Topic: Efficient pkgsrc updating

Let me first start by saying that this wonderful guide is based upon what "tonio" told me on #netbsd irc.freenode.net

I've tested it and it seems to be the best way I've found to update pkgsrc - avoiding potential recursive builds of apps which sometimes occur through normal "make update"  wink

Ok, first, we need a couple of apps from pkgsrc to help us do this:

# cd /usr/pkgsrc/pkgtools/pkglint/
# make install clean clean-depends
# cd /usr/pkgsrc/pkgtools/pkgdepgraph/
# make install clean clean-depends

The first thing we need to do is generate a list of the out of date apps:

# cd /root
# lintpkgsrc -i > out_of_date

using this list we need to create a list of all the apps to delete:

# pkgdepgraph -D out_of_date > to_delete

Now we can also create a shell script of the apps to be rebuilt - and this is the magic bit as the script should be organised so that all your apps are reinstalled by only building each app once in dependency order wink

# pkgdepgraph -R out_of_date > rebuild

ok... now we can actually update pkgsrc. Up 'til now nothing has been changed. First we delete the obsolete apps (and deps):

# pkg_delete `cat to_delete`

Finally - we kick off the installation of the apps:

# sh rebuild

NOTE: This does NOT guarantee that all your apps will be reinstalled, so check afterwards wink

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: Efficient pkgsrc updating

I've already tried this method. It worked well.

You guys have to know that pkg_chk is getting better with each new version.

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: Efficient pkgsrc updating

Actually I've only tried it once so I'm giving it a new shot !

I may also advise people to do a pkg_info > pkg_before_upgrade in case the upgrade doesn't go as expected!

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: Efficient pkgsrc updating

Just to let you know that I wrote some kind of HowTo on my blog, based on this method, but with the use of a sandbox.

You can read it on http://diwp.blogspot.com/2006/09/manage … -with.html

Feel free to leave comments and suggestions wink

Re: Efficient pkgsrc updating

I've used this method several times now and it never failed on me like make update or pkg_chk used to.

I dont know if/how they both improved but I'm going to stick to this method.

Thanks again

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: Efficient pkgsrc updating

Glad to hear is dynek  smile

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: Efficient pkgsrc updating

wow - I'm famous  tongue

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: Efficient pkgsrc updating

Before doing this I'd also check if there are new versions of pkglint and pkgdepgraph.

So you use the new versions when updating.

<wintellect> NetBSD users are smart enough to accept that there's no 3D support tongue

Re: Efficient pkgsrc updating

I'm asking months after the original post, but I'll ask anyways...

*  If pkgsrc is installed via CVS, does lintpkgsrc perform a CVS update?

*  Does lintpkgsrc integrate any security vulnerability information?

I'm unclear to what extent this process updates the pkgsrc tree.  Thanks for any candor which can be shared.

Re: Efficient pkgsrc updating

Hi ocicat.

No it does not perform a CVS update. You should perform that step first before starting the update process outlined above.

What do you mean by "integrate any Security vulnerability information"? Do you mean identifying known security flaws? If so then "No" - that information is available via another pkgsrc app that the security team keep updated (much like FreeBSD's)

"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: Efficient pkgsrc updating

WIntellect wrote:

No it does not perform a CVS update. You should perform that step first before starting the update process outlined above.

Thanks.  So lintpkgsrc simply correlates local information.  This makes more sense.

What do you mean by "integrate any Security vulnerability information"?

I may have been recalling Section 4.1.5 of the pkgsrc user's guide incorrectly:

http://netbsd.org/docs/pkgsrc/using.htm … rabilities

However, perhaps I should rephrase the question:

Does security/audit-packages present any value when all packages installed have been built from source?

Thanks again for your reply.

Re: Efficient pkgsrc updating

maple wrote:

There is no reason not to use audit-packages (that I can think of).

Thank you for your comments.

Re: Efficient pkgsrc updating

maple wrote:

There is no reason not to use audit-packages (that I can think of).

There is one issue - if an app has a know vulnerability, pkgsrc will NOT build it. pkgsrc uses audit-packages to see if the app you are installing is vulnerable or not - A vulnerable app WILL RESULT IN THIS RTFM FAILING!!!.

HOWEVER - there is an override to this wink  So, if you're sure you want to install vulnerable apps - add the following to /etc/mk.conf

ALLOW_VULNERABLE_PACKAGES=1
"UBER" means I don't drink the coffee... I chew the beans instead
             -- Copyright BSDnexus

Re: Efficient pkgsrc updating

WIntellect wrote:

So, if you're sure you want to install vulnerable apps - add the following to /etc/mk.conf

ALLOW_VULNERABLE_PACKAGES=1

Thanks for mentioning this!

Last edited by ocicat (2007-08-23 16:06:13)