# Using pkgng - Updating packages. Am I doing it wrong?



## frijsdijk (Mar 22, 2013)

We're running quite some machines with PKGNG in our server park (about 20 I think), and yesterday for the first time something went wrong.

The server was running perl-5.14.2_2, php53.5.3.19, apache2.2.23_2, and varnish-3.0.3_1. As a dependency, pcre-8.31_1 was installed.

When the Perl, PHP and the Apache packages became vulnerable (`pkg audit`), we had to upgrade those packages. I did:

[cmd=]# pkg update[/cmd] (we run our own repositories using poudriere)
[cmd=]# pkg install www/apache22 lang/php53 lang/perl5.14[/cmd]

Logs from pkg:


```
Mar 21 10:34:50 srv02 pkg: pkg upgraded: 1.0.7 -> 1.0.9_2
Mar 21 10:36:03 srv02 pkg: gettext-0.18.1.1 deinstalled
Mar 21 10:36:11 srv02 pkg: libiconv upgraded: 1.14 -> 1.14_1
Mar 21 10:36:18 srv02 pkg: gettext-0.18.1.1_1 installed
Mar 21 10:36:39 srv02 pkg: perl upgraded: 5.14.2_2 -> 5.14.2_3
Mar 21 10:36:39 srv02 pkg: pcre upgraded: 8.31_1 -> 8.32
Mar 21 10:36:41 srv02 pkg: apache22 upgraded: 2.2.23_2 -> 2.2.24
Mar 21 10:37:04 srv02 pkg: pkgconf upgraded: 0.8.9 -> 0.9.1_1
Mar 21 10:37:04 srv02 pkg: php53 upgraded: 5.3.19 -> 5.3.23
```

The gettext/libiconv needed some manual work after reading /usr/ports/UPDATING).

Then I ran some tests (`php -v`, `php -m`, `httpd -V`, `perl -v`) .. all went well. I restarted Apache, and all sites were running fine. Maintenance done!

That night, probably due to log rotation of whatever, Varnish was restarted. And died. Because it was missing /usr/local/lib/libpcre.so.1 (after the upgrade that became /usr/local/lib/libpcre.so.3).

It was fixed easily by also upgrading Varnish, but I wonder how this could have been prevented.

Should I have done [cmd=]pkg install -Rf www/apache22 lang/php53 lang/perl5.14[/cmd] instead?

I'd guess that pkg would now about the libpcre dependencies for Varnish (and probably some other packages), and would suggest to update Varnish as well when PCRE was upgraded as a dependency of the new PHP version.

I found that by doing [cmd=]echo "SHLIBS: On" >> /usr/local/etc/pkg.conf[/cmd] and [cmd=]pkg check -B[/cmd] I can detect broken packages. Correct?


----------



## kpa (Mar 23, 2013)

Most likely that problem wasn't PKGNG but www/varnish didn't get a version bump as it should have had. The version bump would have guaranteed a rebuild of the port, now you had to do it manually.


----------



## frijsdijk (Mar 25, 2013)

Well, we fixed it by doing [cmd=]pkg install varnish[/cmd], which resulted in the following logging:


```
pkg: varnish upgraded: 3.0.3_1 -> 3.0.3_2
```

So there was a version bump?

Anyway, from what I understand, it should have worked the way I did it?


----------

