Ports need stability

Alt said:
I wonder if there a way to just apply security patches for installed pkgs (as freebsd-update), so i can run server non-stop

There is not, but I think having this would make FreeBSD incredibly popular. I have offered to host a STABLE ports tree and package build server, but I have not gotten any response here.
 
Alt said:
Dunno when ports changed perl5.8 to 5.10, but now im updating all pkgs with portmaster.
Got loads of errors thats horror :p
Most of errors is that pkg_info says perl module is installed. But they are in wrong(old) directory so perl dont see them..

I wonder if there a way to just apply security patches for installed pkgs (as freebsd-update), so i can run server non-stop

In this particular case you failed to read the instructions in /usr/ports/UPDATING :)

Code:
20090328:
  AFFECTS: users of lang/perl*
  AUTHOR: skv@FreeBSD.org

  lang/perl5.10 is out. If you want to switch to it from, for example
  lang/perl5.8, that is:

  Portupgrade users:
    0) Fix pkgdb.db (for safety):
        pkgdb -Ff

    1) Reinstall new version of Perl (5.10):
        env DISABLE_CONFLICTS=1 portupgrade -o lang/perl5.10 -f perl-5.8.\*

    2) Reinstall everything that depends on Perl:
        portupgrade -fr perl

  Portmaster users:
        env DISABLE_CONFLICTS=1 portmaster -o lang/perl5.10 lang/perl5.8
        portmaster -r perl-

  Note: If the "perl-" glob matches  more than one port you will need to
        specify the name of the Perl directory in /var/db/pkg explicitly.

That isn't to say that I don't get ports messes even when following UPDATING once in a while.
 
  • Thanks
Reactions: Alt
Alt said:
I wonder if there a way to just apply security patches for installed pkgs (as freebsd-update), so i can run server non-stop

If the upstream author(s) provide security patches against previous versions, sure, it might be possible.

But if the 20+ ports I maintain are typical, very few of those fixes have been backported by the upstream authors. Instead, the expectation seems to be that users will upgrade to the latest version.

Granted, most of my ports are fairly obscure. The situation might be different with heavily-used programs like Firefox, Python, GTK+, etc.

I'm not sure it's realistic to expect the maintainers to identify and backport the patches themselves. As I said previously in this thread, maintainers and committers already have enough to do. If you're seriously interested in having patches backported, you need to be ready to pitch in and contribute toward this yourself.
 
Dont know how it can be possible.. If we talking about binary patches, there must be binary version for each version for each port.. For source patches - here needed a tool that update only 1 port, saving dependency list if its possible..

Atm, i see only 1 way to update vulnerable pkg without touching others (if portaudit says its vulnerable): `pkg_add -fr`. But sometimes this can lead to heavy consequences...
 
Alt said:
Dunno when ports changed perl5.8 to 5.10, but now im updating all pkgs with portmaster.
Got loads of errors thats horror :p
Most of errors is that pkg_info says perl module is installed. But they are in wrong(old) directory so perl dont see them..

Looks like you didn't upgrade your perl installation properly, as is suggested in /usr/ports/UPDATING:
Code:
20090328:
  AFFECTS: users of lang/perl*
  AUTHOR: skv@FreeBSD.org

  lang/perl5.10 is out. If you want to switch to it from, for example
  lang/perl5.8, that is:

  Portupgrade users:
    0) Fix pkgdb.db (for safety):
        pkgdb -Ff

    1) Reinstall perl with new 5.10:
        env DISABLE_CONFLICTS=1 portupgrade -o lang/perl5.10 -f perl-5.8.\*

    2) Reinstall everything that depends on Perl:
        portupgrade -fr perl

  Portmaster users:
        env DISABLE_CONFLICTS=1 portmaster -o lang/perl5.10 lang/perl5.8
        portmaster -r perl-

  Note: If the "perl-" glob matches  more than one port you will need to
        specify the name of the perl directory in /var/db/pkg explicitly.
 
mickey said:
Looks like you didn't upgrade your perl installation properly, as is suggested in /usr/ports/UPDATING:
Code:
20090328:
  AFFECTS: users of lang/perl*
  AUTHOR: skv@FreeBSD.org

  lang/perl5.10 is out. If you want to switch to it from, for example
  lang/perl5.8, that is:

  Portupgrade users:
    0) Fix pkgdb.db (for safety):
        pkgdb -Ff

    1) Reinstall perl with new 5.10:
        env DISABLE_CONFLICTS=1 portupgrade -o lang/perl5.10 -f perl-5.8.\*

    2) Reinstall everything that depends on Perl:
        portupgrade -fr perl

  Portmaster users:
        env DISABLE_CONFLICTS=1 portmaster -o lang/perl5.10 lang/perl5.8
        portmaster -r perl-

  Note: If the "perl-" glob matches  more than one port you will need to
        specify the name of the perl directory in /var/db/pkg explicitly.

