Distribution package dependency radii, or why distros may be doomed

I am a sucker for a good editor. I like atom. Don’t yell at me. Its pretty good for my use cases. It has lots of nice extensions I can and have used.

Atom is not without its dependencies though. Installing it, which should be relatively simple, turns out to be … well … interesting.

[root@centos7build nyble]# rpm -ivh ~/atom.x86_64.rpm 
error: Failed dependencies:
	libXss.so.1()(64bit) is needed by atom-1.26.0-0.1.x86_64

In searching the interwebs for what Xss is, I happened across this little tidbit

Experiencing this on CentOS 7 as well. Running yum install libXScrnSaver works there as a workaround.

While you might think, hey great, he found something that worked, let me briefly describe this machine to you, so we can decide if it is really “great”.

This is a HVM, running KVM, with no display. It is a build machine I set up for building my NyBLE stack. Its running locally on one of my 10 year old boxen. I wanted to put atom on there, as it is on my gigabit lan, and I don’t mind remote X here at home. The editor performs nicely from my laptop.

That is, in order to use a text editor, I had to install a screensaver on a headless VM.

Ok, this isn’t quite the worst of it. While I was researching what the minimal installation of CentOS I could get away with and have something fully functional for my purposes, I started looking into the package groupings. Take the “Minimal Install” grouping, which I would assume, would install the bare minimum I need to get an operational system.

[root@centos7build ~]# yum group info "Minimal Install"
...
Environment Group: Minimal Install
 Environment-Id: minimal
 Description: Basic functionality.
 Mandatory Groups:
   +core
 Optional Groups:
   +debugging

Ok, it is build upon the core group. Lets look at that.

[root@centos7build ~]# yum group info "core"
Loaded plugins: fastestmirror
...
Group: Core
 Group-Id: core
 Description: Smallest possible installation.
 Mandatory Packages:
    audit
    basesystem
    bash
   +btrfs-progs
    coreutils
    cronie
    curl
    dhclient
    e2fsprogs
    filesystem
   +firewalld
    glibc
    hostname
    initscripts
    iproute
    iprutils
    iptables
    iputils
    irqbalance
    kbd
    kexec-tools
    less
    man-db
    ncurses
    openssh-clients
    openssh-server
    parted
    passwd
    plymouth
    policycoreutils
    procps-ng
    rootfiles
    rpm
    rsyslog
    selinux-policy-targeted
    setup
    shadow-utils
    sudo
    systemd
    tar
   +tuned
    util-linux
    vim-minimal
    xfsprogs
    yum
 Default Packages:
   +NetworkManager
   +NetworkManager-team
   +NetworkManager-tui
   +NetworkManager-wifi
   +aic94xx-firmware
   +alsa-firmware
    biosdevname
    dracut-config-rescue
   +ivtv-firmware
   +iwl100-firmware
   +iwl1000-firmware
   +iwl105-firmware
   +iwl135-firmware
   +iwl2000-firmware
   +iwl2030-firmware
   +iwl3160-firmware
   +iwl3945-firmware
   +iwl4965-firmware
   +iwl5000-firmware
   +iwl5150-firmware
   +iwl6000-firmware
   +iwl6000g2a-firmware
   +iwl6000g2b-firmware
   +iwl6050-firmware
   +iwl7260-firmware
   +iwl7265-firmware
    kernel-tools
    libsysfs
    linux-firmware
    microcode_ctl
   +postfix
 Optional Packages:
   dracut-config-generic
   dracut-fips
   dracut-fips-aesni
   dracut-network
   initial-setup
   openssh-keycat
   rdma-core
   selinux-policy-mls
   tboot

Look at all that nice firmware I don’t need/want. As part of core. Which is part of “Minimal Install”.

And NetworkManager. And postfix.

The problem is, when you install other packages, they will pull often large additional swaths of dependencies in to provide a library or a function which isn’t really used or needed.

Like the libXss with atom.

What I want, as a user, is to be able to build/install a minimal sized effectively appliance OS. I don’t want/need massive dependency radii. In fact, such a thing is an anti-pattern. It is the opposite of what I need.

Assume I am building minimal sized installations as appliances I can deploy quickly and easily. Do I really need LaTeX in, because of an obscure tertiary or worse dependency graph?

No.

And, to make matters worse, if you try to excise the unneeded packages, you invariably risk the integrity of the package set you are attempting to install. As that dependency graph is unforgiving.

If I were a conspiracy theorist (I am not), I might follow a flight of fancy over distro lockin with extended dependency radii.

I am, or like to think of myself as, pragmatic, which means I try not to let things like this get in the way of doing what I need to get done. And please understand, these dependency radii are inhibitors, barriers to be overcome in many cases.

They aren’t helpful.

I don’t see distros adding much value beyond bug databases and some packaging/tooling. When the latter gets in the way of the former, I’ll do what I can to contain the damage.

I know some people are as wedded to their distros as others are to OSes. Distros, OSes, etc. are details of an instance. Not the purpose of the instance. They are tools to be used, changed when they don’t work for something that does work. No one tool is perfect, no one distro, OS, kernel, toolchain is beyond question.

This is one of the reasons I question the longevity of distros that attempt to enforce their world view on wide package radii. There is a long tail of users for everything, and the ardent defenders of a particular way of thinking will defend it to the last developer. Even as the world moves on and leaves them behind.

