Re: Questions about updating...
I know this is probably a touchy subject but.. ... the ports tree isn't versioned, it's the equivalent of current Wouldnt it be logical to have current/stable versions of the ports tree ? Then when you install a base system from cd it could install a stable pkg version, then once the system is installed you could use a port-supfile for stable and update all of the pkg versions that are installed instead of cvs'ing /usr/src and recompiling the system ? Save the /usr/src for the core os, and allow things like bind, ssh, ssl to be updated with portupgrade instead of a make world or having to make the apps manually. I am sorry if I stepped on any toes .. I dont mean to stir up any trouble .. Just an outside observer trying to get started with freebsd. From: Scott W [EMAIL PROTECTED] To: rotten rottie [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Questions about updating... Date: Thu, 04 Dec 2003 03:48:05 -0500 MIME-Version: 1.0 Received: from ms-smtp-03-eri0.southeast.rr.com ([24.25.9.102]) by mc10-f7.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 3 Dec 2003 21:52:22 -0800 Received: from mindcore.net (rdu163-100-105.nc.rr.com [24.163.100.105])by ms-smtp-03-eri0.southeast.rr.com (8.12.10/8.12.7) with ESMTP id hB45qHCH028916;Thu, 4 Dec 2003 00:52:17 -0500 (EST) X-Message-Info: JGTYoYF78jEoDIcxE/d8MG4E7W9RQsz9 Message-ID: [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] X-Virus-Scanned: Symantec AntiVirus Scan Engine Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 04 Dec 2003 05:52:22.0405 (UTC) FILETIME=[C93BFB50:01C3BA2A] rotten rottie wrote: I am a linux user that wants to switch to freebsd... I am a bit confused about applying updates etc.. I installed a box for trial it was 5.1, I wanted to see if I could use ports to update openssh for a test examp. After the port installed I noticed that another version of openssh was installed on the system. I talked with a friend and he said that it was part of usr/src and I could update it by compiling the usr.bin version.. which was fine and worked. Here are my questions: 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to have it in the ports tree ? Well, it IS in the ports tree, but bear a few things in mind: 1. Everything in /usr/src is considered part of the base system, equivalent to 'system' in GenToo (unsurprisingly, as GenToo Portage/emerge is based heavily on bsd ports...but see below) 2. The ports tree is optional, but where you can track system source updates to a given CVS label, eg STABLE (recommended for production/stability), When you build from a port, it essentially builds the package and does a pkg_add, so it's still tracked by the bsd package system. This combination allows you to keep the base system at a stable level, and then either NOT update your ports tree to get the equivalent ports from the particular label you're tracking on a given system, or to selectivly update single ports software, or all of the ports collection. 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? Yep, install portupgrade and cvsup. If it's on a slower system, highly recommend doing it via pkg_add -r portupgrade or pkg_add -r cvsup to avoid having to compile ruby, perl and possibly other dependencies from scratch. Once you become familiar with the way ports/portupgrade and cvsup work (Note- sections on all 3 in the handbook, should be installed under /usr/share/doc/handbook on your system), you can then if you decide to, use portupgrade and the buildworld target to effectively rebuild your entire system from source. The quickest equivalent to emerge -pUD world is using pkg_version 3) Say there was a update to openssh .. which would be the proper way to update .. sync the sys tree and then just update ssh .. or sync the tree and recompile the system ? or remove the sys version and install the port version and update the port ? Set up cvsup properly (handbook + example file in /usr/share/examples) to the label you want to track to, cron it, and have it mail you output, and subscribe to the freebsd security mailing list. Either should be enough to give you some indication by itself.. I am very happy with freebsd .. Im still in the exploring stage .. The reasons for my questions is that I am a little weary of using freebsd in production if I dont easily know when updates are avail, having to recompile the system everytime I need a patch for a service. You don't nescessarily need to recompile the entire base system, let alone the equivalent of 'world,' for an update. portupgrade and pkg_version will help out here
Re: Questions about updating...
