Date: Sun, 13 Mar 2005 15:02:55 -0500 From: Randy Pratt <rpratt1950@earthlink.net> To: Adam Weinberger <adamw@FreeBSD.org> Cc: freebsd-gnome@freebsd.org Subject: Re: Gnome-210 upgrade comments Message-ID: <20050313150255.160fbb63.rpratt1950@earthlink.net> In-Reply-To: <42348B7C.4030701@FreeBSD.org> References: <20050313122613.337f7e4f.rpratt1950@earthlink.net> <42348B7C.4030701@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Mar 2005 13:50:36 -0500 Adam Weinberger <adamw@FreeBSD.org> wrote: > Randy Pratt wrote: > > If portaudit is being used and there are any installed ports which > > have a security issue then gnome_upgrade.sh will fail. The > > gnome_upgrade.sh does a pkg_deinstall and later tries to pkg_install > > which fails since there is a security issue with that port. > > Hrmmn. You're not the first person to approach us about this. I wish > that there were a better way to do this... but lofi suggested that we > add DISABLE_VULNERABILITIES to the build environment. > > I wish that there were a way to do this without having to disable > vulnerability checking for people who have explicitly called for it, > but it does seem the simplest and most functional workaround. > > I'll commit that to gnome_upgrade.sh. Thanks! I think its a reasonable thing to do. Most people that use portaudit understand about their options to remove a port or assess the extent of their vulnerability and decide to keep it. I think its best to leave portaudit out of the picture for upgrades like this. I also disable portaudit for normal portupgrades myself since its the same situation. > > I noticed that when the gnome_update.sh script would stop that > > quite a few packages that had been installed were still missing. > > Being a bit more cautious, I always used the -restart option for > > the script since I wasn't sure if starting the script fresh would > > reinstall those packages. > > *nod* that's what the -restart option is there for. If you had re-run > the script from the beginning, you wouldn't have gotten your > applications back. I wish that there were a way to make this clearer. > Do you have any suggestions on how to make sure that people > understand that if something fails, they need only to correct that > build problem (or remove the offending port from the upgrade list) > and use the -restart option? Nothing other than a message at the point it stops comes to mind. I do like the commit that gives you a ports list to use when restarting the script. That could be a very handy feature. I had looked thru the script after the first stop and realized what was happening with the pkg_deinstall. This is one of the reasons that I also make backups of /var/db/pkgs before starting any upgrade process. I like to have a way to get back to where I was if needed. Something needs to be there to alert users.. maybe just to go read the update faq and have an entry there where it could be explained more fully about handling "broken" ports. I'd not burden the script with too much though. I didn't have much problem getting things going, but newer users may not find it as easy. The changes you made already improved the chances. Thanks again! Randy --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050313150255.160fbb63.rpratt1950>