Suggestion for ports on FreeBSD

Hey guys,

Today I was showing to my teacher at university how to setup and apache server on FreeBSD, or at least was trying...

Because some problems updating my personal server at home on end week I choose use mysql instead mariadb (this one I know the installer is bugged and already reported here), so the install and setup should be pretty easy...

The problem come when I started install the PHP7 and extra modules, the devel/pear was causing segmentation fault.
(And because this some EAD softwares was not working because php errors)

Seems the latest ports there many bugs updating and installing on an fresh server.

People from current IT in my university started laugh and say jokes around FreeBSD can not be serious, I do not care about they opinion, but the fact is I was unable to finish my demonstration setup.

Since I still learning about FreeBSD, my question is if is possible (or if exists an tool or way to do it) have at least the previous version of each ports in same structure.

I can imagine other worst scenarios like an IT public event and get an epic fail because bugged packages does not compiles having working status and get in portsnap after an portsnap fetch update, ruining the person showing it and the FreeBSD also.

I know I would have used pkg, but for convince my teacher on at least give an try on FreeBSD I have argued about the power of ports and FreeBSD be free of bloatwares...

This is just an personal share above my experience today and an suggestion about give other alternatives for people using ports.

Other worst scenario I can imagine is an ISP making an update and everything get broken because packages not compiling, and there many other situations...

I know is the responsibility of the administrator have backups (I always use portmaster with the flags -afdb) but, and for those who forget it sometimes?
 
People from current IT in my university started laugh and say jokes around FreeBSD can not be serious
Netflix and Whatsapp and Juniper Networks are on FreeBSD. Netflix and FreeBSD alone run 40% of all internet traffic at a minimum. Now who's laughing at whom? Tell your little technical school kids who claim to be IT to come here and say that. It's obvious they are clueless.

As far as your broad, sweeping declaration of problems with ports and packages, we can't help you cause:

1) Your statements are false.

2) You give no specific, detailed issue.

The professionals here have countless server installations humming along for decades without issue running the very software you say has problems, including myself.

Note: I just installed Apache, PHP and Laravel for one small client just last week on a brand new machine in his office. It came up within an hour, maybe half an hour, and he's happily writing code on it as we speak.

So if you are having issues installing the same software I just did, it's not with FreeBSD, its ports or packages.
 
You have to do your homework in advance and not go flying blind like you did there, FreeBSD can be unforgiving because with the flexibility it offers there is also the danger of getting some details wrong or coming across an unexpected snafu.
 
Never leave anything to chance with a demo, practice the steps beforehand, many times. During the demo use known sources, don't pull down the latest.

This post does remind me of a friend just a couple of weeks ago. I was visiting him and had my laptop running FreeBSD-CURRENT, something had upset Xfce so I was using i3 as a window manager. After I asked for his WiFi password, he saw me editing /etc/wpa_supplicant.conf and he inquired if FreeBSD was a "hobby OS". After showing him the FreeBSD Foundation page on who uses FreeBSD, he immediately took back what he had intimated!

I think the closestyou could get to having the previous version of a port is to checkout a specific revision of the ports tree via svn?
 
Never leave anything to chance with a demo, practice the steps beforehand, many times. During the demo use known sources, don't pull down the latest.

You can also go for one of the quarterly branches of the ports tree or the release tags (both in SVN). No guarantees that every port is good in those snapshots, but you have less of a moving target. Beware, however, of open security issues which would be fixed by using head.

I think the closestyou could get to having the previous version of a port is to checkout a specific revision of the ports tree via svn?

Something like the following should probably do the trick (testing and polishing of this is left as an exercise for the reader):
Code:
cd /usr/ports/foo/bar
svn log | less # and figure out which revision you want
svn update -r 123456
If it works, you have not just the previous version, but all versions over time (assuming the sources are still available at their expected URLs). The further you go back, the deeper you are getting into untested territory, as the common use case is all ports being from a vaguely similar age of the tree, so a port from years ago might not work so well with the current versions of its dependencies or dependents, or could have issues with the current versions of the ports build system.

