Posts RSS Comments RSS 133 Posts and 25 Comments till now

portsnap > cvsup

Updating your FreeBSD ports tree

The common method for updating a FreeBSD ports tree is to use CVSup. CVSup was designed to mirror cvs repositories. This is different than the cvs command which checks out a working copy of some part of a cvs repository. Basically it’s a smart version of rsync that understands and is optimized for cvs backends. It is also common to simply do a cvs checkout of the ports tree. This is helpful for developers that are testing patches to update various ports. CVSup will overwrite any changes you make to the tree each time you update.

Problems with CVSup

From the portsnap homepage:

  • CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating.
  • CVSup isn’t end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror.
  • CVSup isn’t designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it has transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed.
  • CVSup uses a custom protocol. This can cause problems for people behind firewalls — outgoing connections on port 5999 need to be permitted — and it needs a heavyweight server (cvsupd).

Introducing portsnap

Portsnap has come out of a project to implement binary security updates for FreeBSD. Kind of a backwards idea from the whole philosophy of ‘build everything from source’ but useful none the less for production servers.

Portsnap transmits over HTTP, solving the problem of updating from behind a firewall. Updates are signed for security. But what I really care about, it’s damn fast. And simple. And just feels cleaner.

First time usage

Install:

cd /usr/ports/sysutils/portsnap
make install clean

First time fetch:

portsnap fetch
portsnap extract

(Takes a while, downloads about 30 megs of stuff to /usr/local/portsnap)

Daily portsnap usage

Portsnap is insanely fast if you update your ports tree once a day. 

portsnap fetch
portsnap update

(only grabs new patches since your last update, and applies them to your ports tree)

If you are doing this from a cronjob, portsnap has a cron option that will sleep for a random time up to one hour before hitting the mirror.

From cron:

portsnap cron
portsnap update

Portsnap also handles the INDEX files well. There is no need to run the 

portsdb -Uu

after updating anymore.

Mike :: Apr.23.2005 :: General :: 1 Comment »

One Response to “portsnap > cvsup”

  1. on 25 Apr 2005 at 4:45 am1Kelly

    i prefer windowsupdate.com

    your html formatting is correct on the comments page but not your main page FYI