how to download security and errata patches offline packages for freebsd 14 and 15?

[fff2024g]

dear all:
i want to download all security and errata patches offline packages for freebsd14 , freebsd15 ...? how to do that ?
(freebsd14 used freebsd-update fetch xxxxxx,
freebsd15 used pkg fetch -u freebsd-base)

if i download all patches successfully,how to install it for a freebsd14 or 15 ? i want to know the install steps detail...
thanks.

i have some freebsd hosts (those hosts have no internet ) and i want to patch them to date ...thanks.

 

[T-Daemon]

i want to download all security and errata patches offline packages for freebsd14 , freebsd15 ...? how to do that ?
(freebsd14 used freebsd-update fetch xxxxxx,

I can't say for sure, didn't use freebsd-update(8) for many years. Perhaps expose /var/db/freebsd-update/ of the downloaded updates to the offline systems in some way.

freebsd15 used pkg fetch -u freebsd-base)

I do this with 3rd party packages, the same can applied to FreeBSD-pkgbase.

Create a directory to store the pkgbase packages, fetch repository catalog files, fetch pkgbase upgrade packages:

# mkdir  /var/cache/freebsd-packages/

# cd /var/cache/freebsd-packages/

## The following fetch(1) part can be scripted ##

# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/data.pkg
# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/meta
# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/meta.conf

The right repository (here "base_release_0") can be found in /etc/pkg/FreeBSD.conf, "FreeBSD-base: url".

Download pkgbase updates:

# env  PKG_CACHEDIR=/var/cache/freebsd-packages/   pkg upgrade  -r  FreeBSD-base  -F

Clean up symlinks in the pkgbase cache directory:

# find  /var/cache/freebsd-packages/  -type l  -delete

The pkgbase cachedir can be exported via, e.g., NFS (create on the target system the cachedir, mount_nfs(8) on the cachedir directory), or create a portable media, like a USB stick.

Create a NFS exported local pkgbase repository configuration file on target system:

/usr/local/etc/pkg/repos/local-pkgbase.conf

local-pkgbase: {
             url: "file:///var/cache/freebsd-packages"
             enabled: yes
}

Upgrade offline pkgbase system:

# pkg  upgrade  -r  local-pkgbase

Create a portable, on USB disk, local pkgbase repository (assuming USB stick is mounted on /mnt:

# cp -a /var/cache/freebsd-packages  /mnt
# mkdir  /mnt/repos
(create below local-pkgbase.conf file)

/mnt/repos/local-pkgbase.conf

local-pkgbase: {
             url: "file:///mnt/freebsd-packages"
             enabled: yes
}

Upgrade on offline target system (assuming USB disk is mounted on /mnt:

# pkg  -R  /mnt/repos  upgrade  -r  local-pkgbase

 

[fff2024g]

Dear T-Daemon :
sorry, i am late . thanks for your help . i will test it thanks.

 

[fff2024g]

Dear T-Daemon :
thanks for your help. 99% steps was right .i have modify something for really application in below...
1. only for freebsd15 pkgbase

Create a directory to store the pkgbase packages, fetch repository catalog files, fetch pkgbase upgrade packages:
# mkdir /var/cache/freebsd-packages/

# cd /var/cache/freebsd-packages/

## The following fetch(1) part can be scripted ##

# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/data.pkg
# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/meta
# fetch https://pkg.freebsd.org/FreeBSD:15:amd64/base_release_0/meta.conf

Download pkgbase updates:
mkdir /var/cache/freebsd-packages/Hashed/
# env PKG_CACHEDIR=/var/cache/freebsd-packages/Hashed/ pkg upgrade -r FreeBSD-base -F

Clean up symlinks in the pkgbase cache directory:
# find /var/cache/freebsd-packages/Hashed/ -type l -delete



Create a portable, on USB disk, local pkgbase repository in /var/cache/freebsd-packages/offline.conf

####scp the offline packages and local reposity to client (no internet freebsd15)
#scp -r offlinepackages_server/var/cache/freebsd-packages/ /root/offline

offline:{
url:"file:///root/offline"
enable:yes
}

3. install offline update packages from local reposity .
pkg -R /root/offline/ upgrade -r offline

thanks for your help. maybe help more.

 

[fff2024g]

Dear T-Daemon :

do you know what differences about base_latest , base_release_0,base_release_1, base_weekly ?
why we need to used base_release_0 ,not base_release_1 ? thanks..

have a good day

 

[fahrenheit]

Dear T-Daemon :
View attachment 26067
do you know what differences about base_latest , base_release_0,base_release_1, base_weekly ?
why we need to used base_release_0 ,not base_release_1 ? thanks..

have a good day

The _X at the end represent the minor version for which the packages were built. So 0 is for 15.0 and 1 is for 15.1.

The folders (i.e. repos) that do not end in a number represent the latest development version for the stable branch of 15.x. (i.e. what will become 15.2 now).
Quarterly is for the ports branch that is updated each quarter.
If you want a stable (as in stable as a chair), you should use the package for your minor version (which as of now is .0).

(i.e. your /etc/pkg/FreeBSD.conf should look similar to this)

#
# To disable a repository, instead of modifying or removing this file,
# create a /usr/local/etc/pkg/repos/FreeBSD.conf file, e.g.:
#
#   mkdir -p /usr/local/etc/pkg/repos
#   echo "FreeBSD-ports: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
#   echo "FreeBSD-ports-kmods: { enabled: no }" >> /usr/local/etc/pkg/repos/FreeBSD.conf
#
# Note that the FreeBSD-base repository is disabled by default.
#

FreeBSD-ports: {
  url: "pkg+https://pkg.FreeBSD.org/${ABI}/release_${VERSION_MINOR}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
FreeBSD-ports-kmods: {
  url: "pkg+https://pkg.FreeBSD.org/${ABI}/kmods_latest_${VERSION_MINOR}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
FreeBSD-base: {
  url: "pkg+https://pkg.FreeBSD.org/${ABI}/base_release_${VERSION_MINOR}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkgbase-15",
  enabled: no
}

 

[fff2024g]

DEAr fahrenheit :
thanks . but when i used command " echo $VERSION_MINOR" , no any output ...i want to print this guy. thanks.

 

[fahrenheit]

That variable is set for pkg execution and the value will be the minor version of the FreeBSD release you are running (see freebsd-version).
So if you are running 15.0 the value will be 0, if you are on 15.1 the value will be 1.

 

[richardtoohey2]

DEAr fahrenheit :
thanks . but when i used command " echo $VERSION_MINOR" , no any output ...i want to print this guy. thanks.

pkg -vv

might get you the values ... e.g. on 15.0:

% pkg -vv | grep url
libcurl                 : libcurl/8.17.0 OpenSSL/3.5.4 zlib/1.3.1
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:15:amd64/quarterly",
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:15:amd64/kmods_quarterly_0",
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:15:amd64/base_release_0",

You'll have to do a bit of parsing.

Possibly easier ways, but think this approach shows exactly what pkg is "thinking".