Difference between revisions of "Gentoo: System update"
From Luky-Wiki
Lukas Dzunko (talk | contribs) (→Binhost checks) |
Lukas Dzunko (talk | contribs) |
||
| (20 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''Warning! Warning! Warning!''' ... This article is my cookbook. It is designed for binary type update (two stages deployment) and only as reference. You can use it but it may not be suitable for all configurations. Use common sense and add / modify / repeat commands if necessary. I am doing same during update. Some of commands have <code>--pretend</code> just to see actions before they are applied. I normally review them and rerun | + | '''Warning! Warning! Warning!''' ... This article is my cookbook. It is designed for binary type update (two stages deployment) and only as reference. You can use it but it may not be suitable for all configurations. Use common sense and add / modify / repeat commands if necessary. I am doing same during update. Some of commands have <code>--pretend</code> just to see actions before they are applied. I normally review them and rerun without <code>--pretend</code> option. |
== System Update == | == System Update == | ||
| Line 8: | Line 8: | ||
emerge --sync | emerge --sync | ||
| − | or (if repository is synced) | + | or (if repository is already synced) |
eix-update | eix-update | ||
| Line 15: | Line 15: | ||
===== Clean distfiles and package directory ===== | ===== Clean distfiles and package directory ===== | ||
| − | eclean-dist - | + | eclean-dist --deep ; eclean-pkg --deep |
===== Update system including build dependencies ===== | ===== Update system including build dependencies ===== | ||
====== on "build" system ====== | ====== on "build" system ====== | ||
| − | emerge --ask --update --deep --newuse --with-bdeps=y @world | + | emerge --fetchonly --ask --update --deep --newuse --with-bdeps=y @world |
| + | |||
| + | emerge --quiet-build --ask --update --deep --newuse --with-bdeps=y @world | ||
| + | |||
====== on "prod" system ====== | ====== on "prod" system ====== | ||
| − | emerge --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world | + | emerge --fetchonly --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world |
| + | |||
| + | emerge --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world | ||
===== Commit or reject configuration changes in "/etc" ===== | ===== Commit or reject configuration changes in "/etc" ===== | ||
| Line 33: | Line 38: | ||
===== Scan for broken dependencies ===== | ===== Scan for broken dependencies ===== | ||
| − | |||
| − | |||
| − | |||
* perl: | * perl: | ||
perl-cleaner --all --pretend | perl-cleaner --all --pretend | ||
* libraries detected by system: | * libraries detected by system: | ||
| − | emerge -ask @preserved-rebuild | + | emerge --ask @preserved-rebuild |
* libraries not detected by portage: | * libraries not detected by portage: | ||
| Line 64: | Line 66: | ||
glsa-check --test --nocolor --verbose all | glsa-check --test --nocolor --verbose all | ||
| − | ===== Rebuild X11 drivers and linked packages ===== | + | ===== Rebuild X11 drivers and linked packages (hekate-x11 and phoebe / piper) ===== |
emerge --ask @x11-module-rebuild | emerge --ask @x11-module-rebuild | ||
| − | emerge --ask app-crypt/hashcat app-crypt/johntheripper | + | emerge --ask --oneshot app-crypt/hashcat app-crypt/johntheripper |
''Note:'' binary packages needs to be disabled on prod system: | ''Note:'' binary packages needs to be disabled on prod system: | ||
| Line 73: | Line 75: | ||
export CFLAGS="-O2 -march=native -mfpmath=sse -fomit-frame-pointer -pipe" | export CFLAGS="-O2 -march=native -mfpmath=sse -fomit-frame-pointer -pipe" | ||
| − | == Binhost | + | == Binhost only == |
| − | ===== | + | ===== (optional) validate installed files against database ===== |
| − | ===== | + | for a in $( qcheck --badonly ) |
| − | ===== | + | do |
| − | ===== | + | clear; ( echo $a; qcheck $a ) | less |
| − | ===== | + | done |
| − | + | ||
| − | == | + | ===== Check integrity of local repository ===== |
| − | ===== | + | cd /opt/local/portage/ |
| − | + | repoman | |
| − | + | ||
| − | + | ===== Validate binhost list ===== | |
| + | emaint --check binhost | ||
| + | ===== Verify binary package tree ===== | ||
| + | emerge --pretend --emptytree --usepkgonly @world | ||
| + | |||
| + | ===== Synchronize binary packages to web server ===== | ||
| + | sync/binhost-sync.sh | ||
| + | |||
| + | == Known problems == | ||
| + | ===== Perl slot change ===== | ||
| + | emerge --ask --update --deep --newuse --with-bdeps y --backtrack 100 @world | ||
| + | |||
| + | perl-cleaner --all | ||
Latest revision as of 11:23, 16 June 2019
Warning! Warning! Warning! ... This article is my cookbook. It is designed for binary type update (two stages deployment) and only as reference. You can use it but it may not be suitable for all configurations. Use common sense and add / modify / repeat commands if necessary. I am doing same during update. Some of commands have --pretend just to see actions before they are applied. I normally review them and rerun without --pretend option.
