- This page about package management in FreeBSD 10 and later. See FreeBSD 9 Packages for package management in FreeBSD 9 and earlier.
The well-written chapters on Installing Applications: Packages and Ports (in particular Using pkgng for Binary Package Management for binary packages and Using the Ports Collection for source-base ports) and Updating and Upgrading FreeBSD in the FreeBSD handbook are authoritative sources on the FreeBSD package system, ports.
This wiki page serves only as a quick reference.
- 1 Architecture
- 2 First Start
- 3 Changes Since FreeBSD 9
- 4 Installing Packages
- 5 List Installed Software
- 6 Update and Upgrade
FreeBSD distinguishes between the base system and all third-party software. This is unlike e.g. the Debian distribution which makes no difference between the base system and the package system.
|Base System||Third party software (ports or packages)|
|Security Support||yes, FreeBSD security team||no, package maintainer|
|Installation tools||freebsd-update||pkg, portsnap, portupgrade/portmaster|
- The point-releases. These are fixed in time, and only receive security updates for the base system. release is the default branch for a new installation of FreeBSD. Comparable to stable on Debian.
- The development version of release. While the base remains stable, the ports are updated. Comparable to testing on Debian.
- The bleeding edge of development. Comparable to unstable on Debian.
Which version to pick depends on your preferences. The usual recommendation applies to stick to the most stable version for the base system unless there is a good reason not to. The version and branch of the base system can be selected by freebsd-installer:
freebsd-update -r 9.2-RELEASE upgrade
uname or freebsd-version will report the patch level, e.g. 9.2-RELEASE-p7
While there are different branches for the port collection as well, it is uncommon to change this setting. What you get by default is the 'stable' branch. I have not seem enough reports on changing this setting, so my recommendation is just to go with the default, since that most likely leads to fewest problems. It is important to understand that FreeBSD security support is only available for the base system, not for the ports collection.. Thus, if you want to get security updates for ports, you have to install new versions of ports as they are published. This seems less then desirable on a production server, as it may lead to (possibly unwanted) new features as well. The recommended course of action is to only upgrade ports when there are security upgrades. The pkg audit tool queries the Vulnerability database (VuXML) to check for known security vulnerabilities, even for ports installed as source (this is a new feature of the pkg tools, the pkg_* tools in FreeBSD 9 did not have this feature, and the portaudit tool was used instead).
My personal recommendation is to use -release for the base system, both for a desktop machine as well as a server. However, for servers, I recommend not to always update all ports and packages, but only update specific ports if there is a security update available, as reported by pkg audit.
Ports or Packages
- recipe to install third party software from source
- pre-build binary of third part software
Packages are created based on the port recipe. There may be a delay of a few days to a few weeks before they are released. Packages are only available for the i386 and x86_64 platforms. (e.g. freebsd:10:x86:64)
Download Port Collection
If you have never done so, download the port collection.
export FTP_PASSIVE_MODE=1 portsnap fetch portsnap extract portsnap update
Install Advised Software
You can now install your favourite software. While freebsd-config works fine for the base system, the pkg_* tools are somewhat limited for maintaining the installed ports. I recommend one of the tools portupgrade or portmanager. I choose portupgrade, but it seems that portmaster is currently the more popular choice. You may have other preferences.
# pkg install portupgrade
Add cron jobs
There are quite a lot of excellent cron scripts in /etc/periodic, but quite a few are not run by default. See /etc/default/periodic.conf.
In addition, you may want to daily run:
/usr/local/sbin/pkg audit /usr/sbin/freebsd-update cron
to check for updates in the base system and packages.
Changes Since FreeBSD 9
FreeBSD 9 and earlier came with the pkg_* tools. In FreeBSD 9.1, the pkgng (pkg next generation) tools were introduced, and FreeBSD 10 no longer ships with the older pkg_* tools.
In order to convert the database from pkg_* to pkgng format, run pkg2ng. This step is irreversible. So you should only use either pkg_* tools or pkg tool, but not both at the same time.
Furthermore, pkg now automatically selects the nearest repository mirror. There is usually no need to set the PACKAGESITE variable anymore. Whereas the pkg_* tools downloaded them from e.g. http://ftp.nl.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/, the pkg tools download them from e.g. http://pkg.freebsd.org/freebsd:10:x86:64/. pkg uses geo-dns to automatically select the closest mirror, and DNS SRV records for fall-back in case a specific mirror is unreachable.
Another change is that portaudit (which keep tracks of security vulnerabilities in installed packages and ports) is replaced by pkg audit.
The tools portupgrade, portmanager or portmaster may not (yet) work flawlessly with the new package management system. As of FreeBSD 10.0, portmanager is no longer available and portupgrade only works on ports (compiled from source), not on packages (installed from binaries).
There are three options to install packages in FreeBSD:
Using pkg (FreeBSD 10)
pkg is the easiest way, and downloads and install the binary version.
pkg install zsh
bsdconfig provides a GUI for all sorts of sysadmin functions, including package installation. In my experience, bsdconfig is very slow for installing packages.
Using make install
You can also follow the port recipe to build a package from source. This is the traditional way.
cd /usr/ports/shells/zsh make install clean
List Installed Software
To list all installed ports:
List manually or automatically (due to dependencies) installed ports:
pkg query -e '%a = 0' %o pkg query -e '%a = 1' %o
Get detailled information about a package:
pkg info -f pkgname
List all files contained in an installed package:
pkg info -l pkgname
Find which package provide an installed file:
pkg which /path/to/my/file
Show out-of-date ports (this includes new-feature updates as well as security updates):
portsnap fetch update pkg version -v pkg version -l <
To show what has been changed in the updates:
To only list security updates for installed ports:
Search for a remote package:
pkg search mypackage
Show reverse dependencies of an installed package:
pkg info -r mypackage
Show dependencies of an installed package:
pkg info -d mypackage
Update and Upgrade
Updating usually refers to installing new versions of packages, or a minor update. Upgrading usually refers to installing a new point release of the base system, and (re)installing all packages.
Update base system including security updates for the base system:
freebsd-update fetch freebsd-update install
Upgrade to a new base system, or change between release/stable/current branch:
freebsd-update -r 9.1-RELEASE upgrade
Rollback system update:
Download new port tree (the description of available ports and packages):
pkg update portsnap fetch portsnap update
Binary upgrade of the installed packages:
update installed ports (from source code) use either:
portupgrade -a portmaster -a
Checking for missing dependency (and try to fix them):
pkg check -d
Remove unused packages install as a dependency:
As usual, pay attention to warnings (like changed dependencies), and check if all services are running correctly after an upgrade.
See the Pkg primer for more information.