Tracking Security in Ports and Base System

Chris Maness chris at
Wed Feb 8 18:45:48 PST 2006

Chris Hill wrote:

> On Wed, 8 Feb 2006, Chris Maness wrote:
>>> Much simpler: just track RELENG_your_release to get security updates 
>>> and bug fixes and nothing else. For example, mine is RELENG_5_4 and 
>>> therefore tracks 5.4-RELEASE.
>> Is there a way to rebuild just the packages updated?  Or does the 
>> whole tree have to be rebuilt?
> The part you quoted was referring to the system, not ports/packages.
> Packages, by definition, are already built - you just install them.
> Rebuilding the ports tree is yet another matter. When you cvsup ports, 
> you get the (possibly updated) Makefiles and so forth, but the tree 
> that gets updated is only the structure of the /usr/ports hierarchy. 
> No source is downloaded, and nothing gets rebuilt, until you do a 
> portupgrade, or `make deinstall' followed by `make reinstall' for a 
> particular port.
> My usual routine involves `portupgrade -aRr', but that only upgrades 
> the ports that have changed; it doesn't rebuild *everything*.
> Again, if you're doing packages, there is no building involved.
> Hope this has been sufficiently obfuscated  :^)

Sorry, I am not using the correct lingo.  I am cool on the ports now.  I 
think I'll just have to figure out how to use portaudit, because I don't 
want to have to rebuild all 200+ packages I have installed on this 
production server.  I just want to rebuild the ones that introduce 
security issues.  I rebuilt all of the ports I had installed and it took 
almost two days.


More information about the freebsd-questions mailing list