Updating FreeBSD's ports: a fully automated script to (slowly) rebuild everything

FreeBSD is a really good operating system to work with, but the daily process of keeping the port tree up-to-date could easily become a painful process.

Whenever any developer moves an important file between ports (happens a lot with Gnome3) a simple 'portmaster -a' will fail, complaining the old- and the new package willing to write to the same place.

You can always fix the issue by removing the whole package and reinstalling, but it breaks the anyway very long (e.g. hours) update procedure, and you'll have to wait another couple fo hours for the update to finish... Until you run into another package-move, and have to start over again.

After working with FreeBSD for a while, the most useful update procedure turns out to be similar to what they propose in 'man portmaster' :

     Using portmaster to do a complete reinstallation of all your ports:
           1. portmaster --list-origins > ~/installed-port-list
           2. Update your ports tree
           3. portmaster -ty --clean-distfiles
           4. portmaster --check-port-dbdir
           5. portmaster -Faf
           6. pkg_delete -a
           7. rm -rf /usr/local/lib/compat/pkg
           8. Back up any files in /usr/local you wish to save,
              such as configuration files in /usr/local/etc
           9. Manually check /usr/local and /var/db/pkg
              to make sure that they are really empty
           10. Re-install portmaster
           11. portmaster `cat ~/installed-port-list`

     You probably want to use the -D option for the installation and then run
     --clean-distfiles [-y] again when you are done.  You might also want to
     consider using the --force-config option when installing the new ports.

     Alternatively you could use portmaster -a -f -D to do an ``in place''
     update of your ports.  If that process is interrupted for any reason you
     can use portmaster -a -f -D -R to avoid rebuilding ports already rebuilt
     on previous runs.  However the first method (delete everything and rein-
     stall) is preferred.

Well, this painful (e.g. if you have lots of packages running on not-state-of-the-art hardware, could be up to 24 hours, or sometimes days) process really works. Whatever entanglement I've had with gnome packages - reinstalling everything obviously always helped.

Some time ago I bought 6 used DELL desktops to set up a home-made cluster, and today I had to update their packages, because I need to install a new port on them.

The automatic installation via 'portmaster -a' failed. As I really didn't want to go over the painful solving of the problem on each machine, I rather decided to use portmaster's documentation's suggestion, e.g. to reinstall everything on those rigs.

Which, unfurtonately turns out not to be completely automatic, and rather uncomfortable. The automatism is jeopardized by portmaster and some other tools stopping and asking for the user's confirmation over tty1, which again breaks a very long procedure.

Since the original inception of portmaster they might had different default swithches, but as of FreeBSD 10.1 and 10.2, the following script turns out to be working without interruption:

portmaster --list-origins > ~/installed-port-list
portsnap fetch update
# backup /var/db/ports with our existing options
cd /var/db
tar cvzf ports.tar.gz ports
portmaster -ty --clean-distfiles
portmaster --check-port-dbdir -y
portmaster -Faf
pkg delete -a -y
rm -rf /usr/local/lib/compat/pkg
rm -rf /var/db/pkg
cd /var/db
tar xvzf ports.tar.gz
cd /usr/ports/ports-mgmt/pkg
make install clean
cd /usr/ports/ports-mgmt/portmaster
make install clean
cd ~
portmaster -d -y --no-confirm --delete-packages --update-if-newer `cat ~/installed-port-list`

The changes needed were mainly the portmaster flags, but the /var/db/ports tree is also backed up & restored: that's the location where the answers to those blue 'dialog4ports' windows' are stored:

...
cd /var/db
tar cvzf ports.tar.gz ports
...
cd /var/db
tar xvzf ports.tar.gz
...

It is very long to do it this way, as we delete and recompile every package of the system. But as it can be completely automated with the script above, I don't mind letting the computer do it's job overnight if that saves me some trouble - e.g. solving version-issues between recently updated FreeBSD port packages...

Let us know how you manage to automatically update your FreeBSD boxes in the comment section below. Portmaster's suggestion is "brutal", but is quite effective in the end... I'm sure there are other solutions as well.

Apache Karaf: no matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se server

During a recent deployment of a custom Karaf distribution via the karaf-maven-plugin, I've experienced a very strange behaviour when deployed to FreeBSD rather than my developer Mac OS rig.

Connecting thru SSH failed, so the logging has been increased:

dfi:~ doma$ ssh karaf@optiplex1 -p 8100
no matching cipher found: client aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se server 

Here's Karaf's exception logged:

16:24:03,890 INFO  8]-nio2-thread-1 125 shd.server.session.ServerSession Server session created from /192.168.0.21:64951
16:24:03,894 DEBUG 8]-nio2-thread-1 125 shd.server.session.ServerSession Client version string: SSH-2.0-OpenSSH_6.2
16:24:03,900 DEBUG 8]-nio2-thread-1 125 d.common.session.AbstractSession Send SSH_MSG_KEXINIT
16:24:03,901 DEBUG 8]-nio2-thread-1 125 d.common.session.AbstractSession Received SSH_MSG_KEXINIT
16:24:03,902 WARN  8]-nio2-thread-1 125 d.common.session.AbstractSession Exception caught
jjava.lang.IllegalStateException: Unable to negotiate key exchange for encryption algorithms (client to server) (client: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lys
ator.liu.se / server: )
        at org.apache.sshd.common.session.AbstractSession.negotiate(AbstractSession.java:1159)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:388)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:326)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:780)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:308)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:184)
        at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:170)
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_60]
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[125:org.apache.sshd.core:0.14.0]
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_60]
        at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157)[:1.8.0_60]
        at sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)[:1.8.0_60]
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)[:1.8.0_60]
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)[:1.8.0_60]
        at java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)[:1.8.0_60]
        at org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:170)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:135)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:120)[125:org.apache.sshd.core:0.14.0]
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
        at java.security.AccessController.doPrivileged(Native Method)[:1.8.0_60]
        at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)[125:org.apache.sshd.core:0.14.0]
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126)[:1.8.0_60]
        at sun.nio.ch.Invoker$2.run(Invoker.java:218)[:1.8.0_60]
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)[:1.8.0_60]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_60]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_60]
        at java.lang.Thread.run(Thread.java:745)[:1.8.0_60]

After trying out all sort of tips read via google, finally realized: setting the JAVA_HOME fixes the issue. To solve for all users I added this line to /etc/profile:

export JAVA_HOME=/usr/local/openjdk7

You can also put the same line to $HOME/.profile to fix it only for one user.

Karaf is beautiful but this one was ugly. Well, my fault: starting Karaf actually complains about not setting JAVA_HOME (and that results may vary), but since I used it like that for quite a while, didn't expect this.