Date: Thu, 8 Dec 2016 05:16:24 +0000 From: Daniil Berendeev <pipfstarrd@openmailbox.org> To: freebsd-ports@FreeBSD.org Subject: The ports collection has some serious issues Message-ID: <c5bc24cc-5293-252b-ddbc-1e94a17ca3a8@openmailbox.org>
next in thread | raw e-mail | index | archive | help
Hello guys! First of all, it's not a hate mail, I appreciate all the work done on the system and I enjoy using FreeBSD every day. But after some recent experience I'd like to point out some problems that make using the ports collection uncomfortable and painful. Some overview before we start: * Why I use ports over pkg? Because, generally, packages are built with poor default options, for example moc isn't able to play .alac/.mod and that's frustrating. * Why pkg is still nice? It is able to update packages with broken ABI, it's fast and easy to use. Some packages/ports don't have options and can be used via pkg by a ports user. I want to contribute to FreeBSD development, so, long story short, I've decided to move to -CURRENT. Everything went fine except the ports upgrade. Is it possible to upgrade the ports by hand? Well, it is, but it is not too comfortable. Ports collection by itself doesn't provide a nice way to work with port management, so a user needs to use something for port management. As the handbook advised, I picked portmaster. And here begin the problems. 1) portmaster is not nice for the user. If it comes over an error even in one little tiny port that is a dependency for something bigger , it will abort its work and leave all the other ports not updated. So, if you try to to do `portmaster -af`, you should not forget `-m DISABLE_VULNERABILITIES=yes` (we will return to this one later) and you must pray to God for not coming around a circular dependency or some port that would fail to deinstall its older version. You can't leave portmaster for a night to update all the needed ports and deal with broken ones in the morning, you need to cherry pick the broken ports and ignore them, and then try to deal with them. Although portmaster is not releated to the FreeBSD project and is an outside tool, there aren't any alternatives from the project itself. So use it or die. Not a nice situation. 2) pkg and ports are not in sync. pkg appeals to build ports that are from 2xxxQx branches. The promoted tool for syncing ports (portsnap) always fetches from head. And there is no way to choose. That gives us the next problem: 3) no integration between ports and packages There is no clear, easy way to use ports and packages simultaneously. If I'd like to use some built packages to speed up port updates, I have to ignore by hand all the packages that I want to be built as ports. It's easier to stick to only ports or only packages. 4) uncomfortable way of rollback If I want to rollback, or just choose the branch from where the packages are built (to stay in sync with pkg), I have to pull the whole svn repository. 5) svn repository. I don't want to spark a holy war and I don't belong to those type of people who are always obsessed that something isn't done in their way. But guys, svn is not a good tool for ports. Just for one reason, actually (as for me, I could tolerate anything else, but not this one) -- size. The size of repository is 20G+ and growing. I don't want to pull 20G+ in /usr/ports just because I need to use ports. It's just sick. The repository is so big because, as all ya know, svn is expensive in branch operations. Since you've began to do those 2xxxQx branches the size of the repository began to grow rapidly. It's inefficient and uncomfortable. For such a work something like git or mercurial should be used, they'd fit in 3-4G. 6) broken ports are pushed to head Why do we have such a situation, when head contains a handful of broken ports? Why commit a port that won't build? It's sick. Ports are broken in a different way. Some fail to build. Some fail to uninstall their older version (like rust), so that you need to do `pkg remove -f portname; portmaster portname`. Some have a circular dependency (d-bus) and will try build until the heat death of the universe. I just don't get it, why broken ports are pushed to head, if head is then used by portsnap to update /usr/ports? You leave tons of users with a broken setup. And there is always a bunch of ports that won't build. It's not just one, or two, it's a handful of ports. pkg-fallout@FreeBSD.org is overwhelmed with build fails. 7) No way to update ports with broken ABI. I need to run `pkg update` and then pick the broken ports by hand. Or do `portmaster -af`. 8) ports with vulnerabilities. They exist in the tree and on build attempt they shout that they won't build without DISABLE_VULNERABILITIES=yes. The catch is that there is always a bunch of ports with vulnerabilities. So if you are doing a fresh install, you have to install those nasty vulnerable ports anyways. It causes you to do extra moves and doesn't add no security or safety. There is no way to pick the latest safe version. I hope that my mail will produce a productive discussion that will lead to some good decisions for fixing these problems. Make ports great again :). -- Cheers~ PGP key fingerprint: 07B3 2177 3E27 BF41 DC65 CC95 BDA8 88F1 E9F9 CEEF You can retrieve my public key at pgp.mit.edu.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c5bc24cc-5293-252b-ddbc-1e94a17ca3a8>