FreeBSD Packages

From Exterior Memory
Jump to: navigation, search
This page about package management in FreeBSD 10 and later. See FreeBSD 9 Packages for package management in FreeBSD 9 and earlier.

The well-written chapters on Installing Applications: Packages and Ports (in particular Using pkgng for Binary Package Management for binary packages and Using the Ports Collection for source-base ports) and Updating and Upgrading FreeBSD in the FreeBSD handbook are authoritative sources on the FreeBSD package system, ports.

This wiki page serves only as a quick reference.


FreeBSD distinguishes between the base system and all third-party software. This is unlike e.g. the Debian distribution which makes no difference between the base system and the package system.

Base System Third party software (ports or packages)
Location / /usr/local
Security Support yes, FreeBSD security team no, package maintainer
Installation tools freebsd-update pkg, portsnap, portupgrade/portmaster


FreeBSD has three distinct branches:

The point-releases. These are fixed in time, and only receive security updates for the base system. release is the default branch for a new installation of FreeBSD. Comparable to stable on Debian.
The development version of release. While the base remains stable, the ports are updated. Comparable to testing on Debian.
The bleeding edge of development. Comparable to unstable on Debian.

Which version to pick depends on your preferences. The usual recommendation applies to stick to the most stable version for the base system unless there is a good reason not to. The version and branch of the base system can be selected by freebsd-installer:

freebsd-update -r 9.2-RELEASE upgrade

uname or freebsd-version will report the patch level, e.g. 9.2-RELEASE-p7

While there are different branches for the port collection as well, it is uncommon to change this setting. What you get by default is the 'stable' branch. I have not seem enough reports on changing this setting, so my recommendation is just to go with the default, since that most likely leads to fewest problems. It is important to understand that FreeBSD security support is only available for the base system, not for the ports collection.. Thus, if you want to get security updates for ports, you have to install new versions of ports as they are published. This seems less then desirable on a production server, as it may lead to (possibly unwanted) new features as well. The recommended course of action is to only upgrade ports when there are security upgrades. The pkg audit tool queries the Vulnerability database (VuXML) to check for known security vulnerabilities, even for ports installed as source (this is a new feature of the pkg tools, the pkg_* tools in FreeBSD 9 did not have this feature, and the portaudit tool was used instead).

My personal recommendation is to use -release for the base system, both for a desktop machine as well as a server. However, for servers, I recommend not to always update all ports and packages, but only update specific ports if there is a security update available, as reported by pkg audit.

Ports or Packages

recipe to install third party software from source
pre-build binary of third part software

Packages are created based on the port recipe. There may be a delay of a few days to a few weeks before they are released. Packages are only available for the i386 and x86_64 platforms. (e.g. freebsd:10:x86:64)

First Start

Download Port Collection

If you have never done so, download the port collection.

portsnap fetch
portsnap extract
portsnap update

Install Advised Software

You can now install your favourite software. While freebsd-config works fine for the base system, the pkg_* tools are somewhat limited for maintaining the installed ports. I recommend one of the tools portupgrade or portmanager. I choose portupgrade, but it seems that portmaster is currently the more popular choice. You may have other preferences.

# pkg install portupgrade

Add cron jobs

There are quite a lot of excellent cron scripts in /etc/periodic, but quite a few are not run by default. See /etc/default/periodic.conf.

In addition, you may want to daily run:

/usr/local/sbin/pkg audit
/usr/sbin/freebsd-update cron

to check for updates in the base system and packages.

Changes Since FreeBSD 9

FreeBSD 9 and earlier came with the pkg_* tools. In FreeBSD 9.1, the pkgng (pkg next generation) tools were introduced, and FreeBSD 10 no longer ships with the older pkg_* tools.

In order to convert the database from pkg_* to pkgng format, run pkg2ng. This step is irreversible. So you should only use either pkg_* tools or pkg tool, but not both at the same time.

Furthermore, pkg now automatically selects the nearest repository mirror. There is usually no need to set the PACKAGESITE variable anymore. Whereas the pkg_* tools downloaded them from e.g., the pkg tools download them from e.g. pkg uses geo-dns to automatically select the closest mirror, and DNS SRV records for fall-back in case a specific mirror is unreachable.

Another change is that portaudit (which keep tracks of security vulnerabilities in installed packages and ports) is replaced by pkg audit.

The tools portupgrade, portmanager or portmaster may not (yet) work flawlessly with the new package management system. As of FreeBSD 10.0, portmanager is no longer available and portupgrade only works on ports (compiled from source), not on packages (installed from binaries).

Installing Packages

There are three options to install packages in FreeBSD:

Using pkg (FreeBSD 10)

pkg is the easiest way, and downloads and install the binary version.

pkg install zsh

Using bsdconfig

bsdconfig provides a GUI for all sorts of sysadmin functions, including package installation. In my experience, bsdconfig is very slow for installing packages.


Using make install

You can also follow the port recipe to build a package from source. This is the traditional way.

cd /usr/ports/shells/zsh
make install clean

List Installed Software

To list all installed ports:

pkg info

List manually or automatically (due to dependencies) installed ports:

pkg query -e '%a =  0' %o
pkg query -e '%a =  1' %o

Get detailled information about a package:

pkg info -f pkgname

List all files contained in an installed package:

pkg info -l pkgname

Find which package provide an installed file:

pkg which /path/to/my/file

Show out-of-date ports (this includes new-feature updates as well as security updates):

portsnap fetch update
pkg version -v
pkg version -l <

To show what has been changed in the updates:

pkg updating

To only list security updates for installed ports:

pkg audit

Search for a remote package:

pkg search mypackage

Show reverse dependencies of an installed package:

pkg info -r mypackage

Show dependencies of an installed package:

pkg info -d mypackage

Update and Upgrade

Updating usually refers to installing new versions of packages, or a minor update. Upgrading usually refers to installing a new point release of the base system, and (re)installing all packages.

Update base system including security updates for the base system:

freebsd-update fetch
freebsd-update install

Upgrade to a new base system, or change between release/stable/current branch:

freebsd-update -r 9.1-RELEASE upgrade

Rollback system update:

freebsd-update rollback

Download new port tree (the description of available ports and packages):

pkg update
portsnap fetch
portsnap update

Binary upgrade of the installed packages:

pkg upgrade

update installed ports (from source code) use either:

portupgrade -a
portmaster -a

Checking for missing dependency (and try to fix them):

pkg check -d

Remove unused packages install as a dependency:

pkg autoremove

As usual, pay attention to warnings (like changed dependencies), and check if all services are running correctly after an upgrade.

See the Pkg primer for more information.