pkg2ng – some notes from my experience

The announced EOL of the old pkg_* tools is coming fast. Here are some notes from my experience on converting from the old /var/db/pkg structure to the new SQLite 3 based approach, pkg(ng).

Despite having WITHOUT_PKGNG=yes in your /etc/make.conf file, you might already have ports-mgmt/pkg installed. Even worse, some of your other installed ports may be listed as depending on ports-mgmt/pkg.

One of my systems had these ports listed as depending on ports-mgmt/pkg:

cacti-0.8.8b_2
icinga-1.11.5_1
nagios-plugins-2.0.3_1,1
net-snmp-5.7.2_16
php5-snmp-5.4.31
spine-0.8.8b

As far as I can tell, this is due to code snippets like:

# pkg-1.2 cannot handle this dependency well.
.if !defined(WITH_PKGNG)
LIB_DEPENDS=    libpkg.so:${PORTSDIR}/ports-mgmt/pkg
.endif

At first these dependencies made no sense, but they will go away once the affected ports are upgraded after the transition.

If your installed version of ports-mgmt/pkg is outdated, I urge you to upgrade to the latest version at this point. E.g.:

portupgrade -fprv ports-mgmt/pkg

If you don’t have ports-mgmt/pkg installed, then you need to put the beast in its right place. E.g.:

portupgrade -Nfpv ports-mgmt/pkg

You should also remove ports-mgmt/portaudit as this functionality is provided by ports-mgmt/pkg. Just run:

pkg audit -F

to see what happens.

You should make a separate backup of /var/db/pkg in case anything goes wrong. E.g.:

tar -Jcvvf /var/db/var-db-pkg.tar.xz /var/db/pkg

Now you should be ready to execute the pkg2ng script.

Once the conversion is done by the pkg2ng script, you must change WITHOUT_PKGNG=yes to WITH_PKGNG=yes in the /etc/make.conf file.

I guess you are free to remove the last traces of the old /var/db/pkg directory structure, but pkg(ng) will remove the old directories as each port is upgraded over time. A clean system should ideally have only the two files /var/db/pkg/local.sqlite and /var/db/pkg/vuln.xml present.

Next, you might need to tweak some of your settings in your /etc/periodic.conf file as pkg(ng) comes with its own set of periodic(8) scripts. These scripts are run automatically by cron(8) and periodic(8), and are able to figure out if pkg(ng) is active or not.

# $BSDnet: config/freebsd/enterprise/etc/periodic.conf,v 1.11 2014-08-11 07:00:25 trond Exp $

daily_rkhunter_update_enable="YES"
daily_rkhunter_update_flags="--update --nocolors"

daily_rkhunter_check_enable="YES"
daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"

daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2 /dev/ada3 /dev/ada4"

daily_status_zfs_enable="YES"

daily_status_ntpd_enable="YES"

#daily_status_pkg_changes_enable="YES"
#pkg_info="/usr/local/sbin/pkg info"

daily_scrub_zfs_enable="YES"
daily_scrub_zfs_default_threshold="6"

#daily_status_security_chkportsum_enable="YES"

#weekly_status_pkg_enable="YES"
#pkg_version="/usr/local/sbin/pkg version -P"

monthly_statistics_enable="YES"
monthly_statistics_report_devices="YES"
monthly_statistics_report_ports="YES"

If your system is running with WITHOUT_NEW_X11=yes in /etc/make.conf, then you should consider setting pkg_version_index to -P in /etc/periodic.conf to avoid using the index file, which would otherwise constantly indicate that you need to update x11-servers/xorg-server to 1.12.4 and its successors, instead of sticking to 1.7.7 and its successors(?). Thus, you must keep the ports tree up to date to get emailed any reminder about outdated ports. You could also remove any existing index file, ensure that it doesn’t get downloaded or (re)generated by some script, which in turn compels pkg version to use the ports tree when gathering version numbers.

Finally, any scripts using the old pkg_* tools should be converted to use their /usr/local/sbin/pkg counterparts. And you might want to clean up /var/db/pkg by moving the old directories to, say, /var/db/pkg.backup, if not already done by the pkg2ng script.