On Wed, Dec 04, 2002, Vinod Kutty wrote:
> I'm using openpkg-1.1.1 + Solaris 8.
>
> One of the very first src.rpm packages I want to install w/ openpkg is
> openssh (and related dependencies such as openssl, etc). Unfortunately,
> the stable (solid ?) version available @ ftp.openpkg.org is older (3.4p1)
> than the latest version from openssh.com (3.5p1), which is in the CURRENT
> part of ftp.openpkg.org.
>
> >From reading the tutorial, it seems I could build+install the CURRENT
> src.rpm anyway and force a "downgrade" (somehow using --oldpackage or
> --nodeps ?) when the stable/solid version comes out. Is that correct?
Yes, about 60% of the OpenPKG-CURRENT packages still can be used with
a plain openpkg-1.1.1-1.1.1 bootstrap and 1.1 dependency packages.
For this just install it with "rpm -Uvh --nodeps". Alternatively (if
the package is one of the other 40% and really requires a more recent
bootstrap) you can just upgrade the "openpkg" package to CURRENT and
this way mix your installation.
But... although all this is technically possible (and we do it from
time to time ourself) you have to be carefully. OpenPKG _releases_ are
consistent and self-contained, but if you start mixing them in a single
instance you can horse up your instance. So, you should mix releases
only if you know what you are doing and are able to help yourself
in case of inter-package side-effects. Instead I recommend you to
either stay with OpenPKG 1.1 until 1.2 comes out (keep in mind that our
"openssh-3.4p1" package is not just the original OpenSSH 3.4p1, it also
includes the security fixes, etc) or just establish a second OpenPKG
instance under CURRENT in parallel to your 1.1 instance. The you can
easily install "openssh" from CURRENT there.
> In general, the docs suggest that openpkg keeps up to date with the latest
> versions of various software. This is great, specifically for things like
> openssh which have frequent security updates. Unfortunately, I'm concerned
> that even if the latest is available, I can't use it because the openpkg
> distribution of the src.rpm is not considered production ready.
>
> Have users found this to be a problem, or am I worrying too much?
The 1.1 packages _are_ production ready, because they _contain_ all
security bugfixes, too. So, unless you really need a feature in OpenSSH
3.5p1, you should use the openssh-3.4p1 from OpenPKG 1.1.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
