Updating less-than-everything with poudriere & pkgng

Matthew Seaman matthew at freebsd.org
Tue Apr 1 15:39:10 UTC 2014 

On 04/01/14 16:18, J David wrote:
> Consider a poudriere-generated pkgng repository with about 10,000
> packages in it.  Now, just because the FreeBSD ports collection is the
> way it is, about 8,000 of those packages are going to depend directly
> or indirectly on perl.
> 
> Now suppose one of those 10,000 packages is foobar-1.2.2.  A security
> advisory is released, and it is now urgent to upgrade all the machines
> using this repository to foobar-1.2.3 ASAP.  But foobar-1.2.3 (like
> 7,999 of its brethren) depends on perl, and perl has also been updated
> from perl-5.12.3.4_5a to 5.12.3.4_5a1.
> 
> What we want is to do a poudriere build that updates to foobar-1.2.3
> and rebuild anything that depends on foobar.
> 
> But the first thing poudriere is going to do is whack perl-5.12.3.4_5a
> and all 8000 packages that depend on it.
> 

This is why the quarterly branches exist.  2014Q1 (Just EoL'd) and
2014Q2 (just branched from head) will now get only security and port-fix
type upgrades for the next 3 months.  Therefore if your poudriere repo
had been tracking 2014Q1 it would probably not have had those perl
updates to deal with, but it would have had foobar-1.2.3 security fixes.

Of course, right about now, you get to have an upgrade frenzy applying 3
months worth of changes in one fell swoop, as there's the switchover
from 2014Q1 to 2014Q2 happening right now.

There's no way I know of to use poudriere to selectively update just
packages from the dependency tree involving foobar but not ones
involving perl.  So, yes, you'll end up with your package builder doing
a lot of building, and you will have a window of exposure while that is
happening.  About the only way I can think of to achieve that is to
apply selective updates to your ports tree that you have checked out of
SVN, which is a pain in the posterior and not always guarranteed to work
properly.

	Cheers,

	Matthew



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140401/efafdddd/attachment.sig>

More information about the freebsd-ports mailing list