Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Who says not updating often == a broken system?
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Thu Jun 02, 2011 4:04 pm    Post subject: Who says not updating often == a broken system? Reply with quote

I'm on ~x86 and though I'm not proud to admit it I went ~4 months without updating world. I just finished it up and things seem fine. Sure I had to run revdep-rebuild a couple times in between update attempts when something failed but it ultimately seemed to have worked. From what I read before I was expecting to have to do a full re-install. I'm glad this wasn't the case.

Did I just get lucky or is it actually fairly common to be able to successfully go 4 months without an update without hosing the system when finally getting around to it?
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Thu Jun 02, 2011 4:21 pm    Post subject: Reply with quote

Well, 4 Months is not a long time. OTOH I cannot give you an exact number, when it becomes troublesome to upgrade.
IIRC there was no larger change (expat/libxml like breakage) in the past 4 months, so I would expect a clean upgrade.

I addition, you mentioned to to be running on testing (~x86) which prolongs the time you may go without upgrade before running into trouble, as you are already using the latest packages (and as such the latest dependencies).


I had (a couple of years back) to upgrade a gentoo system which hadn't been upgraded fro 2 years. the upgrade itself was not the problem, but that some packages (IIRC mailman) had suddenly been moved around, and a had to move around the mail archives to make accessible once more.


In general, the more you expect a breakage, the less likely it seems to happen (just like Murphy's Law).
And upgrading more often, helps that you only run into one problem at a time, rather than into a bunch of them, and then having to figure out which really caused the problem.


just my .02$
V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
niick
Tux's lil' helper
Tux's lil' helper


Joined: 09 Mar 2006
Posts: 93

PostPosted: Thu Jun 02, 2011 6:17 pm    Post subject: Reply with quote

I run a few gentoo boxes. I keep my main ~amd64 system updated regularly, it tends to go quite well. I also have a home server running gentoo, I only upgrade it once or twice a year. It's on stable and I don't run things like X on it and I can't recall ever having a serious problem upgrading it.

I tend to find that individual packages which undergo changes cause the most issues. I think my php install was temporarily borked due to changes in config file locations or something (I can't remember exactly) but these are often down to me not reading portage output or rushing etc-update. However these individual changes aren't made worse by leaving them for a while it's just that you can get a bunch of them in one go.

I guess it would be more sensible to keep up with updates cause its public facing but it's only my home server.

So in my personal experience it is ok to leave long gaps between updates. Having said that you might be in for an interesting few hours if you left it for something like 2 years :)
_________________
"Give me control of a nation's money and I care not who makes the laws."
Mayer Amschel Rothschild
Back to top
View user's profile Send private message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Thu Jun 02, 2011 6:24 pm    Post subject: Reply with quote

I guess I did have a minor issue after all due to the ABI change in X. I had to rebuild a couple drivers, mainly for hotplugging (evdev) which I was using. Not a big deal and portage warned me about it and even specified exactly what to do.

It's good to see that Gentoo isn't "either update it at least every month or you'll be sorry next time" as some people seem to believe.
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Thu Jun 02, 2011 10:26 pm    Post subject: Reply with quote

Quote:
Not a big deal and portage warned me about it and even specified exactly what to do.

I guess that is the problem with most cases where the upgrade broke. People are getting just to lazy and do not read the portage output (on of the reasons for my sig), or just do not interpret what they are being told.

Agreed, gentoo is not a fire-and-forget kind of distro, but of you read (and understand) the instructions (not just in the handbook, but also on the cli) and do as you are told, gentoo is pretty simple to handle.

V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
dol-sen
Retired Dev
Retired Dev


Joined: 30 Jun 2002
Posts: 2805
Location: Richmond, BC, Canada

PostPosted: Fri Jun 03, 2011 12:33 am    Post subject: Reply with quote

Well, the main reason an old system has become more difficult to upgrade in the past 1 to 2 years is that there have been many EAPI upgrades. The longer between EAPI updates and feature changes, the longer your system will likely be able to get old and still upgrade successfully. Provided there is not any major system packages ABI changes thrown it too.
_________________
Brian
Porthole, the Portage GUI frontend irc@freenode: #gentoo-guis, #porthole, Blog
layman, gentoolkit, CoreBuilder, esearch...
Back to top
View user's profile Send private message
disi
Veteran
Veteran


Joined: 28 Nov 2003
Posts: 1354
Location: Out There ...

PostPosted: Fri Jun 03, 2011 9:24 am    Post subject: Reply with quote

There weren't ant major changes in the last 4 months.

