Re: pkg_add update checker?
Thank you all for your replies. It helped me to figure out what is going on. I think for this project I will see how it goes with -stable and -stable ports. For other projects I will definitely try -current. Others I shouldn't need anything more than -release + patches. On 11/22/2014 10:38 PM, Артур Истомин wrote: p.s. It is bad recommendation in FAQ, because it always confuse newcomers, when they come for security and find out that there is no update for stable repo. Being a newcomer (or newcomebacker?), I would agree with that. I read a lot of the FAQ and other support pages before I even downloaded 5.5-release to test it out. I think what I must have done is read '15.4.6 - What should I use: packages or ports?' before I read the rest of FAQ 15. By doing that I must have skimmed/skipped over 15.3 and missed the key section '15.3.10 - Security updates' which does describe the situation. Anyway, thanks again! -- John Merriam
Re: pkg_add update checker?
On 2014-11-22, bodie bodz...@openbsd.cz wrote: You did not mention what version of OpenBSD you are using. Is it -release, -stable or -current? For -release, -stable there are hardly any updates during 6 months period For -current, you could use something like urlwatch to monitor the snapshot directory, or a simple script to fetch and diff. You'll soon get bored with it on the faster arch though as updates are frequent. There are *no* OpenBSD-provided updates for -stable, if you're using m:tier's stable packages then the simplest notification mechanism might be following their twitter account, or again urlwatch.
Re: pkg_add update checker?
s...@spacehopper.org (Stuart Henderson), 2014.11.22 (Sat) 10:18 (CET): On 2014-11-22, bodie bodz...@openbsd.cz wrote: You did not mention what version of OpenBSD you are using. Is it -release, -stable or -current? For -release, -stable there are hardly any updates during 6 months period For -current, you could use something like urlwatch to monitor the snapshot directory, or a simple script to fetch and diff. You'll soon get bored with it on the faster arch though as updates are frequent. There are *no* OpenBSD-provided updates for -stable, if you're using m:tier's stable packages then the simplest notification mechanism might be following their twitter account, or again urlwatch. + mailing list: https://stable.mtier.org/subscriptions + openup -c : https://stable.mtier.org/openup http://www.mtier.org/index.php/solutions/apps/openup/ Bye, Marcus
Re: pkg_add update checker?
On Sat, 22 Nov 2014, bodie wrote: On 22.11.2014 03:40, John Merriam wrote: On Fri, 21 Nov 2014, Comète wrote: 21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: Hello. I am trying to write a script to check for updates to the binary packages by checking the output of pkg_add then sending an e-mail if something is found. ... Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan Hmmm. Thanks for the suggestion. I'm looking for something much simpler though (KISS principle has been good to me in the past). My main question is is there something better than `pkg_add -Iusx | grep -v ^quirks\-` to check for updates to packages? You did not mention what version of OpenBSD you are using. Is it -release, -stable or -current? At the moment I am on 5.6-release For -release, -stable there are hardly any updates during 6 months period so checking it everyday is quite pointless. For -current you need to follow at least current.html and mirrors for new snapshots eg. and what's most important you must keep system in sync so you will be doing update of packages in any case no matter how much of them updated. Looking back at the past couple releases it looks like there haven't been any updates to the binary packages at all? That seems kind of surprising to me. I'm used to running Debian stable where there are lots of package updates. Debian almost never updates anything in their stable releases unless there is a security issue, but still there are lots of updates. So for -release/-stable your script is of use (plus security.html of course), but doesn't need to be run everyday for sure. In organizations you will need to have some release/patching calendar anyway to make managers happy and they will not allow patching window quite often so something like once a month like Microsoft or quaterly will be more then enough. About -current...new packages most of the time mean that you need new OS too so you will have process for complete upgrade anyway in place and then your script may fill mailbox daily with a lot of info which soon no one will read because it's simply not only info created out of one machine by cron and all other stuff like log monitors and such. openup looks to be doing something similar for the update checking portion by using pkg_info output then fed to pkg_add to check for updates. Not sure why it wouldn't just use pkg_add to check for the updates. The code is also kinda odd to me. Seems overly complicated and looks to be doing some things that I'm not so sure I would want to be doing on my machines. Anyway, if there aren't any other tips or suggestions, I'll just go with what I have and adjust if I find issues down the road. Thanks! Please forgive my ignorance on this issue since the last time I used OpenBSD pkg_add didn't have all this update checking stuff. I used binary packages because that's what the FAQ recommends. Would I be better off using ports instead? Are the ports updated more frequently? I really like the stability of -release (or -stable I guess) but I don't want to lose out on security updates to the packages/ports... -- John Merriam
Re: pkg_add update checker?
