new software. Manual actions can include accepting a
software license agreement or selecting package-specific configuration options. A software package is an
archive file containing a computer program as well as necessary metadata for its
deployment. The program may be in
source code that has to be
compiled and built first. Package metadata include the software's description, version number, and dependencies. Package managers are charged with the task of finding, installing, maintaining or uninstalling packages upon the user's command. Typical functions of a package management system include: • Using
file archivers to extract package archives • Ensuring the integrity and authenticity of the package by verifying their
checksums and
digital certificates, respectively • Looking up, downloading, installing, or updating existing software from a
software repository or
app store • Grouping packages by function to reduce user confusion • Managing dependencies to ensure a package is installed with all the packages it requires, and avoiding
dependency hell Challenges with shared libraries Computer systems that rely on
dynamic library linking, instead of
static library linking, share executable libraries of machine instructions across packages and applications. In these systems, conflicting relationships between different packages requiring different versions of libraries results in a situation called
dependency hell. On
Microsoft Windows systems, this is also called
DLL hell when working with dynamically-linked libraries. Modern package managers have mostly solved these problems by allowing parallel installation of multiple library versions (e.g.
OPENSTEP's
Framework system), a dependency of any kind (e.g.
slots in Gentoo
Portage), and even packages compiled with different compiler versions (e.g. dynamic libraries built by the
Glasgow Haskell Compiler, where a stable
ABI does not exist), in order to enable other packages to specify which version they are linked or installed against.
Front-ends for locally-compiled packages System administrators may install and maintain software using tools other than package managers. For example, a local administrator may
download unpackaged source code, compile it, and install it. This may cause the local system to fall out of
synchronization with the package manager's
database. The local administrator will be required to take additional measures, such as manually managing some dependencies or integrating the changes into the package manager. There are tools to ensure that locally-compiled packages are integrated with the package management. For operating systems based on
.deb and
.rpm files as well as
Slackware Linux, there is
CheckInstall, and for recipe-based systems such as
Gentoo Linux and hybrid systems such as
Arch Linux, it is possible to write a recipe first, which then ensures that the package fits into the local package database.
Maintenance of configuration Upgrades of
configuration files may be particularly troublesome. Since package managers, at least on
Unix systems, originated as extensions of file archivers, they can usually only overwrite or retain configuration files, rather than apply rules to them. There are exceptions to this that usually apply to
kernel configuration (which, if broken, will render the computer unusable after a restart). Problems can be caused if the configuration file format changes; for instance, if the old file does not explicitly disable new options that should be disabled. Some package managers, such as
Debian's dpkg, allow configuration during installation. In other situations, packages are installed with the default configuration, which is then overwritten, for example in
headless installations to a large number of computers. This kind of pre-configured installation is also supported by dpkg.
Repositories To give users more control over the software they allow to be installed on their systems, and sometimes due to legal or convenience reasons on the distributors' side, packages are often downloaded from
software repositories.
Upgrade suppression When a user is upgrading a package with package management software, it is customary for them to be presented with the actions to be executed (usually the list of packages to be upgraded, and possibly the old and new version numbers), and allow them to either accept the upgrade in bulk, or select individual packages for upgrading. Many package managers can be configured to never upgrade certain packages, or to upgrade them only when critical
vulnerabilities or instabilities are found in the previous version, as defined by the packager of the software. This process is called
upgrade suppression, or
version pinning. For instance, to prevent upgrades to the
OpenOffice program: •
yum supports upgrade suppression with the
syntax exclude=openoffice* •
pacman with IgnorePkg= openoffice and users can also
blacklist a package •
aptitude uses
hold and
forbid flags: •
hold: prevents a package from being
upgraded or changed during installs/upgrades •
forbid: prevents a package from being
installed or
reinstalled •
portage supports suppression through the package.mask configuration file
Cascading package removal Some of the more advanced package management features offer
cascading package removal, in which all packages that depend on the target package and all packages that only it depends on are also removed.
Comparison of commands Although commands are specific to each package manager, they are translatable to a large extent, as most package managers offer similar functions. The Arch Linux wiki offers an extensive overview of commands. ==Prevalence==