portsnap has become part of FreeBSD's base (6.0 only)

Posted by Pat Tue, 06 Dec 2005 23:16:00 GMT

A while ago we used portsnap to upgrade the ports tree when first installing FreeBSD. If you’ve made the upgrade to 6.0, portsnap is a part of the base system, so you should remove the package and any configuration.

It’s pretty easy. Just delete the package get rid of the existing portsnap database and regenerate it. 
# cd /usr/ports/sysutils/portsnap && make deinstall
# rm -rf /var/db/portsnap/* && rm -rf /usr/local/portsnap
# rm /usr/local/etc/portsnap.conf
# portsnap fetch && portsnap extract

portsnap works because it uses the config at /etc/portsnap.conf now. The new portsnap binary is located in /usr/sbin, so you’ll need to update your crontab entries to reflect that.

Posted in  | Tags ,  | no comments

Configuring FreeBSD Part I - Getting ports set up

Posted by Pat Wed, 24 Aug 2005 17:03:00 GMT

Assumptions

I assume that you already have FreeBSD installed…a pretty big assumption, I realize. However, I just got a new server, and I have to set it up anyway, so it’s a good opportunity for me to take you through the steps I take when configuring a server for Rails hosting. I’ll make another article at a later date going over FreeBSD installation…but for the mean time, read the Installing FreeBSD section of the FreeBSD Handbook

Also, I assume that you did the Developer install, which includes the base system sources. You should also install the ports tree, which the handbook covers.

Setting up the ports utilities

The first thing I ever do is upgrade the ports system, so that any software I install is at the latest version. We’ll also set up cron jobs to check all your software for security flaws (these are checked against a database created by the FreeBSD Security Team).

We’ll be installing three ports. portaudit – Checks your installed ports against a database for any known security flaws portsnap – Updates the ports tree to the latest versions portupgrade – Amazingly, upgrades your installed ports

su to root and execute the following commands 
# cd /usr/ports/security/portaudit && make install clean
# cd /usr/ports/sysutils/portsnap && make install clean
# cd /usr/ports/sysutils/portupgrade && make install clean
Note: The portupgrade install will ask you if you want to use Berkeley DB >= Version 2. I’ve yet to read anything or find any evidence that it matters…so select it if you want, don’t select it if you don’t. I do, but as I’ve said, I’ve found no reason for or against it

Note: Depending on your ports tree version, the installation of portupgrade may fail. That’s because portaudit notices a vulnerability in a dependency and doesn’t let you install it. If it fails, skip to the “Upgrade ports tree” and then install portupgrade.

After you install the ports utilities type “rehash” at the command prompt so that you can run the newly installed programs.

Update the ports tree

We want to install the latest version of any software we install, so you’ll need to update the ports tree. First thing to do is copy your portsnap.conf file to its proper location: 
# cd /usr/local/etc/ && cp portsnap.conf.sample portsnap.conf
Next thing to do is fetch and extract the updated ports tree. 
# portsnap fetch
# portsnap extract
This is optional, but at this point I set up portsnap to fetch the latest ports tree in a cron job, so I don’t manually have to, or at least it will be mostly updated when I do run fetch/extract, thus take less time. I have this entry in my /etc/crontab file: 
0       2       *       *       *       root    /usr/local/sbin/portsnap cron
That runs portsnap at 2 am every night.

Note: If you haven’t installed portupgrade because it failed the first time around, do so now

Upgrade your installed ports

First get the absolute latest snapshot of the ports three. You’ll have this since we just installed it, so this is mostly just a reference for the future. Keep in mind you should run it even if you have a cron job set up, so that you get any changes made between the time the cron job ran and the time you’re updating your ports. 
# portsnap fetch && portsnap update
There are a number of ways to check out what ports are up-to-date and which ones need updating. Personally, I use pkg_version, which will list all the packages you have installed, along with whether they’re up-to-date with, ahead or behind of the ports tree. To just see which ones need updating, do 
# pkg_version | grep '<'
You’ll want to read the upgrade notes before upgrading. The vast majority of the time you can upgrade your ports without worrying about anything, but occasionally one will need some steps taken before you can upgrade. Upgrade a single port using portupgrade: 
# portupgrade ruby
Or to upgrade all the ports on your system, use the -a flag: 
# portupgrade -a
h3. Congratulations (and a sweet little treat!)

You’re all done getting the ports tree updated, installed a few nice utilities to help check the security of your ports, as well as update them.

I’ve got a nice little surprise for you at this point…when you installed portupgrade, FreeBSD installed ruby along with it because it’s listed as a dependency. Think I’m kidding? 
# ruby --version
ruby 1.8.2 (2004-12-25) [i386-freebsd5]

You’ve got the latest version of Ruby and didn’t even have to do anything – sweet! Go ahead, play around a bit.

Next we’ll learn how to bring the base system up to date.

Posted in  | Tags , , ,  | 2 comments