FreeBSD Update Procedures

[IT_Architect]

One thing I noticed about PC-BSD, is it has a PBI system, like Windows' update system for cleanly adding and removing applications, and another for keeping the system and applications up to date automatically. It also tells you when there are operating system updates needed, and you just need to answer yes to do them. I don’t see this in FreeBSD. I maintain (poorly) some FreeBSD monitoring computers and web servers. I'm hoping there is an easier way in FreeBSD 9.x or 10.x

This is my current update lunacy:

1. Set a VMware snapshot.
2. portsnap fetch update
3. portsdb –u (-U first time)
4. pkgdb -F to fix duplicated origins and read on-line forums about the errors, how to fix them, and try to guess which one to keep. If that doesn’t work, roll back to the snapshot.
5. Edit /usr/local/etc/pkgtools.conf and put DA stuff in HOLD_PKGS
   

   HOLD_PKGS = [
          'exim-4.69-1',
          'ncftp1-1.9.5',
          'proftpd-1.3.2',
          'vm-pop3d-1.1.7f',
          'x11*/XFree86*'
     ]

6. Make sure /etc/make.conf and add:
   

   WITHOUT_X11=yes

7. portversion -vL= shows what needs updating.
8. portupgrade –arR and spend an entire day answering hundreds of questions that nobody knows the answer to, or what it will pull in based on your choices. Stay away from fonts or it will pull in X11 stuff anyway. If it starts to drag in everything but the kitchen sink, shut down the VM and return to the VMware snapshot, and start over with different choices.

I’ve never used freebsd-update, but it appears to be a way to keep only the OS up to date. However, I don’t know what they mean by operating system. For Windows, it means everything that can be installed with Windows. I've never done an in-place major release upgrade, but it looked like it would be about as easy to just reinstall on a new VM, install the applications, and bring the data across.

I don’t know if there is an easier or better way to keep FreeBSD servers up to date, but what I have going is not very practical, and compiling for hours doesn't make sense. Is there an better way with 9.x or 10.x?

Thank your for your valuable advice!

 

[wblock@]

Some of your procedure will cause problems. Preventing upgrades to certain packages is dangerous, possibly preventing security updates.

The current way to prevent X from being installed is

OPTIONS_UNSET=X11

portupgrade -arR ("pirate mode") is equivalent to just portupgrade -a. /usr/ports/UPDATING should always be checked first, because some steps must be done manually. If skipped, problems will be encountered. -C added to the options will make portupgrade show options dialogs before beginning a build.

Here is what I recommend: Upgrading FreeBSD Ports.

 

[IT_Architect]

Some of your procedure will cause problems. Preventing upgrades to certain packages is dangerous, possibly preventing security updates.

Those are maintained by the web hosting control panel.

Here is what I recommend...

Thank you very much. I'll check that out.

 

[fonz]

I don’t know if there is an easier or better way to keep FreeBSD servers up to date

Without knowing more about your setup I can only offer the following remarks:

• If you're staying with -RELEASE versions of FreeBSD, updating the base system (i.e. the operating system itself) can be done very easily with freebsd-update(8). If you're tracking -STABLE and/or -CURRENT you're going to have to rebuild the kernel and world on a regular basis and be prepared to fix (or at least report) any problems you encounter. If you're unwilling and/or unable to do that, I'd say stick with -RELEASE and use freebsd-update(8) to install the security updates when they appear.
• As for keeping ports updated: if you're using binary packages, you'll probably want to use pkg (which comes with 10.X anyway but is optional with 9.X). The official packages are supposed to be updated from time to time, definitely when security or stability issues require so. pkg update, pkg upgrade, done.
• If you're building ports from source, you will have to update them regularly anyway. If you check for updates often enough, you usually won't have a whole lot to do on a single run, except if there has been a major change that affects lots of ports at once or when it just so happens that a large port needs updating. For instance, on most machines I do portsnap fetch update at least once a week, if not more often. Most of the time, not a whole lot of ports need to be updated at one given time.
• I can't comment on portupgrade because I prefer portmaster myself, sorry.

Hope this helps (at least a little bit).

 

[IT_Architect]

Wait! What is the difference between pkg update and pkg upgrade?

 

[fonz]

Wait! What is the difference between pkg update and pkg upgrade?

Well, pkg update basically updates your view of the repository catalogue: what packages are in there, which versions are they, that sort of thing. Then there's pkg upgrade to check this against what you currently have installed, to see if any packages are of a newer version than what you have installed, and if so to install the new versions.

In short: pkg update updates information about the packages in the repository, pkg upgrade actually upgrades installed packages that need to be upgraded.

 

[IT_Architect]

Thank you!