tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkgsrc-2015Q4 released



pkgsrc-2015Q4
=============

The pkgsrc team is proud to announce the availability of the pkgsrc-2015Q4
branch.  Notable new packages this quarter include kodi (home media center
software previously known as xbmc), php-baikal (a CardDAV/CalDAV server),
freecol (a Colonization clone), unicorn (a CPU emulator framework), and
clang-static-analyzer.

Sevan Janiyan continued his great work to test and improve pkgsrc across
various platforms, and we can now build over 10,000 packages on Bitrig,
and over 12,000 on OpenBSD.

Other infrastructure changes include adding SHA512 digests for all package
distfiles, the removal of the obsolete find-prefix code, and pkglint is
now much faster having been rewritten in go (the previous perl version is
still available as pkglint4 for platforms which cannot run go programs).


Number of Packages
==================

In pkgsrc, there are 16846 possible packages in pkgsrc-2015Q4, up from
16764 last quarter.  The number of successful binary package builds on
various platforms are:

* 16,000+ on NetBSD-current amd64 using clang
* 14,000+ on FreeBSD amd64 using clang
* 14,000+ on SmartOS i386/x86_64 using gcc
* 13,000+ on Linux i386/x86_64 using gcc
* 12,000+ on OpenBSD amd64 using gcc
* 12,000+ on OS X El Capitan x86_64 using clang
* 11,000+ on DragonFly 4.5 amd64 using gcc
* 10,000+ on Bitrig amd64 using clang

In addition, this quarter:
172 packages have been added (225 last quarter)
1 package has been renamed (1 last quarter)
58 packages removed, 7 with a successor (27 and 8 last quarter)
1185 packages updated (1392 last quarter)


Release Schedule
================

The pkgsrc developers make a new release every three months.  We believe
that this is a sweet spot between too many updates, and keeping abreast of
issues like security vulnerabilities.  pkgsrc is not tied to any one
operating system or architecture, which gives us the ability to decouple
the releases from any operating system releases, and to concentrate on the
packages themselves.

This is the 49th quarterly release of pkgsrc.  Suggestions on how we
should celebrate our 50th release next quarter are welcome!


Changes to pkgsrc
=================

Many pkgsrc developers and contributors have all helped with submissions,
fixes, and bug reports.  This quarter there were 3,418 commits to pkgsrc
by 73 committers, making 2015 our most productive year so far!


Package Additions
=================

As well as the notable packages listed above, we also introduced support
for php70 and python35, with many existing modules automatically building
with the new releases.  The proftpd package was split into separate module
packages, making it much simpler to choose authentication backends at
runtime instead of having to compile in support at build time.  We also
saw the introduction of Asterisk 13.


Package Removals
================

We actively manage the packages in pkgsrc, and delete ones that are no
longer useful relative to maintenance costs.  We said goodbye to php54 and
ruby193, both of which are no longer maintained upstream.


pkgsrc-security
===============

One neat feature of pkgsrc is its ability to sort package versions based
on the version numbers.  It's used in audit-packages, to report on any
installed packages which may have security vulnerabilities in them.
pkgsrc-security%pkgsrc.org@localhost maintains lists of vulnerable packages, along
with reference URLs relating to the exposure.  We thank the whole
pkgsrc-security team for their hard work.  Sample output from
audit-packages is shown below:

% audit-packages
Package qemu-2.4.0nb2 has a information-disclosure vulnerability, see http://xenbits.xen.org/xsa/advisory-140.html
Package qemu-2.4.0nb2 has a buffer-overflow vulnerability, see https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
Package qemu-2.4.0nb2 has a memory-corruption vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=efec4dcd2552e85ed57f276b58f09fc385727450
Package qemu-2.4.0nb2 has a denial-of-service vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=3a56af1fbc17ff453f6e90fb08ce0c0e6fd0b61b
Package qemu-2.4.0nb2 has a buffer-overflow vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=7aa2bcad0ca837dd6d4bf4fa38a80314b4a6b755
Package qemu-2.4.0nb2 has a denial-of-service vulnerability, see http://git.qemu.org/?p=qemu.git;a=commit;h=5a1ccdfe44946e726b4c6fda8a4493b3931a68c1
%


Getting pkgsrc
==============

More information can be found in
	http://www.netbsd.org/docs/pkgsrc/getting.html

tar files for pkgsrc, along with checksums, can be found at
	http://ftp.netbsd.org/pub/pkgsrc/pkgsrc-2015Q4/

and anonymous cvs can be used:
	cvs -z3 -q -d anoncvs%anoncvs.netbsd.org@localhost:/cvsroot checkout -r pkgsrc-2015Q4 -P pkgsrc

or by pulling from the git mirror at:
	https://github.com/jsonn/pkgsrc
or the mercurial mirror at:
	https://bitbucket.org/agc/pkgsrc.hg

Joyent provide quarterly binary package sets for SmartOS/illumos,
OS X, and Linux, as well as some quickstart documentation at:
	https://pkgsrc.joyent.com/

Sevan Janiyan provides an OS X PowerPC package repository at:
	http://sevan.mit.edu/


About pkgsrc
============

pkgsrc is a cross-platform packaging system.  It allows people to download
sources and to build and install binary packages on one or more platforms.

Building packages from source is useful for a number of reasons:

* not only is the provenance of source code checked (by using multiple
  digests), with pkgsrc, the version of source code you are working with
  is the same that other developers and users have.

* package builders can choose to customize their own installations by
  means of the option framework. pre-built packages from other builders
  may not have specified the same options.

* patches are maintained in a central repository, and, again, are checked
  at patch application time by using digests.  The patches which are
  applied to the sources being built are the same ones which are known to
  be used and proved by other pkgsrc users (not necessarily on the same
  platform).

* by building from source, all doubts about compilers, build
  practices, source code cleanliness, and packaging differences are
  removed.  Digital signatures of binary packages, while useful in
  themselves, only prove certain aspects of binary package provenance.
  (pkgsrc has had signed packages since 2001.)

* it may be difficult or impossible to find a pre-built package for the
  operating system or architecture.

* a pre-built package may have further or conflicting pre-requisites,
  which are themselves difficult to find or build.  By building
  everything, including pre-requisites, a from-source packaging system
  can ensure that pre-requisites are present and integrated.

At the present time, pkgsrc supports 23 platforms:

	AIX
	Bitrig
	BSDOS
	Cygwin
	Darwin/Mac OS X
	DragonFly
	FreeBSD
	FreeMiNT
	GNU/kFreeBSD
	HPUX
	Haiku
	IRIX
	Interix/SFU/SUA
	Linux
	Minix3
	MirBSD
	NetBSD
	OSF1
	OpenBSD
	QNX
	SCO OpenServer
	Solaris/illumos
	UnixWare

Complete dependency and pre-requisite package information is held and used
by the package management software - if packages rely on other packages to
function properly, that pre-requisite will be built, installed and managed
as part of the package installation process.  Binary packages can be
managed using pkgin and nih.

Jonathan Perkin
On behalf of the pkgsrc developers
Fri Jan  1 18:00:00 GMT 2016

-- 
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com


Home | Main Index | Thread Index | Old Index