Updating less-than-everything with poudriere & pkgng

[J David]

On Tue, Apr 1, 2014 at 11:38 AM, Matthew Seaman <matthew at freebsd.org> wrote:
> This is why the quarterly branches exist.  2014Q1 (Just EoL'd) and
> 2014Q2 (just branched from head) will now get only security and port-fix
> type upgrades for the next 3 months.  Therefore if your poudriere repo
> had been tracking 2014Q1 it would probably not have had those perl
> updates to deal with, but it would have had foobar-1.2.3 security fixes.
>
> Of course, right about now, you get to have an upgrade frenzy applying 3
> months worth of changes in one fell swoop, as there's the switchover
> from 2014Q1 to 2014Q2 happening right now.

That seems like a step in the right direction, though it won't work
for us.  The requirements for us are to support an environment with
security updates for at least a year; it sounds like these ports
branches are completely abandoned after three months, receiving no
further security updates no matter how critical.  Maybe in the future
somebody will volunteer to maintain "LTS" branches of the ports tree.

> There's no way I know of to use poudriere to selectively update just
> packages from the dependency tree involving foobar but not ones
> involving perl.

That's unfortunate. :(  All we need to do is find a way to skip the
"delete outdated packages" step that doesn't also skip the "delete
packages with missing dependencies step."  Then we could just remove
foobar and rebuild.  Is that feasible to do?  If so, where in the
poudriere code would we look?

> About the only way I can think of to achieve that is to
> apply selective updates to your ports tree that you have checked out of
> SVN, which is a pain in the posterior and not always guarranteed to work
> properly.

It sounds like this may be our only other option.

Thanks!