That assumes that you have the ports tree as a SVN working copy in the first place. Don't mix and match SVN with other methods of fetching and updating the ports tree.

Overall, packages are promoted as the trouble free way of installing things. Directly building ports has never been suggested to be entirely trouble free, and the user is expected to deal with occasional breakage and/or build issues. Personally, I use ports exclusively, and build my own base system as well, but I've been building Unix stuff for multiple decades so dealing with occasional breakage is no big deal to me (I actually sometimes quite enjoy it when it breaks, as it gives me something to keep my skills sharpened).
 
Other worst scenario I can imagine is an ISP making an update and everything get broken because packages not compiling, and there many other situations...

Frankly, an ISP who blindly relies on randomly deploying the head of the ports tree into critical production without proper testing is highly irresponsible, and deserves to suffer embarrassing outages (for some, it's the only way they learn). The same goes for an enterprise. Even for smaller deployments, the latest packages/ports can be fairly easily deployed for testing in a jail, VM, or on a spare/old machine; before throwing them into production. The need to do that is not something specific to FreeBSD or the ports tree, it's something that is needed with even the best of commercial software.

Even the packages should not be thrown into production without testing, as the usual BSD warranty / disclaimer applies, they should just be a little less risky than SVN head of ports.
 
It looks like the post has been addressed, so I'll interject with some off-topic, grammar minutia that at least a few people here like to discuss.
As far as your broad, sweeping declaration of problems with ports and packages, we can't help you cause:
Is that use of 'cause' in place of 'because' English convention, regional dialect or texting/Facebook/Twitter slang?
 
I'd guess that it was a typo of you and your. :) Regardless, as has been said, plan your demos carefully, and, in my humble opinion, overselling is probably as bad as anything else, since it raises expectation.

To me, saying WOW, IT'S SO MUCH BETTER THAN LINUX!!! isn't going to do much more than aggravate Linux lovers, and probably just amuse the rest of the people who don't really care what O/S they're using. Not to knock enthusiasm, which is important, but if someone likes Linux and you say, it stinks compared to a BSD, you've already put them on the defensive. Saying, Linux is nice, but I prefer FreeBSD because (your reasons here) is more likely to get someone interested enough to look into it themselves. Or making it a challenge. :) Here, it will work on your laptop, but I haven't gotten synaptics working, if you do, let me know what you did, might get someone to show they're better at it than you are.

Anyway, sorry your demo went badly. On the bright side, it showed you why one has to prepare for it, so next time will be much better.
 
It's an informal contraction of because.

As far as the subject, a segfault generally indicates something broken. The only reason I don't say always is because there are test situations.
 
Netflix and Whatsapp and Juniper Networks are on FreeBSD. Netflix and FreeBSD alone run 40% of all internet traffic at a minimum. Now who's laughing at whom? Tell your little technical school kids who claim to be IT to come here and say that. It's obvious they are clueless.

So if you are having issues installing the same software I just did, it's not with FreeBSD, its ports or packages.

Following your argued on this statement allow me say also:

FBI use windows, so windows is the best OS...
If the fail in the statement (Netflix / Whatsapp / Juniper / etc...) is not clear try study about syllogism...

As far as your broad, sweeping declaration of problems with ports and packages, we can't help you cause:

1) Your statements are false.

2) You give no specific, detailed issue.

The professionals here have countless server installations humming along for decades without issue running the very software you say has problems, including myself.

Note: I just installed Apache, PHP and Laravel for one small client just last week on a brand new machine in his office. It came up within an hour, maybe half an hour, and he's happily writing code on it as we speak.

Mostly of posts here on FreeBSD forum do the assumption the user have some "basic" (what is basic for someone can not be basic for another one) knowledge, you can confirm this studying the answers, usually as:

Do this...
Do that...

But never with an step by step showing the commands for example...