On Fri, 2003-12-05 at 11:52, rotten rottie wrote: I know this is probably a touchy subject but.. ... the ports tree isn't versioned, it's the equivalent of current Wouldnt it be logical to have current/stable versions of the ports tree ? Then when you install a base system from cd it could install a stable pkg version, then once the system is installed you could use a port-supfile for stable and update all of the pkg versions that are installed instead of cvs'ing /usr/src and recompiling the system ? Save the /usr/src for the core os, and allow things like bind, ssh, ssl to be updated with portupgrade instead of a make world or having to make the apps manually. I am sorry if I stepped on any toes .. I dont mean to stir up any trouble .. Just an outside observer trying to get started with freebsd. I don't know if I fully understand your question, but if I'm right, it consists of two parts, the first: Wouldnt it be logical to have current/stable versions of the ports tree ? This has been discussed before, but the ports people maintain (and I agree with them) that it wouldn't be feasible for a couple of reasons. First, ports is already huge. They only reason they stay up to date is because of a massive effort for a large number of volunteers. Creating a second ports tree would double (or more) the amount of work for the people running the ports tree itself and individual ports maintainers. I have no proof to back this up, but I would guess that there are more FreeBSD volunteers maintaining ports than any other part of the operating system. Second, ports exists primarily as an easy means to install software on FreeBSD that the FreeBSD team has neither the inclination nor time to properly maintain. Ports are by definition considered third-party software. The idea is that the developers of the individual software packages in ports are responsible for keeping their projects up-to-date and bug-free. Creating a separate branch of ports goes against that idea, to a degree. Additionally, much of the software in ports are either considered stable or development or both or can't be easily classified as one of the two. Once again, it's up to the developers of the software in ports to decide what's considered stable or in-development. The ports system currently acknowledges this situation by maintaining two different ports of the same software (when applicable), with the development port having a -devel tacked on to the end of the port name. For example, mozilla and mozilla-devel. As for the second part, I guess I don't understand completely what you're asking. :) Are you looking for a way to automatically upgrade binary packages that come with FreeBSD, but are not themselves developed or maintained by the FreeBSD team such as XFree86? The way you describe it is how I thought it was already done. For example, if you installed OpenSSH from the release CD and wanted to upgrade it, you just do a pkg_delete and then go into your (updated) ports and 'make install' a new one. (Or would just portupgrade work?) I'm still a relative newbie to FreeBSD in some respects, so anyone feel free to clarify this and educate me at the same time. Charles Ulrich -- http://bityard.net ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Questions about updating...
Ok lemme get this straight. ( Please bear with me.) Here is a list of packages that are on my system: vanapps01# pkg_info cvsup-without-gui-16.1f General network file distribution VS expat-1.95.5XML 1.0 parser written in C ezm3-1.0Easier, more portable Modula-3 distrib gettext-0.11.5_1GNU gettext package gmake-3.80 GNU version of 'make' utility libiconv-1.8_2 A character set conversion library libtool-1.3.4_4 Generic shared library support script Since ssh is part of the base install .. if there is a patch/fix for ssh, which way is the proper way to update it... In other word how would I go about upgrading /usr/src/secure/usr.sbin/sshd or named or nfs or anything that is installed in the base install without rebooting ? From: Scott W [EMAIL PROTECTED] To: rotten rottie [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Questions about updating... Date: Thu, 04 Dec 2003 03:48:05 -0500 MIME-Version: 1.0 Received: from ms-smtp-03-eri0.southeast.rr.com ([24.25.9.102]) by mc10-f7.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 3 Dec 2003 21:52:22 -0800 Received: from mindcore.net (rdu163-100-105.nc.rr.com [24.163.100.105])by ms-smtp-03-eri0.southeast.rr.com (8.12.10/8.12.7) with ESMTP id hB45qHCH028916;Thu, 4 Dec 2003 00:52:17 -0500 (EST) X-Message-Info: JGTYoYF78jEoDIcxE/d8MG4E7W9RQsz9 Message-ID: [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] X-Virus-Scanned: Symantec AntiVirus Scan Engine Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 04 Dec 2003 05:52:22.0405 (UTC) FILETIME=[C93BFB50:01C3BA2A] rotten rottie wrote: I am a linux user that wants to switch to freebsd... I am a bit confused about applying updates etc.. I installed a box for trial it was 5.1, I wanted to see if I could use ports to update openssh for a test examp. After the port installed I noticed that another version of openssh was installed on the system. I talked with a friend and he said that it was part of usr/src and I could update it by compiling the usr.bin version.. which was fine and worked. Here are my questions: 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to have it in the ports tree ? Well, it IS in the ports tree, but bear a few things in mind: 1. Everything in /usr/src is considered part of the base system, equivalent to 'system' in GenToo (unsurprisingly, as GenToo Portage/emerge is based heavily on bsd ports...but see below) 2. The ports tree is optional, but where you can track system source updates to a given CVS label, eg STABLE (recommended for production/stability), the ports tree isn't versioned, it's the equivalent of current. When you build from a port, it essentially builds the package and does a pkg_add, so it's still tracked by the bsd package system. This combination allows you to keep the base system at a stable level, and then either NOT update your ports tree to get the equivalent ports from the particular label you're tracking on a given system, or to selectivly update single ports software, or all of the ports collection. 