Updating the system
(12 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
== Basic Security updates == | == Basic Security updates == | ||
− | From FreeBSD 6.X you can simply keep up to date using freebsd-update | + | From FreeBSD 6.X, only for release versions, you can simply keep up to date using freebsd-update |
First time use: | First time use: | ||
Line 13: | Line 13: | ||
# freebsd-update rollback | # freebsd-update rollback | ||
− | Use the following line in your /etc/crontab to keep your machine up to date: | + | Use the following line in your {{file|/etc/crontab}} to keep your machine up to date: |
30 3 * * * root /usr/sbin/freebsd-update cron -t <email address> | 30 3 * * * root /usr/sbin/freebsd-update cron -t <email address> | ||
Line 23: | Line 23: | ||
To upgrade to a RELEASE version of FreeBSD, you can do one of three things: | To upgrade to a RELEASE version of FreeBSD, you can do one of three things: | ||
#Do a binary Upgrade to a release version | #Do a binary Upgrade to a release version | ||
− | #Do a binary Upgrade using the method described | + | #Do a binary Upgrade using the method described (FreeBSD 5.4 to 6.0 [http://www.daemonology.net/freebsd-upgrade-5.4-to-6.0/ here]) Refer to the bottom of this page for upgrading 6.3 to 7.0 notes |
− | FreeBSD 5.4 to 6.0 [http://www.daemonology.net/freebsd-upgrade-5.4-to-6.0/ here] | + | |
− | + | ||
#Do a source upgrade as described [[upgrading the base system | here]] | #Do a source upgrade as described [[upgrading the base system | here]] | ||
− | A binary upgrade to a release version can be done by running | + | A binary upgrade to a release version can be done by running {{cmd|sysinstall}} from the installation medium (e.g. CDROM). See the [http://www.freebsd.org/releases/ release notes] of the release for details. Note that this will wipe out a lot of customizations. |
== Updating applications == | == Updating applications == | ||
Line 34: | Line 32: | ||
Many open-source apps are under active development, so this is something you'll probably want to do quite regularly to ensure that you have the latest versions of everything. | Many open-source apps are under active development, so this is something you'll probably want to do quite regularly to ensure that you have the latest versions of everything. | ||
− | First update the ports tree | + | First update the ports tree {{file|/usr/ports/}}. This can be done via [[cvsup]], [[csup]], [[ctm]] or [[portsnap]]. The ports can then be automatically updated using [[portupgrade]] or [[portmaster]], which are capable of dealing with dependencies. |
== How do I download updates? == | == How do I download updates? == | ||
− | The most common method used | + | The most common method used was [[cvsup]] (see [[updating the ports tree]]). However, you might not be able to use it if you're behind a restrictive firewall (blocking tcp port 5999) or on a weak connection. In that case you can use [[ctm]] to obtain differential updates by email or ftp. |
For updating the ports tree, a third option is available. [[Portsnap]] is an automated tool which offers many advantages over both the other methods: | For updating the ports tree, a third option is available. [[Portsnap]] is an automated tool which offers many advantages over both the other methods: | ||
Line 49: | Line 47: | ||
== FreeBSD Binary Upgrade 6.3 to 7.0 Notes == | == FreeBSD Binary Upgrade 6.3 to 7.0 Notes == | ||
It's best to upgrade to 6.3 first and this is straight forward, follow: http://www.freebsd.org/releases/6.3R/announce.html | It's best to upgrade to 6.3 first and this is straight forward, follow: http://www.freebsd.org/releases/6.3R/announce.html | ||
+ | |||
+ | Note: | ||
+ | * You might have to install gpg which is in the 'gnupg' port. | ||
+ | * If you have a problem 'Can't check signature: No public key' # fetch http://www.freebsd.org/doc/pgpkeyring.txt | ||
Follow the steps on http://www.freebsd.org/releases/7.0R/announce.html until you get to portupgrade -faP. | Follow the steps on http://www.freebsd.org/releases/7.0R/announce.html until you get to portupgrade -faP. | ||
− | I've done the upgrade now on two machines and have come across the same problem when doing the portupgrade -faP command. You get a failure with ruby. Please refer to my post at for the solution: | + | I've done the upgrade now on two machines and have come across the same problem when doing the portupgrade -faP command. You get a failure with ruby. Please refer to my post at for the solution: |
+ | |||
+ | |||
+ | Here are the commands to fix the ruby problem. | ||
+ | |||
+ | The first group of commands may or may not do anything (optional) | ||
+ | <pre> | ||
+ | /sbin/reboot | ||
+ | boot -s (Boot into single user mode, you can also just select '4' from the menu) | ||
+ | /sbin/fsck | ||
+ | /sbin/mount -u / | ||
+ | /sbin/mount -a -t ufs | ||
+ | cd /usr/src | ||
+ | make clean | ||
+ | /sbin/reboot | ||
+ | |||
+ | csup -L 2 /.../src-supfile | ||
+ | csup -L 2 /.../ports-supfile | ||
+ | less /usr/ports/UPDATING | ||
+ | </pre> | ||
+ | |||
+ | These commands are recommended.\\ | ||
+ | Upgrade ruby: | ||
+ | <pre> | ||
+ | portupgrade -fu ruby | ||
+ | rm /var/db/pkg/pkgdb.db | ||
+ | portupgrade -fu ruby18-bdb | ||
+ | (Ignore the error at the end of this command) | ||
+ | |||
+ | rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db | ||
+ | portupgrade -fu portupgrade | ||
+ | portupgrade -fu libtool | ||
+ | |||
+ | portinstall misc/compat6x | ||
+ | portinstall sysutils/bsdadminscripts | ||
+ | </pre> | ||
+ | |||
+ | (Optional) May not work. | ||
+ | <pre> | ||
+ | cd /usr/src | ||
+ | yes | make -B delete-old | ||
+ | yes | make -B delete-old-libs | ||
+ | </pre> | ||
+ | |||
+ | Check, fix, relink, cleanup the ports collection: | ||
+ | <pre> | ||
+ | pkg_libchk -qo | grep -vE 'jdk*|openoffice*' | xargs -o portupgrade -fuP | ||
+ | |||
+ | pkgdb -F | ||
+ | pkgdb -L | ||
+ | portsclean -CLDP | ||
+ | portaudit -Fda | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | Now you should be able to return to the update command | ||
+ | # portupgrade -faP | ||
+ | |||
+ | This will take time and you most likely will have to play around with some ports to get them to install properly. | ||
[[Category:Common Tasks]] | [[Category:Common Tasks]] |
Latest revision as of 09:24, 30 October 2015
Note: If you only want to install security updates, it's enough to subscribe to FreeBSD security notifications and follow the instructions in each advisory. Otherwise, read on.
