The Base FreeBSD System vs Third-Party Software
First of all, it is important to understand that FreeBSD hase The Base FreeBSD system and Third-Party Software.
The Base FreeBSD System is the core part of FreeBSD that includes the kernel, standard system utilities, libraries, configuration files, and essential tools required to run and manage the system. You manage it using Admin Tool freebsd-update. Tool freebsd-update is still widely used, but the FreeBSD project is gradually moving toward pkgbase tool where The Base FreeBSD System is splited into packages like FreeBSD-runtime, FreeBSD-lib, FreeBSD-kernel, etc. You will be able to manage the base system with pkg just like third-party software. It will be more modular and modern than freebsd-update, but pkgbase is not yet officially supported on RELEASE versions, therefore freebsd-update is still production ready tool for update and upgrade of The Base FreeBSD System.
Third-Party software in FreeBSD
is any application or tool not included in the base system, such as web
servers, editors, databases, programming languages, and desktop
environments. You manage it using the pkg package manager or by Ports Collection (source code + make).
Picture is worth 1,000 words, so I have prepared visualization to understand the difference between The Base FreeBSD System and Third-Party Software.
 |
| The Base FreeBSD System and Third-Party Software |
Update vs Upgrade
Another important thing is to understand the difference between update and upgrade?
The difference are nicely visualized in table below.
 |
| Difference between FreeBSD Update and Upgrade |
Update
An update applies security fixes and minor bug-fix patches to the same release you are currently running. For example, from 14.1-RELEASE p0 to 14.1-RELEASE p3.
The freebsd-update utility provides a streamlined way to fetch and apply binary updates to The Base System (kernel and world/userland). The command sequence to fetch and install updates is
frebsd-update fetchfreebsd-update install
reboot
freebsd-update install
Updating Third-Party Software is performed using the pkg utility. The command sequence to fetch and install software update is ...
pkg update
reboot
Detail procedures are in next chapters of this blog post.
Upgrade
Upgrading FreeBSD can mean upgrading within the same release branch (e.g. 14.0 → 14.1) or between major versions (e.g. 13.x → 14.0).
Upgrading The Base System is performed using the freebsd-update utility. The command sequence to fetch and install upgrade is ...
freebsd-update -r 14.2-RELEASE upgrade
freebsd-update install
reboot
freebsd-update install
Upgrading Third-Party Software is performed using the pkg utility. The command sequence to fetch and install upgrade is ...
pkg upgrade
reboot
Detailed Update and Upgrade Procedures
FreeBSD Base System Update Procedure
Check current version of your FreeBSD.
root@kuna:~ #freebsd-version -kru14.1-RELEASE
14.1-RELEASE
14.1-RELEASE
The system is currently on FreeBSD 14.1-RELEASE, with no updates or patches applied.
The first output line shows the installed kernel version (-k), the second line displays the running kernel version (-v), and the third line indicates the userland version (-u).
Now let's fetch Operating System updates.
root@kuna:~ # freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update2.freebsd.org... done.
Fetching metadata signature for 14.1-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 135 patches.....10....20....30....40....50....60....70....80....90....100....110....120....130.. done.
Applying patches... done.
The following files will be updated as part of updating to
14.1-RELEASE-p8:
/bin/freebsd-version
/boot/kernel/cd9660.ko
/boot/kernel/cfiscsi.ko
/boot/kernel/cfumass.ko
/boot/kernel/ctl.ko
...
...
...
/usr/share/zoneinfo/WET
/usr/share/zoneinfo/zone.tab
/usr/share/zoneinfo/zone1970.tab
WARNING: FreeBSD 14.1-RELEASE HAS PASSED ITS END-OF-LIFE DATE.
Any security issues discovered after Tue Apr 1 00:00:00 UTC 2025
will not have been corrected.
root@kuna:~ #
Metadata and available binary patches has been downloaded. This can be safely done anytime to see if anything is pending.
When updates are fetched, we can install (review and apply) updates.
