WezM.net Menu

Mac OS X Package Management With pkgsrc

Published on Sat, 22 January 2011

Most developers that work on a Mac are aware of the MacPorts project that provides a build framework for open source software on Mac OS X. MacPorts is certainly not the only option for installing this type of software though. Other options include:

Each of these has its benefits. For my package management needs I use the lesser known pkgsrc. pkgsrc is maintained by the NetBSD project and aims to provide a cross platform framework for building open-source software. The supported platforms include *BSD, Solaris, Linux and Mac OS X. It contains over 8000 packages.

For a user used to MacPorts or Homebrew pkgsrc might seem a bit clunky. Packages are built by changing into the directory for a project and issuing a make command. However if you can move past that it offers some benefits that I don’t think the others do.

Security

The first of the pkgsrc benefits is proper management of vulnerabilities in the managed software. The project maintains a database of vulnerabilities that is consulted whenever you attempt to install a package and won’t let you install a vulnerable package without manual intervention. There is also a pkg_audit command that checks the currently installed packages against the vulnerabilities database. The recommended setup has the database updated and pkg_audit run daily via cron.

Whilst tracking security vulnerabilities on a local dev machine may not be as important as doing so for a publicly accessible server I think its still good practice to ensure your third-party software isn’t exposing you to unnecessary risks. Also if you were to use a Mac as a publicly accessible server I think this vulnerability tracking would be very important.

Quarterly Releases

Most of the Mac OS X package managers just slowly tick along as the maintainers update their packages. Installing a set of packages one day may install different versions the next. For example if you have a team working on a project that requires libxml2, the version each of the team members will get is whatever was current at the time they installed it.

This can be particularly problematic when the package changes enough that it breaks the usage in a project. Resulting in a situation where it works for most people except the poor person who just joined the project and it trying to get all the dependencies installed. Thus forcing the project members to all upgrade to the new version. (This actually happened to me)

pkgsrc handles this by making quarterly stable releases. These releases are a snapshot of a stable set of packages that are only updated to apply security patches. A team all tracking a given pkgsrc stable release will therefore all get the same version of the software.

The quarterly releases also have benefits to anyone deploying a Mac server as it allows known versions of the packages to be developed against and then deployed on the server no matter how much time elapses.

Bulk Builds

The NetBSD project maintains a bunch of pkgsrc bulk build servers for various versions and architectures of NetBSD and other systems (sadly not Darwin though). These bulk build servers regularly build every package that pkgsrc tracks and report back on any failures. This continuous testing feeds into the stable releases and also helps to ensure that all the packages are compatible with each other. I have in the past has instances with MacPorts where updates to one package broke others. The pkgsrc-bulk mailing list receives the result of the bulk builds.

Conclusion

In this post I’ve outlined some of the benefits that pkgsrc can bring to Mac users. Such as a large library of over 8000 packages, security vulnerability tracking and stable releases. Its these reasons why I choose to use pkgsrc on Mac OS X. If you’re interested in installing pkgsrc checkout the pkgsrc guide.

Comment icon Something to Add?

Contact me by email or Twitter if you have a comment, correction or just want to get in touch.