What I have did?
I have say about install an fresh FreeBSD and have did the updates, so if you wanna blame for follow the usual practice from forum here some steps:

1 - Make a boot using FreeBSD ISO
2 - Hit Enter accepting the defaults and install the OS
3 - Log as root
4 - Do base update with the command freebsd-update fetch update install
5 - Update the ports with the command portsnap fetch update
6 - Install portmaster with cd /usr/ports/ports-mgmt/portmaster and make config-recursive install clean
7 - Run portmaster with the command portmaster -afdb
8 - Install the desired software after this

This is basic or advanced?
Once more time, for some people would be advanced, for others basic...

You argued about have did an successful installation one week ago...

The first problem is about you does not read the situation and do the assumption my post is an offense, instead an share for avoid similar situations... Because if you have payed attention, I have say about did the test YESTERDAY, and not one week ago, the ports you have used one week would be free of issues, but the ports I have used from lastest version was not.

What specific detailed stuff you need more?

Is hard install an Virtual Machine and test the ports from yesterday?
Is more easy say someone is liar?

I think there no more to discuss with you...



You have to do your homework in advance and not go flying blind like you did there, FreeBSD can be unforgiving because with the flexibility it offers there is also the danger of getting some details wrong or coming across an unexpected snafu.

But that is the beautiful about the FreeBSD, the flexibility it offers.
I was think my homework was made after update all my FreeBSD Virtual Machines on end week (for example you can read it on the part where I say about mariadb installer bugged), but seems not.



Never leave anything to chance with a demo, practice the steps beforehand, many times. During the demo use known sources, don't pull down the latest.

This post does remind me of a friend just a couple of weeks ago. I was visiting him and had my laptop running FreeBSD-CURRENT, something had upset Xfce so I was using i3 as a window manager. After I asked for his WiFi password, he saw me editing /etc/wpa_supplicant.conf and he inquired if FreeBSD was a "hobby OS". After showing him the FreeBSD Foundation page on who uses FreeBSD, he immediately took back what he had intimated!

I think the closestyou could get to having the previous version of a port is to checkout a specific revision of the ports tree via svn?

I have argued with my teacher about the problem with old packages from Debian, while o FreeBSD is possible use almost (ever think the ports was full tested before released but seems not) the latest version, many computers on my university use Debian, and because the old packages we does not have for example sublime and other tools available, because those tools need packages more updated not available on Debian...

So for proof my point of view the only way was on use latest update what unfortunately failed.

The lesson here is stay with the default packages from ISO since those seems be fully tested.

I does not know about the possibility of an rollback from ports using the svn, thanks for the hint, I will check it.



You can also go for one of the quarterly branches of the ports tree or the release tags (both in SVN). No guarantees that every port is good in those snapshots, but you have less of a moving target. Beware, however, of open security issues which would be fixed by using head.



Something like the following should probably do the trick (testing and polishing of this is left as an exercise for the reader):
Code:
cd /usr/ports/foo/bar
svn log | less # and figure out which revision you want
svn update -r 123456
If it works, you have not just the previous version, but all versions over time (assuming the sources are still available at their expected URLs). The further you go back, the deeper you are getting into untested territory, as the common use case is all ports being from a vaguely similar age of the tree, so a port from years ago might not work so well with the current versions of its dependencies or dependents, or could have issues with the current versions of the ports build system.

That assumes that you have the ports tree as a SVN working copy in the first place. Don't mix and match SVN with other methods of fetching and updating the ports tree.

Overall, packages are promoted as the trouble free way of installing things. Directly building ports has never been suggested to be entirely trouble free, and the user is expected to deal with occasional breakage and/or build issues. Personally, I use ports exclusively, and build my own base system as well, but I've been building Unix stuff for multiple decades so dealing with occasional breakage is no big deal to me (I actually sometimes quite enjoy it when it breaks, as it gives me something to keep my skills sharpened).

My installations is all using ports, when I am setup an new server, usually is on VMware ESXI or Xen, and then on those platform before every update I do an snapshot, so I can rollback for fix some things.

