FreeBSD’s pkgng: A broken fork of Debian’s apt-get

To discuss this topic, I have to first talk about the history of package management in the BSDs. In GNU/Linux, people’s lives are made easy with package managers for each distribution (apt-get for Debian, yum for Redhat, slackpkg for Slackware and so on). Package managers install software packages requested by the users by downloading them from a trusted repository then analyze what dependencies are required and then download those dependencies from the same trusted repositories. Once all the downloading was done, the package manager then installs both the dependencies and the requested software package. When a package is requested for removal, the package manager deletes the files installed in the directories when the package was installed and then it deletes the associated dependencies. In some Linux distros like Debian, users are given the choice of which dependencies to remove and to keep.

Package management in the BSDs? Well in short, there’s no such thing as package management in BSD. All the BSD do have a few binary tools called pkg_add, pkg_delete and pkg_info but these are not package management tools. pkg_add doesn’t search for requested packages and downloads them from a remove repository and it also does not resolve dependencies. pkg_delete removes the files associated with the package selected to be removed. pkg_info just lists the packages installed on the machine. Hardly a package management system. Binary packages in all the BSDs are obtained from ftp sites. All binary packages are not update and are never patched for bugs and security vulnerabilities. Often installing software this way to create a barely usable desktop leads to large numbers of being introduced. The other way of obtaining third party applications is to use what is called the ports tree. The ports tree is simply a directory structure with makefiles and patch-files at the end for each third party software. To install a package, a user has to cd to that directory (e.g. cd /usr/ports/www/firefox) and then type make install. BSD’s make then downloads the source code of the package from a third party site not related to the BSD project and applies patches to the source code to make them compilable in BSD. BSD make then checks for the required dependencies and does the same for them. After a long time of compiling package and the dependencies, they are installed onto the system.

Not only is this extremely slow and inefficient but it also means that as maintainers for the third party site modify or update their copy of the source code, ports become broken and uncompilable. Since most third party application had a lot of dependencies, the chances are that there will always be one or two dependencies coming from broken ports which who cause everything to stop compiling. Consider that together with the fact that compiling a particular port can take up to a week plus the fact that upgrades of software usually require the user to recompile nearly every third party application installed. This makes maintenance and fixing of a BSD system impossible of servers and for desktops. It is the main reason many companies including Yahoo switched from FreeBSD to Linux. Another problem with ports is that the sites were BSD make gets the source code from is not scrutinized at all by the BSD projects and can be considered untrusted unlike Linux distro repositories. Third parties can willfully modify code maliciously thus compromising user’s machines. These are a handful of major problems with BSD ports but they are no means the only problems. Unfortunately, some GNU/Linux distributions such as Gentoo have adopted the ports tree as their package “management”.

For nearly 20 years, BSD developers have been in denial of the handicap placed on users by their ports system even as BSD usage share fell below 0.01% however this has appeared to change in 2012. Near the begin of 2012 after be given the green light by Apple Inc (FreeBSD is owned and governed by Apple), FreeBSD developer Baptiste Daroussin created the first ever binary package manager for FreeBSD called pkgng. While this new piece of software at first seem to solve all of FreeBSD’s package management problems, it actually makes package management a lot more difficult and sometimes impossible in certain cases. What’s worst and blatant is that pkgng is not an original piece of work like what it’s creators claim but rather, it is actually a strip down fork of Debian’s popular apt-get package manager. This has legal implications for the FreeBSD project as pkgng appears to violate the GPL.

First of all, installing software with pkgng and the ports together causes clashes, this is in contrast to pkg_add which at least recognizes software installed from ports. Secondly, pkgng’s option to upgrade software (e.g. pkg upgrade) downloads new versions of the packages but instead of simply deleting the old versions and installing the new versions, pkgng will give an error saying that the old version conflicts with the new version and thus it is left to the user to manually remove the old packages and install the new ones. This often results in removal of packages not requiring upgrade. And finally pkgng’s unused dependency removal operation “pkg autoremove” (guess where this functionality came from) actually removes dependencies required by installed (not removed) applications. And finally, the FreeBSD project has stated that it is not going to provide repositories or ftp sites for pkgng.

According to the FreeBSD project, users must now create a jail using an entire ZFS partition. Inside the jail users are expected to compile packages from ports effectively making their own repository form which users are expected to use pkgng to install them on their main system. So as explained, FreeBSD is moving from a source and/or crappy binary package system to an effectively source only system except that you don’t compile and then install directly, you compile to make a package and then install the package. Can someone explain how that is suppose to improve package management? By the way for those who don’t know what a jail is, jails are a feature originally designed by Linux developer Daniel Lezcano (the creator of LXC) which was then stolen by FreeBSD project member Poul Henning-Kamp to implement on FreeBSD. FreeBSD jails functions similarity to Linux chroots but are far more insecure.

