FreeBSD Update and PKG Guide
🕐 4 minutes
The timely installation of security updates and the updating of the operating system are important aspects of system administration. FreeBSD includes the freebsd-update tool, which we can use to accomplish both of these tasks.
Apply security fixes
We can download and install security fixes for FreeBSD as follows. The first command checks if there are any outstanding fixes available. The second command will install the fixes.
root$: freebsd-update fetch root$: freebsd-update install
We should restart the system if the kernel or a kernel module has changed. We should restart the affected applications if binary files have changed.
If we make the following entry under /etc/crontab, the system will check for updates once a day:
root$: nano /etc/crontab => @daily root freebsd-update cron
If there are new updates, they are automatically downloaded, but not installed. Our root user receives a message so that the updates can be checked and installed manually with freebsd-update installed.
If something went wrong during the update, we can undo it with the following command:
root$: freebsd-update rollback
Updates to a new major or minor version
If we run the following command on a system running FreeBSD 12.2, the system will be upgraded to FreeBSD 13.0:
root$: freebsd-update -r 13.0-RELEASE upgrade
After entering the command, freebsd-update checks the configuration file and the current system to collect the necessary information for the system update.
Then these are installed with the following command:
root$: freebsd-update install
We restarted the system with the updated kernel:
root$: shutdown -r now
After the restart, we run the following command one last time to complete the update:
root$: freebsd-update install
Pkg is the next-generation successor to the traditional FreeBSD package management tools and offers many features that make dealing with binary packages faster and easier.
Get information about installed packages
So that we can display information about the installed packages, the following command used:
root$: pkg info
So that we want to display information about a package, we simply include the package name.
root$: pkg info nano
Install and remove packages
We use the following command to install a binary package, where package-name is the name of the package to be installed:
root$: pkg install package name
And to remove a package we use:
root$: pkg remove package name
Update installed packages
To update all installed packages, we use this command:
root$: pkg upgrade
Monitor installed packages
Software vulnerabilities regularly discovered in third-party applications. To remedy this, pkg contains a built-in checking mechanism. We do the following to determine if there are any known security vulnerabilities in the software installed on the system:
root$: pkg audit -F
Automatically remove unused packages
root$: pkg autoremove
Remove obsolete packages
By default, pkg saves binary packages in a cache directory defined by PKG_CACHEDIR in pkg.conf. Only copies of the most recently installed packages kept. Older versions of pkg kept all previous packages. We do the following to remove these outdated binary packages:
root$: pkg clean
The entire cache can be cleared by doing the following:
root$: pkg clean -a
After a system upgrade
After a system upgrade, we should do the following. Since the abi versions of the individual packages have changed after an update, and this ensures that the packages are also up-to-date.
root$: pkg-static upgrade -f
Switching from quarterly to the latest repo
If we want to switch from quarterly to the latest repo, we can do the following steps.
First we copy /etc/pkg/FreeBSD.conf to /usr/local/etc/pkg/repos/FreeBSD.conf if we haven’t already.
root$: mkdir -p /usr/local/etc/pkg/repos root$: cp /etc/pkg/FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf
Then we can change the string quarterly to latest in the URl-line
As last step, we run pkg update -f to update from the new (latest) repository metadata.