That actually just failed, literally just now, on my machine. I got tired of having all my ports with security holes mailed to me each day, so I decided to try an update. Ran Portsnap to get everything, and then thought about how to do the rest.

freebsd-update works like apt-get and doesn't have any issues at all. Ports not being included in security patches, which is like 95% of what most people actually use anyway, means using cvsup, or portsnap, THEN once that is done, using either portupgrade, which has broken my boxes more than I care to count, (Heh, I remember reading "just do portupgrade -af" and having an unusable machine after that) so I decided pormanager and portmaster might be worth a try.

I'm on round 3 now, because it's broke and terminated twice.

I've been using Debian and SUSE for almost 10 years, and I'm a little shocked that someone said something has broken. I've literally not seen SUSE crash, ever. And I've used it as a desktop, a server, and everything else, and rebooting is only for Kernel updates, so, I had pretty good uptime.

And of course updating non base install software doesn't take a week on slower machines. I did ONE have an Nvidia driver update screw up X for me. I told Marcus Meissner, who went into work early that day and fixed it for me. That's the one time I've actually had an issue with SUSE, and the person who wrote the Kernel patch, came in early to take care of it for me.

Right now, portmaster -a is running on my machine. I always install security patches except for ports because it takes so long, and the machine isn't exactly usable while it's happening. And being that I don't code, I don't actually want to sit here telling it how to compile something. But, I'm trying again. It's the reason my server runs Slackware; I can type one line of commands, and everything is upgraded and working. If a Kernel update was there, I reboot, and I'm done. If there wasn't one... I type the command (Like swaret --update && swaret --upgrade or slaptget, or slackpkg, whichever I want to use) and then, it runs, and finishes, and I'm done. No down time.

My Debian machine has been running for about 2 years. It has a lot of stuff running on it, and has about....12,000 things installed? And apt-get update && apt-get upgrade once a day or so, and if there are any, the get installed and I'm done.

I literally not seen much in crashes. And I push hardware pretty hard.

Third party repos exist for basically everything, but be it SUSE, Debian, or whatever, I haven't had any issues. Adding a line of text to sources.list is a lot easier than tarballs ever were.
 
I'm surprised no one has pointed out that OpenBSD has this? Maybe OpenBSD would be a better system for you. I personally like FreeBSD ports better. :)

Oh and to the above poster, portupgrade never worked for me, and I almost gave up on FreeBSD because of it. I decided not to use anything, and only "make install clean". Then I found portmaster, which made my life much better. Now I have the best of both worlds (things just working like "make install clean") and easy management (with portmaster).
 
>I've been using Debian and SUSE for almost 10 years, and I'm a little shocked that someone said something has broken. I've literally not seen SUSE crash, ever. And I've used it as a desktop, a server, and everything else, and rebooting is only for Kernel updates, so, I had pretty good uptime.

Well good luck then for the future, such experiences are rare. Usually most *BSD users are coming from the Linux-world and have a long experience with this other free operating system. Whereas most Linux-users are coming from Windows and they're usually happy if they're getting "something better" than this Windows. I don't want to start a flame-war, but if I do know some of the lows of *BSD, it's usually rather easy to avoid them and then I usually get a rock-stable system. Linux distros are a moving target, an ever-changing environment with some highs and a plethora of lows, especially if it comes to documentation and continuity.

Look at Debian for example, they have lots of developers, but compared to OpenBSD the quality is rather low, at least in recent years. And OpenBSD itself has got just about 80+ developers, they're focused on security, they don't get support from big companies, but they made rather good progress regarding the audio-system, acpi etc. pp. They stay on focus, they don't do politics. It's a pity, but Debian is a declining star of the post-millennium.
 
