From owner-freebsd-ports@freebsd.org Thu Dec 8 12:28:06 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3E548C6DF5A for ; Thu, 8 Dec 2016 12:28:06 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-wj0-x229.google.com (mail-wj0-x229.google.com [IPv6:2a00:1450:400c:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B47D11991 for ; Thu, 8 Dec 2016 12:28:05 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: by mail-wj0-x229.google.com with SMTP id tk12so92192960wjb.3 for ; Thu, 08 Dec 2016 04:28:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ZboYtHRQFcEX1PCqFwEeJ9OxBfgdK+E6Y09bvsqudKA=; b=sYIE5MRk/q5Q66W8jlZ8cguxrESdNWd0K5FjApC2wf+1ZPA3Ey/lOZtX+J63NRVtxo WEeyQsRlS+PaBPfRJ6Iy0dTszDxQa9uydlN8YWZcRHhzn5W6EQSN1cf8ASqGqq/O1+p+ zXtIJHu5JIy9Nhu3NmLjhnJ7ND4eyZSTd0Yiz1JHJUGKLkISlTRi22lNjSh5uHgVKDsb mIgufkqJxyn4LjT6sfT3XFB0bVvpwsp4rhM+0HFIH/f3F9uiz4TBQB8OWFMemOCIp/5B js8tqOkU/MsW8eXaZJjOG1g+q24Kl4x+X7e2XYbCuK1na9UP9hE1XaAI2lYig6g1xq4F F4LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=ZboYtHRQFcEX1PCqFwEeJ9OxBfgdK+E6Y09bvsqudKA=; b=VF1DNvLMyw5iXXLQ3Ayzb2LUAmLa5SJjbm9YC9CxMd9ecDGcn7co32BPm3DdJbY+Im 2HDqJctvH1sttdXl7q+r9fzFTpQDAHzjN6Vc8Df/cK+060HlGbKOCjDVGWnEj+dJnbdO Obv255aVy2p9w/WcHOYcaQyoSzvvqey5s3pSlR704Cd7DGXB7PgvpMyZJsiA1JNV0nhE FBnmZrfwx2SQ1Jn2xBIcQ4xMBxUXfqTo/bJW04XrcEreTNqhRmP5rO5ObEVkyf9uPV42 J53JE+4fHSCLa4hP+g27foloEoWYfwb/1rCVIRXlU5vepfn77FAdDTOwKRtxDqV0EV7C jn2Q== X-Gm-Message-State: AKaTC001GfpbmLh0C9cr0mk5IdFa3GFgO7+hOkfew/AbHux2ZkVVpugApG8zshWUovuTvQ== X-Received: by 10.194.188.9 with SMTP id fw9mr63819943wjc.213.1481200083864; Thu, 08 Dec 2016 04:28:03 -0800 (PST) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by smtp.gmail.com with ESMTPSA id k11sm14963469wmb.18.2016.12.08.04.28.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Dec 2016 04:28:03 -0800 (PST) Sender: Baptiste Daroussin Date: Thu, 8 Dec 2016 13:28:02 +0100 From: Baptiste Daroussin To: Daniil Berendeev Cc: freebsd-ports@FreeBSD.org Subject: Re: The ports collection has some serious issues Message-ID: <20161208122802.5d6dy7hjkkusms7h@ivaldir.etoilebsd.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="zv7bc7ptzlaohqi2" Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20161126 (1.7.1) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Dec 2016 12:28:06 -0000 --zv7bc7ptzlaohqi2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 08, 2016 at 05:16:24AM +0000, Daniil Berendeev wrote: > Hello guys! >=20 > First of all, it's not a hate mail, I appreciate all the work done on > the system and I enjoy using FreeBSD every day. >=20 > But after some recent experience I'd like to point out some problems > that make using the ports collection uncomfortable and painful. >=20 > Some overview before we start: > * Why I use ports over pkg? > Because, generally, packages are built with poor default options, for > example moc isn't able to play .alac/.mod and that's frustrating. Lot's of work has been done over the last years improve the default options= for general pupose cases. Have you open an issue about that one? >=20 > * Why pkg is still nice? > It is able to update packages with broken ABI, it's fast and easy to > use. Some packages/ports don't have options and can be used via pkg by a > ports user. >=20 > I want to contribute to FreeBSD development, so, long story short, I've > decided to move to -CURRENT. Everything went fine except the ports upgrad= e. >=20 > Is it possible to upgrade the ports by hand? Well, it is, but it is not > too comfortable. Ports collection by itself doesn't provide a nice way > to work with port management, so a user needs to use something for port > management. As the handbook advised, I picked portmaster. >=20 > And here begin the problems. >=20 > 1) portmaster is not nice for the user. > If it comes over an error even in one little tiny port that is a > dependency for something bigger , it will abort its work and leave all > the other ports not updated. So, if you try to to do `portmaster -af`, > you should not forget `-m DISABLE_VULNERABILITIES=3Dyes` (we will return > to this one later) and you must pray to God for not coming around a > circular dependency or some port that would fail to deinstall its older > version. You can't leave portmaster for a night to update all the needed > ports and deal with broken ones in the morning, you need to cherry pick > the broken ports and ignore them, and then try to deal with them. >=20 > Although portmaster is not releated to the FreeBSD project and is an > outside tool, there aren't any alternatives from the project itself. So > use it or die. Not a nice situation. >=20 > 2) pkg and ports are not in sync. > pkg appeals to build ports that are from 2xxxQx branches. The promoted > tool for syncing ports (portsnap) always fetches from head. And there is > no way to choose. That gives us the next problem: >=20 > 3) no integration between ports and packages > There is no clear, easy way to use ports and packages simultaneously. If > I'd like to use some built packages to speed up port updates, I have to > ignore by hand all the packages that I want to be built as ports. It's > easier to stick to only ports or only packages. >=20 > 4) uncomfortable way of rollback > If I want to rollback, or just choose the branch from where the packages > are built (to stay in sync with pkg), I have to pull the whole svn > repository. >=20 > 5) svn repository. > I don't want to spark a holy war and I don't belong to those type of > people who are always obsessed that something isn't done in their way. > But guys, svn is not a good tool for ports. Just for one reason, > actually (as for me, I could tolerate anything else, but not this one) > -- size. The size of repository is 20G+ and growing. I don't want to > pull 20G+ in /usr/ports just because I need to use ports. It's just > sick. The repository is so big because, as all ya know, svn is expensive > in branch operations. Since you've began to do those 2xxxQx branches the > size of the repository began to grow rapidly. It's inefficient and > uncomfortable. For such a work something like git or mercurial should be > used, they'd fit in 3-4G. >=20 > 6) broken ports are pushed to head > Why do we have such a situation, when head contains a handful of broken > ports? Why commit a port that won't build? It's sick. > Ports are broken in a different way. Some fail to build. Some fail to > uninstall their older version (like rust), so that you need to do > `pkg remove -f portname; portmaster portname`. Some have a circular > dependency (d-bus) and will try build until the heat death of the > universe. I just don't get it, why broken ports are pushed to head, if > head is then used by portsnap to update /usr/ports? You leave tons of > users with a broken setup. And there is always a bunch of ports that > won't build. It's not just one, or two, it's a handful of ports. > pkg-fallout@FreeBSD.org is overwhelmed with build fails. >=20 > 7) No way to update ports with broken ABI. > I need to run `pkg update` and then pick the broken ports by hand. Or do > `portmaster -af`. >=20 > 8) ports with vulnerabilities. > They exist in the tree and on build attempt they shout that they won't > build without DISABLE_VULNERABILITIES=3Dyes. The catch is that there is > always a bunch of ports with vulnerabilities. So if you are doing a > fresh install, you have to install those nasty vulnerable ports anyways. > It causes you to do extra moves and doesn't add no security or safety. > There is no way to pick the latest safe version. >=20 > I hope that my mail will produce a productive discussion that will lead > to some good decisions for fixing these problems. >=20 Have you considered using things like poudriere that would allow you to bui= ld your own repository with your own set of packages and options. You will benefit: - ability to use pkg for your upgrades - ability to use customize your packages - safe rebuild process (in case of broken ABI) Best regards, Bapt --zv7bc7ptzlaohqi2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEgOTj3suS2urGXVU3Y4mL3PG3PloFAlhJUc8ACgkQY4mL3PG3 Plrhew//d53TApVjA6BXt8UCkUJsfcwGg97oB44RtX7FVbPyYW4TzsIQtJ7PzIdz lO3FwCJn5zN1c31ITgCjB8hxTmrTH1O1JcDpCIQQfd12KB7SOEPkxA14GL2LkUcJ AGZ3cdV/g4mWopwt6MOa8gWOW0AkbRmJ2sEtTqcSWrWOYelaafpU3ZCCZt4oucdd 4tWIpsDqL/Wu1CP2FlQwkwdCLKhjS3p9q64h9StrbreO1A2BTc00fNLjEZ/9shmR nr5Yiiv/lLzJiI18zTy8BHHw39nQRZc7QgPZhy4tS0EQ/Q3zwMRhwmhHW5Qa4lAx SRW3MW+R44gf5WOEGuv6EAxmdaFtUZF2tuVsgSuQHrhCPKdpmnPbtTJcK9fJpdEW vQGEc7rk3Qk/bGPRNoSVcgduy9QZJjVfEEPYTXczYM3DNdMyrtkXYVMHuq6C0iaB g7A9B1lu1T6GDSfhluK4+rH8W6iP0vtEzFQfx9be16wtMbR+GlqAIG3JHGLpnsop niTHt0CKNWFkfPDLg/Xgz7lpXBWDmP+ZI10y5rsrCleehx2ag70941pJ5Wk5QiMw OR2regMmV1gDF7ZPmN/yFEDv5hoSMHGyU5ScWV/ubEtcbV1rEPILMtPbNLZOOCgz O3NzL0qRZv40MjahE4ctYoR6VcaJjEyTfWu0t/eEe6178MuU/oo= =9Z8O -----END PGP SIGNATURE----- --zv7bc7ptzlaohqi2--