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? Yep, install portupgrade and cvsup. If it's on a slower system, highly recommend doing it via pkg_add -r portupgrade or pkg_add -r cvsup to avoid having to compile ruby, perl and possibly other dependencies from scratch. Once you become familiar with the way ports/portupgrade and cvsup work (Note- sections on all 3 in the handbook, should be installed under /usr/share/doc/handbook on your system), you can then if you decide to, use portupgrade and the buildworld target to effectively rebuild your entire system from source. The quickest equivalent to emerge -pUD world is using pkg_version 3) Say there was a update to openssh .. which would be the proper way to update .. sync the sys tree and then just update ssh .. or sync the tree and recompile the system ? or remove the sys version and install the port version and update the port ? Set up cvsup properly (handbook + example file in /usr/share/examples) to the label you want to track to, cron it, and have it mail you output, and subscribe to the freebsd security mailing list. Either should be enough to give you some indication by itself.. I am very happy with freebsd .. Im still in the exploring stage .. The reasons for my questions is that I am a little weary of using freebsd in production if I dont easily know when updates are avail, having to recompile the system everytime I need a patch for a service. You don't nescessarily need to recompile the entire base system, let alone the equivalent
Re: Questions about updating...
rotten rottie wrote: I am a linux user that wants to switch to freebsd... I am a bit confused about applying updates etc.. I installed a box for trial it was 5.1, I wanted to see if I could use ports to update openssh for a test examp. After the port installed I noticed that another version of openssh was installed on the system. I talked with a friend and he said that it was part of usr/src and I could update it by compiling the usr.bin version.. which was fine and worked. Here are my questions: 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to have it in the ports tree ? 1st question ... I dunno, but somebody will likely tell you why soon enough; it seems that I recall that there is an answer, at least... 2nd question ... if it were only in the ports tree, that would likely violate the POLA ... if you set up a server, don't you *expect* to have ssh available? 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? I'm not familiar with gentoo, but AFAIK it's much like FBSD. Updating the system is basically $make buildworld $make buildkernel $make installkernel (reboot) $make installworld $mergemaster (Now, there are few options I left out, but you get the idea...) For ports, I'd use portupgrade (which is in ports). I wish I'd known about it when I started with FBSD ... handles most everything automagically. Dru Lavigne's got an excellent article at OnLamp.com http://www.onlamp.com/pub/a/bsd/2003/08/28/FreeBSD_Basics.html 3) Say there was a update to openssh .. which would be the proper way to update .. sync the sys tree and then just update ssh .. or sync the tree and recompile the system ? or remove the sys version and install the port version and update the port ? I am very happy with freebsd .. Im still in the exploring stage .. The reasons for my questions is that I am a little weary of using freebsd in production if I dont easily know when updates are avail, having to recompile the system everytime I need a patch for a service. Thanks for helping me convert, rottie Well, IIRC, when the OpenSSH advisory came out, there were guys using all of those options... Take a look at the security advisories on the site. Almost always there's a patch available for production machines. If you're tracking -STABLE like I do (even on prod. boxen) then buildworld is easy enough for me HTH, Welcome to FBSD! Kevin Kinsey DaleCo, S.P. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Questions about updating...
On Wednesday 03 December 2003 17:39, rotten rottie [EMAIL PROTECTED] sent a missive stating: 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to have it in the ports tree ? Ports are not installed by default and SSH is somewhat necessary to a system these days so it's in the base system or so my opinion lies. As for it being duplicated in the ports system..some people need to run different versions, etc... so that's why they're there. 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? Yes, CVS your src tree (/usr/src) and them run the make world, etc.. stuff. See the handbook for details: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html is a good place to start. 3) Say there was a update to openssh .. which would be the proper way to update .. sync the sys tree and then just update ssh .. or sync the tree and recompile the system ? or remove the sys version and install the port version and update the port ? The proper way, I don't know. You can syn the source tree and rebuild or just patch your current source tree. Either way should work. Yes, you can just upgrade the port as well if you're already running a ports version. I am very happy with freebsd .. Im still in the exploring stage .. The reasons for my questions is that I am a little weary of using freebsd in production if I dont easily know when updates are avail, having to recompile the system everytime I need a patch for a service. Keep on top of freebsd-security and freebsd-security-advisories lists and you will be aware of all kernel type security holes and other vulns. Keep an eye on other mailing lists to see holes for more userland apps, etc... Gentoo does it pretty slick with their emerge sync; emerge -u world ..but sometimes it updates stuff you don't really need or want to upgrade at the moment. Probably missed a few things :) Henrik -- Henrik Hudson [EMAIL PROTECTED] `If there's anything more important than my ego around, I want it caught and shot now.' --Hitchhikers Guide to the Galaxy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Questions about updating...