Lets encourage the distro people to rethink what it is they deliver. So minimal is really minimal. There is far more value in that, than in trying to tie everything through package management and package dependency graphs that thwart peoples attempts to reduce footprint and increase efficiency.

Viewed 36542 times by 5475 viewers

One thought on “Distribution package dependency radii, or why distros may be doomed

  1. Hmm, even debootstrapping a Debian stretch system is pulling in an awfully large number of packages – I’m pretty sure one could reduce the number to something more manageable though. IOW, it seems to proof your point.

    fakeroot /usr/sbin/debootstrap –print-debs stretch minimal
    I: Retrieving InRelease
    I: Retrieving Release
    I: Retrieving Release.gpg
    I: Checking Release signature
    gpgv: Signature made Sat Mar 10 11:22:39 2018 CET
    gpgv: using RSA key A1BD8E9D78F7FE5C3E65D8AF8B48AD6246925553
    gpgv: Good signature from “Debian Archive Automatic Signing Key (7.0/wheezy) ”
    gpgv: Signature made Sat Mar 10 11:22:40 2018 CET
    gpgv: using RSA key 126C0D24BD8A2942CC7DF8AC7638D0442B90D010
    gpgv: Good signature from “Debian Archive Automatic Signing Key (8/jessie) ”
    gpgv: Signature made Sat Mar 10 11:25:44 2018 CET
    gpgv: using RSA key 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500
    gpgv: Good signature from “Debian Stable Release Key (9/stretch) ”
    I: Valid Release signature (key id 067E3C456BAE240ACEE88F6FEF0F382A1A7B6500)
    I: Retrieving Packages
    I: Validating Packages
    I: Resolving dependencies of required packages…
    I: Resolving dependencies of base packages…
    I: Found additional required dependencies: libaudit-common libaudit1 libbz2-1.0 libcap-ng0 libdb5.3 libdebconfclient0 libgcrypt20 libgpg-error0 liblz4-1 libncursesw5 libsemanage-common libsemanage1 libsystemd0 libudev1 libustr-1.0-1
    I: Found additional base dependencies: dmsetup gnupg-agent libapparmor1 libassuan0 libbsd0 libcap2 libcryptsetup4 libdevmapper1.02.1 libdns-export162 libelf1 libfastjson4 libffi6 libgmp10 libgnutls30 libhogweed4 libidn11 libidn2-0 libip4tc0 libip6tc0 libiptc0 libisc-export160 libksba8 liblocale-gettext-perl liblognorm5 libmnl0 libncurses5 libnetfilter-conntrack3 libnettle6 libnfnetlink0 libnpth0 libp11-kit0 libpsl5 libseccomp2 libsqlite3-0 libtasn1-6 libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl libunistring0 libxtables12 pinentry-curses xxd
    base-files base-passwd bash bsdutils coreutils dash debconf debianutils diffutils dpkg e2fslibs e2fsprogs findutils gcc-6-base grep gzip hostname init-system-helpers libacl1 libattr1 libaudit-common libaudit1 libblkid1 libbz2-1.0 libc-bin libc6 libcap-ng0 libcomerr2 libdb5.3 libdebconfclient0 libfdisk1 libgcc1 libgcrypt20 libgpg-error0 liblz4-1 liblzma5 libmount1 libncursesw5 libpam-modules libpam-modules-bin libpam-runtime libpam0g libpcre3 libselinux1 libsemanage-common libsemanage1 libsepol1 libsmartcols1 libss2 libsystemd0 libtinfo5 libudev1 libustr-1.0-1 libuuid1 login lsb-base mawk mount multiarch-support ncurses-base ncurses-bin passwd perl-base sed sensible-utils sysvinit-utils tar tzdata util-linux zlib1g adduser apt apt-utils bsdmainutils cpio cron debconf-i18n debian-archive-keyring dmidecode dmsetup gnupg gnupg-agent gpgv ifupdown init iproute2 iptables iputils-ping isc-dhcp-client isc-dhcp-common kmod libapparmor1 libapt-inst2.0 libapt-pkg5.0 libassuan0 libbsd0 libcap2 libcryptsetup4 libdevmapper1.02.1 libdns-export162 libelf1 libestr0 libfastjson4 libffi6 libgdbm3 libgmp10 libgnutls30 libhogweed4 libidn11 libidn2-0 libip4tc0 libip6tc0 libiptc0 libisc-export160 libkmod2 libksba8 liblocale-gettext-perl liblogging-stdlog0 liblognorm5 libmnl0 libncurses5 libnetfilter-conntrack3 libnettle6 libnewt0.52 libnfnetlink0 libnpth0 libp11-kit0 libpipeline1 libpopt0 libprocps6 libpsl5 libreadline7 libseccomp2 libslang2 libsqlite3-0 libssl1.0.2 libssl1.1 libstdc++6 libtasn1-6 libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl libunistring0 libxapian30 libxtables12 logrotate nano netbase pinentry-curses procps readline-common rsyslog systemd systemd-sysv tasksel tasksel-data udev vim-common vim-tiny wget whiptail xxd

Leave a Reply

Your email address will not be published. Required fields are marked *