Hi. In my opinion, ports are stable enough and I always make ports tree update.
We must do ports tree update because we can't stay in old versions for a long long time. Will start to be incompatible with a lot of things.
For example. If you use a very old version of Kdenlive, could be incompatible with HD movies. (Just an example to understand what I mean.)
Also latest versions have new stuff, more choices, new packages etc witch is very good.
But sometimes makes me to be a little disappointed. I will speak as a user, who is not expert on FreeBSD.
I will explain what I mean.
This time on ports we have Conky 1.8 witch is broken the last 3 - 4 months and is not working well. With simple words, if you want Conky, you must portdowngrade to 1.7 version witch is not on ports. (It should be as the latest stable version.)
Minitube exists on ports but is not streaming at all. (Well, is new project and I can accept that is under a lot of development to be workable for all Unix systems.)
I have an HD camera and I work on my new skate movie. When import them to Kdenlive, I take an error: "Clip invalid or missing".
In previous version of Kdenlive just crashed.
Speaking as user, I want to do my job but I can't.
But the truth is that rarely I see ports that cannot be build or programs that are not working well.
This also could be my fault, so I can't say that ports are not stable for this reason.
Always I see error fixes.
I know you do your best :)
Keep going :)
 
I personally like staying on the cutting edge of ports... not always but usually. Recently, I've had problems getting vlc 1.1.4 to work properly after being built so I've had to downgrade to 1.0.6 via pkg_add but that's the only real issue I've had and it's probably just a configuration problem (damn that thing has a monster 'make config' dialog). Upgrading pcmanfm from the 0.5.x line to the 0.9.x line caused a couple of issue with my fbpanel config, but it also allowed me to redo my .xinitrc and run fewer programs. No problem though... I simply find another way to make things work when something goes awry.
 
(damn that thing has a monster 'make config' dialog)
I will agree with that. Yesterday I made it work but now HD run very fast. Also, after some seconds sound stop working on video. One of the problems on vlc, is that have a billion options! Is impossible to know them all, to make a video work.
 
There are two strategies I am trying for keeping my desktop system sane using packages:

- one is only updating the ports tree to the date of the last package build. There can be a line in a supfile like this:
*default date=2010.09.27.12.00.16
so I've made a simple script to check this page:
http://pointyhat.freebsd.org/errorlogs/i386-8-full/cvsdone
to see when the package build last finished. That way things built via ports are never ahead of things installed by packages.

- the other is using pkgupgrade.py, which can be found on the internet. It is only kind of working, but I really like that upgrade strategy: download all packages, make backups, uninstall all packages, reinstall all packages. I only do it once every few months. So far no issues, and I can't think of why there would be issues, since it involves reinstalling all software. It is pretty fast too.
 
I am a recent slackware -> FreeBSD convert; in my short experience with the port tree, I think it is worlds better than either the Debian package system or Slackbuilds.

killasmurf86 said:
Why to make backups of all installed packages, when you can simply make zfs snapshot (from your post I assume, you are using it), and if anything goes wrong, simply rollback

Hopefully ZFS v28 will be an install option in 8.2/9.0. Hard disk space is cheap; since I employ FreeBSD as a desktop OS, my base system and installed ports are less than a 20th in size compared to my MP3 folder.

As killasmurf86 stated, a ZFS snapshot on a weekly schedule might be 10-20Gb for 2-3 months worth of snapshots? Make a cron job every Monday, 3am.
 
>Hopefully ZFS v28 will be an install option in 8.2/9.0. Hard disk space is cheap

Anything is cheap, even such sayings. The main use of UNIX-like operating systems is: as server, in embedded systems or scientific workstations. The consumer-desktop is a fraction of a fraction on UNIX-like operating systems and beyond that dominated by Apple and Windows. Even Linux has no reasonable share on the desktop, apart from a plethora of sick hype. Last not least, the so-called consumer-desktop moves toward more slim hardware, like netbooks or ARM-powered all-in-one devices. The time for fat quadcore driven PCs, with lots of gigabytes of memory and XX terabytes of drive space is counted. Leave them for hardcore gamers or enthusiasts with too much money in their pockets.

Apart from that, you'll not see more than ZFS v15 in 8.2 and maybe v28 will not be ready for FBSD 9.0 (maybe 9.1). v28 is a test, it's even in the Solaris environment nothing more than a test.

That said, anything is alright as long as there is freedom of choice.
 
Back
Top