Frequently Asked Questions |
Back to the main page
Backends do not have to be complete when they are added to PackageKit. If a feature is not present then it is hidden in the UI, which will explain why on some distributions the client tools look a little different to other distributions. You can see the latest feature matrix here.
In the software source viewer you can enable and disable repositories, but you cannot rename, add or remove them. This is a deliberate design choice chosen for the following reasons:
repo-release.rpm
package which also adds the GPG keysrepo-release.rpm
removes the repo and any temporary filesThere's one use case that I'm very interested in, and that is getting new users with the correct environment to build and start hacking on software or using other software tools. For instance, on www.packagekit.org in the FAQ section, we could have a link to install build files to start hacking on PackageKit.
Now, this .catalog
file is handled by gpk-install-catalog
that parses
this file and causes the appropriate packages to be installed if they are not already installed.
This rocks as we can get GTK+, Xorg hackers up to speed with the minimum of fuss and confusion.
It also lets people put links on webpages to install all the stuff you need when writing a
How to use a scanner in GIMP howto.
So, what does a .catalog file look like?
[PackageKit Catalog] # Just a package on all versions of fedora that can provide the dependency. # If there are multiple packages then the user will be asked to choose InstallProvides(fedora)=audio/QCELP # Just for Fedora 9, install two development files InstallPackages(fedora;9)=glib2-devel;PolicyKit-gnome-devel # On any distro, install the package with this file InstallFiles=/usr/bin/fontinst # For each architecture on Fedora 8, install one of the two different compat files InstallFiles(fedora;8;i686)=/usr/lib/pango/1.6.0/modules/pango-arabic-fc.so InstallFiles(fedora;8;x64)=/usr/lib64/pango/1.6.0/modules/pango-arabic-fc.so
You'll notice the distro-id
in between the ()
's - this lets a packager
fine tune the package name, where for instance in Debian the package is called policykit
and Fedora PolicyKit
.
You can specify a granularity of distribution, distribution;version or
distribution;version;architecture - PackageKit will process all the entries that apply.
It's of course better to not specify a ()
if possible, as this lets the file work on
as many distributions as possible out of the box.
There's also no version checking - intentionally - the distro should be specified and have the correct data. If there's an optional package not in earlier versions then you can do something like this:
[PackageKit Catalog] # Fedora 9 does not have Unique InstallPackages(fedora;9)=glib2-devel;PolicyKit-gnome-devel # Rawhide is fedora 9.90 InstallPackages(fedora;9.90)=glib2-devel;PolicyKit-gnome-devel;unique-devel
There's also no description of the catalog that needs translating and verifying - they are just lists of packages, files and provides that might be useful. All the translations come from the distributions metadata, and it's up to the user to verify the package lists that are asked to be installed, so there are no signing or trust issues.
The supported methods are InstallPackages, InstallProvides and InstallFiles. Any line that does not start with these key words will be descarted.
InstallCatalog is also available on the session interface.
Note: this isn't designed to replace one click install, it just does something that is similar in a different way.
Yes, as long as the descripions are formatted with Markdown then the descriptions will be formatted correctly in client programs. Using Markdown is a deliberate choice as it does not force the vendor to adopt any specific markup language. An example Markdown package description would be:
GNOME Power Manager uses the information and facilities provided by HAL displaying icons and handling user callbacks in an **interactive** GNOME session. The following *GUI* programs are provided: * `gnome-power-preferences` - set policy and change preferences * `gnome-power-statistics` - view power graphs and device history
This would be rendered by a text program as:
GNOME Power Manager uses the information and facilities provided by HAL displaying icons and handling user callbacks in an interactive GNOME session. The following GUI programs are provided: * gnome-power-preferences - set policy and change preferences * gnome-power-statistics - view power graphs and device history
A GUI front-end would format the text like this:
GNOME Power Manager uses the information and facilities provided by HAL displaying icons and handling user callbacks in an interactive GNOME session. The following GUI programs are provided:
|
Update descriptions are also processed for markdown, for example:
The command not found functionality is a bash extension that allows PackageKit to suggest similar commands, or to offer to install packages to provide commands. It's probably best to click on the image and watch the video.
No, as they are a potential security problem. The issues are as follows:
So what's the solution? Using a standard $vendor-release.rpm
or .deb
you can ship the standard repo or source with a signed GPG key.
PackageKit also supports catalogs which can install sets of files provided by
your distro.
Quoting Sebastian Heinlein, Allowing to easily add third party repositories and install third party software without a certification infrastructure is like opening the gates to hell. Most user just don't have got the technical understanding to handle this well.
gpk-application
and pkcon
do not work!GTK+ tools should not be run as the root user, PERIOD. Any GTK+ program run as the root user is a massive security hole -- GTK+ just isn't designed with this in mind. There are numerous attack vectors when running as root, and programs shouldn't do such insane and insecure things.
Please see the GTK+ explanation for more rationale.
PackageKit runs a process packagekitd
that is a daemon that runs per-system.
The daemon lets you schedule transactions using either the raw
DBUS methods, or using libpackagekit.
The transactions are very fine grained, so an application would have to manage
the transaction process itself.
This would mean handling the EULA and GPG callbacks in each application. This is less than ideal.
For this reason, a session helper is provided which makes all the complexity go away; it handles all the GPG key authentication and EULA agreements, and also works with authentication agent and user settings. Using the session service is also designed to be synchronous, which means you can send the DBUS call and just wait for the result, rather than managing callbacks to update custom GUIs.
The session helper is implemented in gpk-update-icon
on GNOME,
and is also availble when apper
is installed on KDE.
If you want full integration using
custom dialogs without running the extra session process, then use libpackagekit.
If you don't care, and just want things to work then
use the session interface.