In FreeBSD, the base system and ports can be updated independently if desired. Here's how to do it.
Contents |
[edit] Basic Security updates
From FreeBSD 6.X, only for release versions, you can simply keep up to date using freebsd-update
First time use:
# freebsd-update fetch # freebsd-update install
You can rollback in-case of problems
# freebsd-update rollback
Use the following line in your /etc/crontab to keep your machine up to date: 30 3 * * * root /usr/sbin/freebsd-update cron -t <email address>
This will email you when updates are available and to install them type
# freebsd-update install
[edit] Updating the base system
To upgrade to a RELEASE version of FreeBSD, you can do one of three things:
- Do a binary Upgrade to a release version
- Do a binary Upgrade using the method described (FreeBSD 5.4 to 6.0 here) Refer to the bottom of this page for upgrading 6.3 to 7.0 notes
- Do a source upgrade as described here
A binary upgrade to a release version can be done by running sysinstall from the installation medium (e.g. CDROM). See the release notes of the release for details. Note that this will wipe out a lot of customizations.
[edit] Updating applications
Many open-source apps are under active development, so this is something you'll probably want to do quite regularly to ensure that you have the latest versions of everything.
First update the ports tree /usr/ports/. This can be done via cvsup, csup, ctm or portsnap. The ports can then be automatically updated using portupgrade or portmaster, which are capable of dealing with dependencies.
[edit] How do I download updates?
The most common method used was cvsup (see updating the ports tree). However, you might not be able to use it if you're behind a restrictive firewall (blocking tcp port 5999) or on a weak connection. In that case you can use ctm to obtain differential updates by email or ftp.
For updating the ports tree, a third option is available. Portsnap is an automated tool which offers many advantages over both the other methods:
- secure (uses cryptographic signing)
- very efficient in terms of bandwidth consumption and server load
- uses http only
- easy to use
[edit] FreeBSD Binary Upgrade 6.3 to 7.0 Notes
It's best to upgrade to 6.3 first and this is straight forward, follow: http://www.freebsd.org/releases/6.3R/announce.html
Note:
* You might have to install gpg which is in the 'gnupg' port. * If you have a problem 'Can't check signature: No public key' # fetch http://www.freebsd.org/doc/pgpkeyring.txt
Follow the steps on http://www.freebsd.org/releases/7.0R/announce.html until you get to portupgrade -faP.
I've done the upgrade now on two machines and have come across the same problem when doing the portupgrade -faP command. You get a failure with ruby. Please refer to my post at for the solution:
Here are the commands to fix the ruby problem.
The first group of commands may or may not do anything (optional)
/sbin/reboot boot -s (Boot into single user mode, you can also just select '4' from the menu) /sbin/fsck /sbin/mount -u / /sbin/mount -a -t ufs cd /usr/src make clean /sbin/reboot csup -L 2 /.../src-supfile csup -L 2 /.../ports-supfile less /usr/ports/UPDATING
These commands are recommended.\\ Upgrade ruby:
portupgrade -fu ruby rm /var/db/pkg/pkgdb.db portupgrade -fu ruby18-bdb (Ignore the error at the end of this command) rm /var/db/pkg/pkgdb.db /usr/ports/INDEX-*.db portupgrade -fu portupgrade portupgrade -fu libtool portinstall misc/compat6x portinstall sysutils/bsdadminscripts
(Optional) May not work.
cd /usr/src yes | make -B delete-old yes | make -B delete-old-libs
Check, fix, relink, cleanup the ports collection:
pkg_libchk -qo | grep -vE 'jdk*|openoffice*' | xargs -o portupgrade -fuP pkgdb -F pkgdb -L portsclean -CLDP portaudit -Fda
Now you should be able to return to the update command
# portupgrade -faP
This will take time and you most likely will have to play around with some ports to get them to install properly.