Solved Delay between ports and packages? (Saltstack security update)


New Member

Reaction score: 1
Messages: 7

I've had my salt master shut down for the last two weeks due to the recent vulnerabilities announced in salt.
A few days ago I needed to get it back online, so I adjusted pf() rules on the box to only allow known-good hosts to talk to the master.
I kept checking pkg to see if an updated package was available, but as of a few minutes ago I still don't see anything.
I decided to check sysutils/py-salt, and found that it's updated to 2019.2.4.

I would rather not build from ports on ~50 different machines. After an update is released to a port, how long until an updated package is available?


Aspiring Daemon

Reaction score: 372
Messages: 874

After an update is released to a port, how long until an updated package is available?
For the quarterly branch it depends if it's a security fix, build, run, packaging, or other bug fixes, then, depending on the number of ports to build, in a few days at most, if none of the listed reasons, then every beginning of a quarter of the year.

The latest branch, in general, approximately every three days, but the last month it took longer.

Concerning sysutils/py-salt, it seems you are tracking the quarterly package repository, latest has the py37-salt-2019.2.4.txz package already.

Here you can check the build status of the current build for the quarterly repository. For quarterly the package py37-salt is built, but it won’t be uploaded to the repository and distributed to the mirrors until the whole batch ( ~ 9000 ports for build 534001 ) is build. On the top right side of the page you can see the elapsed time and at the bottom the progress bar of the total builds. It will take estimated another day or two until the built packages will be uploaded.


Well-Known Member

Reaction score: 167
Messages: 459

You could build the package on one machine and use salt to deploy and install to the other minions.