-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Stubbs wrote:
>On Monday 19 September 2005 13:16, gentuxx wrote: > >>If I update firefox with the --oneshot option, I know that it won't >>update the "world" tree, but why? Why is that the recommended >>procedure? Does that give me any benefit? Also, why would a package >>be available as a "--oneshot" and NOT through a normal "emerge -Dupv >>world"? > > >The package would be available through -Dupv as well, but not everybody >likes to update all packages (especially on servers). Granted. And while I run a server (a few actually), it's a home system, not a production one. And, since I run production gentoo systems, I understand the difference. For this, I'm asking from the perspective of a home user. So, that being said, does updating a package for a security fix using the "--oneshot" option update the same package that is "housed" in the "world" tree? If so, can I assume that the same package will be updated next time I update "world"? Meaning, if I run "--oneshot" for mozilla-firefox-1.0.6-r7 and mozilla-firefox-1.0.7-r1 comes out, will 1.0.6-r7 be upgraded to 1.0.7-r1? > >>I love how portage unifies the packaging system, and I feel like if I >>run all of these "--oneshot" updates for security fixes, that I'll >>have all of these "stray" programs running around on my system, that >>won't get updated next time I emerge "world". > > >--oneshot won't remove the package from world. It just prevents it from >being added. If the package is installed but not in world, it is presumably >there as a dependency from another package. Hence, updating world will >still grab the package. Using --oneshot just keeps the world file clean. > So what exactly does that mean if the package is already in "world"? If every security fix comes out with "--oneshot" being recommended, how do I know if it's a dependency of a package in world, or an entity in world? (This seems like an extension of the questioning above.) I'm just trying to set all this straight mentally, so I know what's going on with my system when I update it. I typically run the following to update my system 2 or 3 times a week (sometimes only once): emerge -Du(p)v world emerge -(p)v depclean revdep-rebuild -(p)v dispatch-conf I put the "p" for "--pretend" in parentheses because depending on the output of that step, I may skip it if there is nothing to do. Also, for the most recent firefox update, I would run the command as recommended with the "-p" flag, and it would see the package. If I run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) dependencies, and not the package itself, while the package installed (when I do "emerge search mozilla-firefox") is 1.0.6-r5. - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDLlQLLYGSSmmWCZMRAiBYAJ9m6Pl/IkG/mXFX6iZ90epVCTkuWQCfcVH+ 25V6IF0g1dFHWCyLv1xlLIE= =tOYB -----END PGP SIGNATURE----- -- gentoo-user@gentoo.org mailing list