Monday, September 1, 2008

Updating the ports tree in FreeBSD

After setting up a minimal FreeBSD install, I want to update the ports tree to the latest available. FreeBSD provides a program to do this. It's called cvsup (cvs update). To find the program, I search the ports tree.
freebsd# cd /usr/ports
freebsd# make search key=cvsup | grep Path:
Path: /usr/ports/chinese/auto-tw-l10n
Path: /usr/ports/lang/ezm3
Path: /usr/ports/misc/instant-server
Path: /usr/ports/net/csup
Path: /usr/ports/net/cvsup
Path: /usr/ports/net/cvsup-mirror
Path: /usr/ports/net/cvsup-without-gui
Path: /usr/ports/net/cvsupchk
Path: /usr/ports/ports-mgmt/port-authoring-tools
Path: /usr/ports/ports-mgmt/port-maintenance-tools
Path: /usr/ports/sysutils/desktopbsd-tools
Path: /usr/ports/sysutils/fastest_cvsup
Path: /usr/ports/sysutils/maint
freebsd# 
I want the cvsup without the gui, so I change into that directory and install it.
freebsd# cd net/cvsup-without-gui/
freebsd# sudo make install
===>  Extracting for cvsup-without-gui-16.1h_4
=> MD5 Checksum OK for cvsup-snap-16.1h.tar.gz.
=> SHA256 Checksum OK for cvsup-snap-16.1h.tar.gz.
===>  Patching for cvsup-without-gui-16.1h_4
===>  Applying FreeBSD patches for cvsup-without-gui-16.1h_4
[...]
===>   Registering installation for cvsup-without-gui-16.1h_4
===> SECURITY REPORT: 
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/cvsupd
/usr/local/bin/cvsup
/usr/local/bin/cvpasswd

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage: 
http://www.cvsup.org/
freebsd# 
I next need a config file to make cvsup update the ports tree.
#vi /root/ports-supfile
# IMPORTANT: Change the next line to use one of the CVSup mirror sites
# listed at http://www.freebsd.org/doc/handbook/mirrors.html.
*default host=cvsup5.us.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix

# If you seem to be limited by CPU rather than network or disk bandwidth, try
# commenting out the following line.  (Normally, today's CPUs are fast enough
# that you want to run compression.)
*default compress

## Ports Collection.
#
# The easiest way to get the ports tree is to use the "ports-all"
# mega-collection.  It includes all of the individual "ports-*"
# collections,
ports-all
Now we run rehash to rescan our PATH variable for new commands, then run cvsup to update our ports tree.
freebsd# rehash
freebsd# cvsup /root/ports-supfile
Connected to cvsup5.us.FreeBSD.org
Updating collection ports-all/cvs
[...]
Finished successfully
freebsd# 
Now our ports tree is up to date. If you want to see what ports you've installed that have security updates available, run "/usr/local/sbin/portaudit". It will list any ports that need updating. If you get command not found, cd to /usr/ports/ports-mgmt/portaudit and do a "sudo make install".

Labels: , ,