Portsnap
Portsnap can be used instead of cvsup or ctm to keep the ports tree up-to-date. From the home page:
Portsnap is a system for securely downloading and updating a compressed snapshot of the FreeBSD ports tree, and using this compressed snapshot to extract or update a (uncompressed) copy of the ports tree.
Historically, most people have used CVSup to keep their ports tree up to date, but CVSup has a number of limitations:
- CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating.
- CVSup isn't end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror.
- CVSup isn't designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed.
- CVSup uses a custom protocol. This can cause problems for people behind firewalls -- outgoing connections on port 5999 need to be permitted -- and it needs a heavyweight server (cvsupd).
Portsnap avoids these problems by operating over HTTP, signing the snapshots, and using more sophisticated delta compression to distribute the snapshots.
Version 0.9.1 of portsnap is in the FreeBSD ports tree as sysutils/portsnap.
To install portsnap and use it for the first time:
# cd /usr/ports/sysutils/portsnap # make install clean # cd /usr/local/etc/ && cp portsnap.conf.sample portsnap.conf # portsnap fetch (this will download a large file) # portsnap extract (this will update the ports tree)
After that, using portsnap is easy:
# portsnap fetch # portsnap update
To automate this to run nightly via cron:
00 1 * * * /usr/local/sbin/portsnap fetch; /usr/local/sbin/portsnap update
See also: updating the system