Date: Mon, 01 Sep 2003 13:53:19 -0600 From: Brett Glass <brett@lariat.org> To: ports@freebsd.org Subject: Problems with ports, packages, and security Message-ID: <4.3.2.7.2.20030901135222.02a19f00@localhost>
next in thread | raw e-mail | index | archive | help
[Note: It was suggested that I copy this message to -ports due to possible interest on this list. -BG] At 12:37 PM 8/31/2003, Colin Percival wrote: > In short, provided that you haven't rebuilt the world locally, if FreeBSD Update reports "No updates available", your system is definitely up to date. That's good to know, though it didn't solve the other problems I mentioned. Or a couple I just encountered. First, when I built cvsupdate as a port, I found that the commands "make clean" and "make distclean" removed the detritus left behind by creating cvsupdate itself, but did not nuke the junk that was left behind as the system built other ports on which that one depended. Going around and deleting everything manually (there was no automatic mechanism) was a chore. Then came another zinger. One of the people who will be using the system wants KDE on it. (Not my choice, since it's GPLed, but he's the client.) So, after rebuilding cvsupdate as a port, I went to /stand/sysinstall to install KDE. Two problems here. First was that KDE was installed as a binary package... an OUT-OF-DATE binary package built with the buggy libraries. Second, the install failed. The reason appears to be a conflict between ports and packages. As mentioned above, /stand/sysinstall tried to install KDE as a binary package. (Not a bad idea at all in and of itself, but bringing with it the aforementioned security risks.) Worse still, when the package system tried to install some other packages as dependencies for KDE, it hit a few libraries which had been built as ports when I installed cvsup. The installation stopped with an error. In short, we really have a tangled mess here. Under the current way of doing things, you can't remain updated and secure without using ports -- which is bad because of the time, effort, and disk demands inherent in rebuilding them. What's more, if you do use ports, it messes up your ability to use packages -- even out of /stand/sysinstall -- and leaves junk behind on your disk. Again, what a mess. The only way to avoid it, again, is to make binary packages "first class citizens." And also to resolve the conflicts between them and the use of ports. It's amazing that after installing exactly one port, I couldn't install a package from /stand/sysinstall. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030901135222.02a19f00>