Before we begin manipulating any ports, we should ensure that this hierarchy is up-to-date. Forgetting to refresh the ports hierarchy can result in build failures as the ports try to fetch and build files that may not be valid anymore. We can update the ports tree using a utility called portsnap. This tool queries the FreeBSD ports servers for changes. We can use the stat tool to see the various timestamps associated with the file:.
If you see this, it means that you do not have a ports tree initialized on your system. If this is the case, continue onto the next section to learn how to extract an initial ports tree onto your system using portsnap.
We need to remember the timestamp so that we know which updating notes we need to pay attention to after we refresh our ports tree. We can save these to a file in our home directory by typing:. To do this, we will use a tool called portsnap. This is the format that should be used in day-to-day updates of the ports tree. Once your ports tree is built or updated, you can begin to manage and work with ports on your system.
Now that you have an updated ports tree hierarchy on your system, you can begin looking at the software available to you. There are several ways of doing this, each of which has its advantages. The easiest way of searching for an application is by name using the whereis command.
This will search for the command on your system and within the ports tree. If it finds a match, it will return the relevant path info for the application on your system. Typically, if the application is not installed but the search was for a valid port, it will return the path to the port within the ports tree. If the application is installed, it will usually return the path to the executable, the port, and often the man page:. We can use the path returned if we wish to install this port.
This includes the path to the actual installed executable, the man page file for the application, and the location of the port within the ports tree. In the FreeBSD Handbook , the authors also suggest a rather novel way of searching using only the echo command and the built-in structure of the ports tree. In the filesystem, each port is represented by a distinct directory that contains all of the information necessary to build and install the software on the FreeBSD system.
So in the wget example above, we see that the wget command has been categorized within the ftp group. We can exploit this consistent structure through the use of the echo command and wildcards. Since we probably do not know the category the port will exist in, we will replace that directory level with an asterisk. We can also put these before and after our search term if we want to be more flexible in our matching.
So we can search for wget related programs by typing:. This can be a bit more flexible than the whereis command because it does not require an exact match. This is also the command that is used to build and install ports onto the system, but is more generally a flexible tool that can be used to easily execute complex tasks that have been defined in a config file.
To use this functionality, you must first move to the base of the ports tree. This is where the make targets are defined:. The two make targets designed to search the ports tree are search and quicksearch. These have exactly the same functionality, differing only in their default display. The search target will return information about the name of the port, path in the port tree, a general description and then details about the build including the maintainer email, build dependencies, run dependencies, and the upstream URL.
The quicksearch target only returns the port name, path, and description. Below, you can see the difference in the output of the search and quicksearch targets. The search target includes full information about the matches:.
On the other hand, the quicksearch target only displays the essential information about the matches it finds:. It is possible to combine different search types to narrow down the results. For example, if we were to search for the ntop network monitor, we might see results that look like this:. Here, we can see that most of the results are related to ntop , but we also have a book about learning Python.
We can further filter by adding a path specification:. We can also modify the behavior of the search in a few different ways. Some valid modifiers are:. One further situation that you may come across in your searches is a port that has been moved or deleted. These results look like this:. If this field is present, but empty, the port has been deleted. With the above information we can now efficiently manage security vulnerabilities in our FreeBSD systems.
Both in the Base System and installed packages … and also for Rust Cargo packages as a bonus! Beginning with version OpenZFS 2. However, there are still questions about how the change from feature flags happened and why version 2.
In our previous articles, we introduced you to the basics of ZFS snapshot management, and explained concepts such as creating OpenZFS snapshots, restoring files from a snapshot, and deleting snapshots. With this article, we dive a bit deeper into OpenZFS snapshot management with snapshot holds, clone creation and promotion, and assigning permissions to snapshot-related operations. Category: freebsd , troubleshooting Tags: command , freebsd , security , troubleshooting.
Klara Inc. Leave a Comment Posted on December 8, by officeklara. FreeBSD systems come with several tools to accomplish that task for both its Base System and installed 3 rd party packages. Today we will discuss them in this brief article. Each Security Advisory has the following structure: I. Background II. Problem Description III.
Impact IV. Workaround V. Solution VI. Correction details VII. Fetching public key from update2. To install the port:. Before performing an upgrade using this utility, it is recommended to scan the list of installed ports using pkgdb -F and to fix all the inconsistencies it reports. To upgrade all the outdated ports installed on the system, use portupgrade -a. Alternately, include -i to be asked for confirmation of every individual upgrade:. To upgrade only a specified application instead of all available ports, use portupgrade pkgname.
It is very important to include -R to first upgrade all the ports required by the given application:. If none are available locally, it then fetches packages from a remote site. If packages can not be found locally or fetched remotely, Portupgrade will use ports.
To avoid using ports entirely, specify -PP. This last set of options tells Portupgrade to abort if no packages are available:. To just fetch the port distfiles, or packages, if -P is specified, without building or installing anything, use -F. For further information on all of the available switches, refer to the manual page for portupgrade.
Using the Ports Collection will use up disk space over time. After building and installing a port, running make clean within the ports skeleton will clean up the temporary work directory.
If Portmaster is used to install a port, it will automatically remove this directory unless -K is specified. If Portupgrade is installed, this command will remove all work directories found within the local copy of the Ports Collection:. If Portupgrade is installed, this command will delete all the distfiles that are no longer referenced by any ports:.
To use Portupgrade to remove all distfiles not referenced by any port currently installed on the system:. By default, this command is interactive and will prompt the user to confirm if a distfile should be deleted. Using the Ports Collection Prev Chapter 5.
Installing Applications: Packages and Ports Next. Using the Ports Collection. Procedure 5. Portsnap Method. Subversion Method. Installing Ports. Warning: Before compiling any port, be sure to update the Ports Collection as described in the previous section. Note: To save this extra step, instead use make install clean when compiling the port. Customizing Ports Installation. Tip: When using config-recursive , the list of ports to configure are gathered by the all-depends-list target.
