From owner-freebsd-questions@FreeBSD.ORG Mon Sep 5 14:36:26 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DFC61065674 for ; Mon, 5 Sep 2011 14:36:26 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) by mx1.freebsd.org (Postfix) with ESMTP id 0630F8FC18 for ; Mon, 5 Sep 2011 14:36:25 +0000 (UTC) Received: from r56.edvax.de (port-92-195-14-151.dynamic.qsc.de [92.195.14.151]) by mx02.qsc.de (Postfix) with ESMTP id 847811E70C; Mon, 5 Sep 2011 16:36:24 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id p85EaNGS002284; Mon, 5 Sep 2011 16:36:24 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Mon, 5 Sep 2011 16:36:23 +0200 From: Polytropon To: Pierre-Luc Drouin Message-Id: <20110905163623.98ebca0a.freebsd@edvax.de> In-Reply-To: <4E64DAA6.60006@pldrouin.net> References: <4E644637.1030500@pldrouin.net> <20110905143102.68a797fa.freebsd@edvax.de> <4E64CC1D.90001@pldrouin.net> <20110905154358.187c9fba.freebsd@edvax.de> <4E64DAA6.60006@pldrouin.net> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Best Server OS for Someone That Does not Want to Touch a Shell on a Regular Basis? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Sep 2011 14:36:26 -0000 On Mon, 05 Sep 2011 10:20:22 -0400, Pierre-Luc Drouin wrote: > How well does it work to use binary packages only to maintain a FreeBSD > web server in general (I am thinking of package availability, but also > and in particular as a quasi-automated updating tool)? Quite well - as long as you're satisfied with the default building options. You know that a binary package is a port, compiled with the default set of options. This is okay in most cases, but there may be situations where you explicitely need to enable or disable a certain feature at compile time. You also may encounter a situation where _no_ package is available for a port (e. g. too many options, or licensing restrictions). This can be solved by portmaster which has an option to go through all interactive configuration screens _before_ starting any action. Those settings can be saved for the next update run. The portmaster program itself can be instructed to _use_ binary packages (just as pkg_add -r would do) with the -P and -PP options. In this case, binary packages will be used as long as possible, and only those ports that require building (as no package exists) will be compiled. See "man portmaster" for details. This is a good approach in combination with freebsd-update. I have used that concept on some servers myself (especially on smaller ones with low resources where compiling would be too problematic). > I noticed that in > the past few years, updating softwares through ports has been requiring > more user intervention, due to the way some dependencies are being > updated from one version to the next. Would using binary packages allow > to avoid more such user intervention? Yes. All dependencies would be incorporated automatically. Only ports without equivalent package that additionally have OPTIONS to set would invoke a configuration screen, and this screen would have to be dealt with only in the first run of the updating process. There are also options for portmaster that can be used to control program behaviour in case of problems (e. g. some package not found, conflicting ports, versioning problem, or port marked "broken"). Those solutions can also easily be scripted, e. g. check one a week for possible updates and get the packages, but do not install them automatically (which can be a security requirement). If the list is approved, the updates will be installed during night, creating a "fallback copy" just in case something went wrong (e. g. malfunctioning new software). Reports can be generated automatically and mailed to the system administrator. I would also suggest to frequently check the mailing lists of the software in use for bugs and security updates that might be interesting in terms of system security. This sould be done for any "major server software" (Apache, PHP, MySQL and the services utilizing those software, whatever you want to run on the server). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...