Hello,
This is my first post in here. After reading the handbook and other sources of information, man pages, IRC talk and testing the FreeBSD tools I’m still not sure what direction to take. Appreciate any suggestions.
P.S. Sorry about any English mistakes, not my native language. Sorry about text extent, just trying to be the more precise about steps and the situation.
My objective is migrating my production server to FreeBSD. About upgrades: After a starting point (installing and configuring the system) I’m not interested in new features (unless strictly necessary), new versions of the third party software (unless necessary or obligatory), but just security updates. I’m still not sure on what extent that’s possible (still learning how it all works), but want to get the most conservative as possible.
I feel comfortably already about how base system updates works (picked 10.2-RELEASE), but not about ports. I point out below what I have been doing in this direction but not sure if I’m doing it right:
Using binaries (pkg) seemed the best for me but then I needed different configurations on some of the packages. At this point installed ports and everything worked as expected but after trying and researching discovered that mixing ports with pkg would lead to issues. Although possible doing this way it’s error prone in a considerable (large?) scale after some point.
So decided poudriere as the best approach: Opportunity to tweak as want but keeping things in a more organized way so just a matter to use only pkg on the client machines.
I was told that the pkg binaries shares same version and source code than ports in the portsnap method but after making some tests that’s not what I see, example: In a machine using only pkg, after
So in fact that’s not true (or entirely true?), pkg does not seems to share same stuff with portsnap after all.
My fear is keeping a system with high maintenance demand while more interested in the security patches.
What would be the best approach in this case?
Thanks,
Rodrigo
This is my first post in here. After reading the handbook and other sources of information, man pages, IRC talk and testing the FreeBSD tools I’m still not sure what direction to take. Appreciate any suggestions.
P.S. Sorry about any English mistakes, not my native language. Sorry about text extent, just trying to be the more precise about steps and the situation.
My objective is migrating my production server to FreeBSD. About upgrades: After a starting point (installing and configuring the system) I’m not interested in new features (unless strictly necessary), new versions of the third party software (unless necessary or obligatory), but just security updates. I’m still not sure on what extent that’s possible (still learning how it all works), but want to get the most conservative as possible.
I feel comfortably already about how base system updates works (picked 10.2-RELEASE), but not about ports. I point out below what I have been doing in this direction but not sure if I’m doing it right:
Using binaries (pkg) seemed the best for me but then I needed different configurations on some of the packages. At this point installed ports and everything worked as expected but after trying and researching discovered that mixing ports with pkg would lead to issues. Although possible doing this way it’s error prone in a considerable (large?) scale after some point.
So decided poudriere as the best approach: Opportunity to tweak as want but keeping things in a more organized way so just a matter to use only pkg on the client machines.
I was told that the pkg binaries shares same version and source code than ports in the portsnap method but after making some tests that’s not what I see, example: In a machine using only pkg, after
pkg update -f I get for sqlite3: sqlite3-3.8.11.1_1 but on the poudriere side, after poudriere ports -u and bulk build I get: sqlite3-3.9.2. poudriere ports -l gives me:
Code:
METHOD: portsnap poudriere ports –u brings a lot of patches (also version updates) in a daily fashion, differently than pkg.My fear is keeping a system with high maintenance demand while more interested in the security patches.
What would be the best approach in this case?
Thanks,
Rodrigo
