Matthew Garrett (mjg59) wrote,
Matthew Garrett
mjg59

Anyway, back to pure Linux stuff. A while ago, the Ubuntu Technical Board were asked to take a look at Automatix. I've finally got around to doing so, and here are my initial conclusions. I'd appreciate any factual corrections, and note that at this point this is my individual opinion rather than any sort of official statement.

Automatix is a combination system configuration/package installation
tool, aimed at making it easy for users to install features like
graphics drivers, media codecs and software not distributed as part of
the Ubuntu distribution. It is provided as a .deb file containing a
python GUI frontend that calls out to a shell backend. The frontend
parses an XML file which contains module descriptions and function
names for installing and uninstalling modules, with these functions
being part of the shell backend. An install module will typically
check whether another package manager is running, and if not either
install a set of debs or download and manually install a
tarball. Uninstall modules generally remove the same software or clean
up the manually installed files.

The following is a list of identified issues with the current version
of Automatix - it is the result of a few hours of investigation, so
may not be complete.
  • Automatix is, in itself, a poor quality package which fails to
    conform to Debian or Ubuntu policy.

    • It is inappropriately flagged as belonging to base
    • Depends on essential packages
    • Has a short description of more than 80 characters and no long
      description
    • Provides no email address in the maintainer field
    • Contains no copyright information in the standard locations
    • Ships a TODO file as a control file
    • Provides no man pages
    • Ships files in /usr/etc
    • Contains many files inappropriately flagged as executable
    • Changelog is in /usr/etc/automatix2/ax_data ?

    These issues are primarily cosmetic and in themselves are unlikely to
    cause any harm to the system.
  • In debug mode, automatix will write files to your home directory as
    root. Again, more of an irritation than anything dangerous.
  • Provides platform-specific data in /usr/share. Potentially an issue
    if /usr/share is shared between multiple architectures, but since
    Automatix is x86/amd64 only probably not a real problem.
  • #!/bin/bash
    #created by arnieboy 
    foo=`gksudo -u root -k -m "enter your password for gedit root access" /bin/echo "Do you have root access?"`
    sudo gedit $NAUTILUS_SCRIPT_SELECTED_URIS
    appears to be an attempt to ensure that the user has sudo rights. This
    will break if timestamp_timeout is set to 0 in sudoers - gedit should
    be run directly from gksudo. This is repeated in more than one
    place. The assumption that sudo will not need to prompt appears
    prevalent throughout the code.
  • catagory_data.xml - nitpick, but should be category
  • "Please NOTE that downloading and installing w32codecs, libdvdcss2
    and other non-free codecs without paying a fee to the concerned
    authorities constitutes a CRIME in the United States of America"


    Somewhat dubious legal advice - the issue has nothing to do with fees,
    and isn't just limited to the USA.
  • Automatix checks that other package managers aren't running at
    startup (by grepping for a static list of application names in the
    proces list), but doesn't enforce this by carrying out any locking of
    its own. This leaves Automatix open to race conditions.
  • if ps -U root -u root u | grep "dpkg" | grep -v grep;
       then
         killall -9 dpkg
    May well leave the system in an inconsistent and unbootable state, and
    is carried out without warning. This is entirely unacceptable and will
    leave a stale lockfile in any case.
  • function reloadnautilus {
           killall -9 nautilus
    }
    Not actually used anywhere, but could potentially lose user
    information without warning.
  • Most install functions contain a sleep statement for no obvious
    reason. They then call dpkg_check, which sleeps again. It's not at all
    clear what this is meant to be doing.
  • Passes --assume-yes to apt-get, which will (as a result) happily
    remove packages without giving the user an opportunity to
    intervene. This is especially bad when removing Automatix modules -
    any package that depends on one of the packages being removed will
    also be uninstalled, even if the package was originally installed via
    something other than Automatix!
  • Has no internal dependency management. Unable to keep track of why
    packages were installed, so prevents the removal of the multimedia
    module because that would remove sections of other modules without
    explicitly removing that module. Installing swiftfoxplugins will pull
    in several plugin packages, but removing swiftfoxplugins will not
    remove them even if nothing else depends on them. Also means that
    package installation and uninstallation have to be manually kept in
    sync - uninstall will not always remove all packages that were
    installed.
  • Has no concept of file tracking, so will just remove entire
    directories. Makes no attempt to ensure that a user-installed version
    is not already installed in the same location, so effectively assumes
    that the /opt namespace belongs to it.
  • Will remove Ubuntu repository packages in favour of tarballs with
    no warning.
  • Setting ctrl-alt-del to open gnome system monitor will destroy any
    existing user configuration for run_command_9
  • Installing streamtuner will create a world writable directory in
    /opt/ripped with no sticky bit, allowing users to interfere with other
    users' files.
  • mplayerplugin moves totem plugin files to a backup, but does
    nothing to prevent package upgrades of totem replacing them.
  • Only updates the java link after installing new java, not the rest
    of the java alternatives
  • amsninstall installs tls libs that are never removed, copying over
    the ones in the tcltls package. This means that the md5sums in the
    tcltls package will no longer validate.
  • sudo ln -s /usr/lib/libesd.so.0 /usr/lib/libesd.so.1
    is really not
    such a good idea.
  • ln -s /tmp/.esd-1000 /tmp/.esd
    looks like it'll only ever work for
    the first user on the system, and there's nothing to recreate it on
    boot.
  • sudo sed -i "s/^vboxusers\(.*\):$/vboxusers\1:$AXUSER/" /etc/group
    - assumes that the system isn't using some sort of user directory
    service.
  • installs truecrypt suid root - not ideal, given its less than
    stellar security record
  • Unmounts filesystems without checking to ensure that the unmount
    succeeded.
  • Deletes lines from fstab and replaces them with device nodes
    rather than uuids.
  • Includes acroread 7.0.9, despite the new Acrobat license appearing
    to grant no right to redistribute.

