Zero Install

Roadmap

This document explains what we've done and where we're going with future versions.

1. History
2. Current and future plans

History

This is a quick overview of the major features added to Zero Install. It focuses on features available to feed authors, who want to know which features they can safely use while supporting users on older distributions.

2005 (versions 0.1 to 0.17)

Zero Install was created in 2003 as a distributed network filesystem. In 2005, it was redesigned to the current "injector" system. Feed files from version 0.2 can still be run using the current (0.51) version.

2006 (versions 0.18 to 0.24)

Major features added in 2006:

• Support FTP downloads of archives.
• XML signatures (not just plain GPG).
• The <recipe> element allows combining multiple archives.
• Restrictions on suitable versions of dependencies, using the <version> element.
• Support for other secure hashes (not just sha1).
• Support for extracting from RPM, Debian, Autopackage, zip and Cabinet format archives.
• Compile a binary from source.
• More flexible version numbering (e.g. "1.2-post7").

2007 (version 0.25 to 0.31)

• Extracting from .tar.lzma and .tar (uncompressed) archives.
• Background checking for updates.
• Automatic secure sharing of downloads.
• Bug reporting.
• Native package manager integration for Debian and RPM systems.
• Implementation bindings (<environment> directly inside <implementation>).

2008 (version 0.32 to 0.37)

• Mirrors for feeds.
• Manage applications added to the menu (GNOME and KDE).
• Multi-arch support

2009 (versions 0.38 to 0.43)

• Support for Fink (Mac OS X).
• Easier compile-from-source ("Automatic" mode).
• Key information server.
• <needs-terminal> supported.
• Downloading feeds over HTTPS.

2010 (versions 0.44 to 0.51)

• Download progress bars in console mode.
• Canonical CPU type names.
• Gentoo, Slackware and FreeBSD Ports integration.
• Apple dmg-format archives can be used on Mac OS X.
• Specify distribution name in <package-implementation>.
• Support for multiple hash algorithms for a single implementation.
• Added 'local-path' attribute.
• SAT solver handles complex version requirements.
• Select implementations based on user's locale.
• Support for PackageKit (prompt the user to install distribution packages where necessary).
• Initial Windows support.
• The <command> element allows passing extra arguments.
• The <runner> element allows specifying the interpreter.

2011 (versions 0.52 onwards)

• The "0install" command.
• The value attribute for <environment>.
• Recursive use of <runner>.
• Better defaults for approving new keys.
• A Mac OS X binary package.
• Improved Python support.
• 0install 1.0 final!
• <environment separator=...> attribute
• Optional dependencies
• <executable-in-var> and <executable-in-path> bindings
• Use threads instead of sub-processes for downloads (more efficient)
• Update to network-manager 0.9 API
• MacPorts distribution support

Current and future plans

This is a rough roadmap. Times are just estimates, subject to people being able to work on things. Volunteers welcome!

Version 1.6 (Jan 2012)

• HTTP connection pooling, rate limiting and DNS caching

Version 2.x

More flexible <recipe>s

e.g. applying patch files, unpacking nested archives.

An app-store style interface

To help people get started quickly with 0install, it would be good to have a simple, familiar "app-store" user interface. Of course, without restricting people to just those applications.

Feed search

Add a free-text search engine for names and descriptions of locally cached feeds, to enable quick off-line searching.

Add missing features to Windows version

e.g. 0alias and other features available in the Linux version

Custom bug-report address

A feed should be able to specify where bug reports are to be sent. Currently, they all go to the 0install project itself.

Caching of solver results (for speed)

On less powerful machines (e.g. OLPC laptops) we can save CPU time by remembering which versions we selected rather than recalculating every time a program is executed.

Support for services

e.g. a 0service command that integrates with systemd

More sandboxing demos

Show integration with e.g. Rainbow, Plash or LXC, in addition to the current E support.

Better desktop integration

e.g. a better Firefox plugin, XFCE support.

wxWidgets GUI for Mac and Windows

Having a GUI that uses wxWidgets would make 0install much easier to use on Mac OS X and Windows, and would fit in better with the native look-and-feel.

Automatic cache cleaning

0install can keep all versions of all libraries on disk at once. This is useful, but there should be a way to clean out ones that aren't needed any more to free up disk space. Individual versions can be removed easily enough via the cache explorer, but it should be more automatic, a bit like "apt-get autoclean" or deborphan. In particular, we need a way to remove a version which was shared between multiple users safely (i.e. only remove it once no user requires it).

Managing instances (configurations/profiles) of programs

0install currently only manages code, not configuration. It is assumed that programs look in ~/.config and similar places for this. 0install should have support for multiple instances (configurations / profiles) for any program. This will be needed for sandboxing anyway.

Mirrors for archives

If a download site is unavailable, switch to another mirror. Support sf.net mirror system, custom mirror systems, coral cache, etc. May need to show sponsor logos during the download. See also: Metalink

Lazy dependencies

Support dependencies that are only downloaded when needed. For example, ROX-Filer's options box has a button to launch the MIME-Editor application. ROX-Filer should be able to depend on MIME-Editor in its feed, without requiring MIME-Editor to be downloaded before ROX-Filer can be started.

Plug-ins

It should be possible to add additional interfaces to a program's dependencies list. For example, you could add the interface for a French dictionary to a word processor to let you spell-check French documents. This would usually require some support from the application itself. A plug-in is a more general type of optional dependency; one which isn't listed in the main feed file at all.

More meta-data

Mailing list address, release notes, etc.

Peer-to-peer downloads

The tricky bit about P2P is normally the free-text searching, but we already know the secure hash of the manifest we want, and when we get it we have the hash of every file we need, so this should be easy! The idea is that if someone on your local network has already downloaded a program, you can get it from them automatically. See 0share for current experimental version.

Binary patches

We have the secure hash of the currently-cached versions, so we can check that they're unmodified. In that case, we could just download a delta to the next version rather than getting everything again. 0publish should create these deltas automatically. Rsync may also be an option for some sites.

Sandboxing

Provide better integration with sandboxing systems such as Plash. Sandboxed software must still be able to run other programs through Zero Install, adding them to the cache as needed in a secure fashion. EBox shows how this integration can work.

Other possible features

Kiosk mode

The system administrator can restrict what software users can install using Zero Install (white-list interface URIs or trusted public keys).

Third-party sign-off

A distribution can sign an upstream release ("Certified for use with SUSE 10.2", etc). Users can set a policy to run only approved versions by default. Or, a third-party could provide additional input to the hints box (we already provide the "Unreliable hints database", but a commercial organisation could offer a real service).