You don’t actually have to read it and will probably get away with it for quite some time. So if you choose to ignore it, don’t complain if an update finally bites when it finds you off guard!
Let’s stick to the previous example and say that we want to do the update – but Libre Office should not be touched because we’re working on an important document currently and don’t want to risk layout breakage (minor updates should be no problem but bigger updates are known to sometimes cause trouble). Let’s Attempting the upgrade again, Pkg should now show only 27 candidates and leave Libre Office alone.
[y/N]: y libreoffice-5.3.5_1: added annotation tagged: locked-pkgs Some updates mean new features, others mean fixing of critical security holes. Free BSD.org/freebsd/22f28bb3-8d98-11e7-8c37-e8e0b747a45chromium-60.0.3112.101 is vulnerable: chromium -- multiple vulnerabilities CVE: CVE-2017-5120 CVE: CVE-2017-5119 CVE: CVE-2017-5118 CVE: CVE-2017-5117 CVE: CVE-2017-5116 CVE: CVE-2017-5115 CVE: CVE-2017-5114 CVE: CVE-2017-5113 CVE: CVE-2017-5112 CVE: CVE-2017-5111 WWW: https://vuxml.
Free BSD.org/freebsd/e1100e63-92f7-11e7-bd95-e8e0b747a45[...] In this example I’ve packaged Chromium before updating so that I could reinstall the old version.
But as mentioned before, Dragon Fly BSD uses it, too.
And thanks to the new (and extremely exciting, IMO!
Here’s a sample package with a rather complicated version string: in this case. So this port has been revised three times without changing the actual upstream version.
If dependencies changed as well, you might not be able to use the old version, even when you reinstalled it!There are a few good reasons to lock a package – and a lot of bad ones.Resort to locking packages when necessary but don’t trifle with it because you’re effectively cutting yourself off from updates on some packages. Probably dependencies that they share with other packages.Before we start updating packages, let’s take a look at the versioning scheme.
The way Free BSD versions its packages can be a bit confusing if you first see it. If a port is revised (probably to correct a mistake, add more configure options, etc), the revision number is bumped.This is a short text (or some of them) which might contain a heads-up that can be critical to know. Here’s an old example showing how bad it could be to have missed it: # pkg updating apache22 20140713: AFFECTS: users of www/apache22 AUTHOR: [email protected] The default version was changed from www/apache22 to www/apache24, pre-build apache modules and web applications will also reflect this!