Gentoo: System update

From Luky-Wiki
Jump to: navigation, search

Warning! Warning! Warning! ... This article is my cookbook. It is designed for binary type update (two stages deployment) and only as reference. You can use it but it may not be suitable for all configurations. Use common sense and add / modify / repeat commands if necessary. I am doing same during update. Some of commands have --pretend just to see actions before they are applied. I normally review them and rerun without --pretend option.

System Update

Update local repository
eix-sync

or

emerge --sync

or (if repository is already synced)

eix-update
Clean logs from previous update
find /var/log/portage -maxdepth 1 -type f -ls -delete
Clean distfiles and package directory
eclean-dist --deep ; eclean-pkg --deep
Update system including build dependencies
on "build" system
emerge --ask --update --deep --newuse --with-bdeps=y @world
on "prod" system
emerge --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world
Commit or reject configuration changes in "/etc"
etc-update
Review messages from packages
elogv
Clean packages with no dependency on "world" package set
emerge --ask --depclean
Scan for broken dependencies
  • python:
python-updater --pretend
  • perl:
perl-cleaner --all --pretend
  • libraries detected by system:
emerge --ask @preserved-rebuild
  • libraries not detected by portage:
revdep-rebuild    --ignore --pretend
revdep-rebuild.sh --ignore --pretend
If previous commands result in package rebuild then review again logs and possible configuration changes
elogv
etc-update
Verify / validate dependency starting from "world" fileset
emerge --pretend --verbose --update --deep --newuse --with-bdeps=y @world
Check for possible updates by each package separately (watch versions in slots)
eix --upgrade
Search for possible obsolete portage configuration and installed packages
eix-test-obsolete
Check installed packages agains GLSA (Gentoo Linux Security Advisories)
glsa-check --test --nocolor --verbose all
Rebuild X11 drivers and linked packages (hekate-x11 and phoebe / piper)
emerge --ask @x11-module-rebuild
emerge --ask --oneshot app-crypt/hashcat app-crypt/johntheripper

Note: binary packages needs to be disabled on prod system:

export FEATURES="-buildpkg -getbinpkg"
export CFLAGS="-O2 -march=native -mfpmath=sse -fomit-frame-pointer -pipe"

Binhost only

(optional) validate installed files against database
for a in $( qcheck --badonly )
do
  clear; ( echo $a; qcheck $a ) | less
done
Check integrity of local repository
cd /opt/local/portage/
repoman
Validate binhost list
emaint --check binhost
Verify binary package tree
emerge --pretend --emptytree --usepkgonly @world
Synchronize binary packages to web server
sync/binhost-sync.sh

Known problems

Perl slot change
emerge --ask --update --deep --newuse --with-bdeps y --backtrack 100 @world
perl-cleaner --all