While its relatively easy (or brain dead easy with GhostBSD or NomadBSD distributions) to install and configure a FreeBSD Desktop – one have to keep in mind that its also important to keep that system updated and secure.
There are many aspects about FreeBSD to keep it updates and secured.
The Table of Contents for this article is shown below:
- FreeBSD Base System
- Packages
- FreeBSD Linux Browser Installer
- WINE
- Cargo Packages
- FreeBSD Ports Tree
- Summary
Lets now discuss each section one by one.
FreeBSD Base System
First is the FreeBSD Base System which is updated by the frebsd-update(8) utility. It is not often you need to do this – from my experience its once a month need usually.
The list of needed commands are shown below.
# freebsd-version # frebsd-update fetch # frebsd-update install
While the freebsd-version(1) will tell you what version you are currently running the freebsd-update(8) will help you to update your FreeBSD system to have latest patches installed.
… but when to update the FreeBSD Base System anyway? Well – its quite simple – check the FreeBSD Security Advisories page – and if something posted there affects you – then you should move your ass and update it π
Packages
After you have taken care of the FreeBSD Base System the next one to make sure you are not too much far behind are the FreeBSD packages.
You can of course check if any of your installed packages have any reported security holes as shown below.
# pkg audit -F
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.
The above message shows that your installed packages are safe – but its not the message you see the most of the time π
Below are the commands that you would use to update your FreeBSD desktop system.
# pkg upgrade # pkg autoremove # pkg clean -y --all
… and yes it does include some extra steps to remove cached packages – and probably now not needed as the are already installed anyway.
I do not think that anything more should be added here – maybe a short mention about the packages branch you are using. The default one is the quarterly branch that has packages build every quarter.
Maybe its sometimes reasonable for the server like environments – but I prefer to have the latest versions of what FreeBSD maintainers do offer in their hard and often underestimated work.
This is why I always use – both on desktop and servers – the latest packages branch.
This means that packages are (re)built once a week or faster and you get what is latest and fresh.
I will not convince you what is better – you will have to decide for yourself.
FreeBSD Linux Browser Installer
The Linux Browser Installer helps a lot on FreeBSD systems. It provides browsers (via the Linux Compatibility Layer) that are not natively available on FreeBSD – but with DRM sh!t needed to access for example Netflix content.
The Linux Browser Installer is easy to install – but its also easy to update.
Below you will find commands that will keep your Linux Browser Installer updated and secure.
EDIT: You will need small patch to make it work currently β patch fetch and apply added in this color below β check Fix linux-browser-installer(8) on FreeBSD for details.
# git clone https://github.com/mrclksr/linux-browser-installer.git # cd linux-browser-installer # fetch https://raw.githubusercontent.com/vermaden/scripts/master/linux-browser-installer.PATCH # patch < linux-browser-installer.PATCH # ./linux-browser-installer chroot upgrade # cd ../ # rm -rf linux-browser-installer
WINE
One may think that WINE is just another package and that it was already updated during the # pkg upgrade cycle – it depends – the default WINE package is for 64bit excusables … but its also possible to run (and often needed) the older 32bit executables.
The problem is that the 32bit environment has its own separate root with its own packages set.
To be honest its not a big deal – you just need to remember to update it along with other things you update periodically π
Below is the command that updates the 32bit WINE binaries/packages.
% /usr/local/share/wine/pkg32.sh upgrade % /usr/local/share/wine/pkg32.sh autoremove % /usr/local/share/wine/pkg32.sh pkg clean -y --all
One of the things you need to keep in mind that it is done by you (user) and not the root user of the machine.
Cargo Packages
While 95% of this topic is covered above – no one prevents you from using the additional Cargo packages – and I do it myself also.
Its just that some software is not yet available by the official FreeBSD packages – but its already official by using the Cargo packages.
I personally use about 10 different Cargo packages that are still not available on the FreeBSD packages.
Here are the instructions to keep these Cargo packages updated.
First and most important – you need to install the cargo-update package to be able to update installed Cargo packages.
Then you may just use the other command to have Cargo packages updated.
# cargo install cargo-update # cargo install-update -a
FreeBSD Ports Tree
Last but not least – the FreeBSD Ports Tree – which even if you only use binary packages – can often come handy in some exceptions.
