Updating FreeBSD Perl Using Packages

I detest having to upgrade core FreeBSD packages like Perl that are relied upon by so many other applications. All of my systems are old and dog slow, so I tend to install software on FreeBSD using its native package system. For example, before installing a package, I set this environment variable:

setenv PACKAGESITE ftp://ftp6.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/

Replace '6' with the number of the mirror closest to you.

That command tells pkg_add to not use the default RELEASE packages, but to look for the latest STABLE package. Those packages are built by the FreeBSD ports cluster and are kept fairly current.

The problem with such a system is that the packages may get ahead of my upgrade plans. For example, if my system is running Perl 5.8.6_2 and the ports cluster is building packages that look for Perl 5.8.7, I will eventually run into trouble.

That happened this weekend. I installed security/metasploit, which was built as a package for Perl 5.8.7. While Metasploit ran fine, it could not use an SSL module to download updates. Apparently the way Metasploit invoked Perl with its msfupdate tool checking for Perl 5.8.7 and I have 5.8.6 installed.

I had a second problem with dns/dnswalk. It wouldn't run at all, because the package I installed relied on Perl 5.8.7 and again I had 5.8.6 installed.

I decided to bite the bullet and update Perl. This is usually a huge pain because all the applications which rely on Perl have to be updated too.

I found this in /usr/ports/UPDATING:

20050624:
AFFECTS: users of lang/perl5.8
AUTHOR: tobez@FreeBSD.org

lang/perl5.8 has been updated to 5.8.7. You should update everything
depending on perl. The easiest way to do that is to use
perl-after-upgrade script supplied with lang/perl5.8. Please see
its manual page for details.

perl-after-upgrade sounded interesting. I found this online man page by the author (he also has a blog), and this tip by Dru Lavigne. I started following Dru's advice by running 'portupgrade -rR perl' on one system. After a while I got discouraged because it was taking too long. Maybe there was an alternative?

I decided I would just force a deinstallation of Perl 5.8.6_2, and then install Perl 5.8.7 from package. I would follow with the perl-after-upgrade script.

In other words:

pkg_deinstall -f perl
setenv PACKAGESITE ftp://ftp6.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/Latest/
pkg_add -r perl
perl-after-upgrade
perl-after-upgrade -f

The relevant items are found when running perl-after-upgrade:

# perl-after-upgrade
atk-1.9.1: 0 moved, 0 modified, 0 adjusted
desktop-file-utils-0.10_2: 0 moved, 0 modified, 0 adjusted
dnswalk-2.0.2: 0 moved, 1 modified, 0 adjusted
...edited...
imake-6.8.2: 0 moved, 0 modified, 0 adjusted
irssi-0.8.9_3: 16 moved, 1 modified, 21 adjusted
libcroco-0.6.0_1: 0 moved, 0 modified, 0 adjusted
...edited...
xpdf-3.00_6: 0 moved, 0 modified, 0 adjusted
-
---
Fixed 2 packages (16 files moved, 2 files modified)
Skipped 113 packages

**** In addition, please pay attention to the following:
The /usr/local/bin/irssi binary would be modified, make sure it works

--- Repeating summary:
Fixed 2 packages (16 files moved, 2 files modified)
Skipped 113 packages

Notice perl-after-upgrade found two troublesome applications: irssi and dnswalk. Running perl-after-upgrade again with the -f switch commits the changes.

Once I completed this process, I found that irssi worked but dnswalk still gave an error. I found my package database had a stale dependency. I eventually decided to remove dnswalk and its dependencies, and then reinstall the package. It worked fine after that. I was also able to get Metasploit to update its modules via SSL.

In any case, I believe I successfully navigated a Perl upgrade without having to compile any source code. If anyone cares to share comments, I would appreciate them.

By the way, I usually upgrade all of my ports using 'portupgrade -varRPP' after setting the PACKAGESITE variable. The PP switch tells portupgrade to only use packages. Any ports left over that aren't available as a package I have to upgrade without the PP switch.

Comments

Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics