Date: Mon, 22 May 2006 09:45:16 -0500 From: Charles Howse <chowse@charter.net> To: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: FreeBSD Security Survey Message-ID: <DC595757-0C61-4332-8FB0-07F28CF732DA@charter.net> In-Reply-To: <4471C6CE.2020302@alumni.rice.edu> References: <4471361B.5060208@freebsd.org> <20060521231657.O6063@abigail.angeltread.org> <009101c67d8c$ee013db0$b3db87d4@multiplay.co.uk> <4471C6CE.2020302@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 22, 2006, at 9:12 AM, Jonathan Noack wrote:
> On 05/22/06 06:45, Steven Hartland wrote:
>> Brent Casavant wrote:
>>> On Sun, 21 May 2006, Colin Percival wrote:
>>
>>> So, in short, that's why *I* rarely update ports for security
>>> reasons.
>>>
>>> There are steps that could be taken at the port maintenance level
>>> that
>>> would work well for my particular case, however that's beyond the
>>> scope of the survey. Thanks for taking the time put the survey
>>> together, I certainly hope it proves useful.
>>
>> Perfectly put there Brent portupgrade is all very powerful but:
>> * Take an absolute age to do anything but the simplest updates
>> * Often fails and needs significant manual fixing
>>
>> Here its usually 100 times quicker to just do:
>> pkg_info | awk '{print $1}' > packages.txt
>> cat packages.txt | xargs pkg_delete -f
>> cat packages.txt | xargs pkg_add -r
>>
>> This at least brings you up to a known good set. Alternatively I
>> also use something similar but build from ports the problem with
>> that is often the ports need to be built with custom options to get
>> back to how you started so unless you where very maticuls in
>> noting down the options to every port on every machine you
>> installed something often goes wrong :(
>
> Dropping security@...
>
> The OPTIONS feature stores port preferences and helps a lot with this.
> Not all ports are converted yet, but that's just a matter of time. My
> only complaint is that when options are added I'm not prompted for my
> preference (I just get the default value). I have to go back and
> manually "make config" if I don't want the default. If automatic
> prompting for new options is added then we will truly have a "set
> it and
> forget it" configuration system. Because I track ports fairly closely
> and usually catch new options, this hasn't annoyed me enough to fix
> it...
>
>> On good example of portupgrade "going off on one" is a simple
>> upgrade of mtr we dont install any X on our machines so mtr-nox11
>> is installed. Whenever I've tried portupgrade in the past its
>> always trolled of and started downloading and build the behemoth
>> that is X, CTRL+C hence always ensues and I forget about upgrading
>> until I really HAVE to.
>
> You have to tell the ports system you don't want X (put the
> following in
> /etc/make.conf):
> WITHOUT_X11= yes
>
> There are also ports (like bittorrent) that install GUIs by default.
> You should also tell the ports system you don't want GUIs:
> WITHOUT_GUI= yes
>
> Some ports will still need the X libs (like graphviz), but that's
> not a
> huge deal.
Just curious, where are WITHOUT_X11 and WITHOUT_GUI documented? I
don't see either in /usr/share/examples/etc/make.conf, nor in man
make.conf.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DC595757-0C61-4332-8FB0-07F28CF732DA>