A software repository, or “repo” for short, is a storage location where software packages are stored and retrieved. A software repository is typically managed by source control or repository managers. Package Managers allow for installing and updating the repositories (sometimes called “packages”) versus having to manually do this.
Many software publishers and other organizations maintain servers on the Internet for this purpose, either free of charge or for a subscription fee. Repositories may be solely for particular programs, such as CPAN for the Perl programming language, or for an entire operating system. Operators of such repositories typically provide a package management system, tools intended to search for, install and otherwise manipulate software packages from the repositories. For example, many Linux distributions use Advanced Packaging Tool (APT), commonly found in Debian based distributions, or yum found in Red Hat based distributions. There are also multiple independent package management systems, such as pacman, used in Arch Linux and equo, found in Sabayon Linux.
As software repositories are designed to include useful packages, major repositories are designed to be malware free. If a computer is configured to use a digitally signed repository from a reputable vendor, and is coupled with an appropriate permissions system, this significantly reduces the threat of malware to these systems. As a side effect, many systems that have these capabilities do not require anti-malware software such as anti-virus software.
Most major Linux distributions have many repositories around the world that mirror the main repository.
Package management system vs. package development process
A typical use of a package management system is to facilitate the integration of code from possibly different sources into a coherent stand-alone operating unit. Thus, a package management system might be used to produce a distribution of Linux, possibly a distribution tailored to a specific restricted application.
A package development process, by contrast, is used to manage the co-development of code and documentation of a collection of functions or routines with a common theme, producing thereby a package of software functions that typically will not be complete and usable by themselves. A good package development process will help users conform to good documentation and coding practices, integrating some level of unit testing. The table below provides examples of package development processes.
The following table lists a few languages with repositories for contributed software. The "Autochecks" column describes the routine checks done.
Very few people have the ability to test their software under multiple operating-systems with different versions of the core code and with other contributed packages they may use. For R, the Comprehensive R Archive Network (CRAN) runs tests routinely. To see how this is valuable, suppose Sally contributes a package A. Sally only runs the current version of the software under one version of Microsoft Windows, and has only tested it in that environment. At more or less regular intervals, CRAN tests Sally's contribution under a dozen combinations of operating systems and versions of the core R language software. If one of them generates an error, she gets that error message. With luck, that error message may suffice to allow her to fix the error, even if she cannot replicate it with the hardware and software she has. Next, suppose John contributes to the repository a package B that uses a package A. Package B passes all the tests and is made available to users. Later, Sally submits an improved version of A, which unfortunately, breaks B. The autochecks make it possible to provide information to John so he can fix the problem.
This example exposes both a strength and a weakness in the R contributed-package system: CRAN supports this kind of automated testing of contributed packages, but packages contributed to CRAN need not specify the versions of other contributed packages that they use. Procedures for requesting specific versions of packages exist, but contributors might not use those procedures.
Beyond this, a repository such as CRAN running regular checks of contributed packages actually provides an extensive if ad hoc test suite for development versions of the core language. If Sally (in the example above) gets an error message she does not understand or thinks is inappropriate, especially from a development version of the language, she can (and often does with R) ask the core development-team for the language for help. In this way, the repository can contribute to improving the quality of the core language software.
|Language / purpose||Package Development Process||Repository||Install methods||Collaborative development platform||Autochecks|
|Haskell||Common Architecture for Building Applications and Libraries||Hackage|
|PHP||PEAR, Composer||PECL, Packagist|
|Python||Setuptools||PyPI||pip, EasyInstall, PyPM, Anaconda|
|R||R CMD check process||CRAN||install.packages||R-Forge||Roughly weekly on 12 platforms or combinations of different versions of R (devel, prerel, patched, release) with up to 7 different operating systems (different versions of Linux, Windows, and Mac).|
|Ruby||RubyGems||Ruby Application Archive||RubyForge|
(Parts of this table were copied from a "List of Top Repositories by Programming Language" on Stack Overflow)
Package managers help manage repositories and the distribution of them. If a repository is updated, a package manager will typically allow the user to update that repository through the package manager. They also help with managing things such as dependencies between other software repositories. Some examples of Package Managers include:
|NPM||A package manager for Node.js|
|pip||A package installer for Python|
|APT||For managing Debian Packages|
|Homebrew||A package installer for MacOS that allows you to install packages Apple didn't|
Software to manage repositories (repository managers) includes:
- Apache Archiva – "repository management software [for a] build artifact repository"
- CloudRepo – "Fully managed, cloud based, private and public repositories."