Removing Installed Ports. Upgrading Ports. Upgrading Ports Using Portmaster. To force a reinstallation of dependent packages, run:. The Ports Collection is a set of Makefile s, patches, and description files. Each set of these files is used to compile and install an individual application on FreeBSD, and is called a port.
Before installing and using the Ports Collection, please be aware that it is generally ill-advised to use the Ports Collection in conjunction with the binary packages provided via pkg to install software. Dependencies could be different for a port in HEAD compared to its counterpart in a quarterly branch release and this could result in conflicts between dependencies installed by pkg and those from the Ports Collection. If the Ports Collection and pkg must be used in conjunction, then be sure that your Ports Collection and pkg are on the same branch release of the ports tree.
The Ports Collection contains directories for software categories. Inside each category are subdirectories for individual applications. Each application subdirectory contains a set of files that tells FreeBSD how to compile and install that program, called a ports skeleton. Each port skeleton includes these files and directories:. Makefile : contains statements that specify how the application should be compiled and where its components should be installed.
This directory may also contain other files used to build the port. It also tells the ports system which files to remove upon deinstallation. Some ports include pkg-message or other files to handle special situations. The port does not include the actual source code, also known as a distfile. Before an application can be compiled using a port, the Ports Collection must first be installed.
If it was not installed during the installation of FreeBSD, use one of the following methods to install it:. The key is used to verify the integrity of all downloaded files. Note that Portsnap updates are generated from a snapshot of the main branch of the Ports Collection and cannot be configured to use a different branch for example, quarterly.
If it is necessary to use a different branch of the Ports Collection for instance as referenced earlier in conjunction with binary packages , then the Git method must be used.
When using fetch , the extract or the update operation may be run consecutively, like so:. Refer to the Git Primer for a detailed description of Git. Git must be installed before it can be used to check out the ports tree. If a copy of the ports tree is already present, install Git like this:. If the ports tree is not available, or pkg is being used to manage packages, Git can be installed as a package:.
This section provides basic instructions on using the Ports Collection to install or remove software. The detailed description of available make targets and environment variables is available in ports 7.
Before compiling any port, be sure to update the Ports Collection as described in the previous section. Alternately, run pkg audit -F before installing a new port.
This command can be configured to automatically perform a security audit and an update of the vulnerability database during the daily security system check. For more information, refer to pkg-audit 8 and periodic 8. Using the Ports Collection assumes a working Internet connection. It also requires superuser privilege.
To compile and install the port, change to the directory of the port to be installed, then type make install at the prompt. Messages will indicate the progress:. Since lsof is a program that runs with increased privileges, a security warning is displayed as it is installed.
Once the installation is complete, the prompt will be returned. Some shells keep a cache of the commands that are available in the directories listed in the PATH environment variable, to speed up lookup operations for the executable file of these commands. Users of the tcsh shell should type rehash so that a newly installed command can be used without specifying its full path.
Use hash -r instead for the sh shell. Refer to the documentation for the shell for more information. During installation, a working subdirectory is created which contains all the temporary files used during compilation. Removing this directory saves disk space and minimizes the chance of problems later when upgrading to the newer version of the port:.
Some ports provide build options which can be used to enable or disable application components, provide security options, or allow for other customizations.
If the port depends upon other ports which have configurable options, it may pause several times for user interaction as the default behavior is to prompt the user to select options from a menu. To avoid this and do all of the configuration in one batch, run make config-recursive within the port skeleton. Then, run make install [clean] to compile and install the port.
When using config-recursive , the list of ports to configure are gathered by the all-depends-list target. It is recommended to run make config-recursive until all dependent ports options have been defined, and ports options screens no longer appear, to be certain that all dependency options have been configured.
One method is to cd into the directory containing the port and type make config. Another option is to use make showconfig. Another option is to execute make rmconfig which will remove all selected options and allow you to start over. All of these options, and others, are explained in great detail in ports 7.
The ports system uses fetch 1 to download the source files, which supports various environment variables. See fetch 3 for the complete list of supported variables. Note that if a port has any dependencies, running this command in a category or ports skeleton will not fetch the distfiles of ports from another category. Instead, use make fetch-recursive to also fetch the distfiles for all the dependencies of a port.
When using, specify the alternate location:. For example:. These can also be set as environmental variables. Refer to the manual page for your shell for instructions on how to set an environmental variable. Installed ports can be uninstalled using pkg delete. Examples for using this command can be found in the pkg-delete 8 manual page.
It is recommended to read the messages as the port is uninstalled. If the port has any applications that depend upon it, this information will be displayed but the uninstallation will proceed.
In such cases, it may be better to reinstall the application in order to prevent broken dependencies. Over time, newer versions of software become available in the Ports Collection. This section describes how to determine which software can be upgraded and how to perform the upgrade. On FreeBSD 10 and later, or if the system has been converted to pkg, the following command will list the installed ports which are out of date:.
For FreeBSD 9. X and lower, the following command will list the installed ports that are out of date:. This file describes various issues and additional steps users may encounter and need to perform when updating a port, including such things as file format changes, changes in locations of configuration files, or any incompatibilities with previous versions.
Make note of any instructions which match any of the ports that need upgrading and follow these instructions when performing the upgrade. The Ports Collection contains several utilities to perform the actual upgrade. Each has its strengths and weaknesses.
Historically, most installations used either Portmaster or Portupgrade. Synth is a newer alternative. The choice of which tool is best for a particular system is up to the system administrator.
It is recommended practice to back up your data before using any of these tools. It is designed to use the tools installed with the FreeBSD base system without depending on other ports or databases.
0コメント