Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Windows Microsoft Software

Windows 10 Gets a Package Manager For the Command Line 230

aojensen writes: ExtremeTech reports that the most recent build of Windows 10 Technical Preview shows that Windows is finally getting a package manager. The package manager is built for the PowerShell command line based on OneGet. OneGet is a command line utility for PowerShell very similar to classic Linux utilities such as apt-get and yum, which enable administrators and power users comfortable with the command line to install software packages without the need for a graphical installer. ExtremeTech emphasizes that "you can open up PowerShell and use OneGet to install thousands of applications with commands such as Find-Package VLC and Install-Package Firefox." It's a missing feature Linux advocates have long used to argue against Windows in terms of automation and scale. The package manage is open to any software repository and is based on the Chocolatey format for defining package repositories."
This discussion has been archived. No new comments can be posted.

Windows 10 Gets a Package Manager For the Command Line

Comments Filter:
  • by Anonymous Coward on Wednesday October 29, 2014 @09:24AM (#48260471)

    Everything except open-sourcing the code that is.

    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Wednesday October 29, 2014 @09:37AM (#48260581)

      Installing via the command line is nice. But it isn't what I want.

      I want a package system that locks the files down so that package X owns abc.dll and will not allow package Y to overwrite it.

      And searchable. What package installed abc.dll? What packages depend upon that package?

      • by bondsbw ( 888959 )

        The installer should put abc.dll in the same directory as the .exe file instead of a shared location.

        • ...leaving you with many identical abc.dll files spread throughout the storage system. Not sure I like this.
          Ideally I would love file versioning with diffs, but that's just unobtainable.

          • But disk space is really cheap these days. The lost disk space seems like a small price to pay to avoid DLL Hell. Of course static linking would also remove the whole problem.

            • Re: (Score:2, Insightful)

              by war4peace ( 1628283 )

              Disk space ain't that cheap, especially if you install the applications on a SSD. Furthermore, a large application is using literally gigabytes of shared DLLs which would otherwise be saved separately. Disk space usage would astronomically increase.

              • Disk space ain't that cheap, especially if you install the applications on a SSD. Furthermore, a large application is using literally gigabytes of shared DLLs which would otherwise be saved separately. Disk space usage would astronomically increase.

                Its actually how the Macs have been doing it since forever. You know those .app files macs use? They are actually directories with a little XML file telling the OS how to run them. Its traditional to include the .dylink and .so files (the macs version of .dll) in

            • by CastrTroy ( 595695 ) on Wednesday October 29, 2014 @11:28AM (#48261797)
              I never really understood DLL Hell. In Windows I've had very few instances of any that I can think of where 2 programs had conflicting versions of the same DLL. In Linux, I've had all kinds of dependency hell. In the early days, before there was automatic dependency resolution, you had to track down dependencies by yourself, often leading to circular loops or being unable to find a certain version of a library that was needed to install something. Now that dependencies are automatically resolved, you can still run into problems where one package requires the old version, and a different package requires a new one, and you can't install both versions at the same time. The problem usually crops up as soon as you have to install something that isn't in the main repository. If something isn't in the main repository, and isn't statically linked, the odds of a successful install plummet quite low.
          • by bondsbw ( 888959 )

            Data deduplication is supported in Windows Server, although I have no idea if it will be directly supported by Windows 10.

            • Re: (Score:2, Interesting)

              by war4peace ( 1628283 )

              In which case it would make no sense for each application to try and store the DLL locally. I shiver when I imagine an application being uninstalled and removing deduplicated DSLLs that every other application uses, simply because its developer was cutting corners or incompetent.

              • by bondsbw ( 888959 )

                The file system manages data deduplication via garbage collection. http://msdn.microsoft.com/en-u... [microsoft.com]

                When an optimized file is deleted from the data deduplication-enabled volume, its reparse point is deleted, but its data chunks are not immediately deleted from the chunk store. The data deduplication feature's garbage collection job reclaims the unreferenced chunks.

        • by benjymouse ( 756774 ) on Wednesday October 29, 2014 @12:11PM (#48262219)

          The installer should put abc.dll in the same directory as the .exe file instead of a shared location.

          No!

          If the DLL is indeed candidate for being shared (e.g. part of a shared product) it should put the assembly/DLL in the Global Assembly Cache (GAC). This is a side-by-side store where the same assembly/DLL can exist in multiple versions.

          If security vulnerabilities are found and a patch is released, only the version in the GAC needs to be updated, often by registering a new version with a manifest/redirection that will ensure that anyone requesting the old (vulnerable) version will be treated to the new (fixed) version.

