Announcing the pkgsrc-2015Q1 Branch
14 April, 2015 by agc@netbsd.org | netbsd
pkgsrc-2015Q1 ============= The pkgsrc team is proud to announce the availability of the pkgsrc-2015Q1 branch. We welcome postgresql 9.4, ruby 2.2, lua 5.3, xen 4.5, and Tobias Nygren back as a pkgsrc developer. Number of Packages ================== In pkgsrc, there are: 15246 possible pkgsrc packages in pkgsrc-2015Q1 (15510 last quarter) 12619 pkgsrc entries as reported by lintpkgsrc (12449 last quarter) 14896 binary packages built with clang for NetBSD-current/x86_64 (15049 last quarter) 13092 binary packages built with gcc for Joyent's SmartOS/x86_64 (12972 last quarter) 13028 binary packages built with gcc for Joyent's SmartOS/i386 12802 binary packages built with clang for FreeBSD 10.1/x86_64 11224 binary packages built with gcc for Darwin 8.11.0/powerpc 10019 binary packages built with gcc for Darwin 10.8.0/i386 In addition, this quarter: 216 packages have been added (156 last quarter) 2 packages have been renamed (4 last quarter) 46 packages removed, 11 with a successor (48 and 9 last quarter) 2007 packages updated (1575 last quarter) Pkgsrc Release Schedule ======================= The pkgsrc developers make a new release every three months. We believe that this is a sweet spot between too many updates, and keeping abreast of issues like security vulnerabilities. Pkgsrc is not tied to any one operating system or architecture, which gives us the ability to decouple the releases from any operating system releases, and to concentrate on the packages themselves. This is the 46th quarterly release of pkgsrc. Changes to pkgsrc ================= Ryosuke Moro continues to improve our haskell package support. A framework for packaging software in Go has been added -- see pkgsrc/lang/go/go-package.mk, and the github MASTER_SITES handling has been added. Many pkgsrc developers and contributors have all helped with PR submissions, fixes and bug reports. Package Additions ================= New packages for db6, postgresql 9.4, cmocka, lua 5.3, openjdk8, ruby 2.2, tigervnc, sslsplit, xen 4.5 were added. We also gained more perl, python, haskell, and ruby wrappers for many libraries. Package Removals ================ We actively manage the packages in pkgsrc, and delete ones that are not necessary. We said goodbye to navi2ch, lc, php 5.3, bind 9.6 and 9.8 and openmotif for this branch. Package views were also retired. Other Changes ============= As expected, we have made more progress in integrating cwrappers, and we expect to complete that next quarter. We also expect to finish the integration of signature verification of binary packages and package vulnerabilities next quarter. The updates to our perl packages was also notable. Pkgsrc-security =============== One neat feature of pkgsrc is its ability to sort package versions based on the version numbers. It's used in audit-packages, to report on any installed packages which may have security vulnerabilities in them. pkgsrc-security@pkgsrc.org maintains lists of vulnerable packages, along with reference URLs relating to the exposure. We thank the whole pkgsrc-security team for their hard work. Sample output from audit-packages is shown below: % audit-packages Package libtasn1-4.2 has a stack-overflow vulnerability, see http://lists.gnu.org/archive/html/help-libtasn1/2015-03/msg00002.html % Getting pkgsrc ============== More information can be found in http://www.netbsd.org/docs/pkgsrc/getting.html tar files for pkgsrc, along with checksums, can be found at http://ftp.netbsd.org/pub/pkgsrc/pkgsrc-2015Q1/ and anonymous cvs can be used: cvs -z3 -q -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -r pkgsrc-2015Q1 -P pkgsrc or by pulling from the git mirror at: https://github.com/jsonn/pkgsrc or the mercurial mirror at: https://bitbucket.org/agc/pkgsrc.hg Joyent provide quarterly binary package sets for SmartOS/illumos, OS X, and Linux, as well as some quickstart documentation at: http://pkgsrc.joyent.com/ The packages are built from their pkgsrc fork available at: https://github.com/joyent/pkgsrc which includes support for experimental features such as multiarch packages, but may lag behind the git mirror. About pkgsrc ============ pkgsrc is a cross-platform packaging system. It allows people to download sources and to build and install binary packages on one or more platforms. Building packages from source is useful for a number of reasons: + not only is the provenance of source code checked (by using multiple digests), with pkgsrc, the version of source code you are working with is the same that other developers and users have. + package builders can choose to customise their own installations by means of the option framework. pre-built packages from other builders may not have specified the same options. + patches are maintained in a central repository, and, again, are checked at patch application time by using digests. The patches which are applied to the sources being built are the same ones which are known to be used and proved by other pkgsrc users (not necessarily on the same platform). + by building from source, all doubts about compilers, build practices, source code cleanliness, and packaging differences are removed. Digital signatures of binary packages, while useful in themselves, only prove certain aspects of binary package provenance. (pkgsrc has had signed packages since 2001.) + it may be difficult or impossible to find a pre-built package for the operating system or architecture. + a pre-built package may have further or conflicting pre-requisites, which are themselves difficult to find or build. By building everything, including pre-requisites, a from-source packaging system can ensure that pre-requisites are present and integrated. At the present time, pkgsrc supports 22 platforms: AIX BSDOS Cygwin Darwin/Mac OS X DragonFly FreeBSD FreeMiNT GNU/kFreeBSD HPUX Haiku IRIX Interix/SFU/SUA Linux Minix3 MirBSD NetBSD OSF1 OpenBSD QNX SCO OpenServer Solaris/illumos UnixWare Complete dependency and pre-requisite package information is held and used by the package management software - if packages rely on other packages to function properly, that pre-requisite will be built, installed and managed as part of the package installation process. Binary packages can be managed using pkgin and nih. Alistair Crooks On behalf of the pkgsrc developers Thu Apr 2 15:29:23 PDT 2015