[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Running a sustainable source code NetBSD system
On 1/12/10 6:08 PM, Stripes the Tiger Cub wrote:
It's been 10 years since I've run NetBSD, and I've come back to my senses
after arguing with MacOSX and Linux. The appeal to me that running NetBSD is
the pkgsrc. Gentoo does not appeal to me, and I miss NetBSD's simplicity.
So, for those who run NetBSD systems and compile the pkgsrc instead of
downloading the binaries, what do you do to keep your system(s) up to date?
Do you download the latest pkgsrc weekly, or what do you do?
I use a combination of tools for this; primarily pkg_comp, pkg_chk and
"pkg_comp" (in pkgtools/pkg_comp) sets up a chroot-ed environment for
building packages. This way you avoid messing with the running system on
which you are building.
"pkg_chk" can check which packages are installed and if they're out of
date as well as update binary packages based on the latest ones you have
built. It will update packages from source if you want but I don't use
"pkg_rolling-replace" will rebuild all out-of-date packages from source
and is good for making sure that dependent packages are also rebuilt as
necessary when a dependency is updated.
So here's the procedure for NetBSD:
o On a nightly basis, I have a script that does a "cvs update"
on the pkgsrc tree. It's worth mentioning that I use the
"stable" pkgsrc tags from cvs; e.g. pkgsrc-2009Q3.
# cd /usr/pkgsrc && cvs -q update -dP
o Periodically (usually every couple weeks) I run go into the
pkg_comp environment and run pkg_chk to see what needs to be
updated. If there's anything there, I run pkg_rolling-replace.
# pkg_chk -uq
# pkg_rolling-replace -vu
o Once that's complete, I create a "summary file" (needed for
using pkg_chk to install binaries to the "real" system).
# pkg_info -aX | gzip -c > /path/to/repository/pkgsrc_summary.gz
Now the repository
o Update binary packages installed in the "real" systems with
# pkg_chk -bu -P /path/to/repository
There's a new thing called "pkgin" that updates binary packages much
like apt-get does. It will be really nice once it's stable. My last
attempt showed many minor bugs, but nothing major.
I also monitor the logs from the nightly reports for any package
vulnerabilities and try to get those fixed quickly, but the method is
For Linux and Mac OS X I usually do the same, except without the chroot
environment. So I risk my installed packages in those cases. On AIX, I
use a chroot environment but not pkg_comp. The same can be done, I'm
sure, for Linux and OS X.
Main Index |
Thread Index |