tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Announcing the pkgsrc-2013Q2 Branch



The pkgsrc team is proud to announce the availability of the
pkgsrc-2013Q2 branch.  There are many new packages, and some bug
fixes.  A start has been made on full cross-compilation across NetBSD
architectures, and, while not yet ready for prime-time, it is usable
in a fairly large number of packages.

Numbers of Packages
===================
In pkgsrc, there are:

12389 total packages for NetBSD-current/amd64
11912 binary packages built with gcc for NetBSD-6.1/amd64
11906 binary packages built with clang for NetBSD-current/amd64
10254 binary packages built with gcc for Joyent's SmartOS/i386

318 packages have been added this quarter
41 packages have been renamed this quarter
32 packages have been removed this quarter
1564 packages have been updated this quarter

These numbers may not compare exactly to other (binary) packaging
systems; some packaging systems split large packages like boost up
into multiple packages, while others keep unused and unbuildable
packages.

Pkgsrc Release Schedule
=======================
The pkgsrc developers make a new release every three months.  We
believe that this is a sweet spot between too many updates, and
keeping abreast of issues like security vulnerabilities.  Pkgsrc is
not tied to any one operating system or architecture, which gives us
the ability to decouple the releases from any operating system
releases, and to concentrate on the packages themselves.

Package Additions
=================
Our aspell and ispell dictionaries were overhauled to bring us up to
date, and we gained 50+ KDE4 localisations.  Also notable were
the additions of node.js, a number of kde4 games and multimedia
applications were split out into their own releases, and gcc-4.8,
opencobol, and our X11 and Mesa packages were also brought up to date.

Package Removals
================
Amongst others, we said goodbye to:  postgresql-8.3, xulrunner,
clutter08, ruby-clutter.  Python-3.1 has been replaced by python-3.3,
and bind-9.7 has also transferred all its zones into the sunset.

Pkgsrc-security
===============
One neat feature of pkgsrc is its ability to sort package versions
based on the version numbers.  It's used in audit-packages, to report
on any installed packages which may have security vulnerabilities in
them.  pkgsrc-security%pkgsrc.org@localhost maintains lists of vulnerable
packages, along with reference URLs relating to the exposure.  We
thank OBATA Akio, Daniel Horecki, Guillaume Lasmayous, and Tim
Zingelman for their hard work.  Sample output from audit-packages is
shown below:

% audit-packages
Package bash-4.2nb1 has a buffer-overflow vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
%

Package of the Quarter
======================
John Nemeth nominated xenkernel42 and xentools42, as a simple way of
getting modern support for Xen. My own vote goes to jq as a marvellous
way of interpreting and displaying JSON.

Getting pkgsrc
==============
While more information can be found in
        http://www.netbsd.org/docs/pkgsrc/getting.html

tar files for pkgsrc, along with checksums, can be found at
        http://ftp.netbsd.org/pub/pkgsrc/pkgsrc-2013Q2/

and anonymous cvs can be used:
        cvs -z3 -q -d anoncvs%anoncvs.NetBSD.org@localhost:/cvsroot checkout -r 
pkgsrc-2013Q2 -P pkgsrc

About pkgsrc
============
pkgsrc is a cross-platform packaging system.  It allows people to
download source, and to build and install binary packages on one or
more platforms.

Building packages from source is useful for a number of reasons:

+ not only is the provenance of source code checked (by using multiple
checksums), with pkgsrc, the version of source code you are working
with is the same that other developers and users have.

+ patches are maintained in a central repository, and, again, are
checked at patch application time by using digests. The patches
which are applied to the sources being built are the same ones which
are known to be used and proved by other pkgsrc users (not necessarily
on the same platform.)

+ by building from source, all doubts about compilers, build practices
source code cleanliness, and packaging differences are removed. 
Digital signatures of binary packages, while useful in themselves,
only prove certain aspects of binary package provenance.  (pkgsrc has
had signed packages since 2001.)

+ it may be difficult or impossible to find a pre-built package for
the operating system or architecture

+ a pre-built package may have further or conflicting pre-requisites,
which are themselves difficult to find or build. By building everything,
including pre-requisites, a from-source packaging system can ensure
that pre-requisites are present and integrated

At the present time, pkgsrc supports 20 platforms:

        AIX
        BSDOS
        Cygwin
        Darwin/Mac OS X
        DragonFly
        FreeBSD
        FreeMiNT
        HPUX
        Haiku
        IRIX
        Interix/SFU/SUA
        Linux
        Minix3
        MirBSD
        NetBSD
        OSF1
        OpenBSD
        QNX
        Solaris/illumos
        UnixWare

Complete dependency and pre-requisite package information is held and
used by the package management software - if packages rely on other
packages to function properly, that pre-requisite will be built,
installed and managed as part of the package installation process. 
Binary packages can be managed using pkgin.

Alistair Crooks
On behalf of the pkgsrc developers
Mon Jul  1 17:04:44 PDT 2013


Home | Main Index | Thread Index | Old Index