FreeBSD 9 Packages

From Exterior Memory
Jump to: navigation, search
This article was written in January 2009, and last updated in January 2012. FreeBSD 10 made significant changes to the packaging infrastructure, which is documented at FreeBSD Packages. This article is no longer updated, and may be outdated.

The well-written chapters on Installing Applications: Packages and Ports (in particular Using the Packages System for binary packages and Using the Ports Collection for source-base ports) and Updating and Upgrading FreeBSD in the FreeBSD handbook are authoritative sources on the FreeBSD package system, ports.

This wiki page serves only as a quick reference.


FreeBSD distinguishes between the base system and all third-party software. This is unlike e.g. the Debian distribution which makes no difference between the base system and the package system.

Base System Third party software (ports or packages)
Location / /usr/local
Security Support yes, FreeBSD security team no, package maintainer
Installation tools freebsd-update pkg_*, portsnap, portupgrade


FreeBSD has three distinct branches:

The point-releases. These are fixed in time, and only receive security updates for the base system. release is the default branch for a new installation of FreeBSD. Comparable to stable on Debian.
The development version of release. While the base remains stable, the ports are updated. Comparable to testing on Debian.
The bleeding edge of development. Comparable to unstable on Debian.

Which version to pick depends on your preferences. The usual recommendation applies to stick to the most stable version unless there is a good reason not to. FreeBSD security support is only available for the base system, not for the ports collection. This is a potential reason to use the stable branch for the ports collection. Ports in the Stable branch are updated, and both feature updates as well as security updates.

My personal recommendation is to use -release for the base system and -stable for packages, both for a desktop machine as well as a server. However, for servers, I recommend not to update all ports, but only update specific ports if there is a security update available. You can use the portaudit tool to check which ports contain security updates.

Ports or Packages

recipe to install third party software from source
pre-build binary of third part software

Packages are created based on the port recipe. There may be a delay of a few days to a few weeks before they are released. Packages are only available for the i386 and x86_64 platforms.

First Start

Download Port Collection

If you have never done so, download the port collection.

# portsnap fetch
# portsnap extract
# portsnap update

Choose Branch and Mirror

Choose a different download site for ports or change between release/stable/current branch. For example, to switch to the stable branch for packages, and use a Dutch mirror, set PACKAGESITE:




You may want to set this automatically after boot. If you are using zsh, put this in /etc/zprofile (remember to change the URL for AMD architectures!):

# Download site for FreeBSD packages (precompiled ports)
if [ "$PACKAGESITE" = "" ]; then
        export PACKAGESITE=

To propagate this setting after gaining privileges with sudo -s, put this in /usr/local/etc/sudoers.d/environment:

Defaults env_keep += "PACKAGESITE"

Install Advised Software

You can now install your favourite software. While freebsd-update works fine for the base system, the pkg_* tools are somewhat limited for maintaining the installed ports. I recommend one of the tools portupgrade, portmanager or portmaster. I choose portupgrade because it is capable of handling binary installations. You may have other preferences.

# pkg_add -r portupgrade

I also advise portaudit, which helps you keep track of security updates for your installed ports:

# pkg_add -r portaudit

Just install, and portaudit -Fda is automatically included in the daily security run output that is mailed to the root account.

Installing Packages

There are three options to install packages in FreeBSD:

Using pkg_add

pkg_add is the easiest way, and downloads and install the binary version. If you are behind a firewall, you likely want to set FTP_PASSIVE_MODE.


pkg_add -r zsh

Using sysinstall

Syinstall provides a GUI for all sorts of sysadmin functions, including package installation. In my experience, sysinstall is very slow for installing packages.


Using make install

You can also follow the port recipe to build a package from source. This is the traditional way.

cd /usr/ports/shells/zsh
make install clean

List Installed Software

To list all installed ports:


To list out-of-date ports (this includes new-feature updates as well as security updates):

portsnap fetch update
pkg_version -v

To show what has been changed in the updates:


To only list security updates for installed ports:

portaudit -Fda

List dependencies (software required for the given port):

pkg_info -r <portname>

List reverse dependencies (software that depends on the given port):

pkg_info -R <portname>

Update and Upgrade

Updating usually refers to installing new versions of packages, or a minor update. Upgrading usually refers to installing a new point release of the base system, and (re)installing all packages.

Update base system including security updates for the base system:

freebsd-update fetch
freebsd-update install

Upgrade to a new base system, or change between release/stable/current branch:

freebsd-update -r 9.1-RELEASE upgrade

Rollback system update:

freebsd-update rollback  

Download new port tree (the description of available ports):

portsnap fetch
portsnap update

To update a specific (binary only) packages (and the packages that depend on it), run:

portupgrade -R -PP openssl

To update all (binary only) packages, run:

portupgrade -a -PP

update installed ports (from source code) use either:

portupgrade -a
portmanager -u

As usual, pay attention to warnings (like changed dependencies), and check if all services are running correctly after an upgrade.