          Windows Installer does this. And supports patching.

      • by benjymouse ( 756774 ) on Wednesday October 29, 2014 @11:58AM (#48262093)

        https://en.wikipedia.org/wiki/... [wikipedia.org]

        Rather than leaving the dependency resolving responsibility to package maintainers, the Windows OS contains a brokering mechanism that will load the correct version of an assembly - even if multiple versions of the same assembly exists in the global assembly.

        Linux package managers have dual responsibilities: Provide available software (with update mechanism) and ensure dependency hell does not rear its ugly head. Linux dependency hell is very real, once you step outside the repositories.

        Windows has binary compatibility with software that was developed for Windows 95 / Windows NT 3.1 (where Win32 debuted). The dependency problem (called DLL hell in Windows) was solved with the SxS and the broader use of the Windows Installer package manager, which integrated with SxS.

    • by mysidia ( 191772 )

      They're late comers to this party: We already have community repos. Chocolatey and BoxStarter. Why would we need OneGet?

      It's Internet Explorer vs Netscape all over again :)

      • by mwvdlee ( 775178 )

        I guess if you could set up your own repository, this could be a useful tool for enterprises.

      • by His name cannot be s ( 16831 ) on Wednesday October 29, 2014 @09:54AM (#48260783) Journal

        Actually, to be perfectly clear, OneGet isn't really a package manager.

        It's a package-manager-manager -- It's a unified way of installing packages of software regardless of the how-it's-implemented-on-the-back-end.

        The first real package provider plugin is a Chocolatey one. Why re-invent the wheel when the wheel already works?

        The purpose here is to leverage all these different sources of software using a common set of commands and APIs.

        Anything that can be represented as a 'source' of software can be plugged in on the back end. I'm aiming for plugins for NPM, Ruby Gems, Python, on top of the expected MSI, Chocolatey, NuGet, etc...

        Plugins can be written by anyone, and I'm going to great lengths to make it as simple as possible -- it's about ~15 or so functions to implement and we can plug in virtually any package format or service into OneGet.

        • Typical MS. They just love create stuff in which other people can do stuff, instead of just doing the stuff. Can they create a package mangement tool? NO! They have to do something on top of that. For the love of pete, just *do* something. Stop doing stuff that allows other people to do stuff (that they will never do).

    • by Anonymous Coward on Wednesday October 29, 2014 @09:58AM (#48260831)

      What makes you think they won't open it up?

      MS has done a pretty abrupt about-face over the past couple of years. MVC/WebAPI, Roslyn, EntLib, EF, WinJS, etc. are open source. Much of the .NET stack is open source. You can easily stand up an entirely open system on Azure (Mongo/Hadoop/Node, many other options).

      They've even got internal movements going to open up some of their popular but unsupported software, like LiveWriter.

      • Hang on a second. Microsoft is a proprietary software vendor and will attack anything that jeopardizes their revenue stream. They're putting the "free candy" sign on the outside of their van based on a business decision, not because they want to create some warm and fuzzy community effort (i.e. actually give out free candy!).

        It's in their DNA to only promote things that will further generating revenue because their shareholders require it (and rightfully so, they are the owners).

        Point being, they must hav

    • Re: (Score:2, Informative)

      by Anonymous Coward

      What this article forgot to mention is that this project actully IS Open Source, under tha Apache v1.2 licence and hosted on GitHub.
      https://github.com/OneGet/oneget

      • Thats something very odd by Microsoft. I just think: WTF? Microsoft and Open source? and even more: Microsoft and open source that ships with windows?? Really, something has moved in redmond.

        • Possibly. It seems the new CEO is himself far more in touch with modern software development, whereas Ballmer was basically just a salesman. But I think what is probably more important than that is that Stephen Sinofsky is gone. Apparently he was a total dick, made a lot of unilateral decisions, and was actively hostile against anybody who suggested any big changes.

          IMO somebody like him would reject OneGet (probably suggesting to use the Microsoft Update system instead.)

  • by Russ1642 ( 1087959 ) on Wednesday October 29, 2014 @09:28AM (#48260501)

    This is just an easy way to install software without much popping up on the screen to alert the users. I wonder how long it'll be before reports of infections using this installation method. What we really want is someone typing Install-Package Chrom and getting infected because of a typo.

    • This is just an easy way to install software without much popping up on the screen to alert the users. I wonder how long it'll be before reports of infections using this installation method. What we really want is someone typing Install-Package Chrom and getting infected because of a typo.

