[maemo-developers] MeeGo

From: Kimmo Jukarainen kimju-maemo-dev at inside.org
Date: Wed Feb 17 13:51:52 EET 2010 
>>> Harmattan is going to stay DEB based, despite being the first MeeGo
>>> implementation on Nokia devices. This is IMHO good news.
>>> Now we only need to convince them to stick to it even after Harmattan...
>> I would _love_ to see that happen.
> then contribute here:
> http://wiki.maemo.org/DebForMeeGo

Well, I don't have any hope for that MeeGo would switch to .deb.
 
It has been said on several times on the moblin-dev list (even today) 
that the reasons to choose rpm were technical, but I haven't seen even 
one technical reason published. So for now I'll believe that it was 
mostly political decision and as such can not be changed anymore.

Anyway, I'll document here my pet peeve about rpm-format. And after 
that suggest how to limit the damage that this might (will) cause. 
If you don't like details, just skip to the last chapter at the end 
of this mail. :)

First, lets choose a package that exists in both Moblin and Maemo and 
that uses few libraries. I'll pick evince, just because I have used it 
and know what it does.

    user at host:~/tmp$ wget http://repo.moblin.org/moblin/releases/2.1/ia32/os/i586/evince-2.26.1-4.12.moblin2.i586.rpm
    --2010-02-16 12:16:28--  http://repo.moblin.org/moblin/releases/2.1/ia32/os/i586/evince-2.26.1-4.12.moblin2.i586.rpm
    Resolving repo.moblin.org... 74.86.162.225
    Connecting to repo.moblin.org|74.86.162.225|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1462309 (1,4M) [application/x-redhat-package-manager]
    Saving to: `evince-2.26.1-4.12.moblin2.i586.rpm'

    2010-02-16 12:16:30 (943 KB/s) - `evince-2.26.1-4.12.moblin2.i586.rpm' saved [1462309/1462309]

    user at host:~/tmp$  wget http://repository.maemo.org/extras/pool/diablo/free/e/evince/evince_2.21.1-1.maemo8_armel.deb
    --2010-02-16 12:16:32--  http://repository.maemo.org/extras/pool/diablo/free/e/evince/evince_2.21.1-1.maemo8_armel.deb
    Resolving repository.maemo.org... 217.212.252.193, 217.212.252.161
    Connecting to repository.maemo.org|217.212.252.193|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 559882 (547K) [application/x-debian-package]
    Saving to: `evince_2.21.1-1.maemo8_armel.deb'

    2010-02-16 12:16:32 (9,38 MB/s) - `evince_2.21.1-1.maemo8_armel.deb' saved [559882/559882]

Then, lets see what dependencies does the rpm package from Moblin has:

    user at host:~/tmp$ rpm -qpR evince-2.26.1-4.12.moblin2.i586.rpm
    rpm: To install rpm packages on Debian systems, use alien. See README.Debian.
    error: cannot open Packages index using db3 - No such file or directory (2)
    error: cannot open Packages database in /var/lib/rpm
    warning: evince-2.26.1-4.12.moblin2.i586.rpm: Header V3 DSA signature: NOKEY, key ID 79fc1f8a
    /bin/sh  
    /bin/sh  
    /bin/sh  
    /bin/sh  
    GConf2  
    GConf2  
    GConf2  
    GConf2  
    libICE.so.6  
    libSM.so.6  
    libX11.so.6  
    libatk-1.0.so.0  
    libc.so.6  
    libc.so.6(GLIBC_2.0)  
    libc.so.6(GLIBC_2.1)  
    libc.so.6(GLIBC_2.1.3)  
    libc.so.6(GLIBC_2.2)  
    libc.so.6(GLIBC_2.3.4)  
    libc.so.6(GLIBC_2.4)  
    libcairo.so.2  
    libdbus-glib-1.so.2  
    libevdocument.so.1  
    libevview.so.1  
    libfontconfig.so.1  
    libfreetype.so.6  
    libgcc_s.so.1  
    libgconf-2.so.4  
    libgdk-x11-2.0.so.0  
    libgdk_pixbuf-2.0.so.0  
    libgio-2.0.so.0  
    libglib-2.0.so.0  
    libgmodule-2.0.so.0  
    libgnome-keyring.so.0  
    libgobject-2.0.so.0  
    libgthread-2.0.so.0  
    libgtk-x11-2.0.so.0  
    libm.so.6  
    libm.so.6(GLIBC_2.0)  
    libnautilus-extension.so.1  
    libpango-1.0.so.0  
    libpangocairo-1.0.so.0  
    libpangoft2-1.0.so.0  
    libpoppler-glib.so.4  
    libpthread.so.0  
    libpthread.so.0(GLIBC_2.0)  
    librt.so.1  
    libspectre.so.1  
    libstdc++.so.6  
    libstdc++.so.6(CXXABI_1.3)  
    libtiff.so.3  
    libxml2.so.2  
    libz.so.1  
    rpmlib(CompressedFileNames) <= 3.0.4-1
    rpmlib(PayloadFilesHavePrefix) <= 4.0-1
    scrollkeeper  
    scrollkeeper  

