Date: Tue, 1 Apr 2014 11:18:05 -0400 From: J David <j.david.lists@gmail.com> To: freebsd-ports@freebsd.org, freebsd-questions@freebsd.org Subject: Updating less-than-everything with poudriere & pkgng Message-ID: <CABXB=RSgfe=nS=tTGd7kFQ4fcGASJCZYaZt9nPGCY=XnX9cTEA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Poudriere and pkgng have been great tools for managing large numbers of FreeBSD ports. However, we would like to optimize the build in some cases. Consider a poudriere-generated pkgng repository with about 10,000 packages in it. Now, just because the FreeBSD ports collection is the way it is, about 8,000 of those packages are going to depend directly or indirectly on perl. Now suppose one of those 10,000 packages is foobar-1.2.2. A security advisory is released, and it is now urgent to upgrade all the machines using this repository to foobar-1.2.3 ASAP. But foobar-1.2.3 (like 7,999 of its brethren) depends on perl, and perl has also been updated from perl-5.12.3.4_5a to 5.12.3.4_5a1. What we want is to do a poudriere build that updates to foobar-1.2.3 and rebuild anything that depends on foobar. But the first thing poudriere is going to do is whack perl-5.12.3.4_5a and all 8000 packages that depend on it. This is a problem for two reasons. First, this takes at least a day to build, during which time foobar-1.2.2 is out there waiting to be exploited. (Alternatively you can try to build less than the full set to get it done quicker, but this introduces its own set of problems; packages that didn't get rebuilt may stop working.) Second, it's virtually a guarantee that hidden somewhere in those 8000 packages is an update that breaks something for somebody using that repository. So poudriere creates this situation where to get any security update, you have to take every other unrelated update, even if they are very bad for you. Is there any way to either: - Convince poudriere only to build a specific port and its dependents, or - Build port(s) outside of poudriere and then inject them into the pkgng repo maintained by poudriere? For example, if there were some way we could manually delete what we want rebuilt and tell poudriere to rebuild only the missing, not the outdated, that would be great. (It would be *ideal* if we could just delete the target package and poudriere would take care of deleting its dependents.) Thanks for any advice!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RSgfe=nS=tTGd7kFQ4fcGASJCZYaZt9nPGCY=XnX9cTEA>