This is a repost of my old blog wanted to move the post over, since I used to use a lot of FreeBSD in my previous position, and still love the OS wanted to continue posting stuff about it.
In this little tutorial I will teach how to upgrade ports in FreeBSD
- Install and use cvsup to sync the ports collection
- Create / Copy the supfile and use portsdb to update the database INDEX.db
- Use portversion to find which all ports need upgrading
- Use portupgrade to upgrade those ports
- Use portaudit to find vulnerabilities
- Script and add to crontab to auto do things for you
1. First lets install cvsup-without-gui
cd /usr/ports/net/cvsup-without-gui
make install clean
2. Now that cvsup is installed we need to create/copy the supfiles
cd /root
mkdir supfile; cd supfile
cp /usr/share/example/ports-supfile .
Now we need to edit the ports-supfile to get only the ports
Edit the lines
*default host=CHANGE_THIS.FreeBSD.org
*default base=/var/db
To
*default host=cvsup9.us.FreeBSD.org
*default base=/usr
Since my ports are installed on /usr/ports therefore I change base to /usr
For host one can change it to the one that is nearest you. Here is a list of cvsup server http://www.freebsd.org/doc/en/books/handbook/cvsup.html#HANDBOOK-MIRRORS-CHAPTER-SGML-CENTRAL-CVSUP
Remember to check if ports-all is listed since you wish to update all the ports
## Ports Collection.
#
# The easiest way to get the ports tree is to use the "ports-all"
# mega-collection. It includes all of the individual "ports-*"
# collections,
ports-all
Next use this command to update the ports tree
cvsup -g -L 2 ports-supfile
Now that the port tree is updated, lets update the ports database (the following commands assume you have installed portupgrade form /usr/ports/ports-mgmt/portupgrade)
portsdb -Uu
This creates an INDEX.db btree file on your server
3. Lets try to find out which ports needs upgrading
portversion -l "
This will list out which ports need to be upgraded where the < sign means a new port exist.
Might show you something like
php5
4. If we wish to upgrade php5 we would simply type
portupgrade php5
or
portupgrade -arR (for all installed ports to be upgrade)
5. One may also like to install portaudit to check installed packages for known vulnerabilities.
cd /usr/ports/ports-mgmt/portaudit
make install clean
portaudit -Fda
This will list out all the ports that is installed and has vulnerabilities.
e.g
Affected package: freetype2-2.3.5
Type of problem: FreeType 2 -- Multiple Vulnerabilities.
Reference:
So you might want to upgrade that package.
Now that we have done all of this maybe it would be a good idea to actually script all of this into one script and put it in a cron job maybe even email yourself the result everyday (email left for yourself to script )
6. Here is a quick script that we can use.
#!/bin/sh
CVSUP=/usr/local/bin/cvsup
SRC_SUPFILE=/root/supfile/stable-supfile
PORTS_SUPFILE=/root/supfile/ports-supfile
PORT_AUDIT=/usr/local/sbin/portaudit
PORT_VERSION=/usr/local/sbin/portversion
PORTSDB=/usr/local/sbin/portsdb
echo "Updating src"
$CVSUP -g -L 2 $SRC_SUPFILE
echo "Updating ports"
$CVSUP -g -L 2 $PORTS_SUPFILE
echo "Update Db"
$PORTSDB -Uu
echo "Check for security vulnerabilities"
$PORT_AUDIT -Fda
echo "The following ports need upgrading"
$PORT_VERSION -l "
Add it to crontab
# every dat at 1:00 am
0 1 * * * /root/bin/portupgrade.sh 1>/dev/null 2>/dev/null