Date: Tue, 16 Dec 2014 14:02:10 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> To: Willem Jan Withagen <wjw@digiware.nl> Cc: "ports@freebsd.org" <stable@freebsd.org>, Brandon Allbery <allbery.b@gmail.com> Subject: Re: I do not quite understand why a BIND upgrade needs to touch soo much. Message-ID: <alpine.BSF.2.11.1412161358550.1431@mail.fig.ol.no> In-Reply-To: <548F5C6F.7040309@digiware.nl> References: <548F4F62.4020308@digiware.nl> <CAKFCL4WD7%2BSQthGQdwORwCzEYGTaO3Bjx-6ypwKNRGqNnWx7EQ@mail.gmail.com> <CAKFCL4XL16Mu3jhrMX7gRwnOoXOB63-_DHR2ufwJggzmQbH8bQ@mail.gmail.com> <548F5C6F.7040309@digiware.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Dec 2014 23:10+0100, Willem Jan Withagen wrote: > On 15-12-2014 22:26, Brandon Allbery wrote: > > On Mon, Dec 15, 2014 at 4:20 PM, Brandon Allbery <allbery.b@gmail.com> > > wrote: > >> > >> On Mon, Dec 15, 2014 at 4:15 PM, Willem Jan Withagen <wjw@digiware.nl> > >> wrote: > >>> > >>> So I'm building my packages with poudriere and using pkg (1.4.0) > >>> to upgrade bind. With the sort of shocking result: > >>> ====================== > >>> Installed packages to be REMOVED: > >>> gettext-0.18.3.1_1 > >>> > >> > >> That first one is the key. Bind depends on gettext --- as does pretty much > >> every other package in existence --- and gettext underwent a massive > >> breaking change, which is kinda deranging everything else. The recent > >> /usr/ports/UPDATING entry for gettext has the gory details. > >> > > > > To explain a bit further: this time, your portupgrade would do a lot of > > extra work as well. bind is not self-contained; it has dependencies, some > > of which are shared by other packages. If you want your bind update to be > > self-contained then you'll need to make your own port and package from it > > containing its own gettext, so you can upgrade that one package without > > breaking every other package that depends on gettext. Otherwise, you just > > have to accept that a package other than bind, which bind and just about > > everything else depends on, *also* changed; and you can't just upgrade bind > > without upgrading gettext *and* either upgrading or removing the other > > packages that depend on the old gettext. > > Yup, more than true in the ultimate case. > Although 'portupgrade bind99' in this case did not require any other > packages to be upgraded too. > > I've been hesitant in upgrading other packages with less security > pressure, because of the huge list with extra's. > And you are right, this change in gettext is going to bite at some > point. (besides from building things with static linked libs.) While YMMV, I use portupgrade and not pkg, and upgrading gettext was pretty much less painful than indicated by the UPDATING entry. Simply run: portupgrade -fpvo devel/gettext-runtime gettext cd /usr/ports/devel/gettext-tools && make && make install && make package && make clean cd /usr/ports/devel/gettext && make && make install && make package && make clean portupgrade -fprvx gettext -x gettext-runtime -x gettext-tools devel/gettext-runtime > Still leaves the point that 'pkg upgrade bind99' removes packages > without reinstalling those. The only alternatives are: > - pkg upgrade, and everything is upgraded > - capture the list of deletion, and manually re-add them after > the upgrade > > Neither solution is something I look forward too. > > --WjW -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-stable@FreeBSD.ORG Tue Dec 16 14:09:52 2014 Return-Path: <owner-freebsd-stable@FreeBSD.ORG> Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AAC0E612; Tue, 16 Dec 2014 14:09:52 +0000 (UTC) Received: from udns.ultimatedns.net (unknown [IPv6:2602:d1:b4d6:e600:4261:86ff:fef6:aa2a]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A65578A; Tue, 16 Dec 2014 14:09:52 +0000 (UTC) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id sBGEA9KI090022; Tue, 16 Dec 2014 06:10:09 -0800 (PST) (envelope-from chrish@UltimateDNS.NET) To: freebsd-stable@freebsd.org, Erwin Lansing <erwin@FreeBSD.org> In-Reply-To: <20141216092259.GF89148@droso.dk> References: <CAN6yY1sVGiQFNkoi0mGZs7grJ5SMAui-rDO1e8UDAs0PTUVL9g@mail.gmail.com> <alpine.BSF.2.00.1312031407090.78399@roadkill.tharned.org> <20131203.223612.74719903.sthaug@nethelp.no> <20141215.082038.41648681.sthaug@nethelp.no> <e209e27f9eb42850326f5a4df458722b@ultimatedns.net> <CAN6yY1uuj7Jj65zOsKZ=3Uk3y-E300BeyY=NA9iU++n5CKBqyg@mail.gmail.com>, <20141216092259.GF89148@droso.dk> From: "Chris H" <chrish@UltimateDNS.NET> Subject: Re: BIND chroot environment in 10-RELEASE...gone? Date: Tue, 16 Dec 2014 06:10:09 -0800 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <2172924ecb6a8bad66e48b4a7cc08e35@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/> List-Post: <mailto:freebsd-stable@freebsd.org> List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 16 Dec 2014 14:09:52 -0000 On Tue, 16 Dec 2014 10:22:59 +0100 Erwin Lansing <erwin@FreeBSD.org> wrote > On Mon, Dec 15, 2014 at 10:12:45PM -0800, Kevin Oberman wrote: > > > > Please don't conflate issues. Moving BIND out of the base system is > > something long overdue. I know that the longtime BIND maintainer, Doug B, > > had long felt it should be removed. This has exactly NOTHING to do with > > removing the default chroot installation. The ports were, by default > > installed chrooted. Jailed would have been better, but it was not something > > that could be done in a port unless the jail had already been set up. > > chroot is still vastly superior to not chrooted and I was very distressed > > to see it go from the ports. > > > > While I don't want to get dragged down into this discussion that can go > on forever without any consensus, I just want to point out that there is > a slight twist to the above description. Due to implementational > details, the ports' chroot was actually inside the base system parts of > BIND. Removing the one, removed the other. > > I did try my hand at a reimplentation self-contained in the port, but > that proved less trivial than thought and I never reached a satisfactory > solution. I found it to be surprisingly difficult, as well. > If anyone want to try their hands at it as well and convince > the new port maintainer, please do so, but trust me when I say that. > e.g. an ezjail solution, is much easier to set up and maintain than > reverting to the old functionality. In they end, I'd rather see a > more general solution that can chroot, or jail, an arbitrary daemon from > ports rather than special treatment of a single port. If BIND, why not > also NSD, unbound, or apache for arguments sake? Hmm. Maybe something along the lines of sysutils/ez-chroot? : Sounds like it could really be a popular port! :) --Chris > > Erwin > > -- > Erwin Lansing http://droso.dk > erwin@FreeBSD.org http:// www.FreeBSD.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1412161358550.1431>