One thing that broke one of my machines, despite regular upgrade, udev needs >=2.6.27
Another thing that is scary right now, is the openrc update in stabe x86
_________________
Gentoo on Uptime Project - Larry is a cow
Back to top
View user's profile Send private message
theBlackDragon
l33t
l33t


Joined: 23 Nov 2002
Posts: 768
Location: Belgium

PostPosted: Thu Jun 09, 2011 9:15 am    Post subject: Reply with quote

I've successfully updated a Gentoo system that hadn't seen any updates since 2006 (so over four years) it was a huge pain but it worked. Currently I'm upgrading another system of about the same age, which is probably going to be even more of a pain since it's an UltraSPARC...
_________________
Fvwm|Fvwm forum
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3509

PostPosted: Thu Jun 09, 2011 1:59 pm    Post subject: Reply with quote

AMC has been running Clint Eastwood "Dirty Harry" movies recently, so it brings to mind a relevant catch phrase.

As for going a loooooong time without updating your Gentoo installation -

"Are you feeling lucky?"
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
feystorm
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jan 2004
Posts: 96

PostPosted: Thu Jun 09, 2011 2:03 pm    Post subject: Reply with quote

If you know what youre doing, you can go a long time without updates. I potentially can bring up may problems, but it can be done. I've upgraded boxes that have gone > 2 years without updates. Though admittedly they do run fairly minimal package sets.
Back to top
View user's profile Send private message
rh1
Guru
Guru


Joined: 10 Apr 2010
Posts: 501

PostPosted: Thu Jun 09, 2011 3:14 pm    Post subject: Reply with quote

While I tend to update often, waiting does have some benefits such as most bugs are either already fixed or there's already a ton of information on how to fix out there when you do update. It's kind of a trade off, you might hit more problems at once but you get the benefit of usually already having a solution availible.
Back to top
View user's profile Send private message
Veldrin
Veteran
Veteran


Joined: 27 Jul 2004
Posts: 1945
Location: Zurich, Switzerland

PostPosted: Thu Jun 09, 2011 4:34 pm    Post subject: Reply with quote

I think, this mainly applies to the unstable branch.
for the stable branch, packages often have been around for sometime, so you should be able to find a solution pretty easy.

V.
_________________
read the portage output!
If my answer is too concise, ask for an explanation.
Back to top
View user's profile Send private message
theBlackDragon
l33t
l33t


Joined: 23 Nov 2002
Posts: 768
Location: Belgium

PostPosted: Thu Jun 09, 2011 10:00 pm    Post subject: Reply with quote

Veldrin wrote:
I think, this mainly applies to the unstable branch.
for the stable branch, packages often have been around for sometime, so you should be able to find a solution pretty easy.

V.


Not if you don't upgrade for a long time, there's usually unforeseen breakage because you follow an unanticipated upgrade path, sometimes even ebuilds are just plain broken referencing packages that haven't been in portage for years, not to mention changes in core package versions (python and glibc come to mind) and the like possibly breaking portage or other core software. Some of these problems can be pretty hard to find and more often than not are not, or badly, documented.

Also the devs don't care about them (and rightly so) as upgrading such a long neglected system is just not supported.
_________________
Fvwm|Fvwm forum
Back to top
View user's profile Send private message
m0p
Apprentice
Apprentice


Joined: 20 Jun 2005
Posts: 205
Location: en_GB

PostPosted: Fri Jun 10, 2011 11:01 am    Post subject: Reply with quote

I'd be too paranoid about security to go that long without updating.

Personally I update everything once a week, though I'm mostly using stable apart from some X11/desktop stuff, latest mplayer/ffmpeg, latest vanilla-sources, latest udev, glibc 2.13, and security updates that aren't stabilised or in the tree (in which case I just copy them over to my overlay and change the version or add the patch myself), so there's rarely any serious updates that break everything.

The only annoying thing is having to update some stuff twice, because I make my own emul-linux packages (the "official" ones are always dangerously out of date).


Last edited by m0p on Sat Jun 11, 2011 1:06 pm; edited 1 time in total
Back to top
View user's profile Send private message
rldawson
n00b
n00b


Joined: 20 May 2011
Posts: 19

PostPosted: Fri Jun 10, 2011 11:18 pm    Post subject: Reply with quote

In my crontab I have emerge --sync and basically everything works well when emerge -uDN world is applied. I have come across a couple of issues one being glibc upgrade a couple weeks ago and the other was udev the other day. It has been my observation that sometimes there are errors and if looks like it does not makes sense wait for the next sync and everything gets straightened out. Otherwise Gentoo has been the *best* Linux experience that I have ever had in the over ten years of Linux use. :)
Back to top
View user's profile Send private message
sera
Retired Dev
Retired Dev


Joined: 29 Feb 2008
Posts: 1017
Location: CET

PostPosted: Sat Jun 11, 2011 11:45 am    Post subject: Reply with quote

rldawson wrote:
In my crontab I have emerge --sync


emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.

As for upgrading old installations. Depending on the packages installed this can be from very easy to a real hassle. There are also the packages I have to fight anyway with every update (kde is the prime example).