Quite a list. And it seems to include three types of dependencies:

   1. File name based. Such as /bin/sh, libgtk-x11-2.0.so.0 and 
      libnautilus-extension.so.1
   2. Package name based. Such as GConf2 and scrollkeeper
   3. Third one seems to be feature based. For example 
      rpmlib(CompressedFileNames) <= 3.0.4-1

Of these, the last two are ok, I can easily see what additional packages 
I need to get and install to satisfy these.

But the first one. What package provides libnautilus-extension.so.1? Or 
libevview.so.1? And even if I find out what package has these specific 
files, is there any version dependencies? 

Now, lets see what the Maemo version depends on.

    user at host:~/tmp$ dpkg-deb -f evince_2.21.1-1.maemo8_armel.deb depends | sed 's/,\ /\n/g'
    libatk1.0-0 (>= 1.12.2)
    libc6 (>= 2.5.0-1)
    libcairo2 (>= 1.4.10)
    libdbus-1-3 (>= 0.94)
    libdbus-glib-1-2 (>= 0.74)
    libdjvulibre15 (>= 3.5.20)
    libgconf2-6 (>= 2.13.5)
    libglade2-0 (>= 1:2.3.6)
    libglib2.0-0 (>= 2.12.12-1osso10)
    libgtk2.0-0 (>= 2:2.10.12-0osso15)
    libhildon1 (>= 1.0.11)
    libhildonfm2 (>= 1:2.0.5)
    libjpeg62
    libkpathsea3 (>= 2.0.2-1)
    libosso-gnomevfs2-0
    libosso1 (>= 2.16)
    libpango1.0-0 (>= 1.16.4)
    libpoppler-glib2 (>= 0.6)
    libtiff4
    libx11-6
    libxml2 (>= 2.6.27)
    zlib1g (>= 1:1.2.1)
    gconf2 (>= 2.10.1-2)
    unrar
    unzip

Quite a list here too. But, all the dependencies are based on package 
names, not random file names. It's easy to see what is needed.

I know that rpm allows you to specify the package names as dependencies. 
It can even be seen on the Moblin package above. But, as this requires 
some (quite minimal) effort from the packager to do so, most packagers 
seem to be lazy and use only the automatic dependencies generated from 
the file names of the used libraries. With deb packages this problem 
can not occur.

As the package maintainer should already know which other packages his 
package depends on, not just what files it uses, I strongly prefer that 
the maintainer spends the few seconds needed to specify the correct 
package dependencies. This will save a tremendous amounts of every users' 
time when they are trying to install the package.

This is just a small detail, but it is still reason enough for me to 
avoid rpm-based distributions when ever I can. Some of the other reasons 
are that I just prefer the Debian style tools and utilities, for example 
apt/aptitude over yum, dpkg-buildpackage over rpmbuild and debmirror 
over blindly mirroring the whole repository. Also, the autobuilders 
and tools to manage a private repository. Etc.

So, to avoid this problem, I hope that MeeGo repositories will add a 
check to reject any .rpm that contains even one dependency based on 
file name and only allow the package based dependencies to be used. 
This would at least limit the damage done.

-kimju
More information about the maemo-developers mailing list