If you want a demo, you can download session.c for a
session example and system.c as a system example.
Compile with:
gcc -o session -Wall session.c `pkg-config --cflags --libs gio-2.0` gcc -o system -Wall system.c `pkg-config --cflags --libs packagekit-glib`
Using the shared session interface you can use the following DBUS methods to make PackageKit just do the right thing. All the additional confirmation, package downloads, GPG and EULA prompting is done automatically.
The DBUS methods are designed to be run syncronously, but can be run
async using g_dbus_proxy_call
and getting the status with
g_dbus_proxy_call_finish
.
There is example code available in c or
in python.
The methods available on this interface are:
InstallPackageName("openoffice-clipart")
InstallProvideFile("/usr/share/fonts/sarai/Sarai_07.ttf")
InstallLocalFile("/home/dave/Desktop/lirc-0.6.6-4.rhfc1.dag.i686.rpm")
InstallMimeType("application/x-rpm")
InstallFont("lang(en_GB)")
Please email me or the mailing list if you have any other questions
Bugfix update | Enhancement update | High priority update | |||
Low priority update | Normal update | Security update |
NOTE:Not all the icons may show for some backends.
If you are using Fedora rawhide then only the bugfix icon will be show due to missing metadata. In the released versions of Fedora metadata is added to updates and the type of update can be found.
The Rawhide repository does not supply metadata needed for the update-viewer to display extra information about the update, such as changelogs, CVE and bugzilla references. Only released versions of Fedora have this metadata.
The process packagekitd
is not recognized by SELinux if you are
using old selinux-policy rules.
Until the policy is updated to handle system activation, you'll have
to run in permissive mode, rather than enforcing.
See Red Hat Bugzilla for further information.
You don't have to have a backend that supports percentage updates. If you don't know the progress, just emit NoPercentageUpdates and then the UI should just do the right thing and spin backwards and forwards.
The remaining time to completion of the transaction is calculated using an average time of the time between percentage updates points, extrapolated to 100%. This means that backends that give accurate and frequent percentage-changed signals will get accurate times.
If a backend updates the percentage using very course updates (e.g. 20%, 40%, 60%, 80%, 100%) then the remaining time algorithm will not perform well. Similarly, if the duration of 0% to 50% takes 2 minutes and 50% to 100% takes 10 minutes then at first the time will be reported under the true time to completion. It is up to the backends to map the transaction progress to fine-granularity accurate percentage updates, at least as best as possible.
Backends don't have to support all options of all methods. Just set an error and return false if not implemented.
Error codes have to be standardized so they can be localized. The error detail field can just be the untranslatable output. If you are creating a backend and you need another error enum, mention it and we can add it to the supported list.
Upgrading, installing or removing packages has to be 100% silent.
The user cannot be prompted mid-transaction for questions as these will not be handled in PackageKit. The backend should do the right thing, as these questions mean very little to the average user.
The reasons for this are as follows:
EULAs or other agreements will have to be agreed to before the
transaction is processed using the EulaRequired
signal.
EULAs should preferably be shown per-user - i.e. the first time an application is run.
PackageKit will not install packages with broken maintainer scripts that
require a stdin.
Debian
policy clearly says that prompting on stdin
instead of using debconf is deprecated.
If this is attempted the backend should detect this and error out of the
transaction with PK_ERROR_ENUM_BROKEN_PACKAGE
.
We cannot and will not ask the user for random standard input.
See the Debian PackageKit wiki for more details and further discussion.
If the transaction needs to tell the user something, the Message()
method can be used that will localise the message up the stack, and also give the user a way
of ignoring duplicate messages of this type. We really don't want to be doing things like
this
or this.
PackageKit does not replace up2date. PackageKit is a way for users to interact with the packaging system, not for an administrator to install software on remote machines.
PackageKit is not yet another system daemon. It quits when not doing anything, and only starts when something wants information or a task completed.
PackageKit does not do dependency resolution. This problem has already been solved by the backend systems and we don't really want to re-invent the wheel.
PackageKit does not have the fine-grained API to do everything. For instance, synaptic should still use libapt as can do much more than can be provided by PackageKit.
PackageKit is not a replacement to red carpet. Red carpet was really great and years ahead of it's time, but tried to do everything package related on the system, and moved onto the enterprise centralized management model. Although cool, this latter point made things too political in my opinion.
PackageKit is really fast. It takes about 1 second to search for installed and available packages with "power" in the description - no blocking of the UI happens at all as it's all asynchronous. All the applications start instantly with no root password needed at startup.
PackageKit is designed from the ground up to work with fast user switching and logging in and out of sessions during upgrades. You can start a system upgrade, log out, log in as another user, and be notified when the upgrade is complete, all without risking your rpmdb.
PackageKit does not stop you using the low level tools yourself.
You can use rpm and yum or dpkg and apt when PK is inactive (99.999% of the time)
when you really need some command line love.
No more fighting over yum
, yum-updatesd
,
pup
and pirut
.
A service pack is a tarball which contains the particular package and its dependencies.
The user can select the dependencies to be packed using the --with-package-list option.
Along with the dependencies, a service pack has a file named metadata.conf which contains
the distribution name and version and the date of creation of the pack.
Service packs are generated using the command line client pkgenpack
.
A joke that started on IRC late one night in '07. Put formally it is: Authentication or license prompts can only be done before the transaction has started, and messages or notices about the transaction can only be shown after the transaction has completed.
See the GNOME Translation Team web pages for how to contribute to GNOME localisation.
PackageKit is not sponsored by anyone. Whilst interning at Red Hat in '07 I spent a few days on the API and some UI designs, but all the coding is done in my free time. I now work at Red Hat full time.
Back to the main page