Installing Operating System updates
This installation should be scheduled during a maintenance window because a reboot may be necessary if the kernel version is upgraded.
root@kuna:~ #freebsd-update installsrc component not installed, skipped Installing updates... Restarting sshd after upgrade Performing sanity check on sshd configuration. Stopping sshd. Performing sanity check on sshd configuration. Starting sshd. Scanning /usr/share/certs/untrusted for certificates... Scanning /usr/share/certs/trusted for certificates... done. root@kuna:~ #
Check current kernel and userland versions
root@kuna:~ #freebsd-version -kru14.1-RELEASE-p7
14.1-RELEASE
14.1-RELEASE-p8
We can see what has changed. The installed kernel version is 14.1-RELEASE-p7, but our running kernel is still without any patch (14.1-RELEASE) becouse reboot is required to use newly installed kernel. Userland (applications outside of kernel) are already reinstalled to 14.1-RELEASE-p8.
Reboot the system
root@kuna:~ # reboot
This is required to boot into the updated kernel. We can verify it after system reboot.
root@kuna:~ #freebsd-version -kru14.1-RELEASE-p7
14.1-RELEASE-p7
14.1-RELEASE-p8
Now we have installed and running kernel on 14.1-RELEASE-p7 level.
Run freebsd-update install again (post-reboot)
After a kernel update and reboot, a second install phase may be required to finish updating userland binaries. This is crucial. Skipping it can leave the system in a semi-updated state.
root@kuna:~ #freebsd-update installsrc component not installed, skipped No updates are available to install. Run 'freebsd-update [options] fetch' first. root@fbsd-test01:~ #
In our case, there is nothing ore to update, so update procedure is succesfuly finished.
FreeBSD Base System Upgrade Procedure
Check current version of your FreeBSD.
root@kuna:~ #freebsd-version -kru14.1-RELEASE-p7
14.1-RELEASE-p7
14.1-RELEASE-p8
This is the latest 14.1-RELEASE update available. That's perfect, but there is newer FreeBSD 14.2-RELEASE and we would like to upgrade our system to this higher release.
Fetch upgrade patches
Before upgrading to a higher release, it is best practice to ensure the current release is fully up to date.The command freebsd-update -r 14.2-RELEASE upgrade is fetching 14.2-LATEST data.
And now we can install new kernel.root@kuna:~ #freebsd-update -r 14.2-RELEASE upgradesrc component not installed, skipped Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 14.1-RELEASE from update2.freebsd.org... done. Fetching metadata index... done. Fetching 1 metadata files... done. Inspecting system... done. The following components of FreeBSD seem to be installed: kernel/generic kernel/generic-dbg world/base world/lib32 The following components of FreeBSD do not seem to be installed: world/base-dbg world/lib32-dbg Does this look reasonable (y/n)? y Fetching metadata signature for 14.2-RELEASE from update2.freebsd.org... done. Fetching metadata index... done. Fetching 1 metadata patches. done. Applying metadata patches... done. Fetching 1 metadata files... done. Inspecting system... done. Preparing to download files... done. Fetching 4047 patches.....10....20....30....40....50....60....70....80....90....100....110....120....130....140....150....160....170....180....190....200....210....220....230....240....250....260....270....280....290....300....310....320....330....340....350....360....370....380....390....400....410....420....430....440....450....460....470....480....490....500....510....520....530....540....550....560....570....580....590....600....610....620....630....640....650....660....670....680....690....700....710....720....730....740....750....760....770....780....790....800....810....820....830....840....850....860....870....880....890....900....910....920....930....940....950....960....970....980....990....1000....1010....1020....1030....1040....1050....1060....1070....1080....1090....1100....1110....1120....1130....1140....1150....1160....1170....1180....1190....1200....1210....1220....1230....1240....1250....1260....1270....1280....1290....1300....1310....1320....1330....1340....1350....1360....1370....1380....1390....1400....1410....1420....1430....1440....1450....1460....1470....1480....1490....1500....1510....1520....1530....1540....1550