The situation I have shared I was not using virtualization, was on an bare desktop, in the demonstration was with 2 desktop using same hardware, in one was the IT guy from university installing Debian on an fresh install, and on the other one me installing FreeBSD, the objective of the demonstration was validate the flexibility of have mostly web software running on FreeBSD because the latest version of programs an with better speed.

Both I am pretty sure able because my daily use of FreeBSD, that is what make me get out of Debian years ago...

Thanks for the info about how to get old tree from ports, I will practice that!!!



Frankly, an ISP who blindly relies on randomly deploying the head of the ports tree into critical production without proper testing is highly irresponsible, and deserves to suffer embarrassing outages (for some, it's the only way they learn). The same goes for an enterprise. Even for smaller deployments, the latest packages/ports can be fairly easily deployed for testing in a jail, VM, or on a spare/old machine; before throwing them into production. The need to do that is not something specific to FreeBSD or the ports tree, it's something that is needed with even the best of commercial software.

Even the packages should not be thrown into production without testing, as the usual BSD warranty / disclaimer applies, they should just be a little less risky than SVN head of ports.

I not mean about blind deploy, what I tried say is about not be able to apply an security fix.
Lets suppose some people have found an security breach on bind, mostly of enterprises will update they bind for avoid that issue, but, if the ports is bugged, they will not be able to apply that in regular way.
I know I can download the patch / source and compile by myself also, but, mostly places I have read say to do not do that.

Only one for n available situations.



I'd guess that it was a typo of you and your. :) Regardless, as has been said, plan your demos carefully, and, in my humble opinion, overselling is probably as bad as anything else, since it raises expectation.

To me, saying WOW, IT'S SO MUCH BETTER THAN LINUX!!! isn't going to do much more than aggravate Linux lovers, and probably just amuse the rest of the people who don't really care what O/S they're using. Not to knock enthusiasm, which is important, but if someone likes Linux and you say, it stinks compared to a BSD, you've already put them on the defensive. Saying, Linux is nice, but I prefer FreeBSD because (your reasons here) is more likely to get someone interested enough to look into it themselves. Or making it a challenge. :) Here, it will work on your laptop, but I haven't gotten synaptics working, if you do, let me know what you did, might get someone to show they're better at it than you are.

Anyway, sorry your demo went badly. On the bright side, it showed you why one has to prepare for it, so next time will be much better.

I was not overselling, is an public university and they will not promote me neither give me a badge :p
We was discussing about what we use on clients in daily work, I have say about FreeBSD and my teacher says be surprise on enterprises pay for use FreeBSD because is not widely used, there no many professionals available, etc...

In the end, my teacher asked me for show in production the use of FreeBSD and do some tests, ever if it be successful, not mean the entire university will change from one day to another from Debian to FreeBSD...

The probably situation is my teacher install on his laptop to do an deep study...

On clients I argued about the possibility (when is possible) of reuse they old hardware, since linux is getting every time more heavy, and its enough to they accept use FreeBSD (no expenses with new server).
 
I have argued with my teacher about the problem with old packages from Debian, while o FreeBSD is possible use almost (ever think the ports was full tested before released but seems not) the latest version, many computers on my university use Debian, and because the old packages we does not have for example sublime and other tools available, because those tools need packages more updated not available on Debian...

So for proof my point of view the only way was on use latest update what unfortunately failed.

The lesson here is stay with the default packages from ISO since those seems be fully tested.

Actually, the snapshots and packages on any ISOs are not necessarily tested to a particularly high standard, as the resources do not exist to do that testing. Some will have been more carefully looked at prior to the branch/tag in SVN, but there are simply far too many ports relative to the number of people testing to actually do thorough quality testing of the entire ports tree. It is entirely possible for a port to be badly broken on the ISOs or SVN branches/tags. Hopefully most of the actively maintained ports should be relatively unlikely to have serious issues on the snapshots, but that's all. The testing must always be done by the person/people deploying the port/package, to verify that it is suitable for their purposes. The ISOs / release tags / quarterlies give you a more slowly moving target, but they don't really give much in terms of quality assurance for all ports (the most important ones should generally be good, however).

