netbsd-help: Re: pkgsrc question

Subject: Re: pkgsrc question
To: Martin Schmitz <martin-schmitz@web.de>
From: Richard Rauch <rkr@olib.org>
List: netbsd-help
Date: 06/03/2003 08:46:20
Re. http://mail-index.netbsd.org/netbsd-help/2003/06/02/0006.html

pkgsrc isn't really handled the same as the NetBSD OS, proper.  Around
the time of a release, I gather that pkgsrc is deliberately stabilized so
that they can tar-up and tag a corresponding pkgsrc set that is more likely
to build everything.

However, many packages will have security flaws detected over time.  Or
simple bugs.  And others will be replaced by newer, updated versions.
So you might think about upgrading pkgsrc to relatively current status.
(At any give time, there are pretty good odds that everything you use
will build cleanly from pkgsrc...unless you use a *lot* of stuff from
pkgsrc.)


There are two downsides to updating pkgsrc regularly, however.  And they
are somewhat related: The first is that packages often are configured to
require the most recent versions of various shared libraries, so when
you build/update a package with the most current pkgsrc, you may end up
unwittingly updating some of the libraries that it requires.  So far, that
doesn't sound too bad.  But, due to problems with the way that shared
libraries are handled, and pkgsrc's preference to make all libraries
into shared libraries, pkgsrc will often end up updating a *ton* of other
software, sometimes when only a fairly innocuous piece of software was
updated directly by you.  This will burn up CPU cycles and may replace
a working (older) package with a newer package that has (new) bugs.

The second problem is kind of a variation on the first: Sometimes during
the update process, one of the packages fails to build.  The effect is
catastrophic: pkgsrc starts the update process by deleteing everything that
it needs to update.  When it fails to build a package that it was updating
along the way, the entire update process grinds to a halt.  This can
easily result in having many of your installed packages wind up uninstalled.


My approach is to, at wide-spaced intervals, get the latest pkgsrc and
then try to stick with that version for as long as I can.  The times at
which I generally update pkgsrc are:

 * When I upgrade the OS.  (I generally backup user homedirs and do
   a clean-wipe install, rather than upgrade the OS in place.   So,
   old packages get tossed out anyway; I might as well get the latest
   copy of pkgsrc...)

 * When a security fix is posted that affects how I use one of my
   installed packages.

 * Anytime that I *really* want an update.  Either for new features in
   some existing package, or for a totally new package.

(That, at least, is my take on it.)

Good luck.


-- 
  "I probably don't know what I'm talking about."  http://www.olib.org/~rkr/