Re: portupgrade script problem

From: Conrad J. Sabatier (conrads_at_cox.net)
Date: 09/29/04 

Date: Wed, 29 Sep 2004 02:25:12 GMT

In article <fWV5d.73183$zT6.18592@bignews5.bellsouth.net>,
Understudy <understudy@understudy.net> wrote:
>
>
>I have a script I am running to update my ports. It runs as a cronjob.
>It works ok, but not perfectly. Here is the script:
>
>#! /bin/sh
># This is a script to update the ports automatically
># set path for cvsup
>PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:
>/usr/X11R6/bin:/root/bin;
>export PATH
># the command is change directory to where the ports-supfile is. Then run
># portsdb -U. Then run portupgrade -arRP. Then run portversion -l "<"
>cd /root && cvsup ports-supfile && portsdb -U && portupgrade -arRP &&
>portversion -l "<" |mail -s 'version info' root

A few comments first:

1) Are you *sure* you want to automatically upgrade your ports this way?
While many of us do run a nightly cron job to upgrade the ports tree, INDEX
files, etc., actually upgrading the ports themselves unattended like this
may lead to trouble.

2) You could just as easily place all of these commands in a single crontab
entry, rather than invoking a script from cron.

3) This is more a matter of style and personal preference: if you setup
/etc/make.conf with proper settings for the various cvsup-related variables,
you can use "cd /usr/ports && make update" instead of manuallly invoking
cvsup. This, I think, is a much cleaner way to go about it.

4) You probably don't need *all* of those directories in your PATH.

5) "portsdb -U" is insufficient to update the files portupgrade needs to
determine which ports need upgrading. You're only updating the INDEX file,
but neglecting to update INDEX.db. Use "portsdb -Uu" instead.

6) The "-r" and "-R" switches to portupgrade are superfluous if you're using
the "-a" switch, unless you're doing a "forced" upgrade using the "-f"
switch.

7) Do you really prefer to use pre-compiled packages, rather than building
the ports from source? You're missing out on a lot of the flexibility of
the ports system by doing this.

8) If you want to get a listing of all installed ports whose versions differ
from those in the ports database, use "portversion -L '='" instead.

9) It shouldn't be necessary to explicitly pipe the output of portversion to
mail, unless you're explicitly setting MAILTO="" in your crontab to squelch
the mailing of the output of your cron jobs.

> >The problem is specific to the portupgrade -arRP part. I get this error:
>
>---> Upgrading 'dri-5.0.2,1' to 'dri-5.0.2,2' (graphics/dri)
>---> Building '/usr/ports/graphics/dri'
>---> Backing up the old version
>cp: chmod: /var/tmp/dri-5.0.2,1.bak: Invalid argument
>
>Okay, here is the catch. If I run this script from a command line it
>works fine. I only get thee errors from it as a cron.
>
>How can I adjust the script to fix this?

This I have no idea about. I've never seen this before. It *may* be
related to the fact that you're using packages rather than building from
source. It may have to do with the permissions/ownerships on /var/tmp
vis-a-vis the user whose cron job is being run. Another possibility is
that, with your excessively inclusive PATH, some script or program is being
invoked by portupgrade other than the one intended. Try going through your
script, doing a "which" or "whereis" on each of the commands it uses, and
don't include any other directories in the PATH than those that are
absolutely necessary. You can certainly do without "/usr/games". :-) And
"/usr/X11R6/bin" is highly unlikely to be needed either. There are probably
others as well.

HTH 

-- 
Conrad J. Sabatier <conrads@cox.net> -- "In Unix veritas"

Relevant Pages

  • Re: Portupgrade script.
    ... > The script is an almost automated way to upgrade all your ports to the ... CPU/disk-intensive portupgrade -Rra. ...
    (freebsd-stable)
  • Re: (Ab)using rcngs features to keep rc.d-style services running should they fail.
    ... I realised that because portupgrade/portmaster don't always ... prior to an upgrade and re-enable them when the upgrade is done. ... Personally I think ports doing this automatically are quite ... install' should be 'restart'ing the rc.d script at very least). ...
    (freebsd-hackers)
  • Re: Major Error Upgrading to GNOME 2.12
    ... Micah wrote: ... I noticed a large number of GNOME ports in my output ... >> had to restart the upgrade each time. ... > on (and wrote a script that made a list of the differences). ...
    (freebsd-questions)
  • Re: Problem with script to add printers ports, need help.
    ... >> first want to add the printer ports but I am running into a problem. ... >> Just for the heck of it I ran the template script from the script center and ... > and ports on local and remote computers. ... > Instrumentation scripts in Windows Server 2003, ...
    (microsoft.public.windows.server.scripting)
  • Re: [Full-disclosure] Brute force attack - need your advice
    ... But please state a config that someone with experience can not get into, is more of a point that security is ever evolving. ... Yup it is security by obscurity and it will help against a script kiddie that won't take the time to scan all ports, thats why I suggested move to a high non-standard port. ... I'm not talking about downloading blacklists but dynamic firewall rules and scripting to achieve a dynamic list based on ranking of attacks against the box. ...
    (Full-Disclosure)