freebsd-update(8) [freebsd man page]
FREEBSD-UPDATE(8) BSD System Manager's Manual FREEBSD-UPDATE(8) NAME
freebsd-update -- fetch and install binary updates to FreeBSD SYNOPSIS
freebsd-update [-b basedir] [-d workdir] [-f conffile] [-k KEY] [-r newrelease] [-s server] [-t address] command ... DESCRIPTION
The freebsd-update tool is used to fetch, install, and rollback binary updates to the FreeBSD base system. Note that updates are only avail- able if they are being built for the FreeBSD release and architecture being used; in particular, the FreeBSD Security Team only builds updates for releases shipped in binary form by the FreeBSD Release Engineering Team, e.g., FreeBSD 7.3-RELEASE and FreeBSD 8.0-RELEASE, but not FreeBSD 6.3-STABLE or FreeBSD 9.0-CURRENT. OPTIONS
The following options are supported: -b basedir Operate on a system mounted at basedir. (default: /, or as given in the configuration file.) -d workdir Store working files in workdir. (default: /var/db/freebsd-update/, or as given in the configuration file.) -f conffile Read configuration options from conffile. (default: /etc/freebsd-update.conf) -k KEY Trust an RSA key with SHA256 of KEY. (default: read value from configuration file.) -r newrelease Specify the new release to which freebsd-update should upgrade (upgrade command only). -s server Fetch files from the specified server or server pool. (default: read value from configuration file.) -t address Mail output of cron command, if any, to address. (default: root, or as given in the configuration file.) COMMANDS
The command can be any one of the following: fetch Based on the currently installed world and the configuration options set, fetch all available binary updates. cron Sleep a random amount of time between 1 and 3600 seconds, then download updates as if the fetch command was used. If updates are downloaded, an email will be sent (to root or a different address if specified via the -t option or in the configuration file). As the name suggests, this command is designed for running from cron(8); the random delay serves to minimize the proba- bility that a large number of machines will simultaneously attempt to fetch updates. upgrade Fetch files necessary for upgrading to a new release. Before using this command, make sure that you read the announcement and release notes for the new release in case there are any special steps needed for upgrading. Note that this command may require up to 500 MB of space in workdir depending on which components of the FreeBSD base system are installed. install Install the most recently fetched updates or upgrade. rollback Uninstall the most recently installed updates. IDS Compare the system against a "known good" index of the installed release. TIPS
o If your clock is set to local time, adding the line 0 3 * * * root /usr/sbin/freebsd-update cron to /etc/crontab will check for updates every night. If your clock is set to UTC, please pick a random time other than 3AM, to avoid overly imposing an uneven load on the server(s) hosting the updates. o In spite of its name, freebsd-update IDS should not be relied upon as an "Intrusion Detection System", since if the system has been tam- pered with it cannot be trusted to operate correctly. If you intend to use this command for intrusion-detection purposes, make sure you boot from a secure disk (e.g., a CD). FILES
/etc/freebsd-update.conf Default location of the freebsd-update configuration file. /var/db/freebsd-update/ Default location where freebsd-update stores temporary files and downloaded updates. SEE ALSO
freebsd-update.conf(5) AUTHORS
Colin Percival <cperciva@FreeBSD.org> FreeBSD July 14, 2010 FreeBSD
Check Out this Related Man Page
FREEBSD-UPDATE.CONF(5) BSD File Formats Manual FREEBSD-UPDATE.CONF(5) NAME
freebsd-update.conf -- configuration file for freebsd-update(8) DESCRIPTION
The freebsd-update.conf file controls the behaviour of the freebsd-update(8) utility. The file contains lines consisting of a case-sensitive option name and zero or more parameters. Empty lines and any part of a line following a '#' character are ignored. Unless stated otherwise, specifying an option multiple times is an error. The possible options and their meanings are as follows: KeyPrint The single parameter following this keyword is the SHA256 hash of the RSA key which will be trusted to sign updates. ServerName The single parameter following this keyword is the name of the server or server pool from which updates will be downloaded. Components The parameters following this keyword are the components or sub-components of FreeBSD which will be updated. The components are ``src'' (source code), ``world'' (non-kernel binaries), and ``kernel''; the sub-components are the individual distribution sets generated as part of the release process (e.g., ``src/base'', ``src/sys'', ``world/base'', ``world/catpages'', ``kernel/smp''). Note that prior to FreeBSD 6.1, the ``kernel'' component was distributed as part of ``world/base''. This option can be specified multiple times, and the parameters accumulate. IgnorePaths The parameters following this keyword are regular expressions; updates to paths which start with a string matching one of these regular expressions will be ignored. This option can be specified multiple times, and the parameters accumulate. IDSIgnorePaths The parameters following this keyword are regular expressions; paths which start with a string matching one of these regular expressions will be ignored by "freebsd-update IDS". This option can be specified multiple times, and the parameters accumulate. UpdateIfUnmodified The parameters following this keyword are regular expressions; updates to paths which start with a string matching one of these regular expressions will be ignored if the files have been modified locally (unless they are merged -- see MergeChanges below). This option can be specified multiple times, and the parameters accumulate. MergeChanges The parameters following this keyword are regular expressions; updates to paths which start with a string matching one of these regular expressions will be merged with local modifications. This option can be specified multiple times, and the parameters accumulate. WorkDir The single parameter following this keyword is the directory in which temporary files and downloaded updates will be stored. MailTo The single parameter following this keyword is the address to which cron output will be mailed. AllowAdd The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update is allowed to create new files, directories, and symlinks if these are part of updates downloaded. Note that freebsd-update will not re-add files which have been deleted from a FreeBSD installation unless those files were previously added as part of an update. AllowDelete The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update is allowed to delete files, directories, and symlinks as part of updates downloaded. KeepModifiedMetadata The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update should keep existing file ownership, permissions, and flags when installing updates if these have been modified locally. StrictComponents The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update should interpret the list of components of FreeBSD specified via the Components option strictly as a list of components installed which should be upgraded when the upgrade command is used ("yes"), or merely as a list of components which might be installed, of which freebsd-update should identify which in fact are present ("no"). BackupKernel The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update will cre- ate a backup of the old kernel before installing a new kernel. This backup kernel can be used to recover a system where the newly installed kernel somehow did not work. Note that the backup kernel is not reverted to its original state by the freebsd-update rollback command. BackupKernelDir This keyword sets the directory which is used to store a backup kernel, if the BackupKernel feature is enabled. If the directory already exist, and it was not created by freebsd-update, the directory is skipped. In the case of the primary directory name not being usable, a number starting with '1' is appended to the directory name. Like with the primary directory name, the constructed directory name is only used if the path name does not exist, or if the directory was previously created by freebsd-update. If the constructed directory still exist the appended number is incremented with 1 and the directory search process restarted. Should the number increment go above 9, freebsd-update will abort. BackupKernelSymbolFiles The single parameter following this keyword must be ``yes'' or ``no'' and specifies whether freebsd-update will also backup kernel symbol files, if they exist. The kernel symbol files takes up a lot of disk space and are not needed for recovery purposes. If the symbol files are needed, after recovering a system using the backup kernel, the freebsd-update rollback command will recreate the symbol files along with the old kernel. FILES
/etc/freebsd-update.conf Default location of the freebsd-update configuration file. SEE ALSO
sha256(1), freebsd-update(8) AUTHORS
Colin Percival <cperciva@FreeBSD.org> FreeBSD August 19, 2009 FreeBSD