Portupgrade Operation

Chris Maness chris at chrismaness.com
Wed Mar 8 18:04:07 UTC 2006 


On Wed, 8 Mar 2006, Andrew Pantyukhin wrote:

> On 3/8/06, Chris Maness <chris at chrismaness.com> wrote:
>> If I manually rm -rf a port, manually untar (ie glib.tar.gz), and do a
>> portupgrade -rR glib, will packages that have a specific dependency on
>> the old glib version get rebuilt?  Or if not will they break (I am just
>> using glib as an example and looking for a very general answer)?  I
>> would like to figure out how portupgrade works without CVSUPing the
>> whole port tree.  Like in the case of  a security problem on a
>> production server.  I don't necessarily want to rebuild every port that
>> has been installed on the box.  Doing this has worked so-far, but I want
>> to make sure that this is the best approach, so that I don't end up
>> having the mess I had a while back with dependencies.
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
>
> Keeping your apps up-to-date is kinda proactively secure.
>
> Anyway, we always have the latest ports tree (it's actually
> mounted read-only via NFS on every FreeBSD machine
> at our site) and if you don't want to update all at once -
> just don't use portupgrade -a. And yes, in case your whole
> ports tree is fresh, portupgrade -rR glib will upgrade all
> dependencies and dependants (recursively).
>
>

I have been told that tracking the whole port tree on a production server 
is a bad idea.  I kind of agree thinking about the old addage "if it aint 
broke don't fix it."

But, if a security issue becomes known with a port 
that I have installed, I definately want to fix the issue.  Your answere 
definately confirmed for me how port upgrade works.

It seems that other dependant ports would not have to be current on the tree if
they were re-compiled allowing autoconf to establish the location of depended
files.  However, it seems that portupgrade does not uninstall and re-compile if 
the dependant ports have not changed (ie the folder containing the ports 
make file and patches), it only recompiles parts of the tree 
that have been upgraded, and are linked via portupgrade -rR.

It would be nice if portupgrade had a flag to do that (that is if my logic 
is correct).

It would be nice if ports forked the way src does.  Then I could just 
track bugfixes and security issues.

Thanks
Chris Maness

More information about the freebsd-questions mailing list