Hello all, Is this the sane/correct thing to do? What is the impact?
Running: OpenBSD6.2-release Goal: To run a secure and functional web server. (the server is currently up and running and used by the public at large) Previously: Only installing needed packages as binaries via pkg_add. Now: The thought is that the third-party packages being used by the server should be kept up to date. Ports tree via: $ cvs -qd anon...@anoncvs4.usa.openbsd.org:/cvs\ checkout -rOPENBSD_6_2 -P ports Problem: Some out of date packages found via 'out-of-date' e.g.: $ /usr/ports/infrastructure/bin/out-of-date ... Outdated ports: databases/mariadb,-main # 10.0.32v1 -> 10.0.33v1 databases/mariadb,-server # 10.0.32v1 -> 10.0.33v1 ... complain when running 'make update' (in this case mariadb). e.g.: Fatal: /usr/ports/pobj must be on a wxallowed filesystem\ (in lang/python/2.7) To solve this issue, this is what I've done: $cat /etc/mk.conf SUDO=/usr/bin/doas WRKOBJDIR=/usr/local/ports/pobj <--- (since /usr/local is on a wxallowed filesystem) Is this a rational solution to the problem? I'm somewhat regretting going this route as, unlike with pkg_add, building some ports from the tree pulls in more dependencies than via pkg_add (I am assuming that these are build dependencies and not run-time dependencies; please correct me if this is not so) Is it not worth it to update ports in this way; meaning, is it better to simply wait for OpenBSD6.3 and stick with binary packages only (as recommended on the openbsd.org site)? Also, is there an easy/sane way to remove packages that were only required for building once the ports have been updated? I'm loathe to do something like build the packages on another system and then install them as binary packages on the server; this seems like a lot of effort and, at least for myself might be prone to introduce other issues. Thank-you in advance; advice is appreciated. -- Jeff <j...@grayspace.ca>
