[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Binary Updates.



Jacob Meuser wrote:
> 
> On Thu, Apr 26, 2001 at 02:40:00PM -0700, Shawn wrote:
> >
> > Learn how to check out -stable for the 2.8 branch, and build complete
> > releases out of it (using release(8) ).
> >
> > If you can build complete fixed releases, extracting the changed parts
> > and packaging them is fairly easy.
> >
> > Do the first step, we'll help with the rest.
> >
> >
> I'm giving this a shot.  Couple things:
>...
> 2) Would a 'tarball' containing the changed files (in the proper paths, of
>     course) be an acceptable packaging method?   I'm thinking:
>     # cd / && tar zxvf /var/bin-patch/bin-patch_001.tgz
>     But this seems kind of sloppy, just writing over the old files, and
>     wouldn't do anything if files need to be removed.  Perhaps a list of
>     files to be removed (purely removed, not changed) and a simple script
>     to read the list and do the removing?  And if there is to be a script,
>     it might as well do the tar thing eh?

IIRC, the package utilities (pkg_add, etc) have the ability to specify 
this kind of thing.  And Shawn mentioned that packaging them is 
fairly easy. 


> 3) I made 2 distributions from the same build, using DESTDIR=/home/destdir-1
>     and DESTDIR=/home/destdir-2.  I tried:
>     diff -r -u --brief /home/destdir-1 /home/destdir-2
>     and diff is reporting that every .a in destdir-1/usr/lib is different than
>     every .a in destdir-2/usr/lib.  Is there a better way to compare?  Is this
>     something with ar &| ranlib?
> 
No, no, not comparing!  The package should change _only_ the files 
explicitly being patched, not the entire distribution.

If the update patch is for a security alert, say bind, it should only 
patch bind related files.  Progressive patch releases would incorporate 
a list of things affected.  For 2.8, the patch file would only fix:
  ftpd
  KerberosIV
  procfs
  xlock
  rnd
  named
  sudo
  ...

Since these files are specifically addressed in the patch branch, it 
seems to me that you only need to compile those files, and package 
them as binary patches.

WSimpson_(_at_)_UMich_(_dot_)_edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32