From owner-freebsd-questions@FreeBSD.ORG Thu Feb 9 02:45:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B666516A420 for ; Thu, 9 Feb 2006 02:45:48 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from ns1.internetinsite.com (ns1.internetinsite.com [208.179.97.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28B6F43D4C for ; Thu, 9 Feb 2006 02:45:48 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from [192.168.4.2] (68-190-198-174.dhcp.ccmn.ca.charter.com [68.190.198.174]) by ns1.internetinsite.com (8.13.4/8.13.4) with ESMTP id k192jkSC011563; Wed, 8 Feb 2006 18:45:47 -0800 (PST) (envelope-from chris@chrismaness.com) Message-ID: <43EAACDA.6010505@chrismaness.com> Date: Wed, 08 Feb 2006 18:45:46 -0800 From: Chris Maness User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Chris Hill References: <43EA9782.7060708@chrismaness.com> <20060208203027.H73762@tripel.monochrome.org> <43EAA11D.90302@chrismaness.com> <20060208211600.S73762@tripel.monochrome.org> In-Reply-To: <20060208211600.S73762@tripel.monochrome.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Tracking Security in Ports and Base System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 02:45:48 -0000 Chris Hill wrote: > On Wed, 8 Feb 2006, Chris Maness wrote: > >>> Much simpler: just track RELENG_your_release to get security updates >>> and bug fixes and nothing else. For example, mine is RELENG_5_4 and >>> therefore tracks 5.4-RELEASE. >>> >> Is there a way to rebuild just the packages updated? Or does the >> whole tree have to be rebuilt? > > > The part you quoted was referring to the system, not ports/packages. > > Packages, by definition, are already built - you just install them. > > Rebuilding the ports tree is yet another matter. When you cvsup ports, > you get the (possibly updated) Makefiles and so forth, but the tree > that gets updated is only the structure of the /usr/ports hierarchy. > No source is downloaded, and nothing gets rebuilt, until you do a > portupgrade, or `make deinstall' followed by `make reinstall' for a > particular port. > > My usual routine involves `portupgrade -aRr', but that only upgrades > the ports that have changed; it doesn't rebuild *everything*. > > Again, if you're doing packages, there is no building involved. > > Hope this has been sufficiently obfuscated :^) > Sorry, I am not using the correct lingo. I am cool on the ports now. I think I'll just have to figure out how to use portaudit, because I don't want to have to rebuild all 200+ packages I have installed on this production server. I just want to rebuild the ones that introduce security issues. I rebuilt all of the ports I had installed and it took almost two days. Thanks