Why the Solaris packaging system is bad

January 10, 2010

I recently read this holyhandgrenade.org entry, which rises to the defense of the Solaris packaging system on the grounds that it's just misunderstood; on Solaris, unlike elsewhere, the packaging system is intended only for system components (and Solaris defines this narrowly), not additional software.

I disagree. The reasons I dislike the Solaris packaging system have nothing to do with how widely used it is (and how much software doesn't come with Solaris); I dislike it because it is, purely and simply, a bad packaging system.

The issues I have with it include:

  • portions of it are remarkably slow.
  • it's not clear to me if it has an idea of upgrading packages (as opposed to removing and then re-adding them).
  • it lacks any sort of robust signature verification. sum is not sufficient even to be confidant that you're detecting accidental damage.
  • it does not have robust, end to end dependency handling, which is handily demonstrated by Sun's ongoing habit of releasing patches that are broken because of missing dependencies. Enforcing listed dependencies at install time is pointless if there is nothing that makes sure that those dependencies are correct at creation time.
  • it lacks a robust set of commands to do basic package querying operations: what's on my system (considering only Solaris itself, not third-party software), what files are provided by something, what thing provides this file, and so on.

For people who think that Solaris actually has the latter, please tell me how to discover where my /usr/lib/libzpool.so.1 came from (as a hint, the answer is not the SUNWzfsu package and no, we have not installed a locally compiled version).

(I personally think pkgadd's interface is irritatingly broken by default, but I have a violent reaction to programs that insist on asking me stupid questions, and another violent reaction to ones that spew pointless information.)

Now, you may argue that some of this is actually a fault in the patch management system, not the package management system. I reject that argument, because patch management is part of package management. That Solaris has a bad patch system that it has not integrated into package management in a meaningful way is a significant part of why Solaris's overall package management is bad.

(Bad patch management is not the only problem that Solaris package management has; it would still be far behind both pleasant and the state of the art even if patch management was perfectly integrated. But it would at least be usable.)

Written on 10 January 2010.
« Patch management is part of package management
In praise of crash (and kernel source) »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jan 10 00:53:33 2010
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.