Package format explained

Package format is a type of archive containing computer programs and additional metadata needed by package managers;^[1] an instance of this type of archive is called a package. While the archive file format itself may be unchanged, package formats carry additional metadata, such as a manifest file or certain directory layouts. Packages may contain either source code or executable files.

Packages may be converted from one type to another with software such as Alien.

Software supply chain and security

Packages are an important component in managing the security and integrity of the software supply chain. Packages containing executables and configuration can be digitally signed to establish the integrity of running software and protect against tampering.^[2]

Package formats that support code signing include .deb (Debian), .msi (Microsoft Windows), .apk (Android) and .ipa (IOS, IPadOS).

Common formats

Specialized formats

Format	Consumed by
AIR	Adobe AIR
Bottle	Homebrew

BSD-based formats

Format	Consumed by
.ipa	IOS, IPadOS
Ports (BSD)	pkgsrc, FreeBSD, OpenBSD[3]
PKG	macOS, iOS, PlayStation 3, Solaris, SunOS, UNIX System V, Symbian, BeOS, Apple Newton

Linux-based formats

Format	Consumed by
AAB	Android
APK (Alpine)	Alpine Linux[4]
APK (Android)	Android
AppImage	Linux distribution-agnostic
Deb	Debian and its derivatives, such as Raspberry Pi OS, Kali Linux, Ubuntu, and Linux Mint[5]
ebuild	Gentoo Linux[6]
eopkg	Solus[7]
Nixpkg	Nix, NixOS, Home Manager
Portage	Gentoo Linux, ChromeOS[8]
Flatpak	Linux distribution-agnostic
.app, .hap	HarmonyOS, OpenHarmony, Oniro OS and Linux based Unity Operating System
PISI	Pardus
.pkg.tar.zst	Arch Linux
PUP and PET	Puppy Linux (PUP format is deprecated since version 3.0)
RPM	Red Hat Enterprise Linux, Fedora, derivatives such as CentOS,[9] and SUSE Linux Enterprise, openSUSE
Snap

Windows formats

Format	Consumed by
APPX and APPXBundle	Windows 8 and later, Windows Phone[10]
Windows Installer package / MSI	Windows Installer on Microsoft Windows

Generic formats

Arch Linux's Pacman^[11] and Slackware^[12] use 'tar' archives with generic naming but specific internal structures.

Notes and References

1. Justin Angelo Cappos, Stork: Secure Package Management for VM Environments, ProQuest, 2008, p. 128;
2. Web site: Protecting Software Integrity Through Code Signing. . ITL Bulletin . David . Cooper . Larry . Feldman . Gregory . Witte . May 23, 2018.
3. Web site: Ports - Working with Ports . OpenBSD.org.
4. Web site: Alpine package format - Alpine Linux. wiki.alpinelinux.org. 2016-05-19.
5. Web site: InstallingSoftware - Community Ubuntu Documentation. Help.ubuntu.com. 2013-04-24.
6. Web site: ebuild. 29 July 2015.
7. Web site: Basics to Package Management. 1 May 2020.
8. Web site: Using Portage to Manage Packages in Gentoo . linode.com. July 15, 2021 .
9. Web site: rpm - Trac. 29 September 2014.
10. Web site: App packaging. 29 September 2014.
11. Web site: makepkg.conf(5) Manual Page.
12. Web site: The Slackware Linux Project: Configuration Help. 29 September 2014.