Stable and Release

cdiem · #1 December 21st, 2008, 16:50

Hello,

I'm fairly new to FreeBSD. Using packages only, on a lappy.
As far as I understand it, FreeBSD is separated in 2 - base system and packages.
Today I ran portaudit and it showed 17 packages with flaws (using the default RELEASE packages, without setting anything with PACKAGESITE).
My question is, is it ok to point PACKAGESITE to 7.0-Stable and upgrade these packages, while having the base system at 7.0-RELEASE; is this going to break the system anyhow? Will I be able to upgrade then to 7.1-RELEASE after it is released within a few months, with the mixed system I'm going to have?
So, basically, is it OK to have the base system at 'RELEASE' and the packages at 'STABLE'?

jb_fvwm2 · #2 December 22nd, 2008, 00:20

"base"; then ( /ports/ OR ports-via-packages OR mix)

portaudit, vulnerabilities within the packages_OR_ports
packages are less recent than ports. To "maybe fix" portaudit you
would install ports not packages, but even the ports Makefiles/etc
lag behind somewhat the fixes for the vulnerabilities.
.........
stable, release, can refer to the "uname -a" base version
as well as the source of packages
.........
leaving out a few explanations I don't have time to think
through before typing...

Lowell · #3 December 22nd, 2008, 01:38

Quote:

Originally Posted by cdiem

So, basically, is it OK to have the base system at 'RELEASE' and the packages at 'STABLE'?

Yes. Completely normal.

cdiem · #4 December 22nd, 2008, 12:35

Thank you for your answers; it was just this info that I needed; I'm going to try it. Thanks again.

dracodoc · #5 December 23rd, 2008, 04:11

It is possible, but there are problems. I learned them in a hard way. -- I'm just a beginner user so please correct me if I said anything wrong.
When you set your PACKAGESITE to stable, you can pkg_add -r someapplication, but it will need other dependencies, and the version of your system will not match in most case -- since 7.0 release is not new. Then your pkg install will fail because pkg_add will not install needed new pkg automatically, you can force install the application but it will have problem for sure.
If you install new application by ports, ports will install needed dependencies automatically. But the problem is, almost all your libraries will need update, and it can take a very long time to install firefox3 -- I tried but decided to cancel it.
So the better idea should be install 7.1 release RC now or wait for official release of 7.1. That way your library in userland will be more up to date and need less compilation.

fender0107401 · #6 December 23rd, 2008, 08:04

I prefer the ports, the ports tree is shared by "current", "stable" and "release", but every ports have a cvs_tag, I think the cvs_tag is a declaration of the base_system request. The package system may don't work like it.

FreeBSD's Base system have two branch: that is "curent" and "stable".
The "release" is just a snapshot of "stable" branch in some time point.

Beyond the ports, FreeBSD alse have "doc" and "web" tree, they also shared by every branch.

Recently, I find the "doc" tree is every interesting, it can help me to maintain a fresh documentation in /usr/share/doc.

cdiem · #7 December 23rd, 2008, 11:44

You were right actually; I had to 'pkg_delete -a' after pointing to stable, because several packages did not upgrade with 'portupgrade -varRPP'. I did 'pkg_add -r xorg' for 7-STABLE after deleting it all, which again had some problems with dependencies..I guess I will just wait for the packages from 7.1-release (which seems to be coming soon).

I'm just curious, cause after doing 'pkg_add -r xorg' for the 7.0-RELEASE, portaudit showed several packages with security flaws, one of them xserver. Is there a way to fix this if I do not want to recompile xorg?
I mean, it's a laptop; when compiling anything it usually overheats, and that's why I use packages; the only cure seems to be to set the highest CPU frequency lower, which by the way needs kernel recompiling for 7.0-release (as stated in the HOWTO's section of this forum, the CPU scalling thread). But, as I said, I'm new in FreeBSD; probably there's also another way to lower down the temperature when compiling applications, which the more experienced FreeBSD gurus are aware of - is there one?

fender0107401 · #8 December 23rd, 2008, 14:38

Code:

portupgrade --PP

This command will help you to upgrade your packages without compilation, If the developer have compiled it for users.
I found it in portupgrade's man page, and perhaps it will need you to update the ports_tree before you run it.
I am not sure about this command option, because I never used package.

FreeBSD is very flexible it have two application management system: package and ports. If you run it on laptop, the package is a smart choice.

dracodoc · #9 December 23rd, 2008, 17:25

From the man pages for pkg_add(1), it should be able to get dependency packages automatically:
3. Scan all the package dependencies (from @pkgdep directives, see pkg_create(1)) are read from the packing list. If any of these required packages is not currently installed, an attempt is made to find and install it; if the missing package cannot be found or installed, the installation is terminated.

But in my experience, with FreeBSD release 7.0, changed PKGSITE to stable, pkg_add will not install dependency packages needed for firefox3. Maybe because there is no readily available packages for those libraries?

Lowell · #10 December 24th, 2008, 16:16

Quote:

Originally Posted by fender0107401

Code:

portupgrade --PP

This command will help you to upgrade your packages without compilation, If the developer have compiled it for users. I found it in portupgrade's man page, and perhaps it will need you to update the ports_tree before you run it. I am not sure about this command option, because I never used package.

It uses the ports tree to determine the dependencies, regardless of whether you're using ports or packages. Therefore, you are definitely better off to have the ports up to date (and build or fetch a new INDEX file) before using it for an update.

If you have updated your base system across major releases, you need to update all of your ports, even those that are at the current version. This is because they are linked against the old system libraries. There is a portupgrade option (-f) that will help with this. In the future, this will become less of a problem because of new capabilities in the base system, but it will still be some time before a version of FreeBSD is released with those new capabilities.

