*noob* Slackware system management

space-gh0st · 03-04-2015, 03:42 PM

Hello LQ i'm a long time Gentoo/Arch Linux user, I've touched pretty much every *nix out there including Slackware so I have a decent amount of experience in this area. When I did try Slackware a few times many moons ago a question got stuck in the back of mind which I still have not found the answer to. Hopefully someone here can clarify.

Let's pretend I installed Slackware on my computer right now, I'd get the base system installed and configured(I no longer recall exactly what is handled by the base system so this may be a much smaller issue) and need to start installing things not handled by the package manager on Slackware, for example(although I no longer use it) when I had originally installed Slackware I made an adventurous choice by opting to use VLC(good times)... it took many hours of gathering all of the various dependencies and compiling/installing them using slackbuilds. How do guys keep up to date on these various libraries that you can easily forget about?

This is in no way knocking Slackware I think it would be quite fun/challenging if I had the time to write some programs to try and make sure I'm on the current version of things etc(because my usecase requires this, yours may not), but what do you guys do? VLC had a ton of dependencies and I can't imagine you all just re-visit these webpages all of the time to make sure you're up-to date. Granted even if a vulnerability comes out involving some library you manually installed your chances of getting owned are quite slim though the idea of just installing them and letting them sit vulnerable tickles my OCD.

I'm just very curious as to how you guys handle things like this? Do most of you just let a random old(possibly vulnerable) library slide since the chance of getting exploited is likely very slim, do you have a more efficent way of staying up-to date I'm not aware of? This is my first post here so please take my words lightly, I'm definitely NOT saying this makes Slackware a bad OS choice so please do not think that. I just want to know how Slackers handle all of these easily forgettable libraries.

If this is something that is asked very often my apologies.

ReaperX7 · 03-04-2015, 03:49 PM

I use sbotools mostly for Slackbuilds, mostly because I'm used to FreeBSD now. It does some rudamentary dependency resolving, but for anything optional, you have to do those pre-compile.

fogpipe · 03-04-2015, 04:15 PM

I use slackware -current which is the most up to date of the different flavors. If you want to know what the update cycle is like take a look at the changelog for the version you are interested in at slackware.com. http://www.slackware.com/changelog/ Even the stable version seems to get regular updates and security fixes.

As far as vlc the alien bob packages are what i think people usually use. http://www.videolan.org/vlc/download-slackware.html thats what i installed and i dont recall it being arduous in any way.

I have been using -current since i first installed 13.37 and -current is more stable than most release distros (in my experience). I am a former gentoo user and if you can do gentoo, slackware will be a piece of cake.

As far as package management goes, just install everything and the issues that arise in alot of distros with updates and dependencies and broken package management dont even arise, and if you need the odd bit of software here and there visit slackbuilds.org and all the dependencies for available software are listed. Have fun

speck · 03-04-2015, 04:23 PM

I'm sure most people use Slackbuilds.org for applications/libraries not included in the base installation (and dependencies are listed there). Also Slackware falls into the category of stable distributions instead of cutting edge distributions. If you really need to have the most up to date programs, then something like Arch or Fedora would probably be a better choice.

Didier Spaier · 03-04-2015, 04:46 PM

As long as you use only Slackware's Packages Management System[1], each and every file shipped in a package you install, remove or upgrade is recorded in the packages database /var/log/{removed_,}{packages,scripts}, making easy to track them.

[1]in addition to tools shipped in Slackware this covers at least usage of sbopkg, and also slackpkg+, I think.

About security, for the official Slackware packages the provided Security Advisories are all you need. In addition you could follow this thread. For third party packages that you install and slackbuilds coming from slackbuilds.org you are on you own. That said, honestly I can't remember reports of issues occurring for that reason (but of course there can have been issues of which I am not aware).

The packages database makes easy to know if you have a library installed and to which version, but of course doesn't tell you which programs use it among the official Slackware packages (though some third party apps can provide this information), let alone among the third party packages you have installed.

For that reason if you want to upgrade libraries (and apps that use them) as soon as a new version becomes available even if there's no security issue involved, Slackware is not the best choice IMHO.

More information is available @ SlackDocs, in particular here and there.

BCarey · 03-04-2015, 05:10 PM

I just want to highlight slackpkg+. This is an add-on to slackpkg which ships with slackware. It provides access to a number of repositories, one of which includes vlc, with all dependencies built-in and allows for easy install. Also, sbopkg has pre-defined queue files which build all the dependencies you need. Both have and "update/upgrade" option which can keep you on top off necessary changes.

Brian

brianL · 03-05-2015, 04:57 AM

For dealing with SlackBuilds that have multiple dependencies that are also SlackBuilds, use sbopkg with queuefiles.
http://www.sbopkg.org/