[BUGS] Package management

Peter Jeremy peterjeremy at acm.org
Fri Jul 29 07:32:54 EST 2011 

On 2011-Jul-28 12:04:20 +0800, home at oranges.id.au wrote:
>so here I am (: That said, let me know if you'd rather I ask on IRC
>and I'll go back there.

Well, most of the "active" members hang out in the IRC channel.
It's also more interactive so we can answer your questions better.

>Some of the machines have some sort of audit (apparently run by
>'periodic daily') running which emails me when packages have security
>issues

Sounds like ports-mgmt/portaudit

> - this is handy, because I can then login to the machine,
>perform 'portsnap fetch update' as required, then either 'make install
>clean' for the individual package or 'portupgrade package'. How's this
>sounding so far?

So far, so good - though I'd recommend portmaster rather than
portupgrade since it doesn't have any other dependencies.  (I used to
have regular issues with portupgrade upgrading one of its dependencies
and then exploding).

>One question I have: Maintaining the ports tree. The machines are
>grouped in separate physical locations. Should I do the following?
>* take one machine per location
>* schedule a portnsnap cron on it
>* push the resulting /usr/ports tree out to all other machines at that
>location (rsync --delete ?)

I have a single ports tree (including distfiles) at each location and
NFS share it.  (For various reasons, I have a local CVS tree that's
updated via CTM and my ports tree is a checkout from CVS but portsnap
is easier).  This is easier than keeping multiple copies in sync and
means I only download distfiles once.  I then use "WRKDIRPREFIX?=/..."
in /etc/make.conf to move the build directories out of the ports tree.

It's also possible to build packages on one machine and then just
install the packages on other machines (portmaster supports updating
using local or remote packages as well as by building ports).  This
is easiest when the machines have identical software installed.

>It is best to have the ports tree mostly up to date, right?

Yes.

> A lot of
>these machines run FreeBSD 6.x, so I'm wondering if a ports tree newer
>than some date will result in dependency problems.

It shouldn't result in dependency problems but it _will_ result in
build problems for some ports.  Once support for a particular base
release is dropped, build hacks to support that release will be
dropped from the ports system.  Support is actively removed from the
build infrastructure (/usr/ports/Mk) but it's up to committers to
remove it from individual ports.  There is a ports tree tagged to
show the last ports tree fully supported by FreeBSD6 but this tree
is not updated and therefore ports will be aut of date.

I suggest you begin planning to migrate your systems to either 8.x or 9.0.

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.barnet.com.au/pipermail/bugs/attachments/20110729/354e07bc/attachment.bin>

More information about the BUGS mailing list