Opkg limitations vs dpkg

[Alejandro del Castillo]

Hello,

I am on the process of evaluating which package manager to use on our embedded controllers. I know dpkg is more feature-rich, but is heavy weight and requires perl, which I would prefer to avoid installing. On the process of the investigation, a few question pop in my mind:

- Is there a document that lists the shortcoming of opkg vs apt/dpkg? 

- Regarding the dependency engines, I believe both use ad-hoc ones. Are there advantages/disadvantages of opkg vs dpkg on it's dependency engine? are there plans to move opkg to an existing solver like libsolv?

- I believe opkg was not actively maintained for a while, then, under the Yocto project umbrella, it is once more maintained and there is a 1.0 release on the horizon. When is 1.0 planned? what would be on it?

- What about digital signing? is there support for it, like in dpkg?

Thanks so much in advance for any information on the matter.

Cheers,

Alejandro del Castillo

[Paul Barker]

On Tue, Aug 26, 2014 at 09:17:21AM -0700, Alejandro del Castillo wrote:
> Hello,
>
> I am on the process of evaluating which package manager to use on our
> embedded controllers. I know dpkg is more feature-rich, but is heavy weight
> and requires perl, which I would prefer to avoid installing. On the process
> of the investigation, a few question pop in my mind:
>

(Questions rearranged so my answers make sense)

> - I believe opkg was not actively maintained for a while, then, under the
> Yocto project umbrella, it is once more maintained and there is a 1.0
> release on the horizon. When is 1.0 planned? what would be on it?

It's been about a year since I picked up maintainership of opkg so this makes
for a good review point. I've mostly focussed on refactoring and improving the
maintainability of opkg whilst I've learnt the codebase. That work will show in
the v0.3 release which I'm hoping to get out soon.

After the v0.3 release I'll be putting together a more detailed roadmap towards
the v1.0 release. I didn't want to do this previously as I didn't feel familiar
enough with the codebase but I'm in a better position to do this now. The v1.0
release won't be coming too soon though as I only have limited time to work on
opkg.

> - Is there a document that lists the shortcoming of opkg vs apt/dpkg?

There sadly isn't such a document at the minute.

> - Regarding the dependency engines, I believe both use ad-hoc ones. Are
> there advantages/disadvantages of opkg vs dpkg on it's dependency engine?
> are there plans to move opkg to an existing solver like libsolv?

Again, I don't know how things compare to dpkg exactly. I want to look into
optimising and improving the dependency resolution in opkg during development
for the v0.4 release. I'll probably evaluate libsolv during this cycle. If it
doesn't add too much bloat or too many dependencies then it may be a good
option.

> - What about digital signing? is there support for it, like in dpkg?
>

opkg supports package feed signatures using either gpg or openssl as backends.
I'd strongly suggest you use gpg signatures. In v0.3 we should also support
signatures on each individual package.

> Thanks so much in advance for any information on the matter.
>

My basic message is that opkg still has its limitations but is gradually
improving. I definitely think it's a better choice for small embedded systems
than either dpkg or rpm, but I am biased.

Thanks,

--
Paul Barker

Email: pa...@paulbarker.me.uk
http://www.paulbarker.me.uk

[Alejandro del Castillo]

Thanks for the quick answer.

I am going to move forward to prototype with opkg (our software stack is pretty big) as I think it provides the basic on what we need to do. I'll post on the list if I find bugs/limitations as I make progress.

Thanks again,

Alejandro del Castillo