Conclusion:

Automatix exists to satisfy a genuine need, and further work should be
carried out to determine whether these user requirements can be
satisfied within the distribution as a whole. However, in its current
form Automatix is actively dangerous to systems - ranging from damage
to small items of user configuration, through removing user-installed
packages without adequate prompting or warning and up to the (small
but existing) potential to leave a system in an unbootable state.

The current design of Automatix precludes any reasonable way to fix
some of these problems. It is attempting to fulfil the role of a
high-level package manager without actually handling any sort of
dependency resolution itself.

A more reasonable method of integrating Automatix's functionality into
Ubuntu would be for the Automatix team to provide deb files to act as
installers for the software currently provided. These could then be
installed through the existing package manager interfaces. This would
solve many of the above problems while still providing the same level
of functionality.

In its current form Automatix is unsupportable, and a mechanism for
flagging bugs from machines with Automatix installed may provide a
valuable aid for determining whether issues are due to supported
distribution packages or third party software installers.
Tags: advogato, ubuntu
Subscribe
  • 223 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →

Great post!

Anonymous

August 4 2007, 04:47:36 UTC 11 years ago

Very good post! Answered a few questions I had about Automatix. Very interesting.
Join! Excellent written!

Re: Great post!

newz_top

10 years ago

Re: Great post!

caseyracine

10 years ago

http://digg.com/linux_unix/Initial_Analysis_of_Automatix_several_problems_found
that confirms for me that I should stick to writing my own little "#!/bin/sh \n sudo aptitude install "

Interesting

Anonymous

August 4 2007, 06:04:22 UTC 11 years ago

Very informative. The first analysis of Automatix I've seen since it was a monolithic, evil, extendable bash script.

Interesting

Anonymous

August 4 2007, 06:04:45 UTC 11 years ago

Very informative. The first analysis of Automatix I've seen since it was a monolithic, evil, unextendable bash script.
Yikes. It's bad enough re-inventing the package-management wheel. But to then do it with such gargantuan corners?

Bad, bad memories of post-2004-ish Gentoo.
That's hilarious.
And that's "pure GNU/Linux", you insensitive clod!

Anonymous

August 4 2007, 11:43:21 UTC 11 years ago

Works great for me !

Anonymous

August 4 2007, 13:01:18 UTC 11 years ago

What we have here is another variant of the practical vs. puritanical. Automatix is cobbled together and untidy but most people don't care because it works well and gets the job done.

ext_23582

11 years ago

fooishbar

11 years ago

yep

ext_49859

11 years ago

Automatix also supports an Apt-based installation method: if you follow the instructions on their wiki but don't actually install the automatix2 package, the other packages they provide can now be installed via Apt. This seems to address some of the issues with their proprietary package manager (e.g. you get Apt's dependency tracking).
Oh, internally automatix uses apt. The problem is that it passes static lists of packages to apt, rather than checking whether anything else depends on those packages. Just using their apt repository with something like synaptic avoids this problem.

mas90

11 years ago

mjg59

11 years ago

erickalikys

10 years ago

Next Step?

Anonymous

August 4 2007, 14:01:13 UTC 11 years ago

For a n00b like me, this is good to know, but also very alarming.

So, having this information now, what should I do with it? My first inclination is to simply remove Automatix2 from my system, but what about all the software it has installed? What if some of the problems mentioned above now exist on my system?

What is the correct way to remove Automatix2 and clean up any messes it may have created?
Uninstalling any of the packages it's installed should leave your system in a safe state.

Re: Next Step?

Anonymous

11 years ago

Deleted comment

Anonymous

August 4 2007, 14:54:21 UTC 11 years ago

http://ubuntuguide.org unfortunately has a section about installing Automatix.

yaddoshi

11 years ago

Good information sources

Anonymous

11 years ago

treenanyted

10 years ago

While I realize Automatix has bad issues, it's not the only thing which can render a system unbootable.

