Updating the system
Note: If you only want to install security updates, it's enough to subscribe to FreeBSD security notifications and follow the instructions in each advisory. Otherwise, read on.
In FreeBSD, the base system and ports can be updated independently if desired. Here's how to do it.
Basic Security updates
From FreeBSD 6.X, only for release versions, you can simply keep up to date using freebsd-update
First time use:
# freebsd-update fetch # freebsd-update install
You can rollback in-case of problems
# freebsd-update rollback
Use the following line in your /etc/crontab to keep your machine up to date: 30 3 * * * root /usr/sbin/freebsd-update cron -t <email address>
This will email you when updates are available and to install them type
# freebsd-update install
Updating the base system
To upgrade to a RELEASE version of FreeBSD, you can do one of three things:
- Do a binary Upgrade to a release version
- Do a binary Upgrade using the method described (FreeBSD 5.4 to 6.0 here) Refer to the bottom of this page for upgrading 6.3 to 7.0 notes
- Do a source upgrade as described here
A binary upgrade to a release version can be done by running sysinstall from the installation medium (e.g. CDROM). See the release notes of the release for details. Note that this will wipe out a lot of customizations.
Many open-source apps are under active development, so this is something you'll probably want to do quite regularly to ensure that you have the latest versions of everything.
First update the ports tree /usr/ports/. This can be done via cvsup, csup, ctm or portsnap. The ports can then be automatically updated using portupgrade or portmaster, which are capable of dealing with dependencies.
How do I download updates?
The most common method used was cvsup (see updating the ports tree). However, you might not be able to use it if you're behind a restrictive firewall (blocking tcp port 5999) or on a weak connection. In that case you can use ctm to obtain differential updates by email or ftp.
For updating the ports tree, a third option is available. Portsnap is an automated tool which offers many advantages over both the other methods:
- secure (uses cryptographic signing)
- very efficient in terms of bandwidth consumption and server load
- uses http only
- easy to use
FreeBSD Binary Upgrade 6.3 to 7.0 Notes
It's best to upgrade to 6.3 first and this is straight forward, follow: http://www.freebsd.org/releases/6.3R/announce.html
* You might have to install gpg which is in the 'gnupg' port. * If you have a problem 'Can't check signature: No public key' # fetch http://www.freebsd.org/doc/pgpkeyring.txt
Follow the steps on http://www.freebsd.org/releases/7.0R/announce.html until you get to portupgrade -faP.
I've done the upgrade now on two machines and have come across the same problem when doing the portupgrade -faP command. You get a failure with ruby. Please refer to my post at for the solution:
Here are the commands to fix the ruby problem.
The first group of commands may or may not do anything (optional)
/sbin/reboot boot -s (Boot into single user mode, you can also just select '4' from the menu) /sbin/fsck /sbin/mount -u / /sbin/mount -a -t ufs cd /usr/src make clean /sbin/reboot csup -L 2 /.../src-supfile csup -L 2 /.../ports-supfile less /usr/ports/UPDATING
These commands are recommended.\\ Upgrade ruby:
portupgrade -fu ruby rm /var/db/pkg/pkgdb.db portupgrade -fu ruby18-bdb (Ignore the error at the end of this command) rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db portupgrade -fu portupgrade portupgrade -fu libtool portinstall misc/compat6x portinstall sysutils/bsdadminscripts
(Optional) May not work.
cd /usr/src yes | make -B delete-old yes | make -B delete-old-libs
Check, fix, relink, cleanup the ports collection:
pkg_libchk -qo | grep -vE 'jdk*|openoffice*' | xargs -o portupgrade -fuP pkgdb -F pkgdb -L portsclean -CLDP portaudit -Fda
Now you should be able to return to the update command
# portupgrade -faP
This will take time and you most likely will have to play around with some ports to get them to install properly.