From owner-freebsd-ports@freebsd.org  Mon Dec  4 19:04:30 2017
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF195E68412
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon,  4 Dec 2017 19:04:30 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from mx5.roble.com (mx5.roble.com [209.237.23.5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id B0C447525E
 for <freebsd-ports@freebsd.org>; Mon,  4 Dec 2017 19:04:30 +0000 (UTC)
 (envelope-from marquis@roble.com)
Received: from roble.com (roble.com [209.237.23.50])
 by mx5.roble.com (Postfix) with ESMTP id C9D3F49270
 for <freebsd-ports@freebsd.org>; Mon,  4 Dec 2017 11:04:23 -0800 (PST)
Date: Mon, 4 Dec 2017 11:04:23 -0800 (PST)
From: Roger Marquis <marquis@roble.com>
To: freebsd-ports@freebsd.org
Subject: Re: Welcome flavors! portmaster now dead? synth?
Message-ID: <nycvar.OFS.7.76.1712041040540.76112@eboyr.pbz>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2017 19:04:30 -0000

Jonathan Chen wrote:
>Thomas Mueller <mueller6722@twc.com> wrote:
>> I can still see possible use for portmaster in that something has to
>be used to build synth or poudriere from source.
>You don't need portmaster for that. You just need make(1).

This is what we do plus a few extras to share the resulting ports across
systems:

  * instead of 'make install' use 'make package && pkg add' like
    OpenBSD

  * the package directory is updated with each new package
    'cd /usr/ports/packages/All && pkg repo'

  * the resulting repo is shared across jails using null mounts and/or
    across hosts using apache or nginx

This has certain benefits over poudriere:

  * KIS

  * it is straightforward to update only ports with security
    vulnerabilities

  * works seamlessly in a jail, with or without zfs

  * requires less cpu and disk

On the downside:

  * haven't yet automated the entire process (pkg audit ; make
    package ; (pkg add ; service restart))

  * base cannot (yet) be updated this way even on hosts/jails with
    packaged base

  * 'pkg audit' is not as up-to-date or reliable as the same
    functionality on Linux (tor, for example, has been vulnerable since
    12/1, had an updated Makefile since 12/2, yet there is still no
    mention of it in vuxml, 3 days and one 'cd security/vuxml;make
    newentry' later)

FWIW,
Roger Marquis