Productivity with FBSD, or: "portupgrade" vs. virus scans....

Oliver Fromme olli at lurza.secnetix.de
Fri Feb 9 18:20:53 UTC 2007 

Kevin Kinsey wrote:
 > [...]

NB:  I'm using FreeBSD for more than 10 years, and I've
done hundreds of FreeBSD installations over the years,
both privately and for my job.

When portupgrade appeared (about 5 years ago, I think),
I tried it for a while, hoping it would make things
easier.  It didn't.  In fact, more than once it broke,
somtimes subtly, sometimes horribly.  I have to admit
that I also don't like Ruby that much.  So I stopped
using portupgrade privately, and I also try to avoid it
in my job, unless customers or coworkers insist on using
it on particular machines.

 > If you're a desktop FBSD user:
 > 
 > How do you keep up with ports?

Like I've always done before portupgrade existed.  Note
that I'm a conservative update:  I never update just
because a new version exists ("never change a running
system").  I only update if there is a _good_ reason to
do so, such as security issues, critical bug fixes, or
features that I need.  I don't trust portupgrade or any
other automatic tool to decide correctly for me which
ports should be updated and which ports should not be
touched.  Yes, I'm aware that's configurable with portup-
grade, but that doesn't solve the problem.

 >     *Do you have (or have you, at some time, had) much trouble?

Yes, I had.  During the time I used portupgrade.  :-)

 >     *If you have trouble, do you accept it as a "cost" of using FreeBSD?

No.  Only Windows users have to accept what they have,
because they have no choice.  But we have an open-source
system, so if something troubles us, we can improve it.
If one tool doesn't float your boat, use a different one.
if you can't find one, create your own.

 > How often do you upgrade your ports/packages?

See above.  There are no fixed time intervals for updates.
I watch the output of portaudit for security issues, and
if there are some, I update the affected ports.  I also
update when I need a bug fix or feature.  Watching the
cvs commits or the ports mailing list or the freshports
web site can be useful.

 > Any suggestions on what I might do differently?
 > 
 >     *Should I quit updating FBSD except for major point releases?

There's no easy answer.  It depends on your requirements.
I can tell you what I think is right for me, but that's
not necessarily the right thing for you.  You need to
decide for yourself.

 >     *Should we upgrade the server-type ports and leave the desktop apps 
 > alone when we get a "stable" configuration there?

I really can't give generic advice there.

 >     *How dangerous is it to be using outdated ports (particularly the 
 > servers)?

If there are no security issues, it's not dangerous at all.
To be informed about security issues, I recommend that you
install the "portaudit" port.  Then you will get security
warnings in your nightly cron mail if there are any issues
with your installed ports.

For my convenience I wrote a few small shell scripts.  They
work on a stock FreeBSD base system and don't require Ruby
or anything else.

The first one runs via cron job every night and updates
/usr/ports with cvsup, provided that there are no "work"
directories.  If there are any "work" directories, the
script doesn't touch anything and instead sends me an
e-mail to tell me about it, so I can clean up if necessary.

The second script updates a single port (also installs any
dependencies if necessary), checks for shared libraries and
saves them if necessary, and it preserves the "required_by"
information of the ports, if any.  It's conservative in
that it does not touch anything that doesn't have to be
touched.

Actually I wrote the scripts for myself only and didn't
plan to officially release them to the public, but here
they are nevertheless.  Maybe they're useful to somebody.

http://www.secnetix.de/~olli/scripts/ports-check-update
http://www.secnetix.de/~olli/scripts/portsup

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, USt-Id: DE204219783
Any opinions expressed in this message are personal to the author and may
not necessarily reflect the opinions of secnetix GmbH & Co KG in any way.
FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"With sufficient thrust, pigs fly just fine.  However, this
is not necessarily a good idea.  It is hard to be sure where
they are going to land, and it could be dangerous sitting
under them as they fly overhead." -- RFC 1925

More information about the freebsd-chat mailing list