pkg tries to reinstall a package already installed with the ports

consigliere · Saturday at 3:42 AM

Hi,

I've have installed openconnect (version v9.12-unknown) with the ports. I configured openconnect to compile it with GnuTLS instead of OpenSSL.

Bash:

# openconnect -V
OpenConnect version v9.12-unknown
Using GnuTLS 3.8.9. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /usr/local/sbin/vpnc-script

If I type pkg update && pkg upgrade, pkg tries to reinstall openconnect.

Bash:

# pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (96 candidates): 100%
Processing candidates (96 candidates): 100%
The following 3 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
        openconnect-9.12_1 (options changed)
        py311-libxml2-2.11.9_1 (provided shared library changed)
        texinfo-7.1_8,1 (required shared library changed)

Number of packages to be reinstalled: 3

2 MiB to be downloaded.

Proceed with this action? [y/N]:

But I don't want to reinstall openconnect because pkg will install surely the binary version that is compiled with OpenSSL.

Why pkg program does not ignore openconnect that is already installed from the ports?

Regards

Emrion · Saturday at 11:35 AM

Because ports use the pkg system for installation. There is only one database and no track, I think, whether a software is installed by ports or by pkg.

This is why you can read sometimes, it's not a good idea to mix packages and ports on the same system.

Use pkg-lock(8) to prevent this.

T-Daemon · Saturday at 2:42 PM

consigliere said:
I've have installed openconnect (version v9.12-unknown) with the ports. I configured openconnect to compile it with GnuTLS instead of OpenSSL.

You have build the port with a non-default option ("GNUTLS=on"). Official packages are build with default options.

Packages installed from a ports tree or from a package repository are processed by ports-mgmt/pkg. ports-mgmt/pkg creates a sqlite database under /var/db/pkg with records of all installed packages on the system, with all the build information (including build options, see "Options" from the pkg info openconnect output, or pkg query '%Ok=%Ov' openconnect).

A pkg-update(8) or pkg-upgrade(8) downloads a sqlite package repository catalog (if no database is on the system or is newer than the currently saved, also saved under /var/db/pkg/ ) which contains all packages with their build information .

pkg-upgrade(8) compares the locally installed packages options with the repository catalog recorded options. If there is a difference, the corresponding package(s) are processed for re-installation. This is indicated with the "options changed" message:

Rich (BB code):

Installed packages to be REINSTALLED:
        openconnect-9.12_1 (options changed)
        py311-libxml2-2.11.9_1 (provided shared library changed)
        texinfo-7.1_8,1 (required shared library changed)

Shared libraries can be also a reason for re-installation.

I your case, locking the package, as Emrion suggested, will avoid re-installation.

Ports and packages can be mixed, to a certain degree. If there are only a handful of ports installed besides official repository packages, it may not cause problems. However, you must maintain (upgrade) these packages installed by ports yourself.

hex_messer · Monday at 11:27 AM

Another solution is to create local package repo.
Somewhere here on forum it's described (about similar question), i've forgot link.
Roughly is looks like that:
1) create folder /usr/ports/packages (read man ports)
2) while building package from port, build it's package (make package). For example, it's useful to me to buld drm kmod, because it's not work out of the box. Use "install-missing-packages", if needed (to not build common packages from source). This put package to /usr/ports/packages and progressively builds repository structure.
3) exec "pkg repo /usr/ports/packages" (read "man pkg-repo")
4) add appropriate configuration: create file /usr/local/etc/pkg/repos/local.conf with contents
local: {
MIRROR_TYPE: NONE
URL: "file:///usr/ports/packages"
enabled: yes
}
5) do pkg update

Now you can install packages build by you from your repo local:
pkg install -r local <packagename>

And this repo will have preference over remote repos. Thus pkg update will not override your local packages.

Another question how to properly and *easy*, in time, update your local packages.
Just now was time to upgrade (quoter changed 2025Q1 to 2025Q2). And besides problems of missing packages in quoterly repository, I will look for easy solution.

consigliere · Wednesday at 10:12 PM

Emrion said:
Because ports use the pkg system for installation. There is only one database and no track, I think, whether a software is installed by ports or by pkg.

This is why you can read sometimes, it's not a good idea to mix packages and ports on the same system.