I not mean about blind deploy, what I tried say is about not be able to apply an security fix.
Lets suppose some people have found an security breach on bind, mostly of enterprises will update they bind for avoid that issue, but, if the ports is bugged, they will not be able to apply that in regular way.
I know I can download the patch / source and compile by myself also, but, mostly places I have read say to do not do that.

It really does not matter whether it is a routine update to latest version or a critical security fix. You need to test that the updated package / port is suitable for your purposes. Obviously something like Apache, BIND, or Postfix are extremely unlikely to have major bugs for a long period of time, simply due to the number of people actively paying attention to them, but some other ports may not receive anything like that level of attention.

Any ISP or enterprise which pulls a security fix for BIND from ports (or even direct from ISC) is irresponsible if they do not properly test it prior to deployment in a critical or important environment. If they find a significant problem when testing it, the patch (to either ISC or FreeBSD ports) may well come from them (they often have the resources to find and fix the problems themselves).

Going outside of the ports system is not recommended, as you are quite likely to encounter bugs and/or build problems which are patched by the ports system itself (and will not be patched if you get the source from origin and try to build it outside of ports). In a very large percentage of cases, you run a significant chance of encountering problems which would have been avoided by using ports. Additionally, you may encounter significant pain with dependencies by going outside ports. You are almost always better off with the port/package unless it is essentially abandoned, unmaintained, and/or stale.

The following in /usr/ports/COPYRIGHT really does mean exactly what it says:
Code:
THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

It is always your responsibility to test the ports prior to relying on them. If or when they break, you own that problem. Various FreeBSD people and/or port maintainers will often be glad to assist, and keen to fix any reported issues, but fundamentally you own those issues.

Far more effort is put into trying to provide high quality of the base operating system itself, but some parts of ports can be far lower quality.
 
...

It is always your responsibility to test the ports prior to relying on them. If or when they break, you own that problem. Various FreeBSD people and/or port maintainers will often be glad to assist, and keen to fix any reported issues, but fundamentally you own those issues.

....

I think the ignored part of situation is:

I have tested on end week when I have updated all my servers.

You can say:

"You should have tested before goes to university..."

And I can say:

"Thats make no difference if the packages get updated when I was on the way to university driving..."
 
Then you're mistaken.
the ports are SVN. you can pull any revision you want. Pick one and lock it in (don't update the ports tree). Alternatively use the quarterly branches.

Take this as a learning experience - and look inward for blame first.
 
Don't ever try and "convert" anybody to FreeBSD (or Linux, or OS X, or whatever). Don't ever proselytize. It doesn't accomplish anything, and the desire to do it stems from the same fallacious thinking experienced by the prospective convert: the fallacy that popularity means anything at all.

Generally speaking, most people will always incorrectly assume that popularity is tantamount to superiority. They will do so because change is hard; they will do so because thinking critically is hard; and they will do so because being part of the "in" group is comforting and being associated with the "winner" is emotionally rewarding. It's natural. Telling people you like something different is fine and all, and might lead to some interesting conversation. But once you start talking about how you think what you, the lone outsider, are using is better, and they should put the effort into changing an integral part of their daily lives, they'll balk every time.
 
Generally speaking, most people will always incorrectly assume that popularity is tantamount to superiority.
Yep, just look at video standards. There was Betamax, VCC, VHS and a few more. VHS had the worst quality (both picture and sound) compared to any of the others. Guess which one became the standard.
 
i always hear that, but I had extensive experience with both betamax and VHS when I was living overseas as a kid. For me, betamax tapes were always far worse in quality (comparing similar quality settings). I am not even talking about the dumb length limit of betamax.

