Roberto <giaffy at gmail.com> writes:
> Hi all,
> I have update recently to freebsd 9.1 via freebsd-update and I was quite
> happy with the process and the instructions on freebsd-handbook, I think
> well documented.
>
> But I would like to understand what is the best practice to update the
> ports too as I used the package tools (pkg_add -r) to add few package to
> the base install. Keeping in mind my server have disk space constrain
> (small disk install) I would ask an opinion about the followings methods to
> upgrade packages after a freebsd upgrade (in this case from 9.0 to 9.1):
>
> 1) perform
>
> # pkg_delete <pkg_name>
> and then
> # pkg_add -r <pkg_name>
>
> for each of them ? (I think about some package depends on other, this could
> create some little problem);
>
> 2) perform
> # pkg_add -F <pkg_name>
> (not tried yet) and overwrite the already installed pkg ?
>
> 3) have a separate server on which create an update pkg from ports (ie from
> source) ?
>
> 4) use the new package system pkgng, converting the existing installation ?
> (this operation is not reversible, so I am waiting before doing this)
>
> I would have some ideas on this topic please, from a security perspective;
>From a security perspective, there is little difference between these
options. Using pkgng or not is completely irrelevant.
Building your own packages in combination with portsnap would allow you
to have cryptographic checks on the validity of what you download. The
security concerns closed by this are relatively minor, but for both that
and convenience reasons I'd recommend portsnap in the absence of any
specific reasons to use anything else to get your ports tree.
Also for convenience reasons, I would recommend using an upgrade tool,
such and portmaster or portupgrade.