From owner-freebsd-current@freebsd.org Tue Apr 19 19:44:24 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55A1CB0A337 for ; Tue, 19 Apr 2016 19:44:24 +0000 (UTC) (envelope-from rcarter@pinyon.org) Received: from quine.pinyon.org (quine.pinyon.org [65.101.5.249]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2EA281052 for ; Tue, 19 Apr 2016 19:44:24 +0000 (UTC) (envelope-from rcarter@pinyon.org) Received: by quine.pinyon.org (Postfix, from userid 122) id 029D51602FA; Tue, 19 Apr 2016 12:35:22 -0700 (MST) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on quine.pinyon.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Received: from feyerabend.n1.pinyon.org (h5.esturion.net [65.101.5.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by quine.pinyon.org (Postfix) with ESMTPSA id 38C7A1601F8 for ; Tue, 19 Apr 2016 12:35:19 -0700 (MST) Subject: Re: [CFT] packaging the base system with pkg(8) To: freebsd-current@freebsd.org References: <20160302235429.GD75641@FreeBSD.org> <57152CE5.5050500@FreeBSD.org> <9D4B9C8B-41D7-42BC-B436-D23EFFF60261@ixsystems.com> <20160418191425.GW1554@FreeBSD.org> <571533B8.6090109@freebsd.org> <20160418194010.GX1554@FreeBSD.org> <57153E80.4080800@FreeBSD.org> <571551AB.4070203@freebsd.org> <5715772A.3070306@freebsd.org> <571588BB.2070803@orthanc.ca> <201604190201.u3J216NQ054020@orthanc.ca> <5715968B.303@orthanc.ca> <5715A338.5060009@freebsd.org> <57165C91.7070005@freebsd.org> <57166870.5060104@FreeBSD.org> <201604191755.u3JHtbfS020358@l.mx.sonic.net> <5716775A.2000401@freebsd.org> From: "Russell L. Carter" Message-ID: <5d0fa087-e04a-f775-676c-cc81fdf6c0ab@pinyon.org> Date: Tue, 19 Apr 2016 12:35:18 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.0 MIME-Version: 1.0 In-Reply-To: <5716775A.2000401@freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Apr 2016 19:44:24 -0000 On 04/19/16 11:22, Nathan Whitehorn wrote: > > > On 04/19/16 10:55, Roger Marquis wrote: >>> Please, consider ops and admins, who must support old installations, >>> often made by other, not-reachable, people, and stuff like this, >> >> Ops and admins such as myself are exactly the ones who will benefit most >> from base packages. Being able run to: 1) 'pkg audit' and see that base >> ssl has a vulnerability, 2) 'pkg install -f' to update 3) only those >> specific parts of base that need to be updated is far simpler (KIS) and >> faster than what we go through now. More than a few formerly bsd shops >> have migrated to linux simply to avoid regular iterations of cd >> /usr/src; svn up; make cleanworld; make buildworld installworld ... >> >> The use cases for granular base packages are more numerous than even >> these obvious ones. The downside OTOH, seems to consist of not much >> more than the size of the package list. If I missed other issues please >> do clarify. Will base packages be improved, sure, but they're already >> more useful and bugfree than pkgng when it was mandated. >> >> In any case, if I'm not mistaken base packages are entirely optional. >> >> Roger Marquis >> > > Thanks, Roger. That seems perfectly reasonable. I'm not sure that goal > is really met by having 800 packages, though, or at least I see no > particular gain relative to a handful (where things like OpenSSL or > sendmail would be discrete things). (Almost) every single individual > library in the base system is right now its own single-file package, > which is what I am objecting to. The upside of that seems pretty dubious > and the downside is that it is much easier to accidentally put the > system into an inconsistent state. Is there a reason you want to have > such very fine discretization? > -Nathan What is missing from this debate is some perspective from the POV of actually existing packaging systems. I've been maintaining debian-stable + debian-testing systems for over 15 years. The number of packaging glitches I've had I can count on one hand. (I've been running FreeBSD systems since the *very* beginning.) It is much easier to maintain my debian systems than my FreeBSD systems. Actually, pkg + poudriere is like a dream. Better than apt-get, actually. Except right now it doesn't maintain the base system. So, how many packages are actually installed on one of my debian boxes? debian-testing box with fvwm (ie no gnome/kde) userland: rcarter@aristotle> dpkg --list | wc --lines 1571 FreeBSD-10/stable with the same userland packaged from ports: rcarter@feyerabend> pkg info | wc -l 833 The debian system, for basically identical functionality, installs 738 more packages. Obviously the FreeBSD box has no packages for the base system, so that is probably a significant part of the difference in installed packages. And the debian box is dramatically easier to maintain. I typically will drag a debian box across several debian release cycles, i.e., 6+ years, w/o ever doing anything more complicated than doing apt-get update; apt-get dist-upgrade every week or so. Now I much prefer poudriere + pkg over apt-get, because I can tune my package dependencies. What I do is make the implicit meta-packages effectively even more fine grained, by excluding stuff I don't need. My conclusion is that it's not obvious that a large number of packages makes a system harder to maintain. It seems to me, the opposite. Now I watch a few debian lists so I know glitches happen, but not to me very often. I don't have much experience locking down a system to just major releases with only security updates, but I don't think debian-stable has very many issues doing exactly that. In my opinion, what the package team is doing is extremely cool, technically. I run poudriere builds every night, keeping up to date with ports-svn. It's just so much better than debian's kitchen sink one-size-fits-all approach to package dependencies. In a container world, it seems to me this is basically a killer app. Best to all, Russell > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"