ports/126853: ports-mgmt/portaudit: speed up audit of installed packages

Miroslav Lachman 000.fbsd at quip.cz
Mon Oct 6 08:59:17 UTC 2008


Eygene Ryabinkin wrote:
> Miroslav, good day.
> 
> Mon, Oct 06, 2008 at 12:41:05AM +0200, Miroslav Lachman wrote:
> 
>>I am busy these days, but it is nice to read about your progress. I hope 
>>I will get some time to test all of these large patches in a few days 
>>and I will report back my experiences!
> 
> 
> Fine, thank you!  I am re-CC'ing bug-followup@ to track this letter,
> since it contains some useful information that should go into GNATS.
> 
> 
>>One note before tests... do -n flag always download new INDEX file, or 
>>is it possible to use one already existing in /usr/ports?
> 
> 
> Currently, it is downloads bzipped INDEX file to /var/db/portaudit every
> time, but it uses mirror mode, so if remote file hadn't changed at all,
> all network expences are just the HTTP's HEAD request and reply.
> 
> I can add another variable to the portaudit to force the usage of the
> existing INDEX file, if it is needed.  By the way, how are you keeping
> your INDEX file up to date (your proposed usage of 'pkg_version -I'
> implies that you're always rely on it)?  I am just curious -- my INDEX
> files are almost always stay unupdated, even if I am using portupgrade.

I have '/usr/sbin/portsnap cron' and '/usr/sbin/portsnap -I update' in 
my crontab, so I get INDEX updated every night before nightly security 
e-mail is generated.

> And there can be another way if one keeps ports tree updated: utility
> can use 'make' to determine the version that is currently available on
> the examined host.
> 
> But downloading the INDEX file from the central server seemed to be the
> best way, since it almost always gives one the latest port versions, so
> I had implemented this in a first place.

My previous question was not against your solution, it seems useful to 
have really actual data from the fresh INDEX. It was just a question 
"how it is done". Maybe someone will be happier to use the existing 
INDEX because of traffic on some GPRS internet connection or because of 
the own INDEX creation. (it is not my case, I have all machines as the 
servers with enough connectivity) ;)

> Don't know, however, how the badly the load to the central HTTP server
> will be raised.  I am using just two first fields from the INDEX file,
> so I can use such a stripped file.  For me, the reduction was about
> 6x: SIZE(INDEX-7.bz2) = 1126189, SIZE(INDEX-7.stripped.bz2) = 184345.
> 
> I am CC'ing the portmgr team.  Guys, could you quickly glance over these
> patches and determine if they are useful to the project in large?  If
> yes, then may be such a stripped INDEX can be created on the FreeBSD
> servers (via cut -f1-2 -d'|' INDEX-N)?
> 
> Thanks!


More information about the freebsd-ports mailing list