Stuart Henderson writes: > On 2021/01/05 21:29, Aaron Bieber wrote: >> Hi, >> >> Here is a portgen'd port of obsdpkgup. You might remember it from >> previous threads on misc@[1]. >> >> I have been using it for some time now. Basically one can use genpkgup >> to create a package index, this index can be used by end users to create >> a "slim" list of packages that need upgrading. >> >> You can check your packages (amd64/snapshots only) with the following >> command: >> PKGUP_URL="https://deftly.net/pkgup"; obsdpkgup >> >> This will produce a list of only the out of date packages. This list can >> later be used with pkg_add to only fetch what is needed. >> >> OK to import? >> >> [1] https://marc.info/?l=openbsd-misc&m=159234132018626&w=2 >> > > Looking at this it's better than I thought it would be, there are some > problems though - > > - The version number comparison using mcuadros/go-version is wrong, > it doesn't match packages-specs(5). > > - There doesn't seem to be a way to validate that index.pkgup.gz is done > against the current available package build. For this I would suggest > recording the timestamp of the @digital-signature on the quirks package > in the index, and verifying when the update is run. (grep out of > "PKG_DBDIR=/var/empty PKG_PATH=$whatever pkg_info -f quirks" will do > the trick). > > Between those two it could cause problems because the user may try to > update a too-small subset of packages. The first problem is obvious. > The second problem, if a library is bumped after the index is generated, > the required updates won't show up. For both if people use it and then > run into problems it's likely the bug reports will end up with openbsd > rather than pkgup. This makes me not want to add it to packages yet > (adding it could easily be seen as an endorsement of using it). > This would be less of a problem if it at least tries to detect outdated > caches and prints a clear warning. > > Less important but I'd be happier if it used the signature from pkg_info > -qS rather than its own version using grep on +CONTENTS, to guard > against possible future changes to things that pkg_add considers when > deciding whether to update (also I think it would make sense to include > the whole string rather than a hash of the signature, there's no need to > hide that), as long as the full url/filename is used pkg_add will fetch > the file directly without grabbing the index first. i.e. > PKG_DBDIR=/var/empty pkg_info -qS > http://mirror/pub/OpenBSD/snapshots/packages/amd64/moo-1.5p0.tgz
Here is an updated version that includes all of the fixes from: https://marc.info/?l=openbsd-ports&m=161054673002228&w=2 I have also updated my index at https://deftly.net/pkgup (snapshot/amd64)
obsdpkgup.tgz
Description: Binary data
