DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Ports and Packages

FreeBSD Ports and Packages Installation and upgrading of ports and packages on FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default Upgrading ports/packages

After spending most of the last years with OpenBSD I am building new FreeBSD 9.1 webserver now..
I am using a FreeBSD box at home to compile the ports into packages.

I have set the PACKAGES environment variable
Code:
#  env | grep pack
PACKAGES=/home/packages
This way a # make config-recursive and # make package-recursive results in nice package hierarchy:
Code:
#  ls -l /home/packages | head -5
total 104
drwxr-xr-x  2 root  wheel  3072 May  1 08:33 All
drwxr-xr-x  2 root  wheel  2560 May  1 08:33 Latest
drwxr-xr-x  2 root  wheel   512 Apr 28 00:57 archivers
drwxr-xr-x  2 root  wheel   512 Apr 30 21:36 converters
I have about 100 packages built:
Code:
# ls /home/packages/All | wc -l
      98
With rsync these packages are copied to /home/packages on the webserver. That way I can install them with # pkg_add.

portaudit now tells me two ports have security issues:

Code:
# portaudit
Affected package: joomla-2.5.6
Type of problem: Joomla  -- XXS and DDoS vulnerabilities.
Reference: http://portaudit.FreeBSD.org/57df803e-af34-11e2-8d62-6cf0490a8c18.html

Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- Multiple security vulnerabilities.
Reference: http://portaudit.FreeBSD.org/8c8fa44d-ad15-11e2-8cea-6805ca0b3d42.html

Affected package: phpMyAdmin-3.5.7
Type of problem: phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page.
Reference: http://portaudit.FreeBSD.org/7280c3f6-a99a-11e2-8cef-6805ca0b3d42.html

3 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
I have not rsynced nor installed these packages on the webserver yet.

On April 7 I did a portsnap(8) to get the ports tree on the package building box.

What would be be the best way to upgrade these ports on my package building box without going through the ports/packages equivalent of the Windows 2.x or 3.x DLL upgrade hell ?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #2   (View Single Post)  
Old 22nd May 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,074
Thanked 198 Times in 156 Posts
Default

Have you solved this problem yet?

Why go to the bother of building the packages on a separate machine? Is there a compelling reason not to build them on the webserver?

In the case of these three specific ports/packages, the Makefile comprise of little more than a `tar xf' and perhaps a sed or two (ie. no compiling or linking required).
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 23rd May 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,154
Thanked 182 Times in 149 Posts
Default

Yes, I solved it. I backed up the ports tree and the packages and rebuilt those two ports/packages. Fortunately it did not trigger a massive rebuilt of other packages

RE: separate package build machine
I prefer not to have to compile ports on a production web server. That is the only reason
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 27th May 2013
DNAeon DNAeon is offline
Shell Scout
 
Join Date: Sep 2008
Location: Bulgaria
Posts: 138
Thanked 6 Times in 6 Posts
Default

Quote:
Originally Posted by J65nko View Post
Yes, I solved it. I backed up the ports tree and the packages and rebuilt those two ports/packages. Fortunately it did not trigger a massive rebuilt of other packages

RE: separate package build machine
I prefer not to have to compile ports on a production web server. That is the only reason
You should probably be doing that using the new tools for the job - ports-mgmt/pkg and ports-mgmt/poudriere. Setup the poudriere jails and run builds from there.

Here's also documentation how to integrate poudriere with Jenkins in case you are interested.

* http://unix-heaven.org/continuous-pa...re-and-jenkins

Regards,
__________________
"I never think of the future. It comes soon enough." - A.E

Useful links: FreeBSD Handbook | FreeBSD Developer's Handbook | The Porter's Handbook | PF User's Guide | unix-heaven.org
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how-to list all packages that need upgrading ? da1 OpenBSD Packages and Ports 7 26th October 2010 03:39 AM
packages vs ports zelut FreeBSD Ports and Packages 17 28th October 2009 08:19 AM
Upgrading and rebuilding ALL packages/ports chill FreeBSD Ports and Packages 8 16th June 2008 04:55 AM
cvsup upgrading/updating ports tree Ofloo FreeBSD Ports and Packages 6 25th May 2008 01:32 AM
Upgrading /usr/ports ClaptonOrient FreeBSD Installation and Upgrading 11 12th May 2008 10:17 AM


All times are GMT. The time now is 07:06 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick