Date: Wed, 8 Mar 2006 10:04:02 -0800 (PST) From: Chris Maness <chris@chrismaness.com> To: Andrew Pantyukhin <infofarmer@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Portupgrade Operation Message-ID: <20060308094831.M67603@ns1.internetinsite.com> In-Reply-To: <cb5206420603072314t43210f49geac4983d5ed9fa50@mail.gmail.com> References: <440E7707.3050602@chrismaness.com> <cb5206420603072314t43210f49geac4983d5ed9fa50@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Mar 2006, Andrew Pantyukhin wrote: > On 3/8/06, Chris Maness <chris@chrismaness.com> wrote: >> If I manually rm -rf a port, manually untar (ie glib.tar.gz), and do a >> portupgrade -rR glib, will packages that have a specific dependency on >> the old glib version get rebuilt? Or if not will they break (I am just >> using glib as an example and looking for a very general answer)? I >> would like to figure out how portupgrade works without CVSUPing the >> whole port tree. Like in the case of a security problem on a >> production server. I don't necessarily want to rebuild every port that >> has been installed on the box. Doing this has worked so-far, but I want >> to make sure that this is the best approach, so that I don't end up >> having the mess I had a while back with dependencies. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >> > > Keeping your apps up-to-date is kinda proactively secure. > > Anyway, we always have the latest ports tree (it's actually > mounted read-only via NFS on every FreeBSD machine > at our site) and if you don't want to update all at once - > just don't use portupgrade -a. And yes, in case your whole > ports tree is fresh, portupgrade -rR glib will upgrade all > dependencies and dependants (recursively). > > I have been told that tracking the whole port tree on a production server is a bad idea. I kind of agree thinking about the old addage "if it aint broke don't fix it." But, if a security issue becomes known with a port that I have installed, I definately want to fix the issue. Your answere definately confirmed for me how port upgrade works. It seems that other dependant ports would not have to be current on the tree if they were re-compiled allowing autoconf to establish the location of depended files. However, it seems that portupgrade does not uninstall and re-compile if the dependant ports have not changed (ie the folder containing the ports make file and patches), it only recompiles parts of the tree that have been upgraded, and are linked via portupgrade -rR. It would be nice if portupgrade had a flag to do that (that is if my logic is correct). It would be nice if ports forked the way src does. Then I could just track bugfixes and security issues. Thanks Chris Maness
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060308094831.M67603>