....1560....1570....1580....1590....1600....1610....1620....1630....1640....1650....1660....1670....1680....1690....1700....1710....1720....1730....1740....1750....1760....1770....1780....1790....1800....1810....1820....1830....1840....1850....1860....1870....1880....1890....1900....1910....1920....1930....1940....1950....1960....1970....1980....1990....2000....2010....2020....2030....2040....2050....2060....2070....2080....2090....2100....2110....2120....2130....2140....2150....2160....2170....2180....2190....2200....2210....2220....2230....2240....2250....2260....2270....2280....2290....2300....2310....2320....2330....2340....2350....2360....2370....2380....2390....2400....2410....2420....2430....2440....2450....2460....2470....2480....2490....2500....2510....2520....2530....2540....2550....2560....2570....2580....2590....2600....2610....2620....2630....2640....2650....2660....2670....2680....2690....2700....2710....2720....2730....2740....2750....2760....2770....2780....2790....2800....2810....2820....2830....2840....2850....2860....2870....2880....2890....2900....2910....2920....2930....2940....2950....2960....2970....2980....2990....3000....3010....3020....3030....3040....3050....3060....3070....3080....3090....3100....3110....3120....3130....3140....3150....3160....3170....3180....3190....3200....3210....3220....3230....3240....3250....3260....3270....3280....3290....3300....3310....3320....3330....3340....3350....3360....3370....3380....3390....3400....3410....3420....3430....3440....3450....3460....3470....3480....3490....3500....3510....3520....3530....3540....3550....3560....3570....3580....3590....3600....3610....3620....3630....3640....3650....3660....3670....3680....3690....3700....3710....3720....3730....3740....3750....3760....3770....3780....3790....3800....3810....3820....3830....3840....3850....3860....3870....3880....3890....3900....3910....3920....3930....3940....3950....3960....3970....3980....3990....4000....4010....4020....4030....4040... done. Applying patches... done. Fetching 122 files... ....10....20....30....40....50....60....70....80....90....100....110....120. done. The following files are affected by updates. No changes have been downloaded, however, because the files have been modified locally: /var/db/locate.database The following files will be removed as part of updating to 14.2-RELEASE-p3: /etc/ssl/certs/08063a00.0 /etc/ssl/certs/18856ac4.0 /etc/ssl/certs/57bcb2da.0 /etc/ssl/certs/5e98733a.0 /etc/ssl/untrusted/03179a64.0 /etc/ssl/untrusted/080911ac.0 /etc/ssl/untrusted/157753a5.0 /etc/ssl/untrusted/2c543cd1.0 /etc/ssl/untrusted/2e5ac55d.0 /etc/ssl/untrusted/3e45d192.0 /etc/ssl/untrusted/4a6481c9.0 /etc/ssl/untrusted/5273a94c.0 /etc/ssl/untrusted/5c44d531.0 /etc/ssl/untrusted/76cb8f92.0 /etc/ssl/untrusted/861a399d.0 /etc/ssl/untrusted/9c2e7d30.0 /etc/ssl/untrusted/d853d49e.0 /etc/ssl/untrusted/f3377b1b.0 /usr/lib/ossl-modules/fips.so /usr/lib32/ossl-modules/fips.so /usr/share/certs/trusted/Entrust_Root_Certification_Authority_-_G4.pem /usr/share/certs/trusted/SecureSign_RootCA11.pem /usr/share/certs/trusted/Security_Communication_RootCA3.pem /usr/share/certs/trusted/SwissSign_Silver_CA_-_G2.pem /usr/share/certs/untrusted/AddTrust_External_Root.pem /usr/share/certs/untrusted/AddTrust_Low-Value_Services_Root.pem /usr/share/certs/untrusted/Cybertrust_Global_Root.pem /usr/share/certs/untrusted/DST_Root_CA_X3.pem /usr/share/certs/untrusted/E-Tugra_Certification_Authority.pem /usr/share/certs/untrusted/GeoTrust_Global_CA.pem /usr/share/certs/untrusted/GlobalSign_Root_CA_-_R2.pem /usr/share/certs/untrusted/Hongkong_Post_Root_CA_1.pem /usr/share/certs/untrusted/QuoVadis_Root_CA.pem /usr/share/certs/untrusted/Security_Communication_Root_CA.pem ... ... ... /boot/kernel/if_alc.ko /boot/kernel/if_ale.ko /boot/kernel/if_ath.ko /boot/kernel/if_aue.ko /boot/kernel/if_axe.ko /boot/kernel/if_axge.ko To install the downloaded upgrades, run 'freebsd-update [options] install'. root@kuna:~ #
root@kuna:~ #freebsd-update installsrc component not installed, skipped Installing updates... Kernel updates have been installed. Please reboot and run 'freebsd-update [options] install' again to finish installing updates. root@fbsd-test01:~ #
Check current version of your FreeBSD.
