NetBSD Branches pkgsrc-2005Q1

jschauma writes "NetBSD's Alistair Crooks has announced the availability of the new stable branch pkgsrc-2005Q1 of the NetBSD Packages Collection (aka pkgsrc). This branch includes all the updates to the thousands of existing and additions of hundreds of new applications since the hereby obsoleted pkgsrc-2004Q4 branch. Some noteworthy infrastructure changes applicable to all 13 operating systems for which pkgsrc is available include the support for multiple digests to check the integrity of the distribution files as found on the Internet (triggered by the recently-found problems with the SHA-1 algorithm) and the so-called alternates framework."

Re:Who Cares?

I care a lot.

We run all our servers on blah blah and it's like blah stable blah uptime blah not Linux blah blah not Windows 2003 blah blah.

Same old Linux FUD...

Same old GNU/Linux FUD, that has been disproved countless times..
In short: the MIT research is *11 years old*, and that Rice study on the TCP/IP stack uses FreeBSD *2.2.6*.

Binary packages?

Where are the binary packages for pkgsrc-2005Q1? I can't find them on ftp.netbsd.org.

Re:Binary packages?

[jschauma]

Binary packages will be uploaded as soon as the various bulk-builds on the different operating systems and NetBSD ports have completed. This takes a while on some older platforms, though I'd expect some of the faster platforms to soon upload.

Re:Binary packages?

Now the big one FAQ: how do I upgrade (binary) packages? "make update" not being an option...

Re:Binary packages?

pkgtools/pkg_chk

Re:Binary packages?

Ok, but how *exactly*? Could you give the exact command line options for

1) upgrading a single package (with or without dependencies),
2) upgrading a package + anything depending on it,
3) upgrading all packages

(suppose binary packages everywhere, I can build these with pkg_comp.)

Thanks.

Re:Binary packages?

man pkg_chk ?? maybe..

Re:Binary packages?

If you insist it's so simple, could you then please give the exact command line equivalent of "portupgrade -r kdebase3", i.e. upgrade kde + everything that depends on it.

To my understandings (from the manpage, yes), pkg_chk can only act on _all_ packages installed.
Yes, pkg_chk -c *checks* a given list of packages (in pkgchk.conf), but cannot upgrade (-u) that set only, it will upgrade all your packages.

Re:Binary packages?

I was the original AC who asked about where the pkgsrc-2005Q1 binary packages are.

I've heard a lot of good things about pkgsrc, and how it's ultra-portable etc. That's why I'm surprised that pkgsrc still does not have a decent way to do something as "simple" as upgrading binary packages recursively. I say "simple" since upgrading binary packages should be relatively straightforward, seeing that pkgsrc developers must have looked into a lot of complex package management issues (after all, pkgsrc is portable across a gazillion platforms).

Even OpenBSD, which reputedly has substandard package management tools, will be able to upgrade binary packages this way in the upcoming release using pkg_add -r.

I really hope someone can prove to me that pkgsrc does have a convenient way to upgrade binary packages. My faith in pkgsrc and NetBSD is waning.

Re:Binary packages?

[jschauma]

From what I read here, I understand that 'pkg_add -r' automatically updates the given package and all of its dependencies. It's not quite clear to me, though, what exactly that means. After upgrading a given package, does it: (a) upgrade each package that depends on this one to the latest available binary package? (b) upgrade only those packages that rely on the newer version (for example, for ABI changes) but leave others (the ones that will work perfectly fine with the older version as well as the newer) alone? (c) only update the given package and reshuffle dependencies so that all packages that used to depend on foo-old now depend on foo-new?

(a) has the following problems: what if binary packages for all dependents are simply not available? Leave the old packages in place? What if it's known that the depending package will not work with the newer to-be-installed one?

(b) would be great, but is very difficult, I think. It requires that the binary package contains information about a large number of other packages and how they may or may not work together.

(c) is trivial (for pkgsrc (not binary packages) that would be 'pkg_add -u'), but has the same problems as 'make replace'.

pkgsrc approaches (b) by the use of so-called recommended vs required dependencies. (Again, for pkgsrc, though binary packages built with IGNORE_RECOMMENDS can be forced to be installed.)

If I want to upgrade, say, kde3 (*shudder*) from binary packages, I'd simply run 'pkg_add -u kde3' -- ie, I'd start at the leaf package and let it pull in all dependencies. This is not the same as starting with a package somewhere in the middle of your dependency-tree, but it has a much clearer solution. Rippling downwoards through a dependency-tree from the middle is obviously difficult ('make update' does that if building from pkgsrc instead of using binary packages).

I may be mistaken, but I don't think that NetBSD's pkg_add has the functionality to do that -- presumably just b/c people haven't figured out what The Right Thing To Do is exactly. On the mailing lists, pkg_chk and pkg_comp are usually suggested to perform these tasks.

Re:Binary packages?

The answer to the question to recursively upgrade binary packages seems to be not pkg_chk, but pkg_add -uu. From its manpage:

-u If the package that's being installed is already installed,
either in the same or a different version, an update is per-
formed. If this is specified twice, then any dependant packages
that are too old will also be updated to fulfill the dependency.
See below for a more detailed description of the process.

Re:Binary packages?

Original where-are-binary-packages AC again.

Thanks for your insight into pkgsrc.

This is what the OpenBSD man page says about pkg_add -r.

