From owner-freebsd-pkg@freebsd.org Wed Oct 14 19:14:26 2015 Return-Path: Delivered-To: freebsd-pkg@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3343A156D0 for ; Wed, 14 Oct 2015 19:14:26 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: from mail.ultra-secure.de (mail.ultra-secure.de [88.198.178.88]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10E2F63C for ; Wed, 14 Oct 2015 19:14:25 +0000 (UTC) (envelope-from rainer@ultra-secure.de) Received: (qmail 70630 invoked by uid 89); 14 Oct 2015 19:13:51 -0000 Received: from unknown (HELO ?192.168.1.200?) (rainer@ultra-secure.de@217.71.83.52) by mail.ultra-secure.de with ESMTPA; 14 Oct 2015 19:13:51 -0000 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) Subject: Re: locked packages got upgraded anyway From: Rainer Duffner In-Reply-To: <1444834799.3166860.410090913.6644022C@webmail.messagingengine.com> Date: Wed, 14 Oct 2015 21:13:50 +0200 Cc: freebsd-pkg@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <561D8634.40103@electricembers.coop> <1444834799.3166860.410090913.6644022C@webmail.messagingengine.com> To: Mark Felder X-Mailer: Apple Mail (2.3094) X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2015 19:14:26 -0000 > Am 14.10.2015 um 16:59 schrieb Mark Felder : >=20 >=20 >=20 > He has a valid use case and I don't know why it was upgraded. Sounds > like a bug. Perhaps because it was a dependency? Hmm... >=20 > A planned* feature is for a user to be permitted to have packages with > custom build options and "pkg upgrade" will handle fetching the = required > parts of the ports tree and building the updated package so you don't > have to play this "lock your package, manually upgrade it later" game. > Not everyone should be forced to run poudriere just so they can change > one option on one package... Well, I feel the reality is different. =E2=80=9EShould have=E2=80=9C or =E2=80=9EShould not have=E2=80=9C = doesn=E2=80=99t buy you anything in the end ;-) It=E2=80=99s probably not a problem locking a package with no = dependencies. But do you have to lock the dependencies, too? I=E2=80=99m too afraid of the outcome, so I don=E2=80=99t even try. And if you=E2=80=99re running poudriere for a couple of packages = already, you can just let it build the rest, too. IMO. The only thing I found useful was locking pkg itself. That way, I could downgrade everything to an earlier cut of the = ports-tree (except for pkg, which would probably have had problems = reading the newer version of the pkg-db created by a more recent version = of pkg). I realize not everyone wants to run their own repo - but in practice, = this is currently the best way to do it if you=E2=80=99re not 100% happy = with what you get from the official repo, with the least possible ways = to totally F-U. I, too, would be glad if there were =E2=80=9Eflavors=E2=80=9C, so I = could stop running my own build-server and just mirror the official = repo, like we do for Ubuntu and CentOS. But in the end of the day, I live in reality, not in la-la-land. I appreciate all the work done by the committers on the ports-tree and = packages - I save an absurd amount of time just by walking in these = foot-steps.