From owner-freebsd-pkgbase@freebsd.org Tue Apr 19 23:24:23 2016 Return-Path: Delivered-To: freebsd-pkgbase@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87AC8B158D1 for ; Tue, 19 Apr 2016 23:24:23 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Received: from khavrinen.csail.mit.edu (khavrinen.csail.mit.edu [IPv6:2001:470:8b2d:1e1c:21b:21ff:feb8:d7b0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "khavrinen.csail.mit.edu", Issuer "Client CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4AB5E1668; Tue, 19 Apr 2016 23:24:23 +0000 (UTC) (envelope-from wollman@khavrinen.csail.mit.edu) Received: from khavrinen.csail.mit.edu (localhost [127.0.0.1]) by khavrinen.csail.mit.edu (8.14.9/8.14.9) with ESMTP id u3JNOLQZ080838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL CN=khavrinen.csail.mit.edu issuer=Client+20CA); Tue, 19 Apr 2016 19:24:21 -0400 (EDT) (envelope-from wollman@khavrinen.csail.mit.edu) Received: (from wollman@localhost) by khavrinen.csail.mit.edu (8.14.9/8.14.9/Submit) id u3JNOLQn080837; Tue, 19 Apr 2016 19:24:21 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22294.48677.302730.437617@khavrinen.csail.mit.edu> Date: Tue, 19 Apr 2016 19:24:21 -0400 From: Garrett Wollman To: David Chisnall Cc: freebsd-pkgbase@freebsd.org Subject: Re: [CFT] packaging the base system with pkg(8) In-Reply-To: References: <20160302235429.GD75641@FreeBSD.org> <57152CE5.5050500@FreeBSD.org> <9D4B9C8B-41D7-42BC-B436-D23EFFF60261@ixsystems.com> <20160418191425.GW1554@FreeBSD.org> <571533B8.6090109@freebsd.org> <20160418194010.GX1554@FreeBSD.org> <57153E80.4080800@FreeBSD.org> <571551AB.4070203@freebsd.org> <5715E1E9.8060507@freebsd.org> X-Mailer: VM 8.2.0b under 24.5.1 (amd64-portbld-freebsd9.3) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (khavrinen.csail.mit.edu [127.0.0.1]); Tue, 19 Apr 2016 19:24:21 -0400 (EDT) X-BeenThere: freebsd-pkgbase@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Packaging the FreeBSD base system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Apr 2016 23:24:23 -0000 < said: > I see basically three use cases for a packaged base: I'd like to add one more: 4) People who have their own custom builds and want to be able to do automated binary upgrades of the base OS in the same way that they upgrade other components, across fleets of servers. Right now it's not very practical to run your own FreeBSD-update server, and even if you have one, the process of applying these updates is still insufficiently automatable. We are not quite there yet with "packaged base", and in my particular use case, I'd be perfectly happy with one package for the entire OS. There are still a lot of things that need to happen with pkg in general to make automatic updates sufficiently reliable -- but being able to install minor updates with one command is already a huge improvement over where we are now. Huge enough, in fact, that I'm planning on entirely skipping 10.3 and waiting for 11.0 to come out *just to get this functionality*. Over the longer term, we need some additional capabilities to get to where we want to be. These would be things like: a) Proper dependency ordering for stopping and starting daemons during upgrades. b) Reliably determining which processes need to be restarted after a security update to a library (or a daemon that isn't started from an rc script). c) A general, configurable unattended-upgrade facility, so that we can just enable one periodic(8) job and be certain of getting security updates to the base system, reliably, with some indication of when a pending update requires a reboot that can be inspected by monitoring systems to raise an alert. -GAWollman