We all know the ‘default’ rule that mixing Packages and Ports is a bad idea in the FreeBSD world – and I generally agree – its a bad idea if you do not know what you are doing.
If you do know what you are doing – you may mix anything with everything – just do not spam the FreeBSD Forums for help later π
The tool to update the local FreeBSD Ports Tree on your machine is still portsnap(8) and the auto argument is usually more then enough.
# portsnap auto
From the other things – you may want to setup the WRKDIRPREFIX variable to have everything built in the /usr/ports/obj directory – to have everything in one place.
# grep WRKDIRPREFIX /etc/make.conf WRKDIRPREFIX=${PORTSDIR}/obj # rm -rf \ /usr/ports/obj \ /usr/ports/distfiles
I often also clean the /usr/ports/obj and /usr/ports/distfiles directories.
Summary
Besides the things that I have wrote above I also sometimes save some binaries to the ~/scripts/bin path. There is not upgrade path for them besides manually checking the provider page.
Some examples of such software on my system are doso or cpuc ones.
As I do not have anything more to add here – please feel free to comment what is missing in keeping your workstation updated and secure.
EOF
ππππππππ 
Pingback: Keep FreeBSD Desktop Updated - My Blog
Just want to point this:
“Some examples of suc*H* software on my system are doso or cpuc ones.”
LikeLike
You are right. Fixed π
LikeLike
Great article btw.
I use this script to keep my FBSD updated:
#!/usr/bin/env bash if [[ "${UID}" != "0" ]] ; then echo "UID != 0" ; exit ; fi printexec() { printf "\e[91;1m * ${*}\e[0m\n" "${@}" } printexec freebsd-update fetch install printexec pkg update printexec pkg upgrade printexec pkg autoremove printexec pkg check -d -s -a printexec pkg audit -F -r printexec pkg clean -y printexec portsnap fetch update printexec portmaster --clean-distfiles printexec pkg stats reboot_check() { _fbsd="$(freebsd-version -k)" _unamer="$(uname -r)" [[ "$_unamer" == "$_fbsd" ]] && printf "\e[91;1m * Done\e[0m\n" || printf "\e[91;1m * Done, Kernel was updated, reboot is required!\e[0m\n" } reboot_check exit 0LikeLike
Pingback: Links 23/01/2023: Fwupd 1.8.10 | Techrights
Pingback: Valuable News – 2023/01/23 | ππππππππ
Thank you for the valuable information on the mailing list and your blog. Best regards
LikeLike
Thank You and I am glad that it was useful.
Cheers mate.
LikeLike
Many thanks for your helpful tips on setting up a FreeBSD desktop! They made switching from Arch Linux a breeze π
On installing the packages for CUPS-PDF and LibreOffice, information was displayed that several packages don’t have maintainers. Is this a reason to be worried about, or is it usual in FreeBSD that packages don’t have maintainers, but sooner or later there will be a maintainer again?
As I can’t assess (not even after extensively searching the web) whether desktop use is just a “by-product” of FreeBSD in 2023, or whether it will be seriously supported in the near and longer future, I’d be very grateful to hear your opinion on this topic.
Many thanks and best regards
Rolf
LikeLiked by 1 person
Thank You π
IMHO its nothing critical that a port does not have a maintainer – many ports are ‘simple’ and for example even me and You can propose a patch to update the port – port will be updated by some FreeBSD maintainer, will be up to date – and still will not have a ‘dedicated’ maintainer.
For larger ports like Firefox or Chromium with some patches that need to be maintained – lack of maintainer would be problematic tho …
FreeBSD is a general purpose UNIX system – you can compare that to Debian/Devuan for example. You can create a server out of it – you can create desktop out of it (like mine or GhostBSD or NomadBSD) – you can base an appliance on it (like TrueNAS).
Regards,
vermaden
LikeLike
Many thanks for your helpful information! I didn’t know ports may be updated even without a dedicated maintainer. That’s good and reassuring news to me.
Best regards
Rolf
LikeLike
For the second installation, I am OK with FreeBSD as a desktop. Valuable articles here, good advises. Next step I will craft something OK via vm-bhyve.
As a simple comparison, so far, none of Linux distros used before moved so fast like FreeBSD.
LikeLike
Thank You.
LikeLike