# Suggestions about update approach



## DanDare (Nov 9, 2015)

Hello,

This is my first post in here. After reading the handbook and other sources of information, man pages, IRC talk and testing the FreeBSD tools I’m still not sure what direction to take. Appreciate any suggestions.

P.S. Sorry about any English mistakes, not my native language. Sorry about text extent, just trying to be the more precise about steps and the situation.

My objective is migrating my production server to FreeBSD. About upgrades: After a starting point (installing and configuring the system) I’m not interested in new features (unless strictly necessary), new versions of the third party software (unless necessary or obligatory), but just security updates. I’m still not sure on what extent that’s possible (still learning how it all works), but want to get the most conservative as possible.

I feel comfortably already about how base system updates works (picked 10.2-RELEASE), but not about ports. I point out below what I have been doing in this direction but not sure if I’m doing it right:

Using binaries (pkg) seemed the best for me but then I needed different configurations on some of the packages. At this point installed ports and everything worked as expected but after trying and researching discovered that mixing ports with pkg would lead to issues. Although possible doing this way it’s error prone in a considerable (large?) scale after some point.

So decided poudriere as the best approach: Opportunity to tweak as want but keeping things in a more organized way so just a matter to use only pkg on the client machines.

I was told that the pkg binaries shares same version and source code than ports in the portsnap method but after making some tests that’s not what I see, example: In a machine using only pkg, after `pkg update -f` I get for sqlite3: sqlite3-3.8.11.1_1 but on the poudriere side, after `poudriere ports -u` and bulk build I get: sqlite3-3.9.2. `poudriere ports -l` gives me:

```
METHOD: portsnap
```
So in fact that’s not true (or entirely true?), pkg does not seems to share same stuff with portsnap after all. `poudriere ports –u` brings a lot of patches (also version updates) in a daily fashion, differently than pkg.

My fear is keeping a system with high maintenance demand while more interested in the security patches.

What would be the best approach in this case?

Thanks,
Rodrigo


----------



## brd@ (Nov 9, 2015)

This is caused by the pkg repo on 10.2-RELEASE.  By default it is configured to use the quarterly ports branch (i.e. https://svnweb.freebsd.org/ports/branches/2015Q4/).  So only security updates and other build fixes are merged to it.

Poudriere configured to use portsnap, will be building the head/branch of the ports tree.  Hence the newer versions.

For ease of maintenance, the quarterly branch will only have minimal changes.  Until a new quarterly branch is cut, then you will have all the missed upgrades that happened in the head/ branch.


----------



## obsigna (Nov 9, 2015)

getopt, look at the following thread, it offers some more details about the quarterly pkg repository. Specially, you might want to learn that the bi-/tri-daily repository is still operative. At least for me the issue was solved by the instructions of post #4 in the given thread below.

https://forums.freebsd.org/threads/pkg-repository-changed-to-quarterly-in-10-2.52843/#post-296553


----------



## DanDare (Nov 9, 2015)

Considering I will use quaterly branch it's ok having poudriere compiling only the packages I need special configuration and fetch anything else from pkg mirror by keeping respective .conf files at /usr/local/etc/pkg/repos/? Or it can be a issue anyway considering SVN and pkg repository aren't exactly in sync?


----------

