1 |
In this case I dont want to make revdep-renuild ignore the version - I |
2 |
just need it to recompile the version of everything that has been |
3 |
installed. In a production environment, I cant just 'upgrade' many |
4 |
versions of software without regression testing of the applications in |
5 |
that environment. |
6 |
I need to be able to apply security fixes (like the openssl library) and |
7 |
still have the installed set of software work. One change at a time is |
8 |
crucial for production systems stability. |
9 |
|
10 |
Ron |
11 |
|
12 |
Sami K M Naatanen wrote: |
13 |
|
14 |
>On Monday 10 November 2003 05:00, Ron OHara wrote: |
15 |
> |
16 |
>revdep-rebuild --help and you will see that you can set the revdep-rebuild to |
17 |
>ignore the version. You might have problems getting the files, because wget |
18 |
>depends from openssl (if you have ssl in your USE). But do emerge -fp wget |
19 |
>and you get a bunch of URI's download every file and dump them in the |
20 |
>/PORTDIR/distfiles/ emerge wget. |
21 |
> |
22 |
>revdep-rebuild with the version ignoring option. or you can |
23 |
>first add -- -p to see what emerge would rebuild. |
24 |
> |
25 |
>If your portage version is too old (ie your version of revdep-rebuild doesn't |
26 |
>support options) then do emerge -fp portage and download all of those files. |
27 |
> |
28 |
>You also could try to add link 0.9.6 to the 0.9.7 version of the ssl lib. This |
29 |
>should work. Based on the fact, that it seems that the new openssl ebuild |
30 |
>misses the link creation according to some people. |
31 |
> |
32 |
> |
33 |
> |
34 |
>>Hi, |
35 |
>> |
36 |
>>I want to raise an issue resulting from my experience so far in using |
37 |
>>Gentoo as the basis of production systems. Some may ask why? - but |
38 |
>>basically 'portage' seems to offer the very best framework for ongoing |
39 |
>>maintenance/admin of systems, though it's not perfect in that role. |
40 |
>> |
41 |
>>In essence, the continuous, easy upgrade capability of portage is great |
42 |
>>for a development system and should be an excellent mechanism for |
43 |
>>critical security (and other) upgrades in a production environment (and |
44 |
>>it is). |
45 |
>>The problems arise because of the continuous easy upgrades!! - the main |
46 |
>>benefit is also the main problem. |
47 |
>> |
48 |
>>I have just hit a real life hassle with a security upgrade. The history |
49 |
>>of it goes like this: |
50 |
>> |
51 |
>>[background] |
52 |
>>The example system in trouble is an old P233, and used to be on the end |
53 |
>>of a dialup link (it's now ADSL). |
54 |
>>Gentoo has been installed for about 10 months and the last time it was |
55 |
>>brought completely up to date was about 6 months ago (emerge rsync && |
56 |
>>emerge -u world) |
57 |
>>[/background] |
58 |
>> |
59 |
>> |
60 |
>>[creating a problem] |
61 |
>> |
62 |
>>As you have guessed, I've just had some system problems - partly of my |
63 |
>>own creation, but partly because of how Gentoo operates. |
64 |
>> |
65 |
>>My real problem came from doing 'emerge rsync', and then just |
66 |
>>(selectively) doing 'emerge -u openssl' |
67 |
>> |
68 |
>>This installed 'openssl-0.9.7' and removed 'openssl-0.9.6' - |
69 |
>>unfortunately lots of stuff on the system was compiled and linked |
70 |
>>against 'openssl-0.9.6' and they promptly broke. IE. Serious outage on a |
71 |
>>production system. |
72 |
>> |
73 |
>>There is a script designed to fix this called 'revdep-rebuild' which |
74 |
>>scans all the installed binaries for broken dependencies and then |
75 |
>>recompiles them which should make them link against the nice new |
76 |
>>'openssl-0.9.7' |
77 |
>> |
78 |
>>except!!! - revdep-rebuild carefully tries to recompile the exact |
79 |
>>versions of software you have installed (good idea) - but the Gentoo |
80 |
>>central repository has since deleted some of the build scripts for these |
81 |
>>older versions and when I did the 'emerge rsync', the scripts were also |
82 |
>>removed from my system. So I ended up where I am now - I have to go |
83 |
>>through and do 'emerge -u world' and then 'revdep-rebuild' to get it all |
84 |
>>working... not nice when there are nearly 200 packages to |
85 |
>>download/recompile on an old P233 |
86 |
>> |
87 |
>>[/creating a problem] |
88 |
>> |
89 |
>> |
90 |
>> |
91 |
>> |
92 |
>>As you can see, I was intending to leave the installed set of packages |
93 |
>>(and versions) alone. For this machine (and any production system), I |
94 |
>>dont want to install each and every little patch as it comes along. The |
95 |
>>machine is 'stable' - so I only want to apply upgrades on a very |
96 |
>>selective, controlled, manual basis - but still use portage for the |
97 |
>>package management. |
98 |
>>This is a very common tactic for 'production' machines, where you want |
99 |
>>the minimum number of changes to reduce your risks of outage. |
100 |
>> |
101 |
>>The trap is that 'emerge rsync' removes old .ebuilds that your installed |
102 |
>>machine may need if revdep-rebuild is to be able to recovery things |
103 |
>>after a critical library is rebuilt. |
104 |
>>In the way portage works, the only time it is safe for 'emerge rsync' to |
105 |
>>delete ebuilds, is immediately after successfully doing 'emerge -u world'. |
106 |
>> |
107 |
>> |
108 |
>>Is there a way to suppress the 'delete' part of rsync? Maybe a setting |
109 |
>>in /etc/make.conf ? |
110 |
>> |
111 |
>>That way, even though Gentoo may have removed the relevant (old) ebuild |
112 |
>>I want, the target machine would have it's local portage version for |
113 |
>>future recompiles.... I can afford the disk space!!! |
114 |
>> |
115 |
>> |
116 |
>> |
117 |
>> |
118 |
>>Regards |
119 |
>>Ron OHara |
120 |
>>PS: This is not a 'casual' problem for me - I've convinced a client to |
121 |
>>use Gentoo for the basis of their deployments and the plan is supposed |
122 |
>>to be for around 900 sites!! - catering for production software support |
123 |
>>for the next decade is very relevant to things in this scenario. |
124 |
>> |
125 |
>> |
126 |
> |
127 |
> |
128 |
> |
129 |
|
130 |
|
131 |
|
132 |
-- |
133 |
gentoo-dev@g.o mailing list |