Use pkg-lock(8) to prevent this.

Using pkg-lock(8) worked for me. Thanks.

consigliere · Wednesday at 10:15 PM

Hi

The openconnect command does not come with a script at /usr/local/etc/rc.d to start it at boot. Is there a workaround to start openconnect at boot?

Regards

consigliere · 2025-04-10T02:20:09+0100

Hi,

I've found two possible solutions, supervisor and monit. I decided to use monit and worked.

Code:

# cat /usr/local/etc/monit.d/ping
# Internet
check network public with interface re0
  if link down then alert
  if changed link then alert

# ping
check host server-01 with address 10.10.10.21
   if failed icmp type echo count 3 with timeout 10 seconds then exec "/usr/local/bin/bash -c '/root/anyconnect/restartOpenconnect.sh &>/var/log/restartOpenconnect.log'"
   depends on public

Code:

# pkg info monit
monit-5.34.4
Name           : monit
Version        : 5.34.4
Installed on   : Fri Jan 31 19:54:20 2025 CST
Origin         : sysutils/monit
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : sysutils
Licenses       : AGPLv3
Maintainer     : martinp@tildeslash.com
WWW            : https://mmonit.com/monit/
Comment        : Unix system management and proactive monitoring
Options        :
        DOCS           : on
        PAM            : on
        SSL            : on
Annotations    :
        FreeBSD_version: 1401000
        build_timestamp: 2025-01-18T01:14:11+0000
        built_by       : poudriere-git-3.4.2
        cpe            : cpe:2.3:a:mmonit:monit:5.34.4:::::freebsd14:x64
        port_checkout_unclean: no
        port_git_hash  : 2db5066136
        ports_top_checkout_unclean: no
        ports_top_git_hash: 86e28c84a7
        repo_type      : binary
        repository     : FreeBSD
Flat size      : 889KiB
Description    :
Monit is a utility for managing and monitoring processes,
files, directories, devices and network services on a Unix system.
Monit conducts automatic maintenance and repair and can execute
meaningful causal actions in error situations.

monit supports:
 * Daemon mode - poll services at a specified interval
 * Group and manage groups of services, service dependencies
 * Logging - syslog or own logfile
 * Alert, start, stop and restart of services based on it's characteristics
 * MD5 and SHA1 checksums
 * Runtime Unix socket and TCP/IP port checking (TCP and UDP)
 * Process status, timeout, memory and cpu usage, etc.
 * Device usage monitoring (inodes and space)
 * File monitoring (timestamp, checksum, permission, owner, etc.)
 * Directory monitoring (timestamp, permission, owner, etc.)
 * Remote network services monitoring (ping, response time, protocol, etc.)
 * System load average monitoring
 * Flexible and customizable email alert messages and notifications
 * Protocol verification such as HTTP, FTP, SMTP, POP, IMAP, NNTP, NTP, etc.
 * A HTTP interface with XML output option
 and many more features :)

Regards

astyle · 2025-04-10T04:26:36+0100

hex_messer said:
Another solution is to create local package repo.
Somewhere here on forum it's described (about similar question), i've forgot link.
Roughly is looks like that:
1) create folder /usr/ports/packages (read man ports)
2) while building package from port, build it's package (make package). For example, it's useful to me to buld drm kmod, because it's not work out of the box. Use "install-missing-packages", if needed (to not build common packages from source). This put package to /usr/ports/packages and progressively builds repository structure.
3) exec "pkg repo /usr/ports/packages" (read "man pkg-repo")
4) add appropriate configuration: create file /usr/local/etc/pkg/repos/local.conf with contents
local: {
MIRROR_TYPE: NONE
URL: "file:///usr/ports/packages"
enabled: yes
}
5) do pkg update

Now you can install packages build by you from your repo local:
pkg install -r local <packagename>

And this repo will have preference over remote repos. Thus pkg update will not override your local packages.

Another question how to properly and *easy*, in time, update your local packages.
Just now was time to upgrade (quoter changed 2025Q1 to 2025Q2). And besides problems of missing packages in quoterly repository, I will look for easy solution.

Yeah, sounds nice, but not everybody can handle building a Poudriere infrastructure, esp. if they want to do their own options. I had to abandon such a project a few years ago because other stuff IRL demanded my attention.