root@kuna:~ #freebsd-version -kru14.2-RELEASE-p1
14.1-RELEASE-p7
14.1-RELEASE-p8
We have kernel 14.2-RELEASE installed, but runing kernel is obviously still 14.1-RELEASE-p7. reboot is necessary to boot into a new kernel.
Reboot the system
Reboot the system to boot into the updated kernel.
root@kuna:~ # reboot
We can verify versions after reboot.
root@kuna:~ #freebsd-version -kru14.2-RELEASE-p1
14.2-RELEASE-p1
14.1-RELEASE-p8
It shows that we are running kernel 14.2-RELEASE-p1, but userland is still 14.1-RELEASE-p8.
Upgrade system
Now we can finish installing updates.root@kuna:~ #freebsd-update installsrc component not installed, skipped Installing updates... Restarting sshd after upgrade Performing sanity check on sshd configuration. Stopping sshd. Waiting for PIDS: 801. Performing sanity check on sshd configuration. Starting sshd. Scanning /usr/share/certs/untrusted for certificates... Scanning /usr/share/certs/trusted for certificates... done. root@kuna:~ #
We can verify versions after installation.
root@kuna:~ #freebsd-version -kru14.2-RELEASE-p1
14.2-RELEASE-p1
14.2-RELEASE-p3
It shows that we are running kernel 14.2-RELEASE-p1 and userland in 14.2-RELEASE-p3. These are the latest versions available at the moment.
Done.
Our FreeBSD Base System upgraded.
However, this is not the case for Third-Party Software. The next chapter will focus on this topic.
Third-Party Software Package Update and Upgrade
In previous sections, we were updated and upgraded the FreeBSD Base System.
After updating or upgrading the FreeBSD Base System, it is advisable to update Third-Party Software Packages as well, since they are not managed by freebsd-update.
For Third-Party software update use following command ...
pkg update
... and if you want upgrade third-party software packages, you have to use following command ...
pkg upgrade
Update Third-Party Software Packages
root@kuna:~ #pkg updateUpdating FreeBSD repository catalogue... Fetching meta.conf: 100% 179 B 0.2kB/s 00:01 Fetching data.pkg: 100% 10 MiB 10.4MB/s 00:01 Processing entries: 100% FreeBSD repository update completed. 35955 packages processed. All repositories are up to date.
