Advice about cvsup ports-all upgrading
From: Toyotoshy (umbertobox_at_yahoo.it)
Date: Tue, 11 Jan 2005 11:53:41 +0100
it's going to be a long mail, I apologize for my poor english*.
I'd like to have an advice about how to behave in case I want to upgrade
some port because of new vulnerabilities. I'm not interested in having
all my portsa always upgraded to the newest release; I'm only interested
in try to fix vulnerabilities as fast as I can.
As we all know the standard way to upgrade our ports is via cvsupping
/usr/ports and then run portupgrade [-options] prg_name. It does work
mostof the time and I use r as option inorder to avoid binary
incompatibilities, but sometimes this procedure is realy a waste of
time, expecially if I use to cvsup all my ports tree.
Sometimes something very bad could happen as well: suppose you have
ports a depending on b that depends on c, schematicaly
c <- b <- a
and a, b and c have been replaced in ports tree with a', b', c'(and
sometimes d' as *new dependency*) in such a way we have for example the
c' <- b' <- a'
So if I portupgrade -r a it would try to upgrade the dependency first,
but it could happen that for some reason the process does stop because
of some errors and you could be left in such a situation:
c' <- b -< a
This configuration couldbe a wrong , not working configuration. However
I'm not worried about such a situation: I use to tell portupgrade to
backup packages before trying to portupgrade and so I can revert to
However one can avoid cvsupthe whole ports-tree: on FreeBSD handbook I
find that one can write down a refuse file and/or decide to cvsup only
one subcollection of the ports-tree but one has to remember to always
upgrade the base-system. OK, but when you do something like this you
cannot build INDEX(written in the handbook). My question is: will
portupgrade work well even with the wrong INDEX? That is I don't know
the details about the way portupgrade does work, but I think it uses
informations contained in the INDEX file, isn't it?
So, finaly, what to do? always cvsupping the whole ports-tree even if
you have the risk that something in some long dependencylist would not
work, or what?
OK, one solution could be the one(suggested in the handbook), to
make PREFIX=/usr/home/example/local install
as well as cvsup into a non-standard directory, to try if the process
does work. But suppose, everything does work; what should I do in order
to have the newly tested and working packages installed onthe standard
places? overwrite my old ports-tree with the new one and rebuild?
By the way, I should upgrade my tiff because of vulnerabilities. The
tiff's release installed on my computer is tiff-3.7.0_2 and a lot of
packages I have installed depend on tiff:
So if I portupgrade -r(oh, I've cvsupped my whole ports tree) I'll waste
a lot of time. Do you know if in this case upgrading *only* tiffs to
3.7.1_2 would realy break something?
by the way, if you like to correct me, I'll be grateful :-)
-- Toyotoshy Powered by FreeBSD 4.10 and X-forwarding|