Updating the FreeBSD host system

From JonDonym Wiki
Jump to: navigation, search

JonDos GmbH thanks www.secure-internet.org for the right to publish the following article. We made some changes in it but the original text was provided by www.secure-internet.org

navigation: Main Page | FreeBSD and Jails

Updating the FreeBSD host system

There are various methods to update a FreeBSD system. Here, we will use a method were we just get new binaries for the operating system. Run

freebsd-update fetch 

This will get the binaries of the latest update available from the production release.

After you got them, run

freebsd-update install

Reboot running

shutdown -r now

and login again then.

When logging in again you should be greeted with the new errata version (watch out for the „p“ number or „#“ number). You also just could type

uname -a

to get the same information. Done.

We now will focus on the Ports Collection. The Ports Collection is sort of a text file based database knowing about approximately 20.000 third party software packages available from FreeBSD servers, We first need to update these information before we are prepared to install any software.


portsnap fetch

and then

portsnap extract

Don't worry, both command lines will run for a while.

Now we will install the first software package. Run

cd /usr/ports/ports-mgmt/portaudit  
make all install clean

This will get the source code for the portaudit program and build the binary for it automatically. The portaudit program is a speciality of FreeBSD. It will inform you automatically if there pop up any vulnerabilities known about software packages from the ports collection (in this case you in general should update the package as soon as possible).

Now run it the first time

/usr/local/sbin/portaudit -Fda

Usually it will now tell you that 0 vulnerabilities got found. If otherwise and whenever get informed about vulnerabilities you should just remove the software package or really fix it (by update of whatever means).

We now will install the portmaster program which is of great help managing and administering software packages:

cd /usr/ports/ports-mgmt/portmaster 
make install 

The portmaster program will get built.

Now we update all ports (will take a while):

/usr/local/sbin/portmaster -a

In case a blue window pops up asking you for compile options just confirm the defaults. You can navigate an those windows as you experienced it during FreeBSD's installation programm (sysinstall).

If you do not intend to create jails you are done. You now have a FreeBSD host system with most recent errata and ports available ready for production purposes.

If you want the jails we need to prepare various further stuff. The next steps will take some time because we need to download lots of stuff and compile tons of programs.

At first then we need to get the source code to build the userland binaries.

Edit /etc/standard-supfile

vi /etc/standard-supfile

Make sure you have settings in that file like the following (where the example below is for a FreeBSD 7.2 production release). You may and should of course adapt the FTP server address to a server near your machine:

  • default host=ftp.ch.freebsd.org
  • default base=/var/db
  • default prefix=/usr
  • default release=cvs tag=RELENG_7_2
  • default delete use-rel-suffix
  • default compress


Please note that there should NOT be an asterisk before „src-all“.

Then run

cd /etc
csup /etc/standard-supfile

This will run a while.

After the job is done, run:

cd /usr/src
make buildworld

... which will run even longer because we now compile the FreeBSD userland programs. This is required nonetheless we have already versions of those binaries. We need running through this process to provide structures needed to later on get a userland program into each jail. Have a lunch as long as it's running or – if you have a slow machine – even do something different for a few hours ;-).

When „make buildworld“ finished, run:

mergemaster -p

Answer the questions asked by mergemaster. Then run:

make installworld

After it was finished, run

mergemaster -iU

and again answer the questions mergemaster asks you.

When done, reboot your system:

shutdown -r now

and after reboot log in again via SSH.

To shorten the motto of the day text appearing with each login to the system you might edit /etc/motd:

vi /etc/motd
Personal tools