From owner-freebsd-stable@FreeBSD.ORG Mon Nov 4 23:27:43 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A4F343B8; Mon, 4 Nov 2013 23:27:43 +0000 (UTC) (envelope-from ben@b1c1l1.com) Received: from lancer.b1c1l1.com (lancer.b1c1l1.com [IPv6:2607:f358:1a:1a:1000::]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 869772B43; Mon, 4 Nov 2013 23:27:43 +0000 (UTC) Received: by lancer.b1c1l1.com (Postfix) with ESMTPSA id 5FAA85C34; Mon, 4 Nov 2013 15:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=b1c1l1.com; s=default; t=1383607660; bh=AEy8kGXaoUsf2n3iwWE2w+s/shOaPOpH2BJDxYTLQAs=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=RmcmXGG/wm0nHu7WgiMuX1x0Cikr/B9qxQ+2XnK6kMsl/Fhhhyvl921Z5olTph8j8 3k67SFFxTqJHbkucn1F44p/zFdaAPNszUjw0ta/CbIelUHIhhrX6gR9QgtX6f4ZyDI nAh/XloU7o3sqJXk3maeihya9txWKTzY7RS+aEkY= Date: Mon, 4 Nov 2013 15:27:28 -0800 From: Benjamin Lee To: Paul Mather Subject: Re: pkgng: how to upgrade a single port? Message-ID: <20131104152728.595542da@b1c1l1.com> In-Reply-To: <0AD00FF2-8F68-432D-BC7F-9672AD173163@gromit.dlib.vt.edu> References: <527406D2.7010200@intertainservices.com> <1383336649.16326.41750369.298F8E9D@webmail.messagingengine.com> <1383337118.18823.41752849.2502EBFD@webmail.messagingengine.com> <5277E53A.4090208@intertainservices.com> <3884C60E-FFEC-413C-901E-631E2862984B@gromit.dlib.vt.edu> <0AD00FF2-8F68-432D-BC7F-9672AD173163@gromit.dlib.vt.edu> X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.22; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/doygCE2oID7ozJvKvfpAdo6"; protocol="application/pgp-signature" Cc: Adrian Chadd , FreeBSD Stable , Mike Jakubik X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2013 23:27:43 -0000 --Sig_/doygCE2oID7ozJvKvfpAdo6 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 4 Nov 2013 16:11:45 -0500, Paul Mather wr= ote: >=20 > On Nov 4, 2013, at 3:19 PM, Adrian Chadd wrote: >=20 > > Hi, > >=20 > > Just please keep in mind that when it claims the same version package > > needs to be reinstalled, it seems to be for a good reason. Eg, the > > base system library dependencies have changed. > >=20 > > Since there's no "stable" package snapshot, various package versions > > get upgraded all the time. A package update to fix a security > > vulnerability may have occured whilst its dependencies got updated, so > > you have to upgrade the dependencies. And their dependencies. etc, > > etc. >=20 >=20 > I appreciate that, and that is why package managers have dependency solve= rs that can work out which packages must be updated. But, as I pointed out= below, there are also cases where not all packages need to be upgraded at = once yet, ostensibly, "pkg upgrade" only supports this method of upgrading = (everything en masse). I have stumbled across this use case myself. For e= xample, one time there was a critical Java security update to openjdk7 but = also apache-solr had updated from version 4.1 to 4.4 in our poudriere repo.= I wanted to upgrade openjdk7 but not apache-solr at that time, because I = wanted to check that the software we were developing that used Solr was com= patible with 4.4. Being able just to do "pkg upgrade openjdk7" would have = been the intuitive path there. (I wasn't at that time aware of "pkg instal= l openjdk7" to achieve the same end, so I ended up "pkg lock apache-solr" f= ollowed by "pkg upgrade" instead, which ended up not quite working 100% due= to implementatio > n bugs in pkg lock.) What you're referring to has nothing to do with the implementation details of pkg(8) or any other package manager like Yum. This is an inherent issue to rolling release distributions such as the FreeBSD Ports collection. As has been mentioned already, some distributions with versioned release strategies (such as Red Hat Enterprise Linux) freeze their package dependency graphs. And since upstream developers frequently require versions newer than the frozen dependencies, they have also effectively forked every package in their distributions (and introduced their own bugs like the infamous Red Hat Perl bug [1]). Anybody is welcome to fork and maintain their own ports tree and use the same type of versioned release strategy -- large shops already do this. Existing tools (even the older pkg_* family and tinderbox) can then be used to perform one-off upgrades. [1] http://www.infoworld.com/d/developer-world/bitten-the-red-hat-perl-bug-= 070 --=20 Benjamin Lee http://www.b1c1l1.com/ --Sig_/doygCE2oID7ozJvKvfpAdo6 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJSeC1qAAoJEIdV4+NBZRmFs1wP/iE5Bch+XqStTNRZV0uR5mPW GytzilPcF84sWXVsLO5S5QZ8cSOUS6Ve25gz0RlBzhcHL42gn/vK8/BSjW3SZB9b t1N+ImqfE44ZDuUx146wdo6t7rDDx8HflsiEY9+cMxTPVDItt3plrfwgubeQ7Atj RyNDKtjINhi5RnxNyKyyeDrgcurJUfte/xF32gavXPm073WBYQIlvVsGYzxhx/Ou YsAKgmQnCnL4MSfSSAjdqt+ySh18hp+ukRNwWcQ1RhedN6tbJ1DbUPIIvweEYfaE 9iH0w12l3gGbEXmNLEz1ZU4HDpeZF+kPxoMszkBABqvlT27WbWpFyUeTJbfxfuGb mdA50djj9p/UX5WlcOeyySxIdANfQnDsQdDMVspXkPKqYSHN21CZl266aI8c0B+m F2K4Avso98ru4/EEn2LeGVRCNys7MAOtuWuJiOtNb9Jt8Mv2qpq97k6h4hIYo7MU c7zup9HRFyvwsaQYJEn70AmVuN3LcHJI002VfsOdVF40NH2auh93QFnJ2n/+P7Ia Yk+6u5MFxSK1RYlC2jm3PFfSdc0PBhS+WRjgt3go1npjnCwQc+KuUZyg8Mba4Skx 0BYRN7T6uN5AaJaHV3Q7YLoYUsAtqd/D4WFUP3jj4e42jbAeMIUwHSHExQb1IeM/ NE15jFlh9CpFvCaYM8cR =BcxI -----END PGP SIGNATURE----- --Sig_/doygCE2oID7ozJvKvfpAdo6--