1
0
Fork 1
mirror of https://github.com/wezm/wezm.net.git synced 2024-12-26 14:09:55 +00:00
wezm.net/content/technical/2011/01/mac-os-x-package-management-with-pkgsrc.html
2011-01-23 05:00:20 +11:00

87 lines
4.1 KiB
HTML

Most developers that work on a Mac are aware of the [MacPorts][macports]
project that provides a build framework for open source software on Mac OS X.
MacPorts is certainly not the only option for installing this type of software
though. Other options include:
[macports]: http://www.macports.org/
* [Fink](http://www.finkproject.org/)
* [Homebrew](http://mxcl.github.com/homebrew/)
* [Rudix](http://rudix.org/)
* [pkgsrc][pkgsrc]
Each of these has its benefits. For my package management needs I use the
lesser known [pkgsrc][pkgsrc]. pkgsrc is maintained by the [NetBSD][netbsd]
project and aims to provide a cross platform framework for building open-source
software. The supported platforms include *BSD, Solaris, Linux and Mac OS X.
It contains over 8000 packages.
[pkgsrc]: http://www.pkgsrc.org/
[netbsd]: http://www.netbsd.org/
For a user used to MacPorts or Homebrew pkgsrc might seem a bit clunky.
Packages are built by changing into the directory for a project and issuing a
make command. However if you can move past that it offers some benefits that I
don't think the others do.
## Security
The first of the pkgsrc benefits is proper management of vulnerabilities in the
managed software. The project maintains a database of vulnerabilities that is
consulted whenever you attempt to install a package and won't let you install a
vulnerable package without manual intervention. There is also a pkg_audit
command that checks the currently installed packages against the
vulnerabilities database. The recommended setup has the database updated and
pkg_audit run daily via cron.
Whilst tracking security vulnerabilities on a local dev machine may not be as
important as doing so for a publicly accessible server I think its still good
practice to ensure your third-party software isn't exposing you to unnecessary
risks. Also if you were to use a Mac as a publicly accessible server I think
this vulnerability tracking would be very important.
## Quarterly Releases
Most of the Mac OS X package managers just slowly tick along as the maintainers
update their packages. Installing a set of packages one day may install
different versions the next. For example if you have a team working on a
project that requires libxml2, the version each of the team members will get is
whatever was current at the time they installed it.
This can be particularly problematic when the package changes enough that it
breaks the usage in a project. Resulting in a situation where it works for most
people except the poor person who just joined the project and it trying to get
all the dependencies installed. Thus forcing the project members to all upgrade
to the new version. (This actually happened to me)
pkgsrc handles this by making quarterly stable releases. These releases are a
snapshot of a stable set of packages that are only updated to apply security
patches. A team all tracking a given pkgsrc stable release will therefore all
get the same version of the software.
The quarterly releases also have benefits to anyone deploying a Mac server as
it allows known versions of the packages to be developed against and then
deployed on the server no matter how much time elapses.
## Bulk Builds
The NetBSD project maintains a bunch of pkgsrc bulk build servers for various
versions and architectures of NetBSD and other systems (sadly not Darwin
though). These bulk build servers regularly build every package that pkgsrc
tracks and report back on any failures. This continuous testing feeds into the
stable releases and also helps to ensure that all the packages are compatible
with each other. I have in the past has instances with MacPorts where updates
to one package broke others. The [pkgsrc-bulk mailing list][pkgsrcbulk]
receives the result of the bulk builds.
[pkgsrcbulk]: http://mail-index.NetBSD.org/pkgsrc-bulk/
## Conclusion
In this post I've outlined some of the benefits that pkgsrc can bring to Mac
users. Such as a large library of over 8000 packages, security vulnerability
tracking and stable releases. Its these reasons why I choose to use pkgsrc on
Mac OS X. If you're interested in installing pkgsrc checkout the [pkgsrc
guide][guide].
[guide]: http://www.netbsd.org/docs/pkgsrc/