We always had 2 machines, betamax and VHS. Video rental places would have both formats. If I had a choice, I'd always take the VHS one. I'd only take betamax if the VHS versions were rented out. Then again, this was the middle east and everything was pirated. maybe the pirates had better quality VHS machines than betamax.

tldr: as a viewer, I never found betamax tapes to be a superior quality than VHS and I have never gotten why this is repeated so much.
 
Then again, this was the middle east and everything was pirated. maybe the pirates had better quality VHS machines than betamax.
That's probably the reason (or the Betamax version was a copy of a VHS). Betamax was technically a much better standard. It was (is?) so good a lot of broadcasting companies, to this day, still use the professional variant; Betacam.

I'm sort of looking at FreeBSD the same way. Technically better and, although we may have lost the battle with Linux, the professionals will continue to use it. Even long after the others have died :D
 
Don't ever try and "convert" anybody to FreeBSD (or Linux, or OS X, or whatever). Don't ever proselytize. It doesn't accomplish anything, and the desire to do it stems from the same fallacious thinking experienced by the prospective convert: the fallacy that popularity means anything at all.

Generally speaking, most people will always incorrectly assume that popularity is tantamount to superiority....

Funny, while I agree with you on every point, I still want FreeBSD to be more popular... actually I just want it to have better desktop hardware support, and that only seems to come with popularity. This is not unique to FreeBSD though, I'd like many unpopular but good, different and interesting OS to have better desktop hardware support so that there is more choice. That's the one thing that makes popular vastly more practical unfortunately. I guess the server people don't really see this angle.
 
wisdown, one other suggestion: If you choose to build your own packages, take the time to set up a clean package building environment using ports-mgmt/poudriere or ports-mgmt/synth. Port maintainers test ports in a clean environment using ports-mgmt/poudriere, so the chance of breakage is much lower if you also build in one. Ideally a port would have no problems building on a live system, but in the real world it's difficult to account for all the introduced variables.

P.S., are you able to post (partial) build output that includes the failure? Did you report a bug?
 
..FreeBSD can be unforgiving because with the flexibility it offers...
This is key. The OpenBSD ports system is simpler and easier to manage, but flavors don't offer nearly the flexibility as the options framework. Simply turning off one or two options can result in dozens fewer dependencies and fewer daemons running in the background.
 
wisdown, one other suggestion: If you choose to build your own packages, take the time to set up a clean package building environment using ports-mgmt/poudriere or ports-mgmt/synth. Port maintainers test ports in a clean environment using ports-mgmt/poudriere, so the chance of breakage is much lower if you also build in one. Ideally a port would have no problems building on a live system, but in the real world it's difficult to account for all the introduced variables.

P.S., are you able to post (partial) build output that includes the failure? Did you report a bug?

Usualy I use ports-mgmt/portmaster, have not used ports-mgmt/poudriere yet, but I saw many people using it and saying good things.
(I need study it before use in another VM)

Before install ports-mgmt/portmaster, my default syntax to call the installer is:

Code:
make config-recursive install clean

After install ports-mgmt/portmaster I think my environment still clear because one of parameter I pass is -d (always clean distfiles), usually I rebuild everything for make sure all dependencies are ok with:

portmaster -afdb

If the clean means another thing, please explain me.

On next end week I can do another update in my home server and post the logs from mariadb101 the compilation breaks before update finish.

From devel/pear that compile but when you call it from php always return segmentation fault and dont let php run, on that scenario I was using latest php (7).
 
Usualy I use ports-mgmt/portmaster...

After install ports-mgmt/portmaster I think my environment still clear ...

It isn't, by definition. Please don't confuse portmaster (which I personally think nobody should use, ever) with those other two programs. It is in no way similar. If you use portmaster, you don't build in a clean environment, by definition.

Pretty much, people that insist portmaster is fine and they've "never had an issue in X years" deserve any build issues that inevitably will come. I've come to realize that once people have an idea in their head, they can't be talked down from it, so I usually quietly leave portmaster-users to their own fate.
 
Back
Top