Date: Fri, 10 Mar 2017 14:55:13 +0100 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-ports@freebsd.org Subject: Re: Chicken/egg problem with pkg Message-ID: <f21ccbab-2bf9-ccff-3d8a-942cbed4ecf0@rlwinm.de> In-Reply-To: <a2528a17-bae9-ef23-e2cd-bc4b1c813db7@xs4all.nl> References: <a2528a17-bae9-ef23-e2cd-bc4b1c813db7@xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/03/2017 14:26, Hans de Hartog wrote: > I have an old web server (10.1-RELEASE-p9) which is running for years > > without any upgrades. Now I want to install a simple port (trafshow, to > > see what's going on). > > It first want to upgrade pkg from 1.5.1 to 1.10.0_2 but that doesn't work: > > [1/1] Upgrading pkg from 1.5.1 to 1.10.0_2... > [1/1] Extracting pkg-1.10.0_2: 100% > /usr/local/lib/libpkg.so.4: Undefined symbol "openat" > > Anything I try to do with pkg now gives me this error-message. > > /var/log/messages says: pkg: pkg upgraded: 1.5.1 -> 1.10.0_2 > > How do I proceed from here (without upgrading everything, please)? You dug yourself a deep hole by letting your system fall that far behind. Both FreeBSD 10.1 and 10.2 are EoL since 2016-12-31 (https://www.freebsd.org/security/unsupported.html). While FreeBSD is backward compatible (e.g. you can run binaries for 10.1 on 10.3) it isn't forward compatible (e.g. you can't run FreeBSD 10.3 binaries on 10.1). In your case the problem is that the official package build jails run the oldest supported minor release inside each major release. After 2016-12-31 the build jails migrated from 10.1 to 10.3. Among other things FreeBSD 10.3 added a bunch of new *at() system calls like openat. These *at() system calls are useful inside (capsicum) sandboxes. Your old 10.1 kernel lacks those systems calls and your old 10.1 libc lacks the stubs to call them anyways. It is this missing stub that causes the new libpkg.so to fail to link. Running unpatched networked systems is a bad habit in most cases, but it is reckless to run an unpatched webserver, because webservers offer a large attack surface to the network. Your simplest way forward is to update to the latest patchlevel and than migrate to a supported release (at least 10.3 as of writing). Afterward you can upgrade your packages from the default repos. Upgrading to a newer minor release of the same major release is fast and painless with freebsd-update. Upgrading to the next major release shouldn't cause any problems, but you have to reinstall all packages. This was a major annoyance before pkgng, but these days changing the repo ABI and a single `pkg upgrade` does that in a few minutes. Or you write this system off as probably compromised and rebuild it from scratch ;-).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f21ccbab-2bf9-ccff-3d8a-942cbed4ecf0>