This is a repost of my old blog wanted to move the post over, since I used to use a lot of FreeBSD in my previous position, and still love the OS wanted to continue posting stuff about it.
In this little tutorial I will teach how to upgrade ports in FreeBSD
- Install and use cvsup to sync the ports collection
- Create / Copy the supfile and use portsdb to update the database INDEX.db
- Use portversion to find which all ports need upgrading
- Use portupgrade to upgrade those ports
- Use portaudit to find vulnerabilities
- Script and add to crontab to auto do things for you
1. First lets install cvsup-without-gui
|
1 2 |
cd /usr/ports/net/cvsup-without-gui make install clean |
2. Now that cvsup is installed we need to create/copy the supfiles
|
1 2 3 4 5 |
cd /root mkdir supfile; cd supfile cp /usr/share/example/ports-supfile . |
Now we need to edit the ports-supfile to get only the ports
Edit the lines
|
1 2 3 4 5 |
*default host=CHANGE_THIS.FreeBSD.org *default base=/var/db To *default host=cvsup9.us.FreeBSD.org *default base=/usr |
Since my ports are installed on /usr/ports therefore I change base to /usr
For host one can change it to the one that is nearest you. Here is a list of cvsup server http://www.freebsd.org/doc/en/books/handbook/cvsup.html#HANDBOOK-MIRRORS-CHAPTER-SGML-CENTRAL-CVSUP
Remember to check if ports-all is listed since you wish to update all the ports
|
1 2 3 4 5 6 |
## Ports Collection. # # The easiest way to get the ports tree is to use the "ports-all" # mega-collection. It includes all of the individual "ports-*" # collections, ports-all |
Next use this command to update the ports tree
|
1 |
cvsup -g -L 2 ports-supfile |
Now that the port tree is updated, lets update the ports database (the following commands assume you have installed portupgrade form /usr/ports/ports-mgmt/portupgrade)
|
1 |
portsdb -Uu |
This creates an INDEX.db btree file on your server
3. Lets try to find out which ports needs upgrading
|
1 |
portversion -l "<" |
This will list out which ports need to be upgraded where the < sign means a new port exist.
Might show you something like
|
1 2 3 4 5 6 7 |
php5 < php5-gd < php5-mysql < php5-pcre < php5-session < php5-xml < php5-zlib < |
4. If we wish to upgrade php5 we would simply type
|
1 2 3 |
portupgrade php5 or portupgrade -arR (for all installed ports to be upgrade) |
5. One may also like to install portaudit to check installed packages for known vulnerabilities.
|
1 2 3 4 5 |
cd /usr/ports/ports-mgmt/portaudit make install clean portaudit -Fda |
This will list out all the ports that is installed and has vulnerabilities.
e.g
|
1 2 3 |
Affected package: freetype2-2.3.5 Type of problem: FreeType 2 -- Multiple Vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/4fb43b2f-46a9-11dd-9d38-00163e000016.html> |
So you might want to upgrade that package.
Now that we have done all of this maybe it would be a good idea to actually script all of this into one script and put it in a cron job maybe even email yourself the result everyday (email left for yourself to script )
6. Here is a quick script that we can use.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
#!/bin/sh CVSUP=/usr/local/bin/cvsup SRC_SUPFILE=/root/supfile/stable-supfile PORTS_SUPFILE=/root/supfile/ports-supfile PORT_AUDIT=/usr/local/sbin/portaudit PORT_VERSION=/usr/local/sbin/portversion PORTSDB=/usr/local/sbin/portsdb echo "Updating src" $CVSUP -g -L 2 $SRC_SUPFILE echo "Updating ports" $CVSUP -g -L 2 $PORTS_SUPFILE echo "Update Db" $PORTSDB -Uu echo "Check for security vulnerabilities" $PORT_AUDIT -Fda echo "The following ports need upgrading" $PORT_VERSION -l "<" echo "Finished at `/bin/date`." exit |
Add it to crontab
|
1 2 |
# every dat at 1:00 am 0 1 * * * /root/bin/portupgrade.sh 1>/dev/null 2>/dev/null |
Leave A Comment