From owner-freebsd-stable@FreeBSD.ORG Tue Dec 16 13:02:22 2014 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E634F801 for ; Tue, 16 Dec 2014 13:02:22 +0000 (UTC) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8D6451DE1 for ; Tue, 16 Dec 2014 13:02:22 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.9/8.14.9) with ESMTP id sBGD2BwE010222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 16 Dec 2014 14:02:11 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.9/8.14.9/Submit) with ESMTP id sBGD2Asu010219; Tue, 16 Dec 2014 14:02:10 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Tue, 16 Dec 2014 14:02:10 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Willem Jan Withagen Subject: Re: I do not quite understand why a BIND upgrade needs to touch soo much. In-Reply-To: <548F5C6F.7040309@digiware.nl> Message-ID: References: <548F4F62.4020308@digiware.nl> <548F5C6F.7040309@digiware.nl> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.fig.ol.no Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "ports@freebsd.org" , Brandon Allbery X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 13:02:23 -0000 On Mon, 15 Dec 2014 23:10+0100, Willem Jan Withagen wrote: > On 15-12-2014 22:26, Brandon Allbery wrote: > > On Mon, Dec 15, 2014 at 4:20 PM, Brandon Allbery > > wrote: > >> > >> On Mon, Dec 15, 2014 at 4:15 PM, Willem Jan Withagen > >> wrote: > >>> > >>> So I'm building my packages with poudriere and using pkg (1.4.0) > >>> to upgrade bind. With the sort of shocking result: > >>> ====================== > >>> Installed packages to be REMOVED: > >>> gettext-0.18.3.1_1 > >>> > >> > >> That first one is the key. Bind depends on gettext --- as does pretty much > >> every other package in existence --- and gettext underwent a massive > >> breaking change, which is kinda deranging everything else. The recent > >> /usr/ports/UPDATING entry for gettext has the gory details. > >> > > > > To explain a bit further: this time, your portupgrade would do a lot of > > extra work as well. bind is not self-contained; it has dependencies, some > > of which are shared by other packages. If you want your bind update to be > > self-contained then you'll need to make your own port and package from it > > containing its own gettext, so you can upgrade that one package without > > breaking every other package that depends on gettext. Otherwise, you just > > have to accept that a package other than bind, which bind and just about > > everything else depends on, *also* changed; and you can't just upgrade bind > > without upgrading gettext *and* either upgrading or removing the other > > packages that depend on the old gettext. > > Yup, more than true in the ultimate case. > Although 'portupgrade bind99' in this case did not require any other > packages to be upgraded too. > > I've been hesitant in upgrading other packages with less security > pressure, because of the huge list with extra's. > And you are right, this change in gettext is going to bite at some > point. (besides from building things with static linked libs.) While YMMV, I use portupgrade and not pkg, and upgrading gettext was pretty much less painful than indicated by the UPDATING entry. Simply run: portupgrade -fpvo devel/gettext-runtime gettext cd /usr/ports/devel/gettext-tools && make && make install && make package && make clean cd /usr/ports/devel/gettext && make && make install && make package && make clean portupgrade -fprvx gettext -x gettext-runtime -x gettext-tools devel/gettext-runtime > Still leaves the point that 'pkg upgrade bind99' removes packages > without reinstalling those. The only alternatives are: > - pkg upgrade, and everything is upgraded > - capture the list of deletion, and manually re-add them after > the upgrade > > Neither solution is something I look forward too. > > --WjW -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-stable@FreeBSD.ORG Tue Dec 16 14:09:52 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AAC0E612; Tue, 16 Dec 2014 14:09:52 +0000 (UTC) Received: from udns.ultimatedns.net (unknown [IPv6:2602:d1:b4d6:e600:4261:86ff:fef6:aa2a]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A65578A; Tue, 16 Dec 2014 14:09:52 +0000 (UTC) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id sBGEA9KI090022; Tue, 16 Dec 2014 06:10:09 -0800 (PST) (envelope-from chrish@UltimateDNS.NET) To: freebsd-stable@freebsd.org, Erwin Lansing In-Reply-To: <20141216092259.GF89148@droso.dk> References: <20131203.223612.74719903.sthaug@nethelp.no> <20141215.082038.41648681.sthaug@nethelp.no> , <20141216092259.GF89148@droso.dk> From: "Chris H" Subject: Re: BIND chroot environment in 10-RELEASE...gone? Date: Tue, 16 Dec 2014 06:10:09 -0800 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <2172924ecb6a8bad66e48b4a7cc08e35@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2014 14:09:52 -0000 On Tue, 16 Dec 2014 10:22:59 +0100 Erwin Lansing wrote > On Mon, Dec 15, 2014 at 10:12:45PM -0800, Kevin Oberman wrote: > > > > Please don't conflate issues. Moving BIND out of the base system is > > something long overdue. I know that the longtime BIND maintainer, Doug B, > > had long felt it should be removed. This has exactly NOTHING to do with > > removing the default chroot installation. The ports were, by default > > installed chrooted. Jailed would have been better, but it was not something > > that could be done in a port unless the jail had already been set up. > > chroot is still vastly superior to not chrooted and I was very distressed > > to see it go from the ports. > > > > While I don't want to get dragged down into this discussion that can go > on forever without any consensus, I just want to point out that there is > a slight twist to the above description. Due to implementational > details, the ports' chroot was actually inside the base system parts of > BIND. Removing the one, removed the other. > > I did try my hand at a reimplentation self-contained in the port, but > that proved less trivial than thought and I never reached a satisfactory > solution. I found it to be surprisingly difficult, as well. > If anyone want to try their hands at it as well and convince > the new port maintainer, please do so, but trust me when I say that. > e.g. an ezjail solution, is much easier to set up and maintain than > reverting to the old functionality. In they end, I'd rather see a > more general solution that can chroot, or jail, an arbitrary daemon from > ports rather than special treatment of a single port. If BIND, why not > also NSD, unbound, or apache for arguments sake? Hmm. Maybe something along the lines of sysutils/ez-chroot? : Sounds like it could really be a popular port! :) --Chris > > Erwin > > -- > Erwin Lansing http://droso.dk > erwin@FreeBSD.org http:// www.FreeBSD.org > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"