locked packages got upgraded anyway

Wed Oct 14 21:56:20 UTC 2015

In my opinion the best solution would be to write a separate program 
that would enable one to create a local repository so that only those 
ports that have custom options will be built, other packages would be 
included verbatim from base repository. However, such a program would 
require some way of knowing the revision number or date of revision of 
the ports tree used to create the base repository. One could try parsing 
the "start time" tags from http://pkg-status.freebsd.org, that would 
kind of work (not perfectly though). Parsing start of build timestamp is 
kinda ugly, and there is no guarantee that the start time of a 
repository build is exactly the same as the date of revision the ports 
tree from which the repository was created.

Other solution would be to create a plugin for pkg. It would detect if a 
user has set custom port options for the package currently being 
installed, and would instead call "make package" on the port and install 
the built package. However, this might be tricky, since pkg must resolve 
dependencies before any package will be installed. Thus hooking the 
installation event for a node would not work. One would have to be able 
to hook the actual dependency caching event for a node, decide whether 
to install from repo or install from ports, and dispatch the 
dependencies of the node back to the resolver.

I have some ideas on how to create a repository mixer, as described as 
the first solution. I was going to create such a software for my own 
use, but I never finished because of irl stuff.

Baptiste Daroussin kirjoitti 14.10.2015 21:44:
> On Wed, Oct 14, 2015 at 08:24:01PM +0200, vmunix.old at gmail.com wrote:
>> * Mark Felder <feld at FreeBSD.org> wrote:
>> >
>> >
>> > On Tue, Oct 13, 2015, at 17:42, Rainer Duffner wrote:
>> >>
>> >> > Am 14.10.2015 um 00:31 schrieb Benjamin Connelly <ben at electricembers.coop>:
>> >> >
>> >> > We have a few ports we compile with different compile time options than the FreeBSD binary repo, so we keep them locked. Last night when doing some patching, we saw those locked packages get updated anyhow. For example, pkg said all of these things on one system:
>> >> >
>> >>
>> >>
>> >> IMO, you either compile all of the packages you use yourself - or none.
>> >>
>> >> Until FreeBSD gets a sort of „stable“ ports-tree that lives for longer
>> >> than three months, running your own repo is almost a must for anything
>> >> even semi mission-critical.
>> >>
>> >
>> > He has a valid use case and I don't know why it was upgraded. Sounds
>> > like a bug. Perhaps because it was a dependency? Hmm...
>> >
>> > A planned* feature is for a user to be permitted to have packages with
>> > custom build options and "pkg upgrade" will handle fetching the required
>> > parts of the ports tree and building the updated package so you don't
>> > have to play this "lock your package, manually upgrade it later" game.
>> > Not everyone should be forced to run poudriere just so they can change
>> > one option on one package...
>> >
>> > * Planned as in "bapt or someone said we should do this when we have
>> > time"
>> 
>> Are there any plans to introduce sub-packages or "flavors"? Because 
>> that
>> would solve the issue of having to fiddle with Poudriere in order to 
>> build
>> packages with more options enabled once and for all for probably 99% 
>> of
>> all users.
> 
> Yes there are plan for all of this but it takes a lot of time and we 
> have very
> little manpower.
> 
> Best regards,
> Bapt

-- 
Arto Pekkanen