Uppgrading ports the most secure way

Aknot

Aknot

Dear forum!

We have a VPS server with the following configuration:
Code: 
FreeBSD srv01.alldoit.se 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Mar 30 15:26:23 UTC 2011     root@freebsd82.tst:/usr/obj/usr/src/sys/XENHVM  amd64

The ports tree is installed and updated with:
Code: 
csup -L 2 -h cvsup.FreeBSD.org /usr/share/examples/cvsup/ports-supfile

The server is used with Apache, MySQL, PHP, Postfix, ProFTPD and so on.

We have installed the portmaster port. But what is the most safe way to update the ports already installed? Traditional or with portmaster?
 
Use portmaster(8), it'll make life a lot easier.

Don't forget to read /usr/ports/UPDATING before starting to update anything.
 
It's not stressed enough in the documentation but you always want to use the -w option of portmaster(8) that saves backup copies of shared libraries that are being updated. The option can be set to on by default in /usr/local/etc/portmaster.rc (included are few other almost mandatory settings):

Code: 
SAVE_SHARED=wopt
BACKUP=bopt
ALWAYS_SCRUB_DISTFILES=dopt
PM_MAKE_ARGS='-DFORCE_PKG_REGISTER'
 
FYI there are plans to deprecate csup/cvsup for updating the ports tree, leaving svn/portsnap. (Other changes are planned for the flat files in /var/db/pkg re: the changes planned from pkg_add (etc) >> pkg add (/pkg/), maybe as soon as V10.)
More information is available in threads here and in the freebsd-ports mailing list.
 
Thank you guys (and girls?)!

Exactly the information I was looking for =)
Is there a mailing list where all security updates to the ports are shown?
 
You must log in or register to reply here.
Back
Top