Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Sep 2011 16:36:23 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Pierre-Luc Drouin <pldrouin@pldrouin.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis?
Message-ID:  <20110905163623.98ebca0a.freebsd@edvax.de>
In-Reply-To: <4E64DAA6.60006@pldrouin.net>
References:  <4E644637.1030500@pldrouin.net> <20110905143102.68a797fa.freebsd@edvax.de> <4E64CC1D.90001@pldrouin.net> <20110905154358.187c9fba.freebsd@edvax.de> <4E64DAA6.60006@pldrouin.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, 05 Sep 2011 10:20:22 -0400, Pierre-Luc Drouin wrote:
> How well does it work to use binary packages only to maintain a FreeBSD 
> web server in general (I am thinking of package availability, but also 
> and in particular as a quasi-automated updating tool)?

Quite well - as long as you're satisfied with the default
building options. You know that a binary package is a port,
compiled with the default set of options. This is okay in
most cases, but there may be situations where you explicitely
need to enable or disable a certain feature at compile time.

You also may encounter a situation where _no_ package is
available for a port (e. g. too many options, or licensing
restrictions).

This can be solved by portmaster which has an option to
go through all interactive configuration screens _before_
starting any action. Those settings can be saved for the
next update run.

The portmaster program itself can be instructed to _use_
binary packages (just as pkg_add -r would do) with the -P
and -PP options. In this case, binary packages will be
used as long as possible, and only those ports that
require building (as no package exists) will be compiled.
See "man portmaster" for details.

This is a good approach in combination with freebsd-update.
I have used that concept on some servers myself (especially
on smaller ones with low resources where compiling would
be too problematic).



> I noticed that in 
> the past few years, updating softwares through ports has been requiring 
> more user intervention, due to the way some dependencies are being 
> updated from one version to the next. Would using binary packages allow 
> to avoid more such user intervention?

Yes. All dependencies would be incorporated automatically.
Only ports without equivalent package that additionally have
OPTIONS to set would invoke a configuration screen, and this
screen would have to be dealt with only in the first run of
the updating process.

There are also options for portmaster that can be used to
control program behaviour in case of problems (e. g. some
package not found, conflicting ports, versioning problem,
or port marked "broken").

Those solutions can also easily be scripted, e. g. check
one a week for possible updates and get the packages, but
do not install them automatically (which can be a security
requirement). If the list is approved, the updates will
be installed during night, creating a "fallback copy" just
in case something went wrong (e. g. malfunctioning new
software). Reports can be generated automatically and mailed
to the system administrator.

I would also suggest to frequently check the mailing lists
of the software in use for bugs and security updates that
might be interesting in terms of system security. This sould
be done for any "major server software" (Apache, PHP, MySQL
and the services utilizing those software, whatever you
want to run on the server).



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20110905163623.98ebca0a.freebsd>