Tracking Security in Ports and Base System
Chris Maness
chris at chrismaness.com
Wed Feb 8 18:45:48 PST 2006
Chris Hill wrote:
> On Wed, 8 Feb 2006, Chris Maness wrote:
>
>>> Much simpler: just track RELENG_your_release to get security updates
>>> and bug fixes and nothing else. For example, mine is RELENG_5_4 and
>>> therefore tracks 5.4-RELEASE.
>>>
>> Is there a way to rebuild just the packages updated? Or does the
>> whole tree have to be rebuilt?
>
>
> The part you quoted was referring to the system, not ports/packages.
>
> Packages, by definition, are already built - you just install them.
>
> Rebuilding the ports tree is yet another matter. When you cvsup ports,
> you get the (possibly updated) Makefiles and so forth, but the tree
> that gets updated is only the structure of the /usr/ports hierarchy.
> No source is downloaded, and nothing gets rebuilt, until you do a
> portupgrade, or `make deinstall' followed by `make reinstall' for a
> particular port.
>
> My usual routine involves `portupgrade -aRr', but that only upgrades
> the ports that have changed; it doesn't rebuild *everything*.
>
> Again, if you're doing packages, there is no building involved.
>
> Hope this has been sufficiently obfuscated :^)
>
Sorry, I am not using the correct lingo. I am cool on the ports now. I
think I'll just have to figure out how to use portaudit, because I don't
want to have to rebuild all 200+ packages I have installed on this
production server. I just want to rebuild the ones that introduce
security issues. I rebuilt all of the ports I had installed and it took
almost two days.
Thanks
More information about the freebsd-questions
mailing list