FreeBSD Update and PKG Guide

๐Ÿ• 4 minutes

๐Ÿ“… 2022-01-16

FreeBSD update

The timely installation of security updates and the updating of the operating system are important aspects of system administration. FreeBSD includes the freebsd-update tool, which we can use to accomplish both of these tasks.

Apply security fixes

We can download and install security fixes for FreeBSD as follows. The first command checks if there are any outstanding fixes available. The second command will install the fixes.

root$: freebsd-update fetch
root$: freebsd-update install

We should restart the system if the kernel or a kernel module has changed. We should restart the affected applications if binary files have changed.

If we make the following entry under /etc/crontab, the system will check for updates once a day:

root$: nano /etc/crontab =>

@daily root freebsd-update cron

If there are new updates, they are automatically downloaded, but not installed. Our root user receives a message so that the updates can be checked and installed manually with freebsd-update installed.

If something went wrong during the update, we can undo it with the following command:

root$: freebsd-update rollback

Updates to a new major or minor version

If we run the following command on a system running FreeBSD 12.2, the system will be upgraded to FreeBSD 13.0:

root$: freebsd-update -r 13.0-RELEASE upgrade

After entering the command, freebsd-update checks the configuration file and the current system to collect the necessary information for the system update.

Then these are installed with the following command:

root$: freebsd-update install

We restarted the system with the updated kernel:

root$: shutdown -r now

After the restart, we run the following command one last time to complete the update:

root$: freebsd-update install


Pkg is the next-generation successor to the traditional FreeBSD package management tools and offers many features that make dealing with binary packages faster and easier.

Get information about installed packages

So that we can display information about the installed packages, the following command used:

root$: pkg info

So that we want to display information about a package, we simply include the package name.

root$: pkg info nano

Install and remove packages

We use the following command to install a binary package, where package-name is the name of the package to be installed:

root$: pkg install package name

And to remove a package we use:

root$: pkg remove package name

Update installed packages

To update all installed packages, we use this command:

root$: pkg upgrade

Monitor installed packages

Software vulnerabilities regularly discovered in third-party applications. To remedy this, pkg contains a built-in checking mechanism. We do the following to determine if there are any known security vulnerabilities in the software installed on the system:

root$: pkg audit -F

Automatically remove unused packages

root$: pkg autoremove

Remove obsolete packages

By default, pkg saves binary packages in a cache directory defined by PKG_CACHEDIR in pkg.conf. Only copies of the most recently installed packages kept. Older versions of pkg kept all previous packages. We do the following to remove these outdated binary packages:

root$: pkg clean

The entire cache can be cleared by doing the following:

root$: pkg clean -a

After a system upgrade

After a system upgrade, we should do the following. Since the abi versions of the individual packages have changed after an update, and this ensures that the packages are also up-to-date.

root$: pkg-static upgrade -f

Switching from quarterly to the latest repo

If we want to switch from quarterly to the latest repo, we can do the following steps.

First we copy /etc/pkg/FreeBSD.conf to /usr/local/etc/pkg/repos/FreeBSD.conf if we havenโ€™t already.

root$: mkdir -p /usr/local/etc/pkg/repos 
root$: cp /etc/pkg/FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf 

Then we can change the string quarterly to latest in the URl-line

As last step, we run pkg update -f to update from the new (latest) repository metadata.