FreeBSD pkgng vs custom ports

My Web server runs FreeBSD. Some security updates prompted me to upgrade my installed packages. Running this server entirely with packages isn’t possible, so I installed PHP 5 from ports. This machine uses pkgng.

When I ran pkg upgrade, however, my web site stopped working. The server itself started just fine, and it did quite well serving downloadable PHP code to clients. The problem was pretty obvious:

I originally compiled PHP 5 from ports so to get the Apache PHP module. Running pkg upgrade replaced my custom-built PHP with one from packages, so Apache no longer had a PHP module.

So: I want to upgrade from packages, but not upgrade PHP automatically. pkgng has a tool for this, pkg lock. You must give pkg lock a package name and confirm that you want to update this package.

# pkg lock php5
php5-5.4.17: lock this package? [y/N]: y
Locking php5-5.4.17

If you give a nonexistent package name, pkg exits silently. Which is kinder than calling you an idiot, I suppose.

# pkg lock php-5

Personally, I’d rather be told I’m an idiot (aka “no such package”), because when I’m tired I might interpret this as “package locked, everything is good.” But whatever.

Before uninstalling a locked port, either via pkg or ports, you must unlock the package.

To upgrade this server now, I do the following:

# portsnap fetch update
# pkg upgrade
# cd /usr/ports/lang/php5 && make
# pkg unlock php5
# make deinstall && make reinstall
# pkg lock php5


I’m told by people who should know that eventually pkgng will let me do this entirely with packages, but for now, this will do nicely.

From my experience, upgrading with pkgng is MUCH nicer than upgrading with pkg_add. All of the issues that drove me away from binary package upgrades have disappeared.

I should also note, however, that the BSDs will have the ports tree for the forseeable future. We need it. Some popular ports, such as nginx, have 77,371,252,455,336,267,181,195,264 possible combinations. The packaging team is not going to build 2^86 nginx packages. But you can build whichever exact version you need.

It seems that pkgng is actually taking FreeBSD binary packaging back towards being useful. Once there’s an official public repository of pkgng packages, you really should try it out.

(Update: Hat tip to Allan Jude for pointing out that 2^86 is an impressively big number when you multiply it out.)

10 Replies to “FreeBSD pkgng vs custom ports”

  1. In this case, there should be a php5-apache or something. I understand it makes sense to be able to install php without apache as a dependency (I use PHP to write a log of my admin scripts because I am more familiar with it that perl for interfacing with my databases etc.). But there are definitely enough people that want apache+php that it makes sense to offer that as a pre-built package.

  2. You know that if you have several machines (or customize a lot), you can run poudriere and copy you /var/db/ports in the poudriere area where it will take it to configure ports? (PREFIX/etc/poudriere.d/-options/).

  3. Sorry, I should not have put a tag like in the comment. replace -options by ARCH_NAME-options where ARCH_NAME is something like “91amd64” (use whatever you are compiling to in poudriere).

  4. Why are you using packages when you have ports? Using portsnap and portmaster solves all your problems and gives you a more optimized setup.

  5. Miklos, I have hundreds of virtual machines, and am not custom-building software on all of them. I want to spend my time doing work that pays my bills, not watching compiles.

  6. Michael, I wrote a tiny shell script which extracts the compile options of the ports and writes them to a make.conf.

    If you often use the same options for the same ports on various systems this might be helpful for you. I created it to move several identical machines to Ansible:

    Thanks for your interesting blog posts.

    Best regards

Comments are closed.