Contents
- 1 System Update
- 1.1 Update local repository
- 1.2 Clean logs from previous update
- 1.3 Clean distfiles and package directory
- 1.4 Update system including build dependencies
- 1.5 Commit or reject configuration changes in "/etc"
- 1.6 Review messages from packages
- 1.7 Clean packages with no dependency on "world" package set
- 1.8 Scan for broken dependencies
- 1.9 If previous commands result in package rebuild then review again logs and possible configuration changes
- 1.10 Verify / validate dependency starting from "world" fileset
- 1.11 Check for possible updates by each package separately (watch versions in slots)
- 1.12 Search for possible obsolete portage configuration and installed packages
- 1.13 Check installed packages agains GLSA (Gentoo Linux Security Advisories)
- 1.14 Rebuild X11 drivers and linked packages (hekate-x11 and phoebe / piper)
- 2 Binhost only
- 3 Known problems
System Update
Update local repository
eix-sync
or
emerge --sync
or (if repository is already synced)
eix-update
Clean logs from previous update
find /var/log/portage -maxdepth 1 -type f -ls -delete
Clean distfiles and package directory
eclean-dist --deep ; eclean-pkg --deep
Update system including build dependencies
on "build" system
emerge --fetchonly --ask --update --deep --newuse --with-bdeps=y @world
emerge --quiet-build --ask --update --deep --newuse --with-bdeps=y @world
on "prod" system
emerge --fetchonly --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world
emerge --ask --update --deep --newuse --with-bdeps=y --binpkg-changed-deps=n @world
Commit or reject configuration changes in "/etc"
etc-update
Review messages from packages
elogv
Clean packages with no dependency on "world" package set
emerge --ask --depclean
Scan for broken dependencies
- perl:
perl-cleaner --all --pretend
- libraries detected by system:
emerge --ask @preserved-rebuild
- libraries not detected by portage:
revdep-rebuild --ignore --pretend
revdep-rebuild.sh --ignore --pretend
If previous commands result in package rebuild then review again logs and possible configuration changes
elogv
etc-update
Verify / validate dependency starting from "world" fileset
emerge --pretend --verbose --update --deep --newuse --with-bdeps=y @world
Check for possible updates by each package separately (watch versions in slots)
eix --upgrade
Search for possible obsolete portage configuration and installed packages
eix-test-obsolete
Check installed packages agains GLSA (Gentoo Linux Security Advisories)
glsa-check --test --nocolor --verbose all
Rebuild X11 drivers and linked packages (hekate-x11 and phoebe / piper)
emerge --ask @x11-module-rebuild
emerge --ask --oneshot app-crypt/hashcat app-crypt/johntheripper
Note: binary packages needs to be disabled on prod system:
export FEATURES="-buildpkg -getbinpkg" export CFLAGS="-O2 -march=native -mfpmath=sse -fomit-frame-pointer -pipe"
Binhost only
(optional) validate installed files against database
for a in $( qcheck --badonly ) do clear; ( echo $a; qcheck $a ) | less done
Check integrity of local repository
cd /opt/local/portage/ repoman
Validate binhost list
emaint --check binhost
Verify binary package tree
emerge --pretend --emptytree --usepkgonly @world
Synchronize binary packages to web server
sync/binhost-sync.sh
Known problems
Perl slot change
emerge --ask --update --deep --newuse --with-bdeps y --backtrack 100 @world
perl-cleaner --all