- Inedo's ProGet – "Universal Package Manager. World-class features. Accessible for everyone."
- JFrog's Artifactory
- MyGet – "continuous delivery service hosting 1000s of NuGet, Bower and NPM package repositories"
- Packagecloud – "A unified, developer friendly interface for all of your artifacts."
- Package Drone – "a package manager repository for OSGi"
- Sonatype's Nexus – : works with build tools like Ant, Ivy, Gradle, Maven, SBT among others.
- Pulp – "free and open source platform for managing repositories of software packages and making it available to large numbers of consumers. Supported types: RPM, Python, Puppet, Docker and OSTree."
- itmWEB: Coping with Computer Viruses Archived October 14, 2007, at the Wayback Machine
- "The Haskell Cabal | Overview". www.haskell.org. Retrieved 2019-03-25.
- "Maven – Welcome to Apache Maven". maven.apache.org. Retrieved 2019-03-25.
- "Julia Package Listing". pkg.julialang.org. Retrieved 2019-03-25.
- "Quicklisp beta". www.quicklisp.org. Retrieved 2019-03-25.
- karann-msft. "NuGet Package Manager UI Reference". docs.microsoft.com. Retrieved 2019-03-25.
- "npm". www.npmjs.com. Retrieved 2019-03-25.
- "Installing Perl Modules - www.cpan.org". www.cpan.org. Retrieved 2019-03-25.
- Leisch, Friedrich. "Creating R Packages: A Tutorial" (PDF).
- Graves, Spencer B.; Dorai-Raj, Sundar. "Creating R Packages, Using CRAN, R-Forge, And Local R Archive Networks And Subversion (SVN) Repositories" (PDF).
- "The Comprehensive R Archive Network". cran.r-project.org. Retrieved 2019-03-25.
- "R Installation and Administration". cran.r-project.org. Retrieved 2019-03-25.
- "R-Forge: Welcome". r-forge.r-project.org. Retrieved 2019-03-25.
- "The Cargo Book". Documentation. Rust Programming Language. Retrieved 2019-08-26.
- "Rust Package Registry". crates.io. Retrieved 2019-08-26.
- "List of Top Repositories by Programming Language". Stack Overflow. Retrieved 2010-04-14.
- "npm About". www.npmjs.com. Retrieved 2019-11-21.
- developers, The pip, pip: The PyPA recommended tool for installing Python packages., retrieved 2019-11-21
- "Apt - Debian Wiki". wiki.debian.org. Retrieved 2019-11-22.
- "Homebrew". Homebrew. Retrieved 2019-11-22.
"Apache Archiva: The Build Artifact Repository Manager". The Apache Software Foundation. Retrieved 2013-04-17.
Apache Archiva[...] is an extensible repository management software that helps taking care of your own personal or enterprise-wide build artifact repository.
"CloudRepo". CloudRepo. Retrieved 2017-01-01.
CloudRepo is a cloud native artifact repository manager offering both public and private repositories. CloudRepo allows high performance software development teams to securely store and share artifacts for use in other builds and development processes.
"ProGet". Inedo. Retrieved 2016-02-11.
Consistency, continuity, compliance – all in one centralized universal package manager with ProGet.
"Artifactory. Manage Your Binaries". JFrog. Retrieved 2014-10-20.
As the first Binary Repository Management solution, Artifactory has changed the way binaries are controlled, stored and managed throughout the software release cycle.
"MyGet: Hosted NuGet, NPM, Bower and Vsix". MyGet. Retrieved 2013-03-13.
MyGet hosts thousands of NuGet, Bower and NPM repositories used by companies and individual developers worldwide. MyGet comes with built-in Build Services, and also provides friction-free integration with GitHub, BitBucket and Visual Studio Online.
Canals, Armando (2018-06-25). "Continuous package publishing, part I: introduction to package management in CI/CD". circleci.com.
[packagecloud] hosts private and public package repositories for many different package types and works seamlessly with different package managers.
"Package Drone". Retrieved 2015-01-23.
The idea is to have a workflow of Tycho Compile -> publish to repo -> Tycho Compile (using deployed artifacts). And some repository tools like cleanup, freezing, validation.
- "Nexus Repository Manager". Sonatype. Retrieved 2014-05-21.
Nexus Pro gives you more information, more control, and better collaboration across your team than ever before. And it works with build tools like Ant, Ivy, Gradle, Maven, SBT and others. Use Nexus as the foundation for your complete Component Lifecycle Management approach.
- "Pulp | software repository management". pulpproject.org. Retrieved 2017-07-11.