# Stable and Release



## cdiem (Dec 21, 2008)

Hello,

I'm fairly new to FreeBSD. Using packages only, on a lappy.
As far as I understand it, FreeBSD is separated in 2 - base system and packages.
Today I ran portaudit and it showed 17 packages with flaws (using the default RELEASE packages, without setting anything with PACKAGESITE).
My question is, is it ok to point PACKAGESITE to 7.0-Stable and upgrade these packages, while having the base system at 7.0-RELEASE; is this going to break the system anyhow? Will I be able to upgrade then to 7.1-RELEASE after it is released within a few months, with the mixed system I'm going to have?
So, basically, is it OK to have the base system at 'RELEASE' and the packages at 'STABLE'?


----------



## jb_fvwm2 (Dec 21, 2008)

"base"; then ( /ports/ OR ports-via-packages OR mix)

portaudit,  vulnerabilities within the packages_OR_ports
packages are less recent than ports.  To "maybe fix" portaudit you
would install ports not packages, but even the ports Makefiles/etc 
lag behind somewhat the fixes for the vulnerabilities.
.........
stable, release, can refer to the "uname -a" base version
as well as the source of packages
.........
leaving out a few explanations I don't have time to think
through before typing...


----------



## Lowell (Dec 22, 2008)

cdiem said:
			
		

> So, basically, is it OK to have the base system at 'RELEASE' and the packages at 'STABLE'?



Yes.  Completely normal.


----------



## cdiem (Dec 22, 2008)

Thank you for your answers; it was just this info that I needed; I'm going to try it. Thanks again.


----------



## dracodoc (Dec 23, 2008)

It is possible, but there are problems. I learned them in a hard way. -- I'm just a beginner user so please correct me if I said anything wrong.
When you set your PACKAGESITE to stable, you can pkg_add -r someapplication, but it will need other dependencies, and the version of your system will not match in most case -- since 7.0 release is not new. Then your pkg install will fail because pkg_add will not install needed new pkg automatically, you can force install the application but it will have problem for sure.
If you install new application by ports, ports will install needed dependencies automatically. But the problem is, almost all your libraries will need update, and it can take a very long time to install firefox3 -- I tried but decided to cancel it.
So the better idea should be install 7.1 release RC now or wait for official release of 7.1. That way your library in userland will be more up to date and need less compilation.


----------



## fender0107401 (Dec 23, 2008)

I prefer the ports, the ports tree is shared by "current", "stable" and "release", but every ports have a cvs_tag, I think the cvs_tag is a declaration of the base_system request. The package system may don't work like it.

FreeBSD's Base system have two branch: that is "curent" and "stable".
The "release" is just a snapshot of "stable" branch in some time point.

Beyond the ports, FreeBSD alse have "doc" and "web" tree, they also shared by every branch.

Recently, I find the "doc" tree is every interesting, it can help me to maintain a fresh documentation in /usr/share/doc.


----------



## cdiem (Dec 23, 2008)

You were right actually; I had to 'pkg_delete -a' after pointing to stable, because several packages did not upgrade with 'portupgrade -varRPP'. I did 'pkg_add -r xorg' for 7-STABLE after deleting it all, which again had some problems with dependencies..I guess I will just wait for the packages from 7.1-release (which seems to be coming soon). 

I'm just curious, cause after doing 'pkg_add -r xorg' for the 7.0-RELEASE, portaudit showed several packages with security flaws, one of them xserver. Is there a way to fix this if I do not want to recompile xorg? 
I mean, it's a laptop; when compiling anything it usually overheats, and that's why I use packages; the only cure seems to be to set the highest CPU frequency lower, which by the way needs kernel recompiling for 7.0-release (as stated in the HOWTO's section of this forum, the CPU scalling thread). But, as I said, I'm new in FreeBSD; probably there's also another way to lower down the temperature when compiling applications, which the more experienced FreeBSD gurus are aware of - is there one?


----------



## fender0107401 (Dec 23, 2008)

```
portupgrade --PP
```
This command will help you to upgrade your packages without compilation, If the developer have compiled it for users.
I found it in portupgrade's man page, and perhaps it will need you to update the ports_tree before you run it.
I am not sure about this command option, because I never used package. :e

FreeBSD is very flexible it have two application management system: package and ports. If you run it on laptop, the package is a smart choice.


----------



## dracodoc (Dec 23, 2008)

From the man pages for pkg_add(1), it should be able to get dependency packages automatically:
     3.   Scan all the package dependencies (from @pkgdep directives, see  pkg_create(1)) are read from the packing list.  If any of these  required packages is not currently installed, an attempt is made to  find and install it; if the missing package cannot be found or  installed, the installation is terminated.

But in my experience, with FreeBSD release 7.0, changed PKGSITE to stable, pkg_add will not install dependency packages needed for firefox3. Maybe because there is no readily available packages for those libraries?


----------



## Lowell (Dec 24, 2008)

fender0107401 said:
			
		

> ```
> portupgrade --PP
> ```
> This command will help you to upgrade your packages without compilation, If the developer have compiled it for users. I found it in portupgrade's man page, and perhaps it will need you to update the ports_tree before you run it. I am not sure about this command option, because I never used package. :e



It uses the ports tree to determine the dependencies, regardless of whether you're using ports or packages.  Therefore, you are definitely better off to have the ports up to date (and build or fetch a new INDEX file) before using it for an update.