At the moment I am on 5.6-release But you want to track -stable OS and packages. There is a -stable ports branch. I don't know what the criteria is for what is checked in there, but there are certainly updates related to security issues at least. Probably depends a lot on the port maintainer. I throw this out to see what I get for a response because I just went trough this yesterday. I wanted to track -stable ports and had started with -release and binary packages as well. I decided to change to compiling ports instead of using MTier binaries. Pulled the stable ports branch from CVS and used /usr/ports/infrastructure/bin/out-of-date to get the list of packages that were out of date or had dependencies out of date. Then, of course, built and reinstalled what was needed. Tim.
Re: pkg_add update checker?
On Sat, Nov 22, 2014 at 09:45:51AM -0500, John Merriam wrote: I used binary packages because that's what the FAQ recommends. Would I be better off using ports instead? Are the ports updated more frequently? Yes, you have to use ports for this purpose. Or you can use mtier repos like suggested above. p.s. It is bad recommendation in FAQ, because it always confuse newcomers, when they come for security and find out that there is no update for stable repo.
Re: pkg_add update checker?
On 22.11.2014 15:45, John Merriam wrote: On Sat, 22 Nov 2014, bodie wrote: On 22.11.2014 03:40, John Merriam wrote: On Fri, 21 Nov 2014, Comète wrote: 21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: Hello. I am trying to write a script to check for updates to the binary packages by checking the output of pkg_add then sending an e-mail if something is found. ... Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan Hmmm. Thanks for the suggestion. I'm looking for something much simpler though (KISS principle has been good to me in the past). My main question is is there something better than `pkg_add -Iusx | grep -v ^quirks\-` to check for updates to packages? You did not mention what version of OpenBSD you are using. Is it -release, -stable or -current? At the moment I am on 5.6-release For -release, -stable there are hardly any updates during 6 months period so checking it everyday is quite pointless. For -current you need to follow at least current.html and mirrors for new snapshots eg. and what's most important you must keep system in sync so you will be doing update of packages in any case no matter how much of them updated. Looking back at the past couple releases it looks like there haven't been any updates to the binary packages at all? That seems kind of surprising to me. I'm used to running Debian stable where there are lots of package updates. Debian almost never updates anything in their stable releases unless there is a security issue, but still there are lots of updates. It's about man power and http://www.openbsd.org/papers/asiabsdcon2009-release_engineering/ Yes, release has 1 year support, yes there are critical security fixes (to OpenBSD), but there's simply not enough people available to keep up with patches of packages/ports for -release/-stable. It may sound bad coming from Linux world, but the fact is that a lot of the people using -current in production just fine, because -current in OpenBSD means something like LTS (from point of view of stability) elsewhere. For companies -release/-stable is something what they are looking for mostly to show management that they are using stable OS. Here updates once a 6 months or once a year are fine for them (or after every security fix in base OS, if you have proper infrastructure you can make it easily without downtime) http://www.openbsd.org/faq/ports/ports.html#PortsLag So for -release/-stable your script is of use (plus security.html of course), but doesn't need to be run everyday for sure. In organizations you will need to have some release/patching calendar anyway to make managers happy and they will not allow patching window quite often so something like once a month like Microsoft or quaterly will be more then enough. About -current...new packages most of the time mean that you need new OS too so you will have process for complete upgrade anyway in place and then your script may fill mailbox daily with a lot of info which soon no one will read because it's simply not only info created out of one machine by cron and all other stuff like log monitors and such. openup looks to be doing something similar for the update checking portion by using pkg_info output then fed to pkg_add to check for updates. Not sure why it wouldn't just use pkg_add to check for the updates. The code is also kinda odd to me. Seems overly complicated and looks to be doing some things that I'm not so sure I would want to be doing on my machines. Anyway, if there aren't any other tips or suggestions, I'll just go with what I have and adjust if I find issues down the road. Thanks! Please forgive my ignorance on this issue since the last time I used OpenBSD pkg_add didn't have all this update checking stuff. I used binary packages because that's what the FAQ recommends. Would I be better off using ports instead? Are the ports updated more frequently? I really like the stability of -release (or -stable I guess) but I don't want to lose out on security updates to the packages/ports... Try -current and you will be surprised. In fact with -current you have easy binary upgrade process of whole OS and packages. You can do it daily, weekly,monthly or simply whenever you want as long as you know why and what you are doing :-) Binary packages are recommended. Result of port install is package anyway. Ports are for porters and maintainers of those packages, for users in case they need some non-standard or not so widely used compile switches. And yes, ports http://openports.se/ , http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/ are updated more frequently because they must be kept in sync with -current. Devs are doing incredible work here and based on last 10 years experience you will hardly hit any problem (not that there are not sometimes, but did not hit stopping one yet). Of course there are
Re: pkg_add update checker?
