Date: Sun, 15 Jun 2014 06:38:20 -0700 From: Chris Maness <chris@chrismaness.com> To: Polytropon <freebsd@edvax.de>, Chris Maness <chris@chrismaness.com>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Port Changes FAQ Message-ID: <CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ@mail.gmail.com> In-Reply-To: <20140615100636.GB23568@slackbox.erewhon.home> References: <CANnsUMGxkDTxVnD_dq5L2SfXtppbYzJsB08kYm1h0zpFkkYMGQ@mail.gmail.com> <20140615022626.7111be2c.freebsd@edvax.de> <20140615100636.GB23568@slackbox.erewhon.home>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, guys. I like the new pkg (8) command. Will they be recompiling ports whenever they have been patched against vulnerabilities? Chris On Sun, Jun 15, 2014 at 3:06 AM, Roland Smith <rsmith@xs4all.nl> wrote: > On Sun, Jun 15, 2014 at 02:26:26AM +0200, Polytropon wrote: >> On Sat, 14 Jun 2014 16:53:06 -0700, Chris Maness wrote: >> > I used to use ports, portsnap, portaudit, portupgrade, etc... >> >> No big changes here so far. The system's package database has >> been moved from pkg_* tools to the pkg (pkgng) system, but >> portupgrade or portmaster can deal with that fine. The data >> is now kept in a different database (sqlite). The pkg command >> also has an audit functionality now. >> >> https://wiki.freebsd.org/pkgng >> >> http://www.freebsd.org/cgi/man.cgi?query=pkg&sektion=7 >> >> http://www.freebsd.org/cgi/man.cgi?query=pkg-audit&format=html >> >> Additionally, CVS has been deprecated, so you use SVN to get >> the updates for your local ports tree (or simply use portsnap). > > It seems that portsnap and freebsd-update have certain vulnerabilities that > make it vulnerable to e.g. MITM attacks; > http://lists.freebsd.org/pipermail/freebsd-questions/2014-April/257394.html > > Some PRs have been filed about it as well, e.g; > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188433 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188428 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188430 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188432 > > So unless somebody finds the time to address these, it is not inconceivable > that portsnap will be retired after 8.x and 9.x reach EOL. > > Updating ports with svnlite is easy. Initially do a check-out; > > # rm -rf /usr/ports > # mkdir /usr/ports > # svnlite checkout https://svn0.eu.FreeBSD.org/ports/head /usr/ports > > (I'm using the European mirror as an example. Choose a relatively close mirror.) > > After that you can update the ports tree with; > > # svnlite update /usr/ports |& less > >> > I >> > used to build everything from ports, #make install clean sorts of >> > commands. Is this going away? >> >> It sill works as expected and is still supported. For few >> software, it's the only way of installation because no binary >> package exists (maybe you need specific compile-time options >> which are not the default options). >> >> So far, those are the "big changes" regarding software >> installation: >> >> 1. pkg (instead of pkg_* toolset) >> >> 2. clang (instead of gcc) >> >> 3. Subversion (instead of CVS) > > There is another change coming; the support for installing Python packages for > multiple Python versions. > > Roland > -- > R.F.Smith http://rsmith.home.xs4all.nl/ > [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] > pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANnsUMFNoueDmhhCOi%2BMwj39-L5oLCgqfBdD=HEm05s2xE9yJQ>