portmaster best practices

[Volodymyr Kostyrko]

Victor Sudakov wrote:
>>> If portaudit shows that some installed packages have vulnerabilities,
>>> what do you usually do?
>>
>> Greatly depend on where am I. All my systems are staying up-to-date
>> whereas when I'm visiting someones system I prefer to update only
>> required pieces of software. Anyway if you tell portmaster to update
>> port x it would try to update all ports it depends on.
>
> Does it often screw things up when updating dependencies (both
> ascending and descending ones)? Do you recommend to always update the
> ascending dependencies (portmaster -r) also?

I never faced any problems updating ports with portmaster. Mostly 
because portmaster always backups old libraries to compat folder for me 
as stated in my configuration file:

/usr/local/etc/portmaster.rc:
NO_BACKUP=Bopt
PM_VERBOSE=vopt
SAVE_SHARED=wopt
DONT_SCRUB_DISTFILES=Dopt

NO_BACKUP means don't create a temporary package when deleting 
something. This is unsuitable for me as /usr/ports in my network is 
distributed via NFS ro.

PM_VERBOSE increases detail level.

SAVE_SHARED is a must, it tells portmaster to propagate deleted shared 
libraries to compat directory. This way updating any port to newer lib 
version will have no impact on ports requiring previous versions.

DONT_SCRUB_DISTFILES also is redundant for me as /usr/ports is read only 
and I don't want to drop sources of python 2.5 when building python 2.7 
as python2.5 is still needed for AppEngine for example.

Personally I never use -r as anything that can be fixed with that one 
can be fixed with pkg_libchk and careful planning.

>> The better way of debugging such problems for me is pkg_libchk from
>> sysutils/bsdadminscripts.
>
> I use sysutils/libchk when I have to, but it is a tedious manual job I
> would like to avoid.

They are almost the same except pkg_libchk doesn't depend on ruby and 
works in parallel better (for me).

-- 
Sphinx of black quartz judge my vow.