"pkg updating" is unreliable

This has bothered me in the past several times, but I was just reminded of it, so I figured I'd post about it before I forget again:

According to "man pkg-updating", it "scans the installed ports and shows all UPDATING entries that affect one of the installed ports." That sounds very useful, and in fact I use it frequently, and have for a long time. However, it's not actually true. The command is unreliable, and quite possibly dangerously so.

The problem is that it relies upon the messages in UPDATING being in a particular format (seemingly, the "AFFECTS" line has to have the package name), but there is nothing enforcing that they actually are in that format. So, for example, just a week or two ago, "pkg updating" did not show me that my installed package lang/python311 had an UPDATING entry that affected it. This seems to be because the entry was labeled with "AFFECTS: Python users" (which, to be clear, does not contain the string "lang/python311").

I haven't seen anything (e.g. in "man pkg-updating") about this, nor how to make it reliable. If there is such a way, I'd love to hear about it. If there's not, though, maybe something should be done about it. For example, perhaps instead of just a text file that maintainers can change arbitrarily, a little program to check the format of the text file before the change can actually be successfully submitted to source control. Or, maybe even have maintainers submit their entries to some DB-centric app instead of to a text file.
 
pkg updating seem to want ports name exactly appear in AFFECTS: line (with or without *) of UPDATING entries.
This would be because there are NO indexes for UPDATING available covering all combinations of category/port and PKGNAME.
 
It's not an easy task, see the thread Automating port search in UPDATING file. Without a specific format of AFFECTS entry, you always have to read all the content /usr/ports/UPDATING file, at least the ones at specific date after last update of each port (I hope I explained myself), that means for each installed port get the installed/last updated date with pkg query '%t' pkg/port name, then for each entry check AFFECTS if it match a pkg/port, if not and the date of the entry is after the earliest entry of the installed/update of all port, show it. This way the script filter all the entries for not installed ports except the one the script does not recognize which pkg/port it refer to and only if the date is after the last update of all installed pkg/ports. It's convoluted but it's the best I could do and for most ports.
 
Surely there could at the very least be something like a pre-commit check that looks for something of the form x/y?

Or even just a change to "pkg updating" itself that makes it (at least optionally) show things that don't conform to that?
 
Surely there could at the very least be something like a pre-commit check that looks for something of the form x/y?

Or even just a change to "pkg updating" itself that makes it (at least optionally) show things that don't conform to that?
I believe pre-commit checks are done by the committer who commit the change. But basically it's "for natural human readers", not for pkg-updating(8).

UPDATING exists in this format from far before pkg-updating(8) appears, more, far before even first CFT (Call For Testing) of pkg(8) was done.

And unfortunately, AFFECTS: line is NOT always as simple as pkg-updating(8) wants to be.

In many cases, single changes to specific single port affects some (many) other ports to require some works on user's side, thus, AFFECTS: line sometimes become complexed and/or abstract.

These are good and informative for natural human readers, but not good for tools like pkg-updating(8).
 
Yes, so that sort of thing is why I suggested a change to "pkg updating" itself that makes it (at least optionally) show things that don't conform.

Temporal order of UPDATING versus "pkg updating" aside: As I said in the original post, its man page explicitly claims that it "scans the installed ports and shows all UPDATING entries that affect one of the installed ports." That claim is false, there seems to be nothing in there to indicate that it's an overgeneralization, and the (entirely reasonable) assumption of a reader that it must be true is potentially dangerous. I think an absolute low bar for what should be done about all this is would be changing the man page to reflect reality.

But I just don't get why something better also couldn't be done. I understand it's difficult or potentially impossible to make something perfect given the way UPDATING currently exists, but it doesn't have to be perfect in order to be a significant improvement; having a "pkg updating" option to explicitly show things that may be false positives would be a significant improvement.
 
Back
Top