I use Automatix for the purpose of filling little holes of functionality. I use it as a last resort. I always go to official package management first, and Automatix last.

But, that does not save me from a poorly documented kernel update, which basically kills my machine.

How's this for feedback: I don't do kernel updates anymore, because I like my machine bootable, and the teams involved don't seem to do alot of testing. They just ship down the update. I am already sort of dreading Gusty, because I know it's going to entail a re-install of everything. I can fix a variety of problems, but if my machine can't even boot after an offical update, how am I supposed to get support online? Sure, I can select the previous kernel, but in some cases, even that has failed for me. I may not have uber linux chops, but I can reasonably fix a majority of things. But I can't fix bad form on the part of the people who release updates. Ubuntu should work, out of the box, when I update, my options should NOT be the one some of us have faced with damaged Windows Installs. Namely: wow, it's going to (unfortunately) be easier to just re-install than screw with this anymore. The last thing in the world you want, is users saying: Ubuntu is great, but whatever you do, DONT LET IT UPDATE ITSELF. That's a Bad Thing.

While Automatix does have issues, one thing I think is missing from this debate: rake your own leaves, before telling your neighbor they have a messy lawn. Worry about Ubuntu, and getting it tightened up, and working well enough so a user does not HAVE to find something to plug holes, like Automatix. Start testing updates better. This is important. Very important. Document how updates should work, and proper procedures for kernel updates when someone has say...binary nVidia drivers. I realize it takes time. But I get dismayed at the number of people I see get just as frustrated by the lack of good user support and documentation at ubuntuforums, as they do at microsoft or apple. Ubuntu is supposed to be different. Is that just lip service? One could maybe draw that conclusion, based on the number of attacks on Automatix ive seen in the last month.

Ubuntu want's to be an alternative to the desktop? Well, then it's time for some of the ivory tower geekdom to come down and sit in the luser's chair and make an honest assessment of things. Period. Lusers will almost always choose the path of least resistance. That's why so many Automatix installs are out there. The popularity of Automatix shows that Ubuntu fails in some areas. Fix them. While this review is indeed well researched, and certainly the truth of it speaks for itself, I can't help but wonder if the time would have been better spent fixing the issues in Ubuntu, or going to the Automatix teams to try and help them fix some of these issues.

Just my $0.02

Duo.
Ubuntu is not for everyone. It is also still in the process of being improved. You state that you are afraid of Gutsy, but perhaps you should be looking forward to it - because the problems you are experiencing may very well be resolved by the time it is released.

How many other operating systems undergo significant improvement twice a year, every year?

Re: Unfortunately...

mjg59

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

yaddoshi

11 years ago

Re: Unfortunately...

Anonymous

11 years ago

Re: Unfortunately...

yaddoshi

11 years ago

Re: Unfortunately...

Anonymous

10 years ago

Very interesting read from the technical side, but I am one of those people who started using Ubuntu because of Automatix. I have only installed the codecs, GoogleEarth and clipart and never had a problem with it. I haven't yet upgraded to 7.04 and haven't 'played' around with the system. Maybe if I did I would have problems. If there was an officially endorced method of installing the programs Automatix has just as easily, Ubuntu users would welcome it. Unfortunate it may be, but the reality is that Automatix is a great help to new Ubuntu users.....until, of course, a problem occurs. Ubuntu needs to take onboard the reasons why Automatix exists, because it exists and is popular for a practical reason. The people behind Automatix have addressed this and I, one of many, have benefited, as has Ubuntu and Linux in general. Hopefully, Automatix (or something) will become officially part of Ubuntu in the future.

I hope that the people of Automatix are not offended by what you wrote because they have done a good job in responding to a need. Anyway, I don't think so. You being part of the Technical Board, you wrote from technical viewpoint, and you analyse from this angle, which of course why you are there. We need you too.
"If there was an officially endorced method of installing the programs Automatix has just as easily, Ubuntu users would welcome it"

For most of the usual non-free codecs, plugins and stuff, there is: just install ubuntu-restricted-extras, it will get you everything you need except, unfortunately, libdvdcss.

Re: Good read, but...

Anonymous

11 years ago

That's complicated

Anonymous

11 years ago

Thanks

Anonymous

11 years ago

And all arnieboy says is "OMG AUTOMATIX!! YOU JUST JEALOUS!!" ubuntuforums community is pretty lame as everyone praised arnieboy for so long despite numerous people noting the flaws.
Lots of people used to Windows, mostly, so they think having to reinstall the OS for a new version (and indeed, slowly deteriorating systems) are normal. Of course they don't care that the system is hosed, they don't even understand that it is.
  • 223 comments
Previous
← Ctrl ← Alt
Next
Ctrl → Alt →

Comments for this post were locked by the author