# Uppgrading ports the most secure way



## Aknot (Sep 11, 2012)

Dear forum!

We have a VPS server with the following configuration:

```
FreeBSD srv01.alldoit.se 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Wed Mar 30 15:26:23 UTC 2011     root@freebsd82.tst:/usr/obj/usr/src/sys/XENHVM  amd64
```

The ports tree is installed and updated with:

```
csup -L 2 -h cvsup.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
```

The server is used with Apache, MySQL, PHP, Postfix, ProFTPD and so on.

We have installed the portmaster port. But what is the most safe way to update the ports already installed? Traditional or with portmaster?


----------



## SirDice (Sep 11, 2012)

Use portmaster(8), it'll make life a lot easier.

Don't forget to read /usr/ports/UPDATING before starting to update anything.


----------



## kpa (Sep 11, 2012)

It's not stressed enough in the documentation but you always want to use the -w option of portmaster(8) that saves backup copies of shared libraries that are being updated. The option can be set to on by default in /usr/local/etc/portmaster.rc (included are few other almost mandatory settings):


```
SAVE_SHARED=wopt
BACKUP=bopt
ALWAYS_SCRUB_DISTFILES=dopt
PM_MAKE_ARGS='-DFORCE_PKG_REGISTER'
```


----------



## jb_fvwm2 (Sep 11, 2012)

FYI there are plans to deprecate csup/cvsup for updating the ports tree, leaving svn/portsnap. (Other changes are planned for the flat files in /var/db/pkg re: the changes planned from pkg_add (etc) >> pkg add (/pkg/), maybe as soon as V10.)
More information is available in threads here and in the freebsd-ports mailing list.


----------



## Aknot (Sep 11, 2012)

Thank you guys (and girls?)!

Exactly the information I was looking for =)
Is there a mailing list where all security updates to the ports are shown?


----------



## SirDice (Sep 11, 2012)

Not a mailing list, http://www.freshports.org/vuxml.php?all

ports-mgmt/portaudit can make use of that information.


----------



## Aknot (Sep 16, 2012)

When you know what to look for, you can find really great information, like this fine guide:
http://www.wonkity.com/~wblock/docs/html/portupgrade.html

Ps: First port (Midnight Commander, as a test) is now upgraded flawless... :e

Thanks again!


----------



## shitson (Sep 16, 2012)

Safe as in *Security* or safe as in *Stability*?


----------



## Aknot (Sep 17, 2012)

shitson said:
			
		

> Safe as in *Security* or safe as in *Stability*?



Safe as in stability with the goal of pursuing security


----------

