[BUGS] Package management

[Andrew Stevenson]

On 28 Jul 2011, at 05:04, home at oranges.id.au wrote:

> Some of the machines have some sort of audit (apparently run by
> 'periodic daily') running which emails me when packages have security
> issues - this is handy, because I can then login to the machine,
> perform 'portsnap fetch update' as required, then either 'make install
> clean' for the individual package or 'portupgrade package'. How's this
> sounding so far?

I pretty much only use portupgrade these days - not that I have to maintain many machines anymore. 

> One question I have: Maintaining the ports tree. The machines are
> grouped in separate physical locations. Should I do the following?
> * take one machine per location
> * schedule a portnsnap cron on it
> * push the resulting /usr/ports tree out to all other machines at that
> location (rsync --delete ?)

I have used 2 approaches in the past. One was to NFS export /usr/ports from one machine. You need to set some variable in make.conf to make sure the machines don't try to put the work directories under /usr/ports but otherwise this saves disk space and time. 

When you have a group of machines all running the same software I would just build on one machine and then use make package to produce a binary for the others to pkg_add.

> It is best to have the ports tree mostly up to date, right? A lot of
> these machines run FreeBSD 6.x, so I'm wondering if a ports tree newer
> than some date will result in dependency problems.

I have a FreeBSD 6 system still hanging in and it's port system works fine. I don't know when official support for 6 in the ports tree is being dropped if it hasn't already but I imagine it already gets less testing. 

> 

I used to do one build of the base system as well, automatically whenever the version of the security branch was bumped. I would then use NFS to install that on all machines that needed it. Now days there is a binary update system but I have never got around to looking at it.

HTH,

Andrew