pavement

Updating the system

From FreeBSDwiki
Jump to: navigation, search

Note: If you only want to install security updates, it's enough to subscribe to FreeBSD security notifications and follow the instructions in each advisory. Otherwise, read on.

In FreeBSD, the base system and ports can be updated independently if desired. Here's how to do it.

Contents

Basic Security updates

From FreeBSD 6.X, only for release versions, you can simply keep up to date using freebsd-update

First time use:

# freebsd-update fetch
# freebsd-update install

You can rollback in-case of problems

# freebsd-update rollback

Use the following line in your /etc/crontab to keep your machine up to date: 30 3 * * * root /usr/sbin/freebsd-update cron -t <email address>

This will email you when updates are available and to install them type

# freebsd-update install

Updating the base system

To upgrade to a RELEASE version of FreeBSD, you can do one of three things:

  1. Do a binary Upgrade to a release version
  2. Do a binary Upgrade using the method described (FreeBSD 5.4 to 6.0 here) Refer to the bottom of this page for upgrading 6.3 to 7.0 notes
  3. Do a source upgrade as described here

A binary upgrade to a release version can be done by running sysinstall from the installation medium (e.g. CDROM). See the release notes of the release for details. Note that this will wipe out a lot of customizations.

Updating applications

Many open-source apps are under active development, so this is something you'll probably want to do quite regularly to ensure that you have the latest versions of everything.

First update the ports tree /usr/ports/. This can be done via cvsup, csup, ctm or portsnap. The ports can then be automatically updated using portupgrade or portmaster, which are capable of dealing with dependencies.

How do I download updates?

The most common method used was cvsup (see updating the ports tree). However, you might not be able to use it if you're behind a restrictive firewall (blocking tcp port 5999) or on a weak connection. In that case you can use ctm to obtain differential updates by email or ftp.

For updating the ports tree, a third option is available. Portsnap is an automated tool which offers many advantages over both the other methods:

  • secure (uses cryptographic signing)
  • very efficient in terms of bandwidth consumption and server load
  • uses http only
  • easy to use

FreeBSD Binary Upgrade 6.3 to 7.0 Notes

It's best to upgrade to 6.3 first and this is straight forward, follow: http://www.freebsd.org/releases/6.3R/announce.html

Note:

 * You might have to install gpg which is in the 'gnupg' port.
 * If you have a problem 'Can't check signature: No public key' # fetch http://www.freebsd.org/doc/pgpkeyring.txt

Follow the steps on http://www.freebsd.org/releases/7.0R/announce.html until you get to portupgrade -faP.

I've done the upgrade now on two machines and have come across the same problem when doing the portupgrade -faP command. You get a failure with ruby. Please refer to my post at for the solution:


Here are the commands to fix the ruby problem.

The first group of commands may or may not do anything (optional)

/sbin/reboot
boot -s (Boot into single user mode, you can also just select '4' from the menu)
/sbin/fsck
/sbin/mount -u /
/sbin/mount -a -t ufs
cd /usr/src
make clean
/sbin/reboot

csup -L 2 /.../src-supfile
csup -L 2 /.../ports-supfile
less /usr/ports/UPDATING

These commands are recommended.\\ Upgrade ruby:

portupgrade -fu ruby
rm /var/db/pkg/pkgdb.db
portupgrade -fu ruby18-bdb
(Ignore the error at the end of this command)

rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db
portupgrade -fu portupgrade
portupgrade -fu libtool

portinstall misc/compat6x
portinstall sysutils/bsdadminscripts

(Optional) May not work.

cd /usr/src
yes | make -B delete-old
yes | make -B delete-old-libs

Check, fix, relink, cleanup the ports collection:

pkg_libchk -qo | grep -vE 'jdk*|openoffice*' | xargs -o portupgrade -fuP

pkgdb -F
pkgdb -L
portsclean -CLDP
portaudit -Fda


Now you should be able to return to the update command

 # portupgrade -faP

This will take time and you most likely will have to play around with some ports to get them to install properly.

Personal tools