1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Jason Stubbs wrote: |
5 |
|
6 |
>On Monday 19 September 2005 13:16, gentuxx wrote: |
7 |
> |
8 |
>>If I update firefox with the --oneshot option, I know that it won't |
9 |
>>update the "world" tree, but why? Why is that the recommended |
10 |
>>procedure? Does that give me any benefit? Also, why would a package |
11 |
>>be available as a "--oneshot" and NOT through a normal "emerge -Dupv |
12 |
>>world"? |
13 |
> |
14 |
> |
15 |
>The package would be available through -Dupv as well, but not everybody |
16 |
>likes to update all packages (especially on servers). |
17 |
|
18 |
|
19 |
Granted. And while I run a server (a few actually), it's a home |
20 |
system, not a production one. And, since I run production gentoo |
21 |
systems, I understand the difference. For this, I'm asking from the |
22 |
perspective of a home user. So, that being said, does updating a |
23 |
package for a security fix using the "--oneshot" option update the |
24 |
same package that is "housed" in the "world" tree? If so, can I |
25 |
assume that the same package will be updated next time I update |
26 |
"world"? Meaning, if I run "--oneshot" for mozilla-firefox-1.0.6-r7 |
27 |
and mozilla-firefox-1.0.7-r1 comes out, will 1.0.6-r7 be upgraded to |
28 |
1.0.7-r1? |
29 |
|
30 |
> |
31 |
>>I love how portage unifies the packaging system, and I feel like if I |
32 |
>>run all of these "--oneshot" updates for security fixes, that I'll |
33 |
>>have all of these "stray" programs running around on my system, that |
34 |
>>won't get updated next time I emerge "world". |
35 |
> |
36 |
> |
37 |
>--oneshot won't remove the package from world. It just prevents it from |
38 |
>being added. If the package is installed but not in world, it is presumably |
39 |
>there as a dependency from another package. Hence, updating world will |
40 |
>still grab the package. Using --oneshot just keeps the world file clean. |
41 |
> |
42 |
So what exactly does that mean if the package is already in "world"? |
43 |
If every security fix comes out with "--oneshot" being recommended, |
44 |
how do I know if it's a dependency of a package in world, or an entity |
45 |
in world? (This seems like an extension of the questioning above.) |
46 |
|
47 |
I'm just trying to set all this straight mentally, so I know what's |
48 |
going on with my system when I update it. I typically run the |
49 |
following to update my system 2 or 3 times a week (sometimes only once): |
50 |
|
51 |
emerge -Du(p)v world |
52 |
emerge -(p)v depclean |
53 |
revdep-rebuild -(p)v |
54 |
dispatch-conf |
55 |
|
56 |
I put the "p" for "--pretend" in parentheses because depending on the |
57 |
output of that step, I may skip it if there is nothing to do. |
58 |
|
59 |
Also, for the most recent firefox update, I would run the command as |
60 |
recommended with the "-p" flag, and it would see the package. If I |
61 |
run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) |
62 |
dependencies, and not the package itself, while the package installed |
63 |
(when I do "emerge search mozilla-firefox") is 1.0.6-r5. |
64 |
|
65 |
|
66 |
- -- |
67 |
gentux |
68 |
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
69 |
|
70 |
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A |
71 |
6996 0993 |
72 |
-----BEGIN PGP SIGNATURE----- |
73 |
Version: GnuPG v1.4.1 (GNU/Linux) |
74 |
|
75 |
iD8DBQFDLlQLLYGSSmmWCZMRAiBYAJ9m6Pl/IkG/mXFX6iZ90epVCTkuWQCfcVH+ |
76 |
25V6IF0g1dFHWCyLv1xlLIE= |
77 |
=tOYB |
78 |
-----END PGP SIGNATURE----- |
79 |
|
80 |
-- |
81 |
gentoo-user@g.o mailing list |