From owner-freebsd-ports@FreeBSD.ORG Tue Apr 1 15:39:10 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1205BDC6 for ; Tue, 1 Apr 2014 15:39:10 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 86519666 for ; Tue, 1 Apr 2014 15:39:09 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s31FcpfG069643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 1 Apr 2014 16:38:57 +0100 (BST) (envelope-from matthew@freebsd.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s31FcpfG069643 Authentication-Results: smtp.infracaninophile.co.uk/s31FcpfG069643; dkim=none reason="no signature"; dkim-adsp=none X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <533ADD83.7050903@freebsd.org> Date: Tue, 01 Apr 2014 16:38:43 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: Updating less-than-everything with poudriere & pkgng References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="37v1dS6bx54iCXXHIeFMtimK48U0PW6o5" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.1 required=5.0 tests=AWL,BAYES_00,RDNS_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2014 15:39:10 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --37v1dS6bx54iCXXHIeFMtimK48U0PW6o5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 04/01/14 16:18, J David wrote: > Consider a poudriere-generated pkgng repository with about 10,000 > packages in it. Now, just because the FreeBSD ports collection is the > way it is, about 8,000 of those packages are going to depend directly > or indirectly on perl. >=20 > Now suppose one of those 10,000 packages is foobar-1.2.2. A security > advisory is released, and it is now urgent to upgrade all the machines > using this repository to foobar-1.2.3 ASAP. But foobar-1.2.3 (like > 7,999 of its brethren) depends on perl, and perl has also been updated > from perl-5.12.3.4_5a to 5.12.3.4_5a1. >=20 > What we want is to do a poudriere build that updates to foobar-1.2.3 > and rebuild anything that depends on foobar. >=20 > But the first thing poudriere is going to do is whack perl-5.12.3.4_5a > and all 8000 packages that depend on it. >=20 This is why the quarterly branches exist. 2014Q1 (Just EoL'd) and 2014Q2 (just branched from head) will now get only security and port-fix type upgrades for the next 3 months. Therefore if your poudriere repo had been tracking 2014Q1 it would probably not have had those perl updates to deal with, but it would have had foobar-1.2.3 security fixes. Of course, right about now, you get to have an upgrade frenzy applying 3 months worth of changes in one fell swoop, as there's the switchover from 2014Q1 to 2014Q2 happening right now. There's no way I know of to use poudriere to selectively update just packages from the dependency tree involving foobar but not ones involving perl. So, yes, you'll end up with your package builder doing a lot of building, and you will have a window of exposure while that is happening. About the only way I can think of to achieve that is to apply selective updates to your ports tree that you have checked out of SVN, which is a pain in the posterior and not always guarranteed to work properly. Cheers, Matthew --37v1dS6bx54iCXXHIeFMtimK48U0PW6o5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTOt2KXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnIf8P+gJBzJv4QclQzCczWsenEVvO CoCa95zNu8W2BEjBBSwA8Y/Lrj+hJuA2DxQuLtBLEqGlNhT3fmyKFx3g1PwjyMrN IdNN5jh9Ms328R4XPRUIZsn1EW1KI/C6nVxqjgVaN1f3UGlBVh1coacF/z1JmU47 cOLIST9XGcV7muVlF4GD1m/gBUBJV9IXvcUvgnn7XpNQBbB4Un49CL7cg6Mzltp5 GNwfHk0WUp8jZAK/s4Kld/dk031050+C/skuYQkIZEUwy5bNRXOUe6fWObAae8Rh wt2/vHIiCHwtkLB1w8gDWtnd0i+cMllaj2/A8BXuEue9Nn3oH8JFM2Hqy6SuM/5I d9Zr3Bo65fOkvh+vnnyJXUI1lDDFIdoIClsoYnYEW+6MVv5vPB1y4zeESPDAkd0i KGrFvTZuupyL8x3cMPAhMeqWiUY6B07qB7zg70sdH5iDXCDfIPhXnB01gCU6J8Ap BGD1qo+mC0XI7TRCQWYGBElT5ltyxUz8lyCXXqp7vwL2DSJMrGFe24xRv7Xdd7f9 3gaug3F/2KcOE4pavXdTNzUEuKOMOKk9GP8J2DhC6+6RK/UzSjIr9J5S24nNaD8y 9pVbQW0120QNL2zQZ/qdzSKoI4hLM+4l0h5VLQCM7VUiElzcjQrbGljcf6ekTlEv /eDIw6uM8nyzPV5w1wkC =ZvHi -----END PGP SIGNATURE----- --37v1dS6bx54iCXXHIeFMtimK48U0PW6o5--