-r Allow replacing existing packages. The code will try to take
every precaution to make sure the update can proceed before re-
moving the old package and adding the new one, and it should al-
so handle shared libraries correctly.

I guess it's unfair to compare NetBSD's pkgsrc to OpenBSD's package management. I think that's because NetBSD's pkgsrc is a moving target, where a particular release (say, NetBSD 2.0) can be used with multiple pkgsrc trees (e.g. pkgsrc-2004Q4, pkgsrc-2005Q1, etc.).

OTOH OpenBSD's packages are fixed to that release -- OpenBSD 3.6 only uses packages for OpenBSD 3.6 (packages get minor post-release fixes, but there are no radical changes). So I suppose it's "easier" to upgrade OpenBSD packages with multiple dependencies, since things usually stay as they are.

Well I hope NetBSD developers find The Right Thing To Do soon. I'm beginning to like NetBSD, but stuff like upgrading binary packages always stumps me. I'm surprised that the pkgsrc guide says nothing about this (or am I wrong). Perhaps I should email Alistair or Hubert about this.

Re:Binary packages?

[jschauma]

Binary packages have been uploaded (so far) for:
NetBSD-2.0/amd64, NetBSD-2.0/i386, NetBSD-1.6.2/i386, NetBSD-2.0/sparc and IRIX64-6.5 (including PGP signed checksum files).

Wired News Confirms *BSD is Dying

IT IS OFFICIAL; WIRED NEWS CONFIRMS: LINUX IS SUPERIOR TO *BSD
*BSD is Dying, Says Respected Journal

Linux advocates have long insisted that open-source development results in better and more secure software. Now they have statistics to back up their claims.

According to a four-year analysis of the 5.7 million lines of Linux source code conducted by five Stanford University computer science researchers, the Linux kernel programming code is better and more secure than the programming code of *BSD.

The report, set to be released on Tuesday, states that the 2.6 Linux production kernel, shipped with software from Red Hat, Novell and other major Linux software vendors, contains 985 bugs in 5.7 million lines of code, well below the average for *BSD software. NetBSD, by comparison, contains about 40 million lines of code, with new bugs found on a frequent basis.

*BSD software typically has 20 to 30 bugs for every 1,000 lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This would be equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code.

The study identified 0.17 bugs per 1,000 lines of code in the Linux kernel. Of the 985 bugs identified, 627 were in critical parts of the kernel. Another 569 could cause a system crash, 100 were security holes, and 33 of the bugs could result in less-than-optimal system performance.

Seth Hallem, CEO of Coverity, a provider of source-code analysis, noted that the majority of the bugs documented in the study have already been fixed by members of the Linux development community.

"Our findings show that Linux contains an extremely low defect rate and is evidence of the strong security of Linux," said Hallem. "Many security holes in software are the result of software bugs that can be eliminated with good programming processes. Unfortunately, we don't find a lot of good practices in NetBSD. Mostly we just find in-fighting and security holes. I can conclusively say that NetBSD is dying."

The Linux source-code analysis project started in 2000 at the Stanford University Computer Science Research Center as part of a large research initiative to improve core software engineering processes in the software industry.

The initiative now continues at Coverity, a software engineering startup that now employs the five researchers who conducted the study. Coverity said it intends to start providing Linux bug analysis reports on a regular basis and will make a summary of the results freely available to the Linux development community.

"This is a benefit to the Linux development community, and we appreciate Coverity's efforts to help us improve the security and stability of Linux," said Andrew Morton, lead Linux kernel maintainer. Morton said developers have already addressed the top-priority bugs uncovered in the study.

Re:yeah !!

[setagllib]

Would Linux 2.6 be where it is if it had been conservatively developed on from 2.4? Short answer: No. Long answer: Definitely not.

Branching lets people use a continuing product with one development model while another version of the same product is worked on with another development model. After a certain agreed-upon stage of development, the roles change. For instance, the unstable branch gets to a stage of maturity, and it is made the stable branch.

That's why BSDs always have something stable and typically something getting new tech, and are going exactly where they should be. Meanwhile Linux has unbelievable numbers of bugs (Coverity alone found almost 1000 in 2.6.8, and 5 in NetBSD -current) and constant ABI incompatibilities - NPTL changes, IPSec changes, changes that mean old NVidia video drivers don't work any more, and so on. Why? No good reason. And it's all done in a 'stable' branch because Linus doesn't see a need to fork right now. So people are actually using an active development branch that is labelled a stable branch, and are surprised when something breaks or requires rebuilding significant userland components.

Resignation Letter

To: Bill Joy, Creator of *BSD

March 10, 2005

Dear Mr. Joy:

I am joining my colleague DragonFlyBSD in submitting my resignation from the list of living operating systems (effective immediately) because I cannot in good conscience compete with Linux.

I have failed:

--To support SMP

--To generate media attention

--To spawn a professionally managed distribution

--To innovate

--To be relevant.

Throughout the globe *BSD is becoming associated with in-fighting and sloppy coding. My disregard for views of other operating systems, borne out by my neglect of technical competence, is giving birth to an anti-BSD century.

I joined the operating system world because I love technology. Respectfully, Mr. Secretary, I am now bringing this calling to a close, with a heavy heart but for the same reason that I embraced it.

Sincerely,

*BSD
Dead Operating System