FreeBSD 9 Packages
The well-written chapters on Installing Applications: Packages and Ports (in particular Using the Packages System for binary packages and Using the Ports Collection for source-base ports) and Updating and Upgrading FreeBSD in the FreeBSD handbook are authoritative sources on the FreeBSD package system, ports.
This wiki page serves only as a quick reference.
Contents
Architecture
FreeBSD distinguishes between the base system and all third-party software. This is unlike e.g. the Debian distribution which makes no difference between the base system and the package system.
Base System | Third party software (ports or packages) | |
---|---|---|
Location | / | /usr/local |
Security Support | yes, FreeBSD security team | no, package maintainer |
Installation tools | freebsd-update | pkg_*, portsnap, portupgrade |
Branches
FreeBSD has three distinct branches:
- release
- The point-releases. These are fixed in time, and only receive security updates for the base system. release is the default branch for a new installation of FreeBSD. Comparable to stable on Debian.
- stable
- The development version of release. While the base remains stable, the ports are updated. Comparable to testing on Debian.
- current
- The bleeding edge of development. Comparable to unstable on Debian.
Which version to pick depends on your preferences. The usual recommendation applies to stick to the most stable version unless there is a good reason not to. FreeBSD security support is only available for the base system, not for the ports collection. This is a potential reason to use the stable branch for the ports collection. Ports in the Stable branch are updated, and both feature updates as well as security updates.
My personal recommendation is to use -release for the base system and -stable for packages, both for a desktop machine as well as a server. However, for servers, I recommend not to update all ports, but only update specific ports if there is a security update available. You can use the portaudit tool to check which ports contain security updates.
Ports or Packages
- Ports
- recipe to install third party software from source
- Package
- pre-build binary of third part software
Packages are created based on the port recipe. There may be a delay of a few days to a few weeks before they are released. Packages are only available for the i386 and x86_64 platforms.
First Start
Download Port Collection
If you have never done so, download the port collection.
# portsnap fetch # portsnap extract # portsnap update
Choose Branch and Mirror
Choose a different download site for ports or change between release/stable/current branch. For example, to switch to the stable branch for packages, and use a Dutch mirror, set PACKAGESITE:
export PACKAGESITE=http://ftp.nl.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/
or
export PACKAGESITE=http://ftp.nl.freebsd.org/pub/FreeBSD/ports/ia64/packages-9-stable/Latest/
You may want to set this automatically after boot. If you are using zsh, put this in /etc/zprofile (remember to change the URL for AMD architectures!):
# Download site for FreeBSD packages (precompiled ports) if [ "$PACKAGESITE" = "" ]; then export PACKAGESITE=http://ftp.nl.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/ fi
To propagate this setting after gaining privileges with sudo -s, put this in /usr/local/etc/sudoers.d/environment:
Defaults env_keep += "PACKAGESITE"
Install Advised Software
You can now install your favourite software. While freebsd-update works fine for the base system, the pkg_* tools are somewhat limited for maintaining the installed ports. I recommend one of the tools portupgrade, portmanager or portmaster. I choose portupgrade because it is capable of handling binary installations. You may have other preferences.
# pkg_add -r portupgrade
I also advise portaudit, which helps you keep track of security updates for your installed ports:
# pkg_add -r portaudit
Just install, and portaudit -Fda is automatically included in the daily security run output that is mailed to the root account.
Installing Packages
There are three options to install packages in FreeBSD:
Using pkg_add
pkg_add is the easiest way, and downloads and install the binary version. If you are behind a firewall, you likely want to set FTP_PASSIVE_MODE.
export FTP_PASSIVE_MODE=1 export PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/ pkg_add -r zsh
Using sysinstall
Syinstall provides a GUI for all sorts of sysadmin functions, including package installation. In my experience, sysinstall is very slow for installing packages.
sysinstall
Using make install
You can also follow the port recipe to build a package from source. This is the traditional way.
cd /usr/ports/shells/zsh make install clean
List Installed Software
To list all installed ports:
pkg_info
To list out-of-date ports (this includes new-feature updates as well as security updates):
portsnap fetch update pkg_version -v
To show what has been changed in the updates:
pkg_updating
To only list security updates for installed ports:
portaudit -Fda
List dependencies (software required for the given port):
pkg_info -r <portname>
List reverse dependencies (software that depends on the given port):
pkg_info -R <portname>
Update and Upgrade
Updating usually refers to installing new versions of packages, or a minor update. Upgrading usually refers to installing a new point release of the base system, and (re)installing all packages.
Update base system including security updates for the base system:
freebsd-update fetch freebsd-update install
Upgrade to a new base system, or change between release/stable/current branch:
freebsd-update -r 9.1-RELEASE upgrade
Rollback system update:
freebsd-update rollback
Download new port tree (the description of available ports):
portsnap fetch portsnap update
To update a specific (binary only) packages (and the packages that depend on it), run:
portupgrade -R -PP openssl
To update all (binary only) packages, run:
portupgrade -a -PP
update installed ports (from source code) use either:
portupgrade -a portmanager -u
As usual, pay attention to warnings (like changed dependencies), and check if all services are running correctly after an upgrade.