Finally by comparing the source code of FreeBSD’s pkgng to Debian’s apt-get, people would find that pkgng is literally pieces of code ripped from apt-get with little to no modification. Indeed discussions on the mailing list in late 2011 show that FreeBSD “developers” including Baptiste Daroussin took apt-get and removed the GPL license together with code they could not understand and renamed the result pkgng. They did this as they were incapable of writing a package manager from scratch. This means pkgng has legal implications for FreeBSD as it is illegal to remove the GPL from a piece of software without the author’s permission. It also shows how blatant the BSD projects can be when fighting against the freedom achieved by Richard Stallman, the FSF, Linus Torvalds and GNU/Linux.

Hopefully, the FSF and Debian soon notice this, rectify the problem and make FreeBSD pay for such a violation.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

14 Responses to FreeBSD’s pkgng: A broken fork of Debian’s apt-get

  1. dmesg says:

    This article is one of the most honest i’ve read about de FreeBSD system…FreeBSD is indeed owned and dictated by Apple.

    Virtually all the core FreeBSD project members are Apple employees.

  2. Jeremie Le Hen says:

    Hahaha, oh man, you’re excellent! 🙂 Please keep posting!

  3. You’re article enlightened me to the horrible mismanagement of the bsd and thier blantant violation of the GPL. Clearly, BSD losers are the worlds most idiotic people.

  4. Ben says:

    Seeing my colleague’s BSD failing made my day, funniest piece of humor I’ve see in ages.

  5. BSD fuckers have all got something wedged in their ass.

  6. Alex says:

    BSDs are always looking for legal trouble…

  7. Aditya Pareek says:

    i agree to your criticism about ports , jails and the new pkgng tool , however the fact that you say that the FreeBSD people have ripped off chunks of code from debian’s apt , just so as to confirm is this first hand info you gathered by actually comparing the code for apt and pkgng or did you just heard/read it somewhere like i have on this blog ?

    P.S. i am a die hard Debian purist , and i do believe this matter needs to be cleared up .

  8. A User says:

    Wow! What a great article. Now I know why to use Linux and not FreeBSD. Thanks for all the information you gave.

  9. some guy says:

    i was about to install FreeBSD, but then i read this, considering other options now

  10. I make decisions based on random web pages says:

    These are completely valid and realistic concerns. The lack of evidence is not a problem for me. Also, I am totally a real person who is not the author agreeing with himself.

  11. Chris C says:

    Ok so.

    You state the ports system is a bad system, I disagree, its actually freebsd’s strong point, yes compiling is slower than precompiled but its super flexible, one can choose the options compiled into the port, apply the gcc flags they want and also the biggest advantage is depencies are dynamic. eg. on debian everything has to be the right version to avoid dependency issues and if you mix packages from different repos dependency issues occur, on the ports system dependency issues are extremely rare. The package systems are why I hate rehdat OS’s the redhat yum is aweful in my view, and although debian’s is better than yum I do prefer ports (or gentoos portage).

    However with that said freebsd does have its fair share of issues, lots of weird decisions made such as the dropping of bind and pro desktop focus, I wasnt personally aware apple owned and controlled freebsd either, that is an eye opener. Plus if indeed pgnng is a ripoff of debian’s apt-get then thats a dissapointment to say the least.

    I think the main reasons for freebsd’s low user share is nothing to do with ports, but rather freebsd has compatability issues with various software, and a lack of marketing. Redhat has been very commercialised, lots of server software is marketed as redhat only so as such redhat/centos/fedora have a big share of the server linux market. Also that I feel linux development is ahead of the curve over freebsd, generally I do find linux servers faster and more stable than freebsd, trust me it pains me to admit that but I have found it to be true. I do keep my own personal servers on freebsd as I love the ports system and zfs however various customers of mine with heavy duty servers have migrated over to linux, to solve various issues that we were seeing on freebsd. None of those issues were to do with the package system tho, freebsd has problems but the ports system isnt one of them.

  12. Have you tried pkgng on a unix? It does a shit job with binary packages and dependencies… and versions of dependencies (worse).

  13. serginho89 says:

    All the comments here against BSD are from the same loser (the creator of the blog). This idiot has no life.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s