225.Xr ports 7 226