On Oct 15, 2006, at 1:01 PM, Glyn Astill wrote:

> This is a bit more of a generic question than usual, but once I've
> got my system up and running (currently it's compiling apache, I hope
> it works) I'm obviously going to have to keep it patched. I know
> it'll probably depend on what I'm actually updating but is there a
> specific way you guys approach this? Will it be in the form of
> patches that need applying or is it more just a case of getting the
> latest source and re-compiling?

I run pkg_chk -i 	off and on to see who has an update available.

Before you update a package, as things can go awry and take out a LOT  
of our system in a worst case scenario (think how many things need  
SSL, and if the SSL components are trashed, all of a sudden SSHd has  
problems, etc) you want to back up the package and any dependancies  
using pkg_tarup.  pkg_tarup is a very useful tool, it can save you a  
lot of hassle.

To update a pkg, you can cd to its directory, do a    make clean   to  
get rid of the old stuff if you hadn't already.  When in the pkg's  
directory, I suggest doing a make install rather than make update.  
make update will go through and helpfully delete dependencies for you  
before stating to compile and updating, but if there's an error in  
build, those pieces are all gone, which can be bad.

So, make install, compile goes along, will abort at the end as there  
is the old version of the package already installed.  Do a pkg_delete  
of the old version instead, IGNORE what the error message says about  
doing a make update as an option (see above),.  You might have to  
force the pkg_delete.  Then you can do a make reinstall to do a  
faster install of the new version.

IF a dependency also needs updated, the install will abort, telling  
you which piece needs updated.  You then cd to the pkgsrc directory  
of the dependency, and do all this there, then cd back and continue  
wih what you were working on originally.

There are some automated ways to do this, and make update seems like  
it would be a good idea, but you can whack a lot of things REALLY  
fast and end up with an unworkable system pretty darn quickly.  If  
you do want to play with make update and pkgsrc, really check into  
pkg_tarup first! :)  BTW, you really don't want to run make update on  
the whole system, either, in my opinion.

pkg_chk, pkg_tarup, and some other useful things aren't necessarily  
in place when you first set up the system; those and other things are  
in the pkgsrc/pkgtools directory.

HTH.  Others might do things differently but after causing myself a  
hassle a couple of times this has worked for me without causing  
headaches.

Brian