Upgrade Third-Party Software Packages
root@kuna:~ #pkg upgradeUpdating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. New version of pkg detected; it needs to be installed first. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pkg: 1.21.3 -> 2.1.2 Number of packages to be upgraded: 1 12 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching pkg-2.1.2.pkg: 100% 12 MiB 12.6MB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading pkg from 1.21.3 to 2.1.2... [1/1] Extracting pkg-2.1.2: 100% Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking for upgrades (14 candidates): 100% Processing candidates (14 candidates): 100% The following 10 package(s) will be affected (of 0 checked): New packages to be INSTALLED: open-vm-kmod: 12.5.0.1402000,2 Installed packages to be UPGRADED: gettext-runtime: 0.22.5 -> 0.23.1 glib: 2.80.5,2 -> 2.80.5_1,2 indexinfo: 0.3.1 -> 0.3.1_1 libpfctl: 0.14 -> 0.15 open-vm-tools-nox11: 12.5.0,2 -> 12.5.0_1,2 pcre2: 10.43 -> 10.45 py311-packaging: 24.1 -> 24.2 python311: 3.11.10 -> 3.11.11 readline: 8.2.13_1 -> 8.2.13_2 Number of packages to be installed: 1 Number of packages to be upgraded: 9 34 MiB to be downloaded. Proceed with this action? [y/N]: y [1/10] Fetching indexinfo-0.3.1_1.pkg: 100% 6 KiB 6.0kB/s 00:01 [2/10] Fetching open-vm-tools-nox11-12.5.0_1,2.pkg: 100% 1 MiB 1.2MB/s 00:01 [3/10] Fetching py311-packaging-24.2.pkg: 100% 127 KiB 129.9kB/s 00:01 [4/10] Fetching open-vm-kmod-12.5.0.1402000,2.pkg: 100% 23 KiB 23.6kB/s 00:01 [5/10] Fetching glib-2.80.5_1,2.pkg: 100% 4 MiB 4.3MB/s 00:01 [6/10] Fetching pcre2-10.45.pkg: 100% 1 MiB 1.5MB/s 00:01 [7/10] Fetching readline-8.2.13_2.pkg: 100% 397 KiB 406.2kB/s 00:01 [8/10] Fetching gettext-runtime-0.23.1.pkg: 100% 230 KiB 235.7kB/s 00:01 [9/10] Fetching python311-3.11.11.pkg: 100% 27 MiB 28.0MB/s 00:01 [10/10] Fetching libpfctl-0.15.pkg: 100% 16 KiB 16.5kB/s 00:01 Checking integrity... done (0 conflicting) [1/16] Upgrading libpfctl from 0.14 to 0.15... [1/16] Extracting libpfctl-0.15: 100% [2/16] Installing open-vm-kmod-12.5.0.1402000,2... [2/16] Extracting open-vm-kmod-12.5.0.1402000,2: 100% [3/16] Deinstalling open-vm-tools-nox11-12.5.0,2... [3/16] Deleting files for open-vm-tools-nox11-12.5.0,2: 100% [4/16] Deinstalling glib-2.80.5,2... [4/16] Deleting files for glib-2.80.5,2: 100% [5/16] Upgrading pcre2 from 10.43 to 10.45... [5/16] Extracting pcre2-10.45: 100% [6/16] Deinstalling py311-packaging-24.1... [6/16] Deleting files for py311-packaging-24.1: 100% [7/16] Deinstalling python311-3.11.10... [7/16] Deleting files for python311-3.11.10: 100% [8/16] Deinstalling gettext-runtime-0.22.5... [8/16] Deleting files for gettext-runtime-0.22.5: 100% [9/16] Deinstalling readline-8.2.13_1... [9/16] Deleting files for readline-8.2.13_1: 100% [10/16] Upgrading indexinfo from 0.3.1 to 0.3.1_1... [10/16] Extracting indexinfo-0.3.1_1: 100% [11/16] Installing gettext-runtime-0.23.1... [11/16] Extracting gettext-runtime-0.23.1: 100% [12/16] Installing readline-8.2.13_2... [12/16] Extracting readline-8.2.13_2: 100% [13/16] Installing python311-3.11.11... [13/16] Extracting python311-3.11.11: 100% [14/16] Installing py311-packaging-24.2... [14/16] Extracting py311-packaging-24.2: 100% [15/16] Installing glib-2.80.5_1,2... [15/16] Extracting glib-2.80.5_1,2: 100% [16/16] Installing open-vm-tools-nox11-12.5.0_1,2... [16/16] Extracting open-vm-tools-nox11-12.5.0_1,2: 100% ==> Cleaning up trigger: gio-modules.ucl ==> Cleaning up trigger: glib-schemas.ucl ==> Running trigger: gio-modules.ucl Generating GIO modules cache ==> Running trigger: glib-schemas.ucl Compiling glib schemas No schema files found: doing nothing. root@kuna:~ #
Done.
Third-Party Software Packages has been also updated and upgraded.
No comments:
Post a Comment