21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: Hello. I am trying to write a script to check for updates to the binary packages by checking the output of pkg_add then sending an e-mail if something is found. My very simple script is this: #!/bin/ksh NEWPKGS=`pkg_add -Iusx | grep -v ^quirks\-` if [ $NEWPKGS != ]; then # send message to admin... fi Does that seem like it should work? Anyone know a better way to check for updates to packages automatically? I tried reading the code of pkg_add to see if there was a better way but I wasn't able to find one. Didn't find anything through searching either. This is one of those things I'd like to set up in a cron job to run once a day then forget about it until a message pops up in my Inbox so I'd like to get it right the first time. Thanks! -- John Merriam Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan
Re: pkg_add update checker?
On Fri, 21 Nov 2014, Comète wrote: 21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: Hello. I am trying to write a script to check for updates to the binary packages by checking the output of pkg_add then sending an e-mail if something is found. ... Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan Hmmm. Thanks for the suggestion. I'm looking for something much simpler though (KISS principle has been good to me in the past). My main question is is there something better than `pkg_add -Iusx | grep -v ^quirks\-` to check for updates to packages? openup looks to be doing something similar for the update checking portion by using pkg_info output then fed to pkg_add to check for updates. Not sure why it wouldn't just use pkg_add to check for the updates. The code is also kinda odd to me. Seems overly complicated and looks to be doing some things that I'm not so sure I would want to be doing on my machines. Anyway, if there aren't any other tips or suggestions, I'll just go with what I have and adjust if I find issues down the road. Thanks! -- John Merriam
Re: pkg_add update checker?
On 22.11.2014 03:40, John Merriam wrote: On Fri, 21 Nov 2014, Comète wrote: 21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: Hello. I am trying to write a script to check for updates to the binary packages by checking the output of pkg_add then sending an e-mail if something is found. ... Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan Hmmm. Thanks for the suggestion. I'm looking for something much simpler though (KISS principle has been good to me in the past). My main question is is there something better than `pkg_add -Iusx | grep -v ^quirks\-` to check for updates to packages? You did not mention what version of OpenBSD you are using. Is it -release, -stable or -current? For -release, -stable there are hardly any updates during 6 months period so checking it everyday is quite pointless. For -current you need to follow at least current.html and mirrors for new snapshots eg. and what's most important you must keep system in sync so you will be doing update of packages in any case no matter how much of them updated. So for -release/-stable your script is of use (plus security.html of course), but doesn't need to be run everyday for sure. In organizations you will need to have some release/patching calendar anyway to make managers happy and they will not allow patching window quite often so something like once a month like Microsoft or quaterly will be more then enough. About -current...new packages most of the time mean that you need new OS too so you will have process for complete upgrade anyway in place and then your script may fill mailbox daily with a lot of info which soon no one will read because it's simply not only info created out of one machine by cron and all other stuff like log monitors and such. openup looks to be doing something similar for the update checking portion by using pkg_info output then fed to pkg_add to check for updates. Not sure why it wouldn't just use pkg_add to check for the updates. The code is also kinda odd to me. Seems overly complicated and looks to be doing some things that I'm not so sure I would want to be doing on my machines. Anyway, if there aren't any other tips or suggestions, I'll just go with what I have and adjust if I find issues down the road. Thanks!