# Ports Upgrade Strategy: Poudriere!



## getopt (Aug 4, 2014)

I’m not happy upgrading my installed ports on a regular frequency (i.e. monthly, weekly, every second day) anymore. Using port-mgmt/portmaster for doing the main work, one could use a script for looking into /usr/ports/UPDATING and maintain a file for excluding ports that are broken. Even such a script running every two hours would not make much sense as one might find oneself in the position to identify every buggy update of an installed port. Well, as long as you have fun fixing such things manually before the maintainer does, it’s ok, but it can also be considered as wasted time, if no more fun can be generated doing so.

I’d like to ask you for your ports upgrade strategy, if you have one. 

The strategy should use operational events for triggering a scripted port upgrade of single ports like the output of  `pkg audit` or if the installed ports are affected by /usr/ports/UPDATING making manual work necessary. Do you know other events that would make sense updating single ports? Primary goal of the strategy should be reacting to security threats, secondary upgrade only what has to be upgraded (i.e. end of supported life of a port, etc.). 

Why no just doing a `# portmaster –a`? Because you never know how many hours you have to spend for fixing problems that are just generated by this. I just want to minimize unnecessary maintenance work. The saved time can be used on more urgent tasks.

Your thoughts?


----------



## SirDice (Aug 4, 2014)

*Re: Ports Upgrade Strategy*



			
				getopt said:
			
		

> I’d like to ask you for your ports upgrade strategy, if you have one.


My strategy is to set up my own repository using ports-mgmt/poudriere and only updating it when necessary, i.e. when I run into a bug or when there's a security issue. By using ports-mgmt/poudriere I can catch build errors or issues before they become a problem (halfway through updating your important server for example). Once I get a clean run I simply use `pkg upgrade` on all my other machines. Build once, install many.


----------



## kpa (Aug 4, 2014)

*Re: Ports Upgrade Strategy*

Both the plain ports(7) system and tools like ports-mgmt/portmaster have a serious weakness compared to dedicated package builder tools. They have to operate on the live system and that exposes them to issues caused by unclean environment, leftover files, issues that arise only when an older version of the to be update port is still installed and other anomalies that wouldn't be present in a completely clean environment. None of these can be really fixed without moving to a jail(8) based system such as ports-mgmt/poudriere.


----------



## SirDice (Aug 13, 2014)

*Re: Ports Upgrade Strategy*



			
				getopt said:
			
		

> ```
> location / {
> root   /usr/local/poudriere;
> index  index.html;
> ...


The root should be /usr/local/share/poudriere/html. There's a sample configuration file for nginx in /usr/local/share/examples/poudriere/nginx.conf.sample.


----------



## getopt (Aug 13, 2014)

*Re: Ports Upgrade Strategy*

I copied (but did not mention it here) the content of /usr/local/share/poudriere/html/ into /usr/local/poudriere/:

```
> ls -l /usr/local/poudriere/
total 68
drwxr-xr-x  4 root  wheel    12  9 Aug 17:00 assets
-r--r--r--  1 root  wheel  9111  9 Aug 17:00 build.html
drwxr-xr-x  9 root  wheel     9 12 Aug 13:55 data
-r--r--r--  1 root  wheel  4593  9 Aug 17:00 index.html
-r--r--r--  1 root  wheel  5378  9 Aug 17:00 jail.html
drwxr-xr-x  4 root  wheel     4 22 Jul 00:42 jails
drwxr-xr-x  3 root  wheel     3 13 Aug 01:48 ports
-r--r--r--  1 root  wheel    43  9 Aug 17:00 robots.txt
```
Should be ok? Question is, if access to data/ is configured wrong? (It’s my first setup of  a webserver )


----------



## phoenix (Aug 13, 2014)

*Re: Ports Upgrade Strategy*



			
				getopt said:
			
		

> I’d like to ask you for your ports upgrade strategy, if you have one.




```
# pkg update
# pkg upgrade
```



Someday, I'll get around to building my own package building box and learn how to use Poudriere. Until then, I've given up on manually compiling ports. With pkg, there's no need. At least for my uses.


----------



## getopt (Aug 13, 2014)

*Re: Ports Upgrade Strategy*



			
				phoenix said:
			
		

> getopt said:
> 
> 
> 
> ...


Here is the need of being able to do `make config` on some ports. Therefore Pkg will be used for the repos built by Poudriere.



> Someday, I'll get around to building my own package building box and learn how to use poudriere.  Until then, I've given up on manually compiling ports.  With pkg, there's no need.  At least for my uses.


Come on! Join our efforts now and become a happy man for ever.


----------

