Issue with Handbook section 5.2

Matthew Seaman matthew at FreeBSD.org
Sun Dec 7 13:08:29 UTC 2014 

On 07/12/2014 02:58, Jacob Helwig wrote:
> In going through the FreeBSD Handbook (as of Sun Dec  7 02:44:11 UTC
> 2014), section 5.2 (Overview of Software Installation) mentions using
> ports-mgmt/portaudit to check for security issues.  Unfortunately,
> portaudit was removed from ports on October 13th[0].
> 
> The commit that removed it says that “pkg audit” should be used
> instead ("portaudit expired when pkg_tools did, use pkg audit”), but
> as someone pretty new to FreeBSD, it’s not clear that this would be
> appropriate for ports usage.  Is “pkg audit” appropriate?  The
> language in the warning section of this Handbook section suggests
> that “pkg audit” isn’t appropriate outside of package use.  If “pkg
> audit” isn’t appropriate, what should be used instead?
> 
> -Jacob
> 
> [0]
> https://github.com/freebsd/freebsd-ports/commit/a3523a34bbef563b0b50709f384729fa04bcbb7

pkg audit is certainly the correct tool to use.  You can audit your
system for vulnerable packages by running 'pkg audit -F' at intervals.
If you add:

   daily_status_security_pkgaudit_enable="YES"

to /etc/periodic.conf then you can have it run automatically each night.

You seem to be suffering from a common misconception that packages and
ports are somehow much more distinct than is actually the case.  It is
something that clearly we aren't explaining very effectively.

A port is a set of instructions for building a package -- and pkg is the
tool for creating and managing packages.  So much so that packages
themselves are now referred to as 'pkgs.'  (Partly that was to
distinguish them from the old pkg_tools style of packages, but that is
generally no longer a consideration. Even so, the usage persists.)  All
pkgs are originally built from ports and the result of building a port
is a pkg[*].  Even if you're installing pre-built pkgs from the FreeBSD
pkg repositories, this is still true.

Pkgs have two states: installed -- with all the files extracted and
copied into place in the filesystem -- and as tarballs -- collected into
one compressed archive for easy network distribution.  But they are both
still pkgs.

	Cheers,

	Matthew

[*] At the moment.  There are plans to change this so that several pkgs
may be build from one port, and also plans to be able to create pkgs
from other sources than the ports tree.

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 971 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20141207/560ceb41/attachment.sig>

More information about the freebsd-doc mailing list