How to correctly slim down a base system using pkgbase

petan

petan

When I first learned about pkgbase I immediately had an urge to use this to my advantage and slim down my base system. But I haven't been able to find any clear directions on how to do this.

Lets say I have a system running FreeBSD 15.0-RELEASE and want to remove certain packages because they are not needed. In today's word storage may not be a primary concern. But security can be, and the possibility to minimize the number of binaries could be one way to approach this.

Does anyone know how I would configure my system to not install certain packages from FreeBSD-base? Let say I know for sure I will not need pf, bhyve, bluetooth or any manuals at all. How do I configure that?
  • How do I make sure unneeded packages doesn't get installed during upgrades?
  • This could also be used in conjunction with jails to have very minimal 'containers' with just the packages needed to run the specific processes inside the jail.
  • Can I when setting up a system or jail tell pkg to only use the "bare minimum" of packages?
 
Code: 
# pkg query -x -e '%o~base/*' '%n' '^FreeBSD-set-'
FreeBSD-set-base
FreeBSD-set-base-dbg
FreeBSD-set-base-jail
FreeBSD-set-base-jail-dbg
FreeBSD-set-devel
FreeBSD-set-devel-dbg
FreeBSD-set-kernels
FreeBSD-set-kernels-dbg
FreeBSD-set-lib32
FreeBSD-set-lib32-dbg
FreeBSD-set-minimal
FreeBSD-set-minimal-dbg
FreeBSD-set-minimal-jail
FreeBSD-set-minimal-jail-dbg
FreeBSD-set-optional
FreeBSD-set-optional-dbg
FreeBSD-set-optional-jail
FreeBSD-set-optional-jail-dbg
FreeBSD-set-src
FreeBSD-set-tests
Then FreeBSD-set-lib32-dbg as the next obvious candidate.

I've noticed that an individual package can be a part of several package sets.
 
Tried with the devel set, but Im not allowed to remove it.
Rich (BB code): 
# pkg delete FreeBSD-set-devel-15.0
Checking integrity... done (0 conflicting)
The following package(s) are locked or vital and may not be removed:

    FreeBSD-set-devel

1 packages requested for removal: 1 locked, 0 missing
# pkg unlock FreeBSD-set-devel
FreeBSD-set-devel-15.0: already unlocked
# pkg delete FreeBSD-set-devel
Checking integrity... done (0 conflicting)
The following package(s) are locked or vital and may not be removed:

    FreeBSD-set-devel

1 packages requested for removal: 1 locked, 0 missing
 
petan said:
Tried with the devel set, but Im not allowed to remove it.
Code: 
# pkg delete FreeBSD-set-devel-15.0
Click to expand...
You need to force the removal ( pkg del -f), but this would remove only the specified metapackage, not all the devel packages.
Rich (BB code): 
# pkg search -r FreeBSD-base FreeBSD-set-devel
FreeBSD-set-devel-15.snap20251030123856 Development tools (metapackage)

One way to get rid of all devel packages is:
Code: 
# pkg info -dq FreeBSD-set-devel | sort > fbsd-dev

Open the file in an editor or pager, check if all packages are the ones you want to be removed, then confirm the removal:
Code: 
# pkg del -f `cat fbsd-dev`

Try on a test machine, not on a production machine, see if there is a dysfunction by removing devel packages. This can also be tried with FreeBSD-set-optional.
 
T-Daemon said:
One way to get rid of all devel packages is:
Code: 
# pkg info -dq FreeBSD-set-devel | sort > fbsd-dev

Open the file in an editor or pager, check if all packages are the ones you want to be removed, then confirm the removal:
Code: 
# pkg del -f `cat fbsd-dev`
Click to expand...
Yeah sure.

But the main goal with this thread is to find out the intended, production ready way to specify in advance what packages that should be installed and not when using a pkgbase system.
 
petan said:
But the main goal with this thread is to find out the intended, production ready way to specify in advance what packages that should be installed and not when using a pkgbase system.
Click to expand...
To my knowledge, there is no end user targeted information available on this topic regarding which individual packages are required for an absolute minimum system, but FreeBSD-kernel-generic (or FreeBSD-kernel-minimal), FreeBSD-set-minimal and FreeBSD-set-optional, creates a production ready minimal system.

To use these sets, the system must be set up manually, there is no menu-guided installation option.

After the installation, unneeded packages can be removed one by one (pf, bhyve, bluetooth, manuals, etc.). This is my view, based on the information I have.

I suggest you subscribe to the freebsd-pkgbase@freebsd.org mailing list, ask the developers directly, they are more qualified to answer your questions. Most likely Lexi Winter, one of the main pkgbase developer, will reply to your questions.
 
Well, security wise:

that would only be an improvement if the removed component is a network server (that is also started) or setuid.
 
Has anybody tried building FreeBSD 15.0-RELEASE images with Poudriere Image? I am curious if all these changes broke anything there.
That is how I chose to customize my builds.
 
T-Daemon said:
but FreeBSD-kernel-generic (or FreeBSD-kernel-minimal), FreeBSD-set-minimal and FreeBSD-set-optional, creates a production ready minimal system.

To use these sets, the system must be set up manually, there is no menu-guided installation option.
Click to expand...
I was mistaken, a "FreeBSD-set-minimal" can be installed at the installation menu by picking "Select System Components" "optional" only. This will pull in "FreeBSD-set-minimal".
 
You must log in or register to reply here.
Back
Top