From owner-freebsd-questions@FreeBSD.ORG Mon Jan 23 18:02:45 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A3BB106564A for ; Mon, 23 Jan 2012 18:02:45 +0000 (UTC) (envelope-from illoai@gmail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 1109A8FC0A for ; Mon, 23 Jan 2012 18:02:44 +0000 (UTC) Received: by wgbdr11 with SMTP id dr11so3296640wgb.31 for ; Mon, 23 Jan 2012 10:02:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=88iaQ2NmaE3rXsPjRV8/qCPe4tdDsODkSa/PW9YB4dk=; b=mX9r3NCI2ZQ5TDYipVew36/qQxumHNKyYpt3T6hg07xQMD3gX2XcCXxWu4/duUTL7i rDjo2P5SehSnWrKxIXo/XF/28bMlEfUyUcUrBkAfSIpFubF9h/WAQHRy6BkxukMlEh7Q Xm8bSfjHkMAqlqeqBnCejSGz0RyPuA5210W8E= MIME-Version: 1.0 Received: by 10.180.95.199 with SMTP id dm7mr15266359wib.9.1327341763952; Mon, 23 Jan 2012 10:02:43 -0800 (PST) Received: by 10.216.21.193 with HTTP; Mon, 23 Jan 2012 10:02:43 -0800 (PST) In-Reply-To: <20120123103232.GA79175@admin.sibptus.tomsk.ru> References: <20120123103232.GA79175@admin.sibptus.tomsk.ru> Date: Mon, 23 Jan 2012 13:02:43 -0500 Message-ID: From: "illoai@gmail.com" To: Victor Sudakov Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: portmaster best practices X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2012 18:02:45 -0000 On 23 January 2012 05:32, Victor Sudakov wrote: > Hello portmaster users, > > If portaudit shows that some installed packages have vulnerabilities, > what do you usually do? > > Do you upgrade only the vulnerable packages, or vulnerable packages > and dependent packages (portmaster -r), or perhaps all packages > (portmaster -a)? Or do you "pkg_delete -a" all packages first and then > reinstall from scratch (from `portmaster --list-origins` perhaps)? > > I am a bit uneasy about "portmaster -a" because, for example, in the > output below it intends to install a package which is already > installed: > > > pg01-sibptus# portmaster -n -a > =3D=3D=3D>>> Gathering distinfo list for installed ports > > [dd] > =A0 =A0 =A0 =A0Upgrade php5-ldap-5.3.5_1 to php5-ldap-5.3.9 > =A0 =A0 =A0 =A0Install net/openldap24-sasl-client > =A0 =A0 =A0 =A0Upgrade postgresql-server-9.0.1 to postgresql-server-9.0.6= _3 > =A0 =A0 =A0 =A0Upgrade tcl-8.5.9 to tcl-8.5.11 > =A0 =A0 =A0 =A0Upgrade vim-7.3.81 to vim-7.3.121 > =A0 =A0 =A0 =A0Install devel/gettext > > =3D=3D=3D>>> Proceed? y/n [y] n > > =3D=3D=3D>>> If you would like to upgrade or install some, but not > =A0 =A0 =A0 all of the above try adding '-i' to the command line. > pg01-sibptus# > pg01-sibptus# > pg01-sibptus# pkg_info -xo openldap > Information for openldap-sasl-client-2.4.24: > > Origin: > net/openldap24-client As I general rule, I don't run "portmaster -a" Variations on -r usually succeed (-R -r is quite useful), though if it pulls in too many very large dependencies (firefox, chrome, open- or libre-office, most anything KDE/QT), I'll sometimes remove those before starting a "portmaster -R -r" type of run. It does require more typing to hand-specify the ports to be upgraded, but I end up with far fewer "Whoops!" moments. --=20 --