Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 4 Nov 2013 15:27:28 -0800
From:      Benjamin Lee <ben@b1c1l1.com>
To:        Paul Mather <paul@gromit.dlib.vt.edu>
Cc:        Adrian Chadd <adrian@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org>, Mike Jakubik <mike.jakubik@intertainservices.com>
Subject:   Re: pkgng: how to upgrade a single port?
Message-ID:  <20131104152728.595542da@b1c1l1.com>
In-Reply-To: <0AD00FF2-8F68-432D-BC7F-9672AD173163@gromit.dlib.vt.edu>
References:  <527406D2.7010200@intertainservices.com> <1383336649.16326.41750369.298F8E9D@webmail.messagingengine.com> <1383337118.18823.41752849.2502EBFD@webmail.messagingengine.com> <CA%2BdUSyoUQB%2BgLM8g70y6mz7c%2BHSb3DJpVFvaENgm45VwcYVjQA@mail.gmail.com> <5277E53A.4090208@intertainservices.com> <CAOjFWZ4r-gWHd9k8F-T9sE1_5Qa0VVbqzxwYVZGazFf2b0k8VQ@mail.gmail.com> <3884C60E-FFEC-413C-901E-631E2862984B@gromit.dlib.vt.edu> <CAJ-Vmo=HE5%2BDHpHsEXTEK6Tnf4s7L-=XE_2xBcJ5%2B%2BnpwsZ-0g@mail.gmail.com> <0AD00FF2-8F68-432D-BC7F-9672AD173163@gromit.dlib.vt.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/doygCE2oID7ozJvKvfpAdo6
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Mon, 4 Nov 2013 16:11:45 -0500, Paul Mather <paul@gromit.dlib.vt.edu> wr=
ote:
>=20
> On Nov 4, 2013, at 3:19 PM, Adrian Chadd <adrian@freebsd.org> wrote:
>=20
> > Hi,
> >=20
> > Just please keep in mind that when it claims the same version package
> > needs to be reinstalled, it seems to be for a good reason. Eg, the
> > base system library dependencies have changed.
> >=20
> > Since there's no "stable" package snapshot, various package versions
> > get upgraded all the time. A package update to fix a security
> > vulnerability may have occured whilst its dependencies got updated, so
> > you have to upgrade the dependencies. And their dependencies. etc,
> > etc.
>=20
>=20
> I appreciate that, and that is why package managers have dependency solve=
rs that can work out which packages must be updated.  But, as I pointed out=
 below, there are also cases where not all packages need to be upgraded at =
once yet, ostensibly, "pkg upgrade" only supports this method of upgrading =
(everything en masse).  I have stumbled across this use case myself.  For e=
xample, one time there was a critical Java security update to openjdk7 but =
also apache-solr had updated from version 4.1 to 4.4 in our poudriere repo.=
  I wanted to upgrade openjdk7 but not apache-solr at that time, because I =
wanted to check that the software we were developing that used Solr was com=
patible with 4.4.  Being able just to do "pkg upgrade openjdk7" would have =
been the intuitive path there.  (I wasn't at that time aware of "pkg instal=
l openjdk7" to achieve the same end, so I ended up "pkg lock apache-solr" f=
ollowed by "pkg upgrade" instead, which ended up not quite working 100% due=
 to implementatio
>  n bugs in pkg lock.)

What you're referring to has nothing to do with the implementation
details of pkg(8) or any other package manager like Yum.

This is an inherent issue to rolling release distributions such as the
FreeBSD Ports collection.  As has been mentioned already, some
distributions with versioned release strategies (such as Red Hat
Enterprise Linux) freeze their package dependency graphs.  And since
upstream developers frequently require versions newer than the frozen
dependencies, they have also effectively forked every package in their
distributions (and introduced their own bugs like the infamous Red Hat
Perl bug [1]).

Anybody is welcome to fork and maintain their own ports tree and use the
same type of versioned release strategy -- large shops already do this.
Existing tools (even the older pkg_* family and tinderbox) can then be
used to perform one-off upgrades.

[1] http://www.infoworld.com/d/developer-world/bitten-the-red-hat-perl-bug-=
070


--=20
Benjamin Lee
http://www.b1c1l1.com/

--Sig_/doygCE2oID7ozJvKvfpAdo6
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJSeC1qAAoJEIdV4+NBZRmFs1wP/iE5Bch+XqStTNRZV0uR5mPW
GytzilPcF84sWXVsLO5S5QZ8cSOUS6Ve25gz0RlBzhcHL42gn/vK8/BSjW3SZB9b
t1N+ImqfE44ZDuUx146wdo6t7rDDx8HflsiEY9+cMxTPVDItt3plrfwgubeQ7Atj
RyNDKtjINhi5RnxNyKyyeDrgcurJUfte/xF32gavXPm073WBYQIlvVsGYzxhx/Ou
YsAKgmQnCnL4MSfSSAjdqt+ySh18hp+ukRNwWcQ1RhedN6tbJ1DbUPIIvweEYfaE
9iH0w12l3gGbEXmNLEz1ZU4HDpeZF+kPxoMszkBABqvlT27WbWpFyUeTJbfxfuGb
mdA50djj9p/UX5WlcOeyySxIdANfQnDsQdDMVspXkPKqYSHN21CZl266aI8c0B+m
F2K4Avso98ru4/EEn2LeGVRCNys7MAOtuWuJiOtNb9Jt8Mv2qpq97k6h4hIYo7MU
c7zup9HRFyvwsaQYJEn70AmVuN3LcHJI002VfsOdVF40NH2auh93QFnJ2n/+P7Ia
Yk+6u5MFxSK1RYlC2jm3PFfSdc0PBhS+WRjgt3go1npjnCwQc+KuUZyg8Mba4Skx
0BYRN7T6uN5AaJaHV3Q7YLoYUsAtqd/D4WFUP3jj4e42jbAeMIUwHSHExQb1IeM/
NE15jFlh9CpFvCaYM8cR
=BcxI
-----END PGP SIGNATURE-----

--Sig_/doygCE2oID7ozJvKvfpAdo6--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131104152728.595542da>