Installing FreeBSD 9 source

wblock@

Developer
First, sysinstall is mostly dead. Avoid it if possible. It won't install the source distribution for you any more.

There are two ways to get the source. Okay, maybe a lot more, but only two will be covered here.

  1. Download the tar file that matches the version you installed.
    i386: ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/9.0-RELEASE/src.txz
    amd64: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/9.0-RELEASE/src.txz

    Unpack the archive to /usr/src:
    # tar -C / -xvzf src.txz

    Be aware that this will only get you the code for FreeBSD-9.0-RELEASE, not anything that has been added since then.

  2. svn(1)
    SVN (Subversion) is a newer source control system. It is not part of the base system, so install devel/subversion. Then check out the source:
    # svn checkout [url]https://svn0.us-west.FreeBSD.org/base/releng/9.0/[/url] /usr/src

    Other versions of FreeBSD have different URLs, like https://svn0.us-west.FreeBSD.org/base/stable/9/ for 9-STABLE. svn includes a larger history and can take up to twice the amount of disk space as a CVS checkout.

    When using HTTPS, the first checkout will ask about the server certificate.
    Code:
    Error validating server certificate for 'https://svn0.us-west.freebsd.org:443':
     - The certificate is not issued by a trusted authority. Use the
       fingerprint to validate the certificate manually!
    Certificate information:
     - Hostname: svnmir.ysv.FreeBSD.org
     - Valid: from Fri, 24 Aug 2012 22:04:04 GMT until Sat, 24 Aug 2013 22:04:04 GMT
     - Issuer: clusteradm, FreeBSD.org, CA, US
     - Fingerprint: 79:35:8f:ca:6d:34:d9:30:44:d1:00:af:33:4d:e6:11:44:4d:15:ec
    (R)eject, accept (t)emporarily or accept (p)ermanently?
    The certificate can be accepted temporarily or permanently, or rejected if you doubt that machine's identity. Other protocols have different authentication methods.

    See the Handbook SVN mirror list for alternate servers which may be faster for you.
 
If we're on the subject, I have a few follow-up questions:
  • Is there a preferred method?
  • Would (for example) starting with method 1 and then keeping up with 2 or 3 save on bandwidth / lighten the load on the servers and mirrors involved?
  • Will the handbook ever get updated to reflect the difference between net/cvsup and csup()?
 
OH said:
Is there a preferred method?
Currently it's method 2 but it might move to method 3 in the near future. CVS has been mostly deprecated in favor of SVN. Method 2 works on a clean base OS without any ports installed.

Would (for example) starting with method 1 and then keeping up with 2 or 3 save on bandwidth / lighten the load on the servers and mirrors involved?
The sources have to come from somewhere. It really doesn't matter if you download the tarball first or not. It'll only take a little longer for method 2 and 3 if there's nothing when you first run it.

Will the handbook ever get updated to reflect the difference between net/cvsup and csup()?
It already is?
Note: The csup utility is a rewrite of the CVSup software in C. Its biggest advantage is, that it is faster and does not depend on the Modula-3 language, thus you do not need to install it as a requirement. Moreover you can use it out-of-the-box, since it is included in the base system. If you decided to use csup, just skip the steps on the installation of CVSup and substitute the references of CVSup with csup while following the remainder of this article.
Granted, I'd much rather see CVSup completely removed from the handbook.
 
Damn people if you have the DVD just # mount_cd9660 /dev/acd0 /cdrom and then # tar -C / /cdrom/usr/freebsd-dist/src.txz

Sorry couldn't find the code button
 
rossiya said:
Damn people if you have the dvd just mount_cd9660 /dev/acd0 /cdrom and then tar -C / /cdrom/usr/freebsd-dist/src.txz

Sorry couldn't find the code button

The source code on DVD/CD does not contain security patches (if any discovered after the release).
 
Those who routinely check out src for several machines, or like to play around with different versions could consider keeping a local repository. Just set release=cvs in the supfile.

Code:
*default host=X.Y.FreeBSD.org
*default base=/usr/local
*default prefix=/CVS
*default release=cvs
*default delete use-rel-suffix compress

src-all
ports-all
doc-all
Then checkout any branch, or src from a specific point-in-time from your local /CVS

Code:
gnome:/usr# cvs -d /CVS co -r RELENG_9 src/UPDATING
U src/UPDATING
gnome:/usr# cvs -d /CVS co -D 1/1/2012 -r RELENG_8 src/etc/defaults/rc.conf
U src/etc/defaults/rc.conf
gnome:/usr#
 
vand777 said:
The source code on DVD/CD does not contain security patches (if any discovered after the release).
Sure, but on fresh machines namely the 9.0 Live DVD with /usr/src and /usr/obj bolted onto my hard drive with null_fs NOTHING compiled. Not 9.0-RELENG, 9 STABLE. Nor did the freebsd-update work because the system is at 8.2 STABLE. So I had to untar the base tarball at the command line to make my "upgrade" to 9.0.

Generally X.0-RELENG releases of FreeBSD suck in terms of building the source system. I had to do this because I was building a fresh drive and don't want to play with it later when I need it. So no I have NO security patches because the patches to make RELENG-9.0 compile haven't somehow migrated to the csup servers. I don't think I should be making problem reports for release base system compilation failures. Perhaps STABLE will build somewhere around summertime.
 
