| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Jason Stubbs wrote: |
| 5 |
|
| 6 |
>On Monday 19 September 2005 13:16, gentuxx wrote: |
| 7 |
> |
| 8 |
>>If I update firefox with the --oneshot option, I know that it won't |
| 9 |
>>update the "world" tree, but why? Why is that the recommended |
| 10 |
>>procedure? Does that give me any benefit? Also, why would a package |
| 11 |
>>be available as a "--oneshot" and NOT through a normal "emerge -Dupv |
| 12 |
>>world"? |
| 13 |
> |
| 14 |
> |
| 15 |
>The package would be available through -Dupv as well, but not everybody |
| 16 |
>likes to update all packages (especially on servers). |
| 17 |
|
| 18 |
|
| 19 |
Granted. And while I run a server (a few actually), it's a home |
| 20 |
system, not a production one. And, since I run production gentoo |
| 21 |
systems, I understand the difference. For this, I'm asking from the |
| 22 |
perspective of a home user. So, that being said, does updating a |
| 23 |
package for a security fix using the "--oneshot" option update the |
| 24 |
same package that is "housed" in the "world" tree? If so, can I |
| 25 |
assume that the same package will be updated next time I update |
| 26 |
"world"? Meaning, if I run "--oneshot" for mozilla-firefox-1.0.6-r7 |
| 27 |
and mozilla-firefox-1.0.7-r1 comes out, will 1.0.6-r7 be upgraded to |
| 28 |
1.0.7-r1? |
| 29 |
|
| 30 |
> |
| 31 |
>>I love how portage unifies the packaging system, and I feel like if I |
| 32 |
>>run all of these "--oneshot" updates for security fixes, that I'll |
| 33 |
>>have all of these "stray" programs running around on my system, that |
| 34 |
>>won't get updated next time I emerge "world". |
| 35 |
> |
| 36 |
> |
| 37 |
>--oneshot won't remove the package from world. It just prevents it from |
| 38 |
>being added. If the package is installed but not in world, it is presumably |
| 39 |
>there as a dependency from another package. Hence, updating world will |
| 40 |
>still grab the package. Using --oneshot just keeps the world file clean. |
| 41 |
> |
| 42 |
So what exactly does that mean if the package is already in "world"? |
| 43 |
If every security fix comes out with "--oneshot" being recommended, |
| 44 |
how do I know if it's a dependency of a package in world, or an entity |
| 45 |
in world? (This seems like an extension of the questioning above.) |
| 46 |
|
| 47 |
I'm just trying to set all this straight mentally, so I know what's |
| 48 |
going on with my system when I update it. I typically run the |
| 49 |
following to update my system 2 or 3 times a week (sometimes only once): |
| 50 |
|
| 51 |
emerge -Du(p)v world |
| 52 |
emerge -(p)v depclean |
| 53 |
revdep-rebuild -(p)v |
| 54 |
dispatch-conf |
| 55 |
|
| 56 |
I put the "p" for "--pretend" in parentheses because depending on the |
| 57 |
output of that step, I may skip it if there is nothing to do. |
| 58 |
|
| 59 |
Also, for the most recent firefox update, I would run the command as |
| 60 |
recommended with the "-p" flag, and it would see the package. If I |
| 61 |
run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) |
| 62 |
dependencies, and not the package itself, while the package installed |
| 63 |
(when I do "emerge search mozilla-firefox") is 1.0.6-r5. |
| 64 |
|
| 65 |
|
| 66 |
- -- |
| 67 |
gentux |
| 68 |
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
| 69 |
|
| 70 |
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A |
| 71 |
6996 0993 |
| 72 |
-----BEGIN PGP SIGNATURE----- |
| 73 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 74 |
|
| 75 |
iD8DBQFDLlQLLYGSSmmWCZMRAiBYAJ9m6Pl/IkG/mXFX6iZ90epVCTkuWQCfcVH+ |
| 76 |
25V6IF0g1dFHWCyLv1xlLIE= |
| 77 |
=tOYB |
| 78 |
-----END PGP SIGNATURE----- |
| 79 |
|
| 80 |
-- |
| 81 |
gentoo-user@g.o mailing list |
Archives