Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 23 Jan 2012 13:02:43 -0500
From:      "illoai@gmail.com" <illoai@gmail.com>
To:        Victor Sudakov <vas@mpeks.tomsk.su>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: portmaster best practices
Message-ID:  <CAHHBGkqq7t5Ac8ozLoF_FAegSkQ_vE_bmMyaDesZhdyXxtXrhg@mail.gmail.com>
In-Reply-To: <20120123103232.GA79175@admin.sibptus.tomsk.ru>
References:  <20120123103232.GA79175@admin.sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 23 January 2012 05:32, Victor Sudakov <vas@mpeks.tomsk.su> wrote:
> Hello portmaster users,
>
> If portaudit shows that some installed packages have vulnerabilities,
> what do you usually do?
>
> Do you upgrade only the vulnerable packages, or vulnerable packages
> and dependent packages (portmaster -r), or perhaps all packages
> (portmaster -a)? Or do you "pkg_delete -a" all packages first and then
> reinstall from scratch (from `portmaster --list-origins` perhaps)?
>
> I am a bit uneasy about "portmaster -a" because, for example, in the
> output below it intends to install a package which is already
> installed:
>
>
> pg01-sibptus# portmaster -n -a
> =3D=3D=3D>>> Gathering distinfo list for installed ports
>
> [dd]
> =A0 =A0 =A0 =A0Upgrade php5-ldap-5.3.5_1 to php5-ldap-5.3.9
> =A0 =A0 =A0 =A0Install net/openldap24-sasl-client
> =A0 =A0 =A0 =A0Upgrade postgresql-server-9.0.1 to postgresql-server-9.0.6=
_3
> =A0 =A0 =A0 =A0Upgrade tcl-8.5.9 to tcl-8.5.11
> =A0 =A0 =A0 =A0Upgrade vim-7.3.81 to vim-7.3.121
> =A0 =A0 =A0 =A0Install devel/gettext
>
> =3D=3D=3D>>> Proceed? y/n [y] n
>
> =3D=3D=3D>>> If you would like to upgrade or install some, but not
> =A0 =A0 =A0 all of the above try adding '-i' to the command line.
> pg01-sibptus#
> pg01-sibptus#
> pg01-sibptus# pkg_info -xo openldap
> Information for openldap-sasl-client-2.4.24:
>
> Origin:
> net/openldap24-client

As I general rule, I don't run "portmaster -a"
Variations on -r usually succeed (-R -r is
quite useful), though if it pulls in too many
very large dependencies (firefox, chrome, open-
or libre-office, most anything KDE/QT), I'll
sometimes remove those before starting a
"portmaster -R -r" type of run.

It does require more typing to hand-specify
the ports to be upgraded, but I end up with
far fewer "Whoops!" moments.

--=20
--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHHBGkqq7t5Ac8ozLoF_FAegSkQ_vE_bmMyaDesZhdyXxtXrhg>