Friday, March 5, 2010

Setting up FreeBSD to Auto-Download and Notify Updates

03/11/2010- Update: Updated the portsnap command to properly apply the port updates. As configured before the changes would show up but the cron task to download packages would never download them.

The default install of FreeBSD is very stable, and works well. And it is relatively simple manually do updates, but I recent looked into setting up auto-updates like Ubuntu does. The way I have it et up now is the following.

Automatic downloading of kernel/world updates to the FreeBSD release.
Automatic downloading and updating of the current ports tree.
Automatic downloading of any updated binary packages of installed ports.

These three tasks are set as cron jobs and run once a day/week to check for and download updates. Reports are also sent to the root account on checking so you will be notified where updates are available. The administrator can then manuals install the system updates, binary packages updates, and source port updates from the local cache.

First off we will add a few cron jobs to auto-download our updates. Add these lines to /etc/cron and customize the run time as desired.
# Check for freebsd updates, download them, and mail root.
0       2       *       *       0       root    freebsd-update cron
# Check for ports updates, download them, and mail root.
0       3       *       *       0       root    portsnap cron update && pkg_version -vIL=
# Check for binary pacakge updates, download them, and mail root.
0       4       *       *       0       root    portupgrade -PFa

To enable the email reports you need to add an alias to send mail to forward root's mail to an administrator. To do so edit the file /etc/aliases and add line like so with your username.
root: adminaccount
Then run the following command to make the change take effect.
cd /etc/mail && sudo make aliases

You will also need to install the portutils package if you don't have it for package updating.
cd /usr/ports/ports-mgmt/portupgrade && sudo make install

Once installed we need to change the package source location to pull binary package updates from the stable branch instead of the release branch.  The release packages are never updated and as such we would never find binary updates. To change this edit the /usr/local/etc/pkgtools.conf file and change the PKG_SITES variable to the following.
    sprintf('', OS_PLATFORM, OS_MAJOR)  

Unfortunately the  portupgrade utility does not respect packages you customized and build by hand and will just overwrite them with the binary version.  To get around this you can add any exceptions you want to HOLD_PKGS array in this file and update them manually.  You way also want to add any languages you don't use to the IGNORE_CATEGORIES array at this time as well to speed up the ports commands.

Manual Update
Once all these steps are done we can force a manual update of all three with the following commands, though they will take a bit to complete.
sudo freebsd-update fetch
sudo portsnap fetch update
sudo portupgrade -PFa

Installing Updates
If using ZFS you may want to make a snapshot first.
sudo zfs snapshot zroot@ver-date
sudo zfs snapshot zroot/usr@ver-date

When you want to do an actual update to the system here are the commands to install the downloaded updates.
sudo freebsd-update install
sudo portupgrade -Pa

And finally its a good idea to clean out the old files manually or via another cron task..
portsclean -CDPL

If everything went smoothly you may wish to remove the old snapshots.
sudo zfs destroy zroot@ver-date
sudo zfs destroy zroot/usr@ver-date


lauren said...
This comment has been removed by the author.
lauren said...

You are right that process of manual updates is really very simple but it can not be compared to the automatic ones.As it decrease you routine chores.Nice blog.Thanks
digital signature software