From: rotten rottie I installed a box for trial it was 5.1, I wanted to see if I could use ports to update openssh for a test examp. After the port installed I noticed that another version of openssh was installed on the system. I Bad test example. As with named, sendmail and a few others in the base system and ports. Unless you have a need use what's in the base system. Track -release or -stable to update. If a security issue is found you can apply the patch which is posted with instructions at freebsd.org or the freebsd-security list. A couple of good ports are mentioned below if you want to play with them. 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to The system version is more likely to be better integrated and tested than the ports version. theoretically. 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? Check http://www.freebsd.org/releases/5.1R/errata.html for instance, to see if an upgrade is required. Security is probably what you want to track, at least at first. If you use X, install /usr/ports/net/cvsup for the sys/ports trees. If you don't use X, install /usr/ports/net/cvsup-without-gui. See the handbook, as others have said. Excellent doc. 3) Say there was a update to openssh .. which would be the proper way to You might take a look at /usr/ports/security/freebsd-update. Never used it myself but might be easier than patch or cvs. hth, Riley ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Questions about updating...
rotten rottie wrote: I am a linux user that wants to switch to freebsd... I am a bit confused about applying updates etc.. I installed a box for trial it was 5.1, I wanted to see if I could use ports to update openssh for a test examp. After the port installed I noticed that another version of openssh was installed on the system. I talked with a friend and he said that it was part of usr/src and I could update it by compiling the usr.bin version.. which was fine and worked. Here are my questions: 1) if there are two trees(lack of better words) why would ssh exist in both the system tree and the ports tree ? Wouldnt it be better to have it in the ports tree ? Well, it IS in the ports tree, but bear a few things in mind: 1. Everything in /usr/src is considered part of the base system, equivalent to 'system' in GenToo (unsurprisingly, as GenToo Portage/emerge is based heavily on bsd ports...but see below) 2. The ports tree is optional, but where you can track system source updates to a given CVS label, eg STABLE (recommended for production/stability), the ports tree isn't versioned, it's the equivalent of current. When you build from a port, it essentially builds the package and does a pkg_add, so it's still tracked by the bsd package system. This combination allows you to keep the base system at a stable level, and then either NOT update your ports tree to get the equivalent ports from the particular label you're tracking on a given system, or to selectivly update single ports software, or all of the ports collection. 2) I have used gentoo in the past and am curious if there is something simular to emerge -up world/system -- I would like to cvs the ports/sys and then be able to see if anything need upgrading .. is this possible ? Yep, install portupgrade and cvsup. If it's on a slower system, highly recommend doing it via pkg_add -r portupgrade or pkg_add -r cvsup to avoid having to compile ruby, perl and possibly other dependencies from scratch. Once you become familiar with the way ports/portupgrade and cvsup work (Note- sections on all 3 in the handbook, should be installed under /usr/share/doc/handbook on your system), you can then if you decide to, use portupgrade and the buildworld target to effectively rebuild your entire system from source. The quickest equivalent to emerge -pUD world is using pkg_version 3) Say there was a update to openssh .. which would be the proper way to update .. sync the sys tree and then just update ssh .. or sync the tree and recompile the system ? or remove the sys version and install the port version and update the port ? Set up cvsup properly (handbook + example file in /usr/share/examples) to the label you want to track to, cron it, and have it mail you output, and subscribe to the freebsd security mailing list. Either should be enough to give you some indication by itself.. I am very happy with freebsd .. Im still in the exploring stage .. The reasons for my questions is that I am a little weary of using freebsd in production if I dont easily know when updates are avail, having to recompile the system everytime I need a patch for a service. You don't nescessarily need to recompile the entire base system, let alone the equivalent of 'world,' for an update. portupgrade and pkg_version will help out here... Scott Thanks for helping me convert, rottie _ Dont worry if your Inbox will max out while you are enjoying the holidays. Get MSN Extra Storage! http://join.msn.com/?PAGE=features/es ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