Quote:

FreeBSD is very flexible it have two application management system: package and ports. If you run it on laptop, the package is a smart choice.

It's really one management system, with two different ways to install the applications. Once installed, there is no difference between programs you installed from packages as opposed to those you built from source.

fender0107401 · #11 December 24th, 2008, 17:41

Quote:

Originally Posted by Lowell

If you have updated your base system across major releases, you need to update all of your ports, even those that are at the current version. This is because they are linked against the old system libraries. There is a portupgrade option (-f) that will help with this. In the future, this will become less of a problem because of new capabilities in the base system, but it will still be some time before a version of FreeBSD is released with those new capabilities.

Thank you very much for the reply. I never upgraded my system across major release, so I have not any experience about this process.

Quote:

Originally Posted by Lowell

It's really one management system, with two different ways to install the applications. Once installed, there is no difference between programs you installed from packages as opposed to those you built from source.

Yes, you are right, the package is compiled from the ports by developers instead terminal users, naturally they are same. Maybe we should say the package is subsystem.

rocketman · #12 December 26th, 2008, 23:02

Quote:

I'm just curious, cause after doing 'pkg_add -r xorg' for the 7.0-RELEASE, portaudit showed several packages with security flaws, one of them xserver. Is there a way to fix this if I do not want to recompile xorg?

I think if you run "X", it will always have vulnerabilities. But if your using your system as a desktop, you'll be OK. I would not suggest you install ANY "X" servers on a server system. Refer to 'man xhost' for more details.

rocketman · #13 December 26th, 2008, 23:07

I forgot to explain clearly. Any "X" means running "X" on any operating system: Linux, *BSD, MacOS X, DECwindows and there are several "X" servers for Win32.

Lowell · #14 December 27th, 2008, 14:45

Quote:

Originally Posted by rocketman

I think if you run "X", it will always have vulnerabilities. But if your using your system as a desktop, you'll be OK. I would not suggest you install ANY "X" servers on a server system. Refer to 'man xhost' for more details.

X is always dangerous, because it requires direct access to memory. However, there are no known vulnerabilities at this time if you are running x.org from the most up-to-date ports.

Oko · #15 December 28th, 2008, 03:45

X is listening by default on port 6000 and runs as a root. There is no such thing as safe X server. There is some work in OpenGL (better known for X accelerated server and 3D rendering drivers) which might enable us in the distant future to run X window system safely i.e as the normal user. In the mean time I would fire you if I saw you running X on my servers

Djn · #16 December 28th, 2008, 20:36

The "listening"-part can be turned off, though.

edogawaconan · #17 December 30th, 2008, 15:29

Quote:

Originally Posted by cdiem

You were right actually; I had to 'pkg_delete -a' after pointing to stable, because several packages did not upgrade with 'portupgrade -varRPP'. I did 'pkg_add -r xorg' for 7-STABLE after deleting it all, which again had some problems with dependencies..I guess I will just wait for the packages from 7.1-release (which seems to be coming soon).

How about -f?
Also shouldn't there will be problem if required package(s) not available in binary form with -PP option?

fleshm · #18 January 19th, 2009, 21:07

hey, btw i'd like to ask a similar question.

i've got my sup file configured that way;

Code:

  *default host=cvsup.FreeBSD.org
  *default base=/usr
  *default prefix=/usr
  *default release=cvs tag=RELENG_7_1_0_RELEASE
  *default delete use-rel-suffix
  *default compress
  ports-all
  doc-all

and when i type

cvsup supfile it makes no port tree. in the handbook i've found that tree is created when tag is set to "tag=.". i want to stay with stable tree of 7.1 FreeBSD, so do i need to change every time tag to "." when i want to upgrade the port tree? i don't understand one thing. assuming i've downloaded the tree and i want to install some program. so i type

cd /usr/portage/[category]/[prog]
make install clean

from what freebsd release the program will be installed from? i bet freebsd-current. so what do i have to do when i want to install stable version?. i've found something in /var/ directory such as cvs_[xx]_RELENG_7_1_0_RELEASE. is this someway related to the release of the program i want to install? the same for portupgrade? how the heck the program knows the release ? i read "ports" part of handbook couple times and still don't get it. could someone explain please? thanks in advance

cheers

**danger@** · #19 January 19th, 2009, 22:55

the supfile you have posted is for the src/ tree. You need a ports-supfile in order to update your ports tree.

However a faster option is to use portsnap(8) utility to synchronize your ports tree...

tangram · #20 January 20th, 2009, 12:44

Do take notice that only source code collection has releases or branches.

By adding tag=. to the end of the collection name, you just tell csup to fetch the latest version of this collection.

So a supfile to pull ports should contain

Code:

ports-all tag=.

Same for docs

Code:

doc-all tag=.

fleshm · #21 January 21st, 2009, 09:48

Thank You for the answer

tangram · #22 January 21st, 2009, 10:25

Glad we've helped. You ever feel to thank someone just push the bottom right "Thanks" button. No need to write a thanks you post

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Solved] is mod_fcgid stable for production server?	cuongvt	Web & Network Services	3	December 13th, 2008 22:41
6.4 Release - Bug Already - Didn't Anyone Test It?	ter2007	Installing & Upgrading	23	December 7th, 2008 21:03
FreeBSD 6.4-RELEASE Available	admin	News & Announcements	0	November 28th, 2008 18:40
Problem booting 7 Stable	francach	Installing & Upgrading	3	November 25th, 2008 19:45
ipfw nat in 7.0-stable	raVen	Firewalls	1	November 18th, 2008 04:57

The Following User Says Thank You to Lowell For This Useful Post:
cdiem (December 22nd, 2008)