If you have updated your base system across major releases, you need to update all of your ports, even those that are at the current version.  This is because they are linked against the old system libraries.  There is a portupgrade option (-f) that will help with this. In the future, this will become less of a problem because of new capabilities in the base system, but it will still be some time before a version of FreeBSD is released with those new capabilities.



> FreeBSD is very flexible it have two application management system: package and ports. If you run it on laptop, the package is a smart choice.



It's really one management system, with two different ways to install the applications.  Once installed, there is no difference between programs you installed from packages as opposed to those you built from source.


----------



## fender0107401 (Dec 24, 2008)

Lowell said:
			
		

> If you have updated your base system across major releases, you need to update all of your ports, even those that are at the current version.  This is because they are linked against the old system libraries.  There is a portupgrade option (-f) that will help with this. In the future, this will become less of a problem because of new capabilities in the base system, but it will still be some time before a version of FreeBSD is released with those new capabilities.


Thank you very much for the reply. I never upgraded my system across major release, so I have not any experience about this process.


			
				Lowell said:
			
		

> It's really one management system, with two different ways to install the applications.  Once installed, there is no difference between programs you installed from packages as opposed to those you built from source.


Yes, you are right, the package is compiled from the ports by developers instead terminal users, naturally they are same. Maybe we should say the package is subsystem.


----------



## rocketman (Dec 26, 2008)

> I'm just curious, cause after doing 'pkg_add -r xorg' for the 7.0-RELEASE, portaudit showed several packages with security flaws, one of them xserver. Is there a way to fix this if I do not want to recompile xorg?



I think if you run "X", it will always have vulnerabilities. But if your using your system as a desktop, you'll be OK. I would not suggest you install ANY "X" servers on a server system. Refer to 'man xhost' for more details.


----------



## rocketman (Dec 26, 2008)

I forgot to explain clearly. Any "X" means running "X" on any operating system: Linux, *BSD, MacOS X, DECwindows and there are several "X" servers for Win32.


----------



## Lowell (Dec 27, 2008)

rocketman said:
			
		

> I think if you run "X", it will always have vulnerabilities. But if your using your system as a desktop, you'll be OK. I would not suggest you install ANY "X" servers on a server system. Refer to 'man xhost' for more details.


X is always dangerous, because it _requires_ direct access to memory.  However, there are no known vulnerabilities at this time if you are running x.org from the most up-to-date ports.


----------



## Oko (Dec 28, 2008)

X is listening by default on port 6000 and runs as a root. There is no such thing as safe X server. There is some work in OpenGL (better known for X accelerated server and 3D rendering drivers) which might enable us in the distant future to run X window system safely i.e as the normal user. In the mean time I would fire you if I saw you running X on my servers


----------



## Djn (Dec 28, 2008)

The "listening"-part can be turned off, though.


----------



## edogawaconan (Dec 30, 2008)

cdiem said:
			
		

> You were right actually; I had to 'pkg_delete -a' after pointing to stable, because several packages did not upgrade with '*portupgrade -varRPP*'. I did 'pkg_add -r xorg' for 7-STABLE after deleting it all, which again had some problems with dependencies..I guess I will just wait for the packages from 7.1-release (which seems to be coming soon).


How about -f?
Also shouldn't there will be problem if required package(s) not available in binary form with -PP option?


----------



## fleshm (Jan 19, 2009)

hey, btw i'd like to ask a similar question.

i've got my sup file configured that way;


```
*default host=cvsup.FreeBSD.org
  *default base=/usr
  *default prefix=/usr
  *default release=cvs tag=RELENG_7_1_0_RELEASE
  *default delete use-rel-suffix
  *default compress
  ports-all
  doc-all
```

and when i type 

cvsup supfile it makes no port tree. in the handbook i've found that tree is created when tag is set to "tag=.". i want to stay with stable tree of 7.1 FreeBSD, so do i need to change every time tag to "." when i want to upgrade the port tree? i don't understand one thing. assuming i've downloaded the tree and i want to install some program. so i type

cd /usr/portage/[category]/[prog]
make install clean

from what freebsd release the program will be installed from? i bet freebsd-current. so what do i have to do when i want to install stable version?. i've found something in /var/ directory such as cvs_[xx]_RELENG_7_1_0_RELEASE. is this someway related to the release of the program i want to install? the same for portupgrade? how the heck the program knows the release ? i read "ports" part of handbook couple times and still don't get it. could someone explain please? thanks in advance


cheers


----------



## danger@ (Jan 19, 2009)

the supfile you have posted is for the src/ tree. You need a ports-supfile in order to update your ports tree.

However a faster option is to use portsnap(8) utility to synchronize your ports tree...


----------



## tangram (Jan 20, 2009)

Do take notice that only source code collection has releases or branches. 

By adding tag=. to the end of the collection name, you just tell csup to fetch the latest version of this collection.

So a supfile to pull ports should contain

```
ports-all tag=.
```

Same for docs

```
doc-all tag=.
```


----------



## fleshm (Jan 21, 2009)

Thank You for the answer


----------



## tangram (Jan 21, 2009)

Glad we've helped. You ever feel to thank someone just push the bottom right "Thanks" button. No need to write a thanks you post


----------