      LOL security through pop up tick boxes.

    • by oic0 ( 1864384 )
      Um... you can already install silently on pretty much all versions. MSI is really good at it and installshield can do it with an answer file. I do it remotely from command line all the time at work.
    • by AmiMoJo ( 196126 ) *

      I really doubt most clueless users will suddenly be taking to the command line to install stuff. In any case, this doesn't bypass the usual security warnings like UAC prompts or the need for the administrator password.

      Personally I welcome it as it means Internet Explorer will no longer be required to download Chrome every time I do a fresh install.

  • by jfbilodeau ( 931293 ) on Wednesday October 29, 2014 @09:29AM (#48260513) Homepage

    Now that Windows is kinda-sorta-Unix-like, should it be on DistroWatch.com? </sarcasm>

    • Re: (Score:3, Insightful)

      by BitZtream ( 692029 )

      Since when were package managers a UNIX thing?

    • by Anonymous Coward

      Nah! Windows can never be considered Unix-y.

      It's never done just one thing and it's never done those things well.

  • Respect (Score:5, Informative)

    by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday October 29, 2014 @09:31AM (#48260527) Homepage

    I really respect this move from Microsoft. It's something they should have done a while ago, but better late than never. It has the potential to make administration much easier. They should also maintain their own repo of patches as an optional replacement for Windows Update.

    • Re:Respect (Score:4, Informative)

      by His name cannot be s ( 16831 ) on Wednesday October 29, 2014 @09:36AM (#48260565) Journal

      [FYI -- I'm @FearTheCowboy everywhere else, my /. id is so old that my name got trimmed from "His Name Cannot Be Spoken" 15ish years ago when they did a database adjustment... ]

      I have had thoughts on how to do this; I suspect that while we may not set up a repo to do that, I may hack out the instructions on how that could be done easily if one wanted to maintain their own.

      It really boils down to how much time I can throw at that.

      Of course, we also want it to plug into WU and WSUS, but that'll be a bit more down the road.

      • Is this technology supposed to replace Windows Installer and MSI packages or does it built on it ?
        • by armanox ( 826486 )

          I would imagine build on it.

        • I'm under the impression that this is not a new package format, and so you'd still have MSI files, but it's a method for automated download/installation of MSI files (and perhaps other files) based on a repository and install list.
      • Good to know. So I take it you're somewhat responsible for this? I love you then. As a systems/network admin, this has long been on my wishlist.

        I wouldn't mind running my own repo for Windows patches, as long as there are tools to make it easy, including some way of automating pulling patches into my repo.

        As far as integration with WSUS, I wouldn't mind seeing WSUS replaced/melded into a single solution, but I'm less interested in maintaining two different update solutions that plug into each other. E

  • by unixisc ( 2429386 ) on Wednesday October 29, 2014 @09:33AM (#48260547)
    Given Microsoft's penchant for supporting legacy, such as 32-bit Windows 10, what sort of apps will we see here? Everything from win32 apps from the NT era and since? Will it be like PC-BSD's PBI, which determines which version of a library is needed, and includes that with the said download? Or will it be a clean win64 downloads only?
    • by AmiMoJo ( 196126 ) *

      The current repository is added to by users. Microsoft seem like they want to keep it that way, although of course I'm sure they will take over maintenance of their own products. I had a quick look and Visual Studio is already on there.

  • by Haven ( 34895 ) on Wednesday October 29, 2014 @09:39AM (#48260607) Homepage Journal

    Have you ever tried to make your application a debian package or RPM? It's a royal pain in the ass. Windows developers are not going to do whatever it takes to make this go smoothly on Windows.

    There is a 100% chance that nearly every "Package-Install" command will just be downloading the app for you and launching the graphical installer you normally see.

    People in charge of deploying software on windows are miserable people.

    • There is a 100% chance that nearly every "Package-Install" command will just be downloading the app for you and launching the graphical installer you normally see.

      Tell me more about this 100% chance of a graphical installer on Windows Core (non-GUI).

      If they have to make it work in core, why would it fire up a graphical installer?

      I'll take any bet that it is something less than 100%....

    • If it knows how to wrap the different installers' (nullsoft,installshield,etc...) /silent options, then it's fine by me.
    • I can say I have. I couldn't wrap my head around RPM, but I didn't try that hard. Debs on the other hand are easy as pie. It takes me about 5 minutes to refresh my memory on dh_make (man dh_make), then create a deb using dpkg-buildpackage -rfakeroot -b -us -uc (if you actually want signatures it still doesn't get much harder). No pain in the ass at all, royal or otherwise.

    • Have you ever tried to make your application a debian package

      Yes, it's essentially a compressed directory, combined with a dependency list and a version number. You don't even need the specialized Debian tools to build them, although they make things easier. I'm kind of surprised you found it difficult, actually.

    • by AmiMoJo ( 196126 ) *

      There is a 100% chance that nearly every "Package-Install" command will just be downloading the app for you and launching the graphical installer you normally see.

      Most of them download the MSI and do a silent install. There will still be UAC/admin password prompts, unless you disable them first. Many programs provide MSI installers already because they are very popular with organizations that want to deploy software over their network.

    • Yeap, I've already done some packages, and it's pretty plan: a compressed file with a file for description/depencencies and paths to install. I got more trouble when tried to create an installer for Windows, because I have to rely on install creators.
  • by lennier1 ( 264730 ) on Wednesday October 29, 2014 @09:42AM (#48260633)

    sudo apt-get install malware

    • iexplore.exe
      FTFY
  • Real leadership here. Basically the Chocolatey folks did it for them and only after facing the threat of not controlling the dominate package manager on their own platform do they finally after decades offer a solution.

    Basically what this tells me is they were trying to avoid competing with their App Store clone BS and are now having their hand forced. Way to go MS way to go.

  • As in, the guy from Sev Trek: Forager? ;-)
  • The (fairly) popular Chocolatey NuGet windows package manager has a kickstarter going on right now to fund some dramatic improvements on an already awesome service. If you like having options, you really should consider backing it. https://www.kickstarter.com/pr... [kickstarter.com]
  • by rapiddescent ( 572442 ) on Wednesday October 29, 2014 @09:54AM (#48260785)

    we've been saying it for years and years but now that Microosft Windows has a package manager, is 2014 finally the year of the Windows desktop?

  • The reason I expect this has been delayed for so long is that features like these will make windows administrators more at home on Unix and Linux. It does show (as other things do as well), that for professional work, Unix had it right all along. On the other hand, this convergence makes (hopefully) working on Windows less of a pain.

    Of course I am talking about convergence with regard to work-flows, processes, etc. and not about actual concrete services being the same.

  • Simply put: O_o (Score:2, Flamebait)

    by Svartalf ( 2997 )

    Heh... How long did it take them to get to that? 20 *YEARS* (RHL 1.0 - November 1994) now?

    Seriously Microsoft. Took you long enough.

    • Re: (Score:2, Troll)

      by war4peace ( 1628283 )

      Not as long as it (would) take Linux to offer a really good Desktop solution.

      • by Khomar ( 529552 )

        Not as long as it (would) take Linux to offer a really good Desktop solution.

        Yeah, Microsoft made a really good desktop solution and then developed a really broken one. Take that, Linux!

  • Isn't putting branding in a command's name a bit of a hostage to fortune?

    If this had come out 10 years ago, would we all be laughing at having to use get.NET / OLEget / ActiveGet / Get95 / etc ?

  • . . . is that a lot of its software is automatically managed. Windows updates is great (it generally works better than the Linux versions), but it only updates Microsoft components. Other installed programs are responsible for updating themselves, often installing hidden processes that boot at start-up for that purpose.

    Linux package managers are nice because they manage a pretty wide-variety of software. Their biggest flaw is that you usually still have to update packages you install yourself manually.

    If

    • For most well known Windows applications, I'm using Ninite for both automated batch install and automated batch update.

  • Sorry, but psexec-ing into SMB is not the same.
    While I'm talking about sysinternals tools, maybe a 64 bit version of psinfo? Psinfo -s still only shows the 32 bit programs installed on a system, ignoring the 64 bit versions.
  • Its a little less a piece of shit now. Still some unpleasant odors here and there. I have no doubt God really is on our side, but nice to see some goddamn proof every now and then.
  • Big deal Linux has had this for a long time.
  • by rl117 ( 110595 ) <rleigh.codelibre@net> on Wednesday October 29, 2014 @12:48PM (#48262595) Homepage

    My experience of chocolatey was not good. Fine to install software, but it's just a wrapper around existing installers. Try to upgrade a package... fail. Try to remove a package... fail. This depends upon the package in question; it works for some, others you have to clean up by hand, worse that having downloaded and installed using the installer by hand.

    And no proper support for libraries, dependencies etc. so useless for software development. It certainly meets a need for software deployment, but it's so lacking compared with what dpkg/apt-get provide that it's a joke.

    If Windows is to gain a proper package manager, I think they need to do it properly. The existing support is just broken.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...