Keeping your ports updated
The applications in the Ports Collection aren't part of the FreeBSD base operating system and have to be monitored for updates separately. The Ports Collection itself is a set of metadata on how to get each application's source code and how to patch it so it compiles cleanly on FreeBSD. There are maintainers for every application in the Ports Collection who update this metadata when a new version of an application is available. Depending on the maintainer's workload and the amount of changes, it might take a while for the new version to show up in the Ports Collection though. Ultimately it's up to yourself to monitor each application's web site for changes and updates that are important to you. This guide will show you some tools and ways to keep your installed ports updated.
Update the Ports Collection source tree
You always have to start with an updated copy of the Ports Collection and if you've followed the other guides you already have a supfile that updates both FreeBSD and the Ports. Let's make a new supfile that only updates the Ports Collection.
# cp /usr/supfile /usr/ports-supfile
Open /usr/ports-supfile in your editor and remove the following row.
Save the file again and use it to update the Ports Collection.
# cd /usr # csup ports-supfile
When the update has finished you always need to create an index of the Ports tree and all its dependencies. This index also takes into account any configurations you have made on any of the options screens so it's unique to your installation.
# cd /usr/ports # make index Generating INDEX-7 - please wait..
It will take some time to create this index and you may see some warnings at the end of that procedure complaining of duplicate index entries. You can safely ignore them.
Check for updated ports
The simplest way of comparing your installed ports versions against the updated ports tree is like this:
# pkg_version -vL\>=
This will produce an output similar to this:
ImageMagick-nox11-220.127.116.11 < needs updating (port has 18.104.22.168) apache-2.2.9 < needs updating (port has 2.2.9_4) net-snmp-22.214.171.124_1 < needs updating (port has 126.96.36.199_2) png-1.2.28 < needs updating (port has 1.2.31) pecl-zip-1.9.0 ! Comparison failed
You can see here that there are four applications that have updates available. Whether they need to be updated or not is up to you. Some people prefer to always have the latest versions installed and some don't. The last line in the output needs some more explanation. A message like that usually happens when an application has been removed from the Ports Collection or has moved to another category.
Check /usr/ports/UPDATING and /usr/ports/MOVED
Before attempting to upgrade any port you must always check if your installed ports are mentioned in /usr/ports/UPDATING or /usr/ports/MOVED. If they're mentioned in UPDATING, there are usually special instructions included to update that port correctly and if they're mentioned in MOVED, you will need the new category and name of the port.
General upgrading instructions
You can always deinstall and reinstall a port manually but if you have many ports to update it's easier to do this with a tool that can do this automatically for you, so let's install Portmaster. This application is usually referenced in MOVED and UPDATING so you'll need it.
# cd /usr/ports/ports-mgmt/portmaster # make # make install clean # rehash
Various updating scenarios
Unless there are any special instructions in /usr/ports/UPDATING that applies to you, you should always start by updating any moved or replaced ports.
portmaster -o new-category/new-portname old-category/old-portname
# portmaster -o archivers/php5-zip archivers/pecl-zip
To update a single port:
# portmaster apache
To update every port that needs updating:
# portmaster -a
Recompile every installed port regardless of if they need updating or not:
# portmaster -af
If there are config options available, Portmaster will recurse through them first if they haven't already been configured once. If you want to force the config options to show you can add --force-config as the first parameter on the command line. Portmaster will create a backup of every outdated application and if the upgrade succeeds you will be given the option to delete the backup. When everything has been updated you should at least restart the daemons created by ports like Apache and net-snmp above. A reboot of the router is not a bad thing at this point although not absolutely necessary if you know what you do. Also, remember that sometimes an upgrade will fail and you will have to search on the mailing lists for an answer or even ask a question there yourself. freebsd-ports is a good mailing list in this respect.
Automate the version checking
Work in progress
If you don't want to update your ports frequently you should at least be aware of any security issues that are found. There's an application in the Ports Collection to help you with this.
# cd /usr/ports/ports-mgmt/portaudit # make # make install clean # rehash
Now you can check for security issues manually.
# portaudit -Fda auditfile.tbz 100% of 50 kB 82 kBps New database installed. Database created: Wed Sep 3 20:10:02 CEST 2008 Affected package: php5-posix-5.2.6_1 Type of problem: php -- input validation error in posix_access function. Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849.html> 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately.
Portaudit will create such a report automatically once a day in your system's security email. It fetches a database with known security issues and compares it to the versions of the applications you have installed. In this example none of the outdated applications in the example are mentioned but another application, that is already up-to-date with the ports tree, is mentioned instead. If you follow the reference link you can read about the details and decide for yourself if you want to remove the affected application or wait for an update. If you really wanted to address the problem you would either have to wait for the Ports Collection to be updated or manually download the source code from the developer and try to compile it outside the ports tree but that is outside the scope of this guide.
- The warnings about duplicate index entries from make index are irritating. From info collected on the Internet it appears to be due to a mistake made by the port maintainer so it appears there is nothing that can be done on the user side. It would be great to have this sorted out once and for all.