NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Running a sustainable source code NetBSD system

On 1/12/10 6:08 PM, Stripes the Tiger Cub wrote:
Hi there,

It's been 10 years since I've run NetBSD, and I've come back to my senses
after arguing with MacOSX and Linux. The appeal to me that running NetBSD is
the pkgsrc. Gentoo does not appeal to me, and I miss NetBSD's simplicity.

So, for those who run NetBSD systems and compile the pkgsrc instead of
downloading the binaries, what do you do to keep your system(s) up to date?
Do you download the latest pkgsrc weekly, or what do you do?




I use a combination of tools for this; primarily pkg_comp, pkg_chk and pkg_rolling-replace.

"pkg_comp" (in pkgtools/pkg_comp) sets up a chroot-ed environment for building packages. This way you avoid messing with the running system on which you are building.

"pkg_chk" can check which packages are installed and if they're out of date as well as update binary packages based on the latest ones you have built. It will update packages from source if you want but I don't use this feature.

"pkg_rolling-replace" will rebuild all out-of-date packages from source and is good for making sure that dependent packages are also rebuilt as necessary when a dependency is updated.

So here's the procedure for NetBSD:

  o On a nightly basis, I have a script that does a "cvs update"
    on the pkgsrc tree. It's worth mentioning that I use the
    "stable" pkgsrc tags from cvs; e.g. pkgsrc-2009Q3.

    # cd /usr/pkgsrc && cvs -q update -dP

  o Periodically (usually every couple weeks) I run go into the
    pkg_comp environment and run pkg_chk to see what needs to be
    updated. If there's anything there, I run pkg_rolling-replace.

    # pkg_chk -uq
    # pkg_rolling-replace -vu

  o Once that's complete, I create a "summary file" (needed for
    using pkg_chk to install binaries to the "real" system).

    # pkg_info -aX | gzip -c > /path/to/repository/pkgsrc_summary.gz

    Now the repository

  o Update binary packages installed in the "real" systems with

    # pkg_chk -bu -P /path/to/repository

There's a new thing called "pkgin" that updates binary packages much like apt-get does. It will be really nice once it's stable. My last attempt showed many minor bugs, but nothing major.

I also monitor the logs from the nightly reports for any package vulnerabilities and try to get those fixed quickly, but the method is the same.

For Linux and Mac OS X I usually do the same, except without the chroot environment. So I risk my installed packages in those cases. On AIX, I use a chroot environment but not pkg_comp. The same can be done, I'm sure, for Linux and OS X.


Home | Main Index | Thread Index | Old Index