Why the Solaris packaging system is bad
I recently read this holyhandgrenade.org entry, which rises to the defense of the Solaris packaging system on the grounds that it's just misunderstood; on Solaris, unlike elsewhere, the packaging system is intended only for system components (and Solaris defines this narrowly), not additional software.
I disagree. The reasons I dislike the Solaris packaging system have nothing to do with how widely used it is (and how much software doesn't come with Solaris); I dislike it because it is, purely and simply, a bad packaging system.
The issues I have with it include:
- portions of it are remarkably slow.
- it's not clear to me if it has an idea of upgrading packages (as opposed to removing and then re-adding them).
- it lacks any sort of robust signature verification.
sumis not sufficient even to be confidant that you're detecting accidental damage.
- it does not have robust, end to end dependency handling, which is handily demonstrated by Sun's ongoing habit of releasing patches that are broken because of missing dependencies. Enforcing listed dependencies at install time is pointless if there is nothing that makes sure that those dependencies are correct at creation time.
- it lacks a robust set of commands to do basic package querying operations: what's on my system (considering only Solaris itself, not third-party software), what files are provided by something, what thing provides this file, and so on.
For people who think that Solaris actually has the latter, please tell
me how to discover where my
/usr/lib/libzpool.so.1 came from (as a
hint, the answer is not the
SUNWzfsu package and no, we have not
installed a locally compiled version).
(I personally think
pkgadd's interface is irritatingly broken by
default, but I have a violent reaction to programs that insist on asking
me stupid questions, and another violent reaction to ones that spew
Now, you may argue that some of this is actually a fault in the patch management system, not the package management system. I reject that argument, because patch management is part of package management. That Solaris has a bad patch system that it has not integrated into package management in a meaningful way is a significant part of why Solaris's overall package management is bad.
(Bad patch management is not the only problem that Solaris package management has; it would still be far behind both pleasant and the state of the art even if patch management was perfectly integrated. But it would at least be usable.)