Most of my Gentoo boxes I only update about every 3-4 months, I rarely see any issues which could be attributed in anyway to the update interval. Personally, I recommend to update at least every 6 month.
Back to top
View user's profile Send private message
rldawson
n00b
n00b


Joined: 20 May 2011
Posts: 19

PostPosted: Sat Jun 11, 2011 1:17 pm    Post subject: Reply with quote

Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?
sera wrote:
emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3509

PostPosted: Sat Jun 11, 2011 1:45 pm    Post subject: Reply with quote

I run a server on my LAN for DNS, NFS, SMTP, and IMAP. (I use fetchmail and keep my mail locally.) As long as all of that is running, I also keep a portage mirror as well as http-replicator. In that setting, I think that putting "emerge --sync" in a cron file on the server is the right thing to do.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Mon Jun 13, 2011 12:34 am    Post subject: Reply with quote

rldawson wrote:
Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?
sera wrote:
emerge --sync is not meant to be put into crontab. Please launch it manually when needed and save some resources.


I think he might mean it in the sense of saving resources on the remote servers. More than likely if everyone ran an 'emerge --sync' daily the servers would become overloaded. So I suppose the etiquette might be to sync only when you need to (such as when actually upgrading packages). But AFAIK you aren't breaking any 'rules' by doing it since I believe the rule is not to sync more than once a day.
Back to top
View user's profile Send private message
sera
Retired Dev
Retired Dev


Joined: 29 Feb 2008
Posts: 1017
Location: CET

PostPosted: Mon Jun 13, 2011 7:22 am    Post subject: Reply with quote

davidm wrote:
I think he might mean it in the sense of saving resources on the remote servers. More than likely if everyone ran an 'emerge --sync' daily the servers would become overloaded. So I suppose the etiquette might be to sync only when you need to (such as when actually upgrading packages). But AFAIK you aren't breaking any 'rules' by doing it since I believe the rule is not to sync more than once a day.


That's what I meant. Thanks.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6747

PostPosted: Mon Jun 13, 2011 7:47 am    Post subject: Reply with quote

rldawson wrote:
Why is emerge --sync "not meant" to be put in crontab? Since it is set to execute once a day, I fail to see the problem and for the sake of security is it not important to update and patch any operating system regularly?

Yes, it is important from the security point to update the system regularly (at least, if the system is on the net). However, emerge --sync does not do this: It will do nothing than just using resources. It makes only sense if you run emerge -NaDu @world afterwards. If you have also emerge -NDu @world in your cron job, it makes sense, although I would not recommend doing so unless you check logs very regularly and very carefully and are prepared to wake up with a broken system (even if there is no unexpected probkem, there are also other things like etc-update, emerge --depclean, revdep-rebuild, python-updater, perl-updater, ... which should have been called in between). However, if you do not have emerge -NDu @world in your crontab, then the emerge --sync in the crontab is just eating resources for nothing: It is better (especially from the security point of view) to call emerge --sync immediately before you call emerge -NDu @world, because only in this case you make sure you get the latest (possibly security-related) upgrades.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Mon Jun 13, 2011 8:57 am    Post subject: Reply with quote

Better security procedure would be subscribing to a GLSA feed, and reading it.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6747

PostPosted: Mon Jun 13, 2011 12:04 pm    Post subject: Reply with quote

Ant P. wrote:
Better security procedure would be subscribing to a GLSA feed, and reading it.

Better than upgrading regularly?

I would say one is not a substitute for the other: A lot of projects tend to close security relevant problems with a minor version upgrade. (The kernel has almost become famous of this, but it is certainly not the only project.) So having up-to-date packages is in any case a good security measurement.

Moreover, keeping your system up-to-date means that practically no GLSA will apply to you at the time it becomes public - at least, it didn't happen since years to me.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 6051
Location: Removed by Neddy

PostPosted: Mon Jun 13, 2011 12:54 pm    Post subject: Reply with quote

its not a hard equivalent to (==) its more of a probability thing.
The last 6months have been quite benign from a system point of view and ABI
we haven't had an expat like system upgrade path issue in some time, no major bump to an EAPI couple with removal of lowest common denominator w.r.t. an upgrade path.

so the longer you go without updating there is an increase chance you will hit more and more upgrade annoyances which could result in a non-viable upgrade path
_________________
Quote:
Removed by Chiitoo
Back to top
View user's profile Send private message
rldawson
n00b
n00b


Joined: 20 May 2011
Posts: 19

PostPosted: Fri Jun 17, 2011 3:57 pm    Post subject: Reply with quote

It is my understanding that "emerge --sync" is not to be performed more that twice a day. Since this is in the crontab for once a day, and in the morning "emerge -uDN world && emerge --depclean && revdep-rebuild" is applied, I feel that this is keeping up to the expected standard. If necessary, other commands such as etc-update are applied as well. It seems to me that applying commands such as emerge -uDN world in the crontab is just asking for trouble.

Keeping an up-to-date system(s) is important to me and daily reviews of CVE updates does seem very important as well.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum