Откуда установлены приложения linux?

438
thanks_in_advance

Заранее извиняюсь, если это не по теме.

Когда я хочу установить приложение, скажем, в Ubuntu, я иду в терминал и набираю что-то, что указывает на то, что я хочу, чтобы это приложение было установлено.

То, что я не делаю, - это введите точное местоположение, из которого я хочу, чтобы оно было установлено.

Это сильно отличается, скажем, от Windows или OS X на основе графического интерфейса, где можно было бы использовать браузер для перехода к какой-либо странице в WWW, скачать большой пакет, а затем дважды щелкнуть по нему, чтобы установить его.

Мои вопросы:

  1. Откуда берутся Linux-приложения?
  2. Кто гарантирует, что эти хранилища не были повреждены вредоносным ПО?
  3. Я предполагаю, что есть несколько хранилищ. И если да, то как мой Linux-ПК решает, из какого репозитория загрузить пакет?
  4. Разные дистрибутивы имеют один и тот же репозиторий или разные?
  5. Если я использую какой-либо полнофункциональный последний выпуск Ubuntu, в отличие от облегченной версии, такой как Puppy Linux, и я ввожу ту же самую точную команду в терминал, чтобы установить какое-либо приложение, я буду устанавливать то же самое приложение? в обоих случаях или разные? Как все это обрабатывается, чтобы не та версия была установлена ​​не в том месте?
0

2 ответа на вопрос

2
Mark Lopez

Lots of questions. A lot of these questions are deep. And I could only summarize.

Your beginning question:

What I don’t do is type the exact location I want it to be installed from.

The package manager knows where and how to install the programs. This is required for the manager to know what is installed, and to keep the system clean. Linux uses the philosophy of one program should perform one task, and perform it well. When you install a program in Linux, the manager looks for what is required and installs the packages for you.

  1. Where do the linux apps come from?

    Most of the binaries come from the repositories. Some you build yourself from the source code.

  2. Who ensures that those repositories have not been corrupted with malware?

    The packages are signed by GPG private keys. This prevents anyone who is not the developer from publishing code under the same name. So the defender of the repositories are cryptography through mathematics. But in reality you need to trust the repositories. Don’t add random repositories. Using Ubuntu repositories are safe because you know who manages them.

  3. I’m presuming that there are multiple repositories. And if so, how does my linux PC decide which repository to download a package from?

    The maintainer of the Linux distro decides what respitory to use. With Ubuntu, each version gets a repository.

  4. Do different distros all have the same repository, or different?

    Different. There are many different Distros, Ubuntu uses the Ubuntu/Debian repositories, Red Hat uses their own. Just depends on the Distro.

  5. If I’m using some full-featured latest release of Ubuntu, versus if I’m a light-weight version such as Puppy Linux, and I type the same exact command into terminal to install some app, will I be installing the same app in both cases, or different?

    Each Distro uses a different way to access the repositories. For Ubuntu this is apt-get but on Red Hat this is yum. Some Distros have a slightly different file structure and way of doing things. For example, Debian mother of Ubuntu, uses a completely different email agent than Ubuntu. One package manager will not work on all Linux Distros. Nor do we want this. A monopoly is bad for security and the freedoms that Linux brings.

  6. How is all of this handled so that the wrong version doesn’t get installed in the wrong place?

    The package manager records all installed software (that the package manager installed). But sometimes this doesn’t work out (you might install from source), therefore, it really is the user that handles any issues.

0
p1xel

  1. Depends what exactly you are asking. You get them from the repositories. The repositories get binary (we're not counting Gentoo here) packages compiled by someone who is the maintainer of the package, or a bot which does it automatically. This only applies to open source software (software with code publicly available and legally distributable). And the source code comes from developers, which either upload a tarball to their website or a source hosting site such as SourceForge or Github. Seeing that you are a beginner, DO NOT download and compile packages yourself.

  2. As Linus said "given enough eyeballs, all bugs are shallow" (Linus's Law). This also applies to malicious software. ANYONE (yes, even you) can review code of packages, check md5sums, GPG keys etc. to ensure software does not contains code that may harm you. The package maintainers (the guys who put source code from the internet and package it into the repos) are responsible for the package. Malware however is MUCH less detectable in closed source software cough Skype cough. If you are the paranoid type, avoid closed source software.

  3. If you use a Linux distribution, it most likely has it's own repository already configured (like Ubuntu). Multiple repositories can be stored on a single host, such as multiverse, universe, restricted etc. The different repositories on the same host have different packages so there are no clashes. This is why third-party repositories may be a problem.

  4. Some distros which are based off OTHER distros (common in the Linux world) may use their own repositories for core packages only they use, but get the packages the user wants from the distro they are based off. A great example is Linux Mint. Linux Mint has a very small load on their servers and only has core packages by the Mint team. However if you want to install a random package (like SuperTuxKart), Mint fetches it from the Ubuntu repos. The package cache is synced every now and then so your computer knows what packages are where.

  5. You may or may not be using the same command. The command varies depending what package manager a distro uses. Debian, Ubuntu etc. use APT and Red Hat, Fedora etc. use YUM. If the package is named the same, you will most likely (only in rare situations not) get the same package. However, you will most likely get a different version. This again depends which repository your distro uses. Outdated and/or stable repos get old software, bleeding edge/new repos get the latest version.

The package manager handles all the packages and insures everything is in the right place.

I suggest you read up on some Man pages ;)

Welcome to the Linux world!

Похожие вопросы