Source upgrades from 8-stable to 9-stable have worked for me on at least two systems so far. Source was updated with csup(1). If that doesn't work, please start a new thread.
 
rossiya said:
Sure, but on fresh machines namely the 9.0 Live DVD with /usr/src and /usr/obj bolted onto my hard drive with null_fs NOTHING compiled. Not 9.0-RELENG, 9 STABLE. Nor did the freebsd-update work because the system is at 8.2 STABLE. So I had to untar the base tarball at the command line to make my "upgrade" to 9.0.

Generally X.0-RELENG releases of FreeBSD suck in terms of building the source system. I had to do this because I was building a fresh drive and don't want to play with it later when I need it. So no I have NO security patches because the patches to make RELENG-9.0 compile haven't somehow migrated to the csup servers. I don't think I should be making problem reports for release base system compilation failures. Perhaps STABLE will build somewhere around summertime.

Not sure (sorry!) if it would help in that case, but I found that if one has a thumbdrive with already compiled /usr/src; /usr/obj mounted as such
Code:
 mount -t ufs -o union /dev/da0 /usr
where the /src /obj are at the root of the thumbdrive, one can install (vs build) from the thumbdrive. (I did a short howto writeup...)
 
jb_fvwm2 said:
Code:
 mount -t ufs -o union /dev/da0 /usr
Oh yes I threw many tarballs around for that reason alone. But back in 2001 I did a lot of builds because many of the dual-pentium machines were dodgy, so burn-ins were the stress test. No, even when I used clang exclusively this system didn't build. That's supposed to be the grail supposedly. I'm sure there are days when sup'ing the code would yield a clean build. Timing is everything. /usr/src gets a lot more buildable around subversion 2, historically.

Even worse I had an inconsistent build on a second machine. That blew my nvidia driver which was running perfectly fine on the prior machine for the last four years. As the machine is my firewall, I kept trying to DHCP a public IP from my 2wire. It was then I learned it had cloned my firewall machine identity. Now the entire LAN was down. Since there was no X11 there was no browser and hence no way to fixate the 2wire on the right identity. I browsed with other boxes and played musical clones with the 2wire for half an hour. It played wackamole that long. Finally lady luck came to my rescue and the right id gave me a public IP. Out of the matrix at last.

Apparently the dumbed-down 2wire interface uses dumbed-down programming internally as well.

Anyway the firewall will stay at 8.2 until -RELEASE, -STABLE or something in between ultimately builds. Must keep the faith.
 
Yo I got builds working. Turns out a sub mirror, cvsup10, has old obsolete files, likely mixed in, and was generally stale. I switched to another randomly, in my case cvsup5, and everything built nicely on STABLE9. Well, except for the wireless code, which I had to block in /etc/src.conf.

Also, I could not get the nvidia driver module working or even loading in 8.2 after I moved it to another Nvidia card. But typical for FreeBSD it came right up on STABLE9. Despite the driver from nvidia.com directly blocking FreeBSD 9 in its Makefile. Apparently the driver ONLY works on FreeBSD 9!
 
I installed src and ports from the fbsd FreeBSD 9-Stable DVD itself while installing. Now what confuses me is how could I update the src and ports to the latest RELENG_9 in order to have the updated CVS tree?

I tried with /usr as the default prefix in the supfile and it messed up everything. Just confused.
 
You need the proper supfile for RELENG_9, /usr/share/examples/cvsup/stable-supfile. You can use it as it is if you give a hostname on the command line:

# csup -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile

Use of the main cvsup site is not necessary of course, you can select a mirror site as well.

Oh, and it's best to move the old 9.0-RELEASE sources out of the way before fetching 9-STABLE sources.
 
@kpa: Thanks.

Since I installed from the FreeBSD9-STABLE, how does it affect if I use /usr/share/examples/cvsup/stable-supfile with [cmd=""]csup[/cmd]? I am asking this because the stable-supfile still defaults to RELENG_9 in the default line. Or did I miss something?

Which one is the right statement in supfile for FreeBSD9-STABLE installation?
 
I've been using SVN since about Nov '11. SVN is so much faster than CVS. I would like to see GIT implemented for ports but that's a long way off (bringing ports into SVN structure is a greater priority). I had asked about ports on git here, but that's another issue.

My point: Recommend SVN for /src above anything else.
 
Hi, I have a question in this context: is there any integrity checking done when I download the source with one of the above methods? Digital signatures, secure tunneling, checksums -- anything? I was told on IRC that this is not the case but I found this rather hard to believe. I mean, seriously, I am by far not one of the most paranoid people -- but mitm-attacks are nothing fancy nowadays at all. I also don't really understand the situation since I _was_ told that when I use ports with portsnap, THEN there is integrity checking done. Now, providing a more secure method for transferring ports than for the base system does not make much sense to me.

How do you guys work with this situation?

Thanks a lot,
mel
 
I need to cut a custom kernel.

I downloaded the source using method (3):

# svn checkout [url=svn://svn.freebsd.org/base/releng/9.0/]svn://svn.freebsd.org/base/releng/9.0/[/url] /usr/src

but it downloaded everything except the bit I wanted... the process left /usr/src/sys empty.

I've done something wrong obviously. Can anyone point me in the right direction?

I believe it downloaded everything except "sys".
 
Same problem:

ct2xs.png
 
I just downloaded stable and thankfully sys did get downloaded with it.

For my purpose I guess I can cut my kernel from stable. So that fixes my immediate issue, but it does leave the original mystery outstanding.
 
Back
Top