Re: Running a sustainable source code NetBSD system

[Louis Guillaume <louis%zabrico.com@localhost>]

On 1/12/10 6:08 PM, Stripes the Tiger Cub wrote:
> Hi there,
>
> It's been 10 years since I've run NetBSD, and I've come back to my senses
> after arguing with MacOSX and Linux. The appeal to me that running NetBSD is
> the pkgsrc. Gentoo does not appeal to me, and I miss NetBSD's simplicity.
>
> So, for those who run NetBSD systems and compile the pkgsrc instead of
> downloading the binaries, what do you do to keep your system(s) up to date?
> Do you download the latest pkgsrc weekly, or what do you do?
>
> Thanks,
>
> -Anne



Hi!

I use a combination of tools for this; primarily pkg_comp, pkg_chk and 
pkg_rolling-replace.

"pkg_comp" (in pkgtools/pkg_comp) sets up a chroot-ed environment for 
building packages. This way you avoid messing with the running system on 
which you are building.

"pkg_chk" can check which packages are installed and if they're out of 
date as well as update binary packages based on the latest ones you have 
built. It will update packages from source if you want but I don't use 
this feature.

"pkg_rolling-replace" will rebuild all out-of-date packages from source 
and is good for making sure that dependent packages are also rebuilt as 
necessary when a dependency is updated.

So here's the procedure for NetBSD:

  o On a nightly basis, I have a script that does a "cvs update"
    on the pkgsrc tree. It's worth mentioning that I use the
    "stable" pkgsrc tags from cvs; e.g. pkgsrc-2009Q3.

    # cd /usr/pkgsrc && cvs -q update -dP

  o Periodically (usually every couple weeks) I run go into the
    pkg_comp environment and run pkg_chk to see what needs to be
    updated. If there's anything there, I run pkg_rolling-replace.

    # pkg_chk -uq
    # pkg_rolling-replace -vu

  o Once that's complete, I create a "summary file" (needed for
    using pkg_chk to install binaries to the "real" system).

    # pkg_info -aX | gzip -c > /path/to/repository/pkgsrc_summary.gz

    Now the repository

  o Update binary packages installed in the "real" systems with

    # pkg_chk -bu -P /path/to/repository

There's a new thing called "pkgin" that updates binary packages much 
like apt-get does. It will be really nice once it's stable. My last 
attempt showed many minor bugs, but nothing major.

I also monitor the logs from the nightly reports for any package 
vulnerabilities and try to get those fixed quickly, but the method is 
the same.

For Linux and Mac OS X I usually do the same, except without the chroot 
environment. So I risk my installed packages in those cases. On AIX, I 
use a chroot environment but not pkg_comp. The same can be done, I'm 
sure, for Linux and OS X.

Louis