Announcing pkgsrc-2012Q2
Alistair Crooks
agc at pkgsrc.org
Mon Jul 2 07:35:02 PDT 2012
pkgsrc-2012Q2
=============
The pkgsrc team is proud to announce the availability of the
pkgsrc-2012Q2 branch. There are many new packages, and some bug
fixes. Much work has gone into making packages build with clang (as
well as different versions of gcc), and pkgsrc actively maintains
packages, removing unused or abandoned packages, while still adding
new ones. For pkgsrc-2012Q2, more than 100 X11 packages have been
updated.
Numbers of Packages
===================
In pkgsrc, there are:
12400 total packages for NetBSD-current/amd64
12072 binary packages built with gcc for NetBSD-current/amd64
11211 binary packages (built with clang) for NetBSD-current/amd64
10814 pkgsrc entries
96 packages have been added this quarter
16 packages have been removed this quarter
Around 1350 packages have been updated this quarter
(Including more than 100 X11 packages updated by Thomas Klausner.)
These numbers may not compare exactly to other (binary) packaging
systems; some packaging systems split large packages like boost up
into multiple packages, while others keep unused and unbuildable
packages.
Compiler Support
================
As well as using gcc to compile packages, Joerg Sonnenberger has put
much effort into building packages with clang. At the present time,
11211 packages can be built using clang.
Package Additions
=================
apache24, chimera, clojure, cloog, clusterssh, colorit, conky,
croscorefonts, dnscheck, dojo, dos2unix, edt, emacs-jabber, emacs24,
emacs24-nox11, fscd, gcc47, gitso, glm, gnome-keyring-sharp,
google-authenticator, gwt, hplip, lhasa, libcdr, libmusicbrainz5,
libreoffice, libskk, libusb-compat, libusb1, libusbx, mad-flute,
man-pages, medit, ocaml-cryptokit, ocaml-react, ocaml-sqlite3,
ocaml-text, ocaml-tyxml, p5-Algorithm-Permute, p5-AnyEvent-XMPP,
p5-AuthCAS, p5-BSD-arc4random, p5-Math-Permute-List,
p5-Test-Command-Simple, p5-Test-DistManifest, p5-Unicode-LineBreak,
p5-XML-SAX-ExpatXS, php54, php54-extensions, picoc, ppl, protobuf,
py-anki, py-beautifulsoup4, py-last, py-libanki, py-munkres,
py-trueskill, py-Unidecode, python32, qemu0, R-DBI, R-geoRglm,
R-RColorBrewer, R-RPostgreSQL, R-spacetime, R-xts, R-zoo,
ruby-daemon_controller, ruby-mysql2, ruby-parseconfig, sencha-sns,
sfslite, sks, tex-bbold, tex-bbold-doc, tex-bbold-type1,
tex-bbold-type1-doc, tex-clrscode, tex-clrscode-doc, tex-extsizes,
tex-extsizes-doc, tex-svninfo, tex-svninfo-doc, tolua++, transset,
typo3_47, validns, viewres, xkbevd, xkbprint, xkbutils, xnp2,
xorg-docs, xorg-sgml-doctools
Package Removals
================
contao210, contao210-example, contao210-translations, ispman, mscgen,
p5-ispman, php-dbase, php-fileinfo, php-mhash, php5, php5-extensions,
py-ctypes, python24, transset-df, ultima4-data, xine-arts
Pkgsrc-security
===============
One neat feature of pkgsrc is its ability to sort package versions
based on the version numbers. It's used in audit-packages, to report
on any installed packages which may have security vulnerabilities in
them. pkgsrc-security at pkgsrc.org maintains lists of vulnerable
packages, along with reference URLs relating to the exposure. We
thank OBATA Akio, Daniel Horecki, Guillaume Lasmayous, and Tim
Zingelman for their hard work. Sample output from audit-packages is
shown below:
% audit-packages
Package libtasn1-2.11 has a local-system-compromise vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569
Package gnutls-2.12.14nb1 has a local-system-compromise vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
%
Package of the Quarter
======================
Michael Hitch nominated handbrake, used to convert video files to
something which can be played on an iPod. An anonymous developer
nominated both corkscrew and privoxy for "getting around corporate
``security'' that is well-intentioned but counter-productive"
Getting pkgsrc
==============
While more information can be found in
http://www.netbsd.org/docs/pkgsrc/getting.html
tar files for pkgsrc, along with checksums, can be found at
http://ftp.netbsd.org/pub/pkgsrc/pkgsrc-2012Q2/
and anonymous cvs can be used:
cvs -z3 -q -d anoncvs at anoncvs.NetBSD.org:/cvsroot checkout -r pkgsrc-2012Q2 -P pkgsrc
About pkgsrc
============
pkgsrc is a cross-platform packaging system. It allows people to
download source, and to build and install binary packages on one or
more platforms.
Building packages from source is useful for a number of reasons:
+ not only is the provenance of source code checked (by using multiple
checksums), with pkgsrc, the version of source code you are working
with is the same that other developers and users have.
+ patches are maintained in a central repository, and, again, are
checked at patch application time by using digests. The patches
which are applied to the sources being built are the same ones which
are known to be used and proved by other pkgsrc users (not necessarily
on the same platform)
+ by building from source, all doubts about compilers, build practices
source code cleanliness, and packaging differences are removed.
Digital signatures of binary packages, while useful in themselves,
only prove certain aspects of binary package provenance. (pkgsrc has
had signed packages since 2001).
+ it may be difficult or impossible to find a pre-built package for
the operating system or architecture
+ a pre-built package may have further or conflicting pre-requisites,
which are themselves difficult to find or build. By building everything,
including pre-requisites, a from-source packaging system can ensure
that pre-requisites are present and integrated
At the present time, pkgsrc supports 19 platforms
AIX
BSDOS
Darwin/Mac OS X
DragonFly
FreeBSD
FreeMiNT
HPUX
Haiku
IRIX
Interix/SFU/SUA
Linux
Minix3
MirBSD
NetBSD
OSF1
OpenBSD
QNX
SunOS/Solaris/SmartOS
UnixWare
Complete dependency and pre-requisite package information is held and
used by the package management software - if packages rely on other
packages to function properly, that pre-requisite will be built,
installed and managed as part of the package installation process.
Binary packages can be managed using pkgin.
Alistair Crooks
On behalf of the pkgsrc developers
Sun Jul 1 13:44:49 PDT 2012
More information about the Users
mailing list