FreeBSD Manual Pages
FREEBSD-UPDATE(8) System Manager's Manual FREEBSD-UPDATE(8) NAME freebsd-update -- fetch and install binary updates to FreeBSD SYNOPSIS freebsd-update [-F] [-b basedir] [--currently-running release] [-d workdir] [-f conffile] [-j jail] [-k KEY] [--not-running-from-cron] [-r newrelease] [-s server] [-t address] command ... DESCRIPTION The freebsd-update tool is used to fetch, install, and rollback binary updates to the FreeBSD base system. BINARY UPDATES AVAILABILITY Binary updates are not available for every single FreeBSD version and architecture. In general, binary updates are available for ALPHA, BETA, RC, and RE- LEASE versions of FreeBSD, e.g.: FreeBSD 13.1-ALPHA3 FreeBSD 13.1-BETA2 FreeBSD 13.1-RC1 FreeBSD 13.1-RELEASE They are not available for branches such as PRERELEASE, STABLE, and CURRENT, e.g.: FreeBSD 13.0-PRERELEASE FreeBSD 13.1-STABLE FreeBSD 14.0-CURRENT In particular, the FreeBSD Security Team only builds updates for re- leases shipped in binary form by the FreeBSD Release Engineering Team. OPTIONS The following options are supported: -b basedir Operate on a system mounted at basedir. (default: /, or as given in the configuration file.) -d workdir Store working files in workdir. (default: /var/db/freebsd-update/, or as given in the configura- tion file.) -f conffile Read configuration options from conffile. (default: /etc/freebsd-update.conf) -F Force freebsd-update fetch to proceed in the case of an unfinished upgrade. -j jail Operate on the given jail specified by jid or name. (The version of the installed userland is detected and the --currently-running option is no more required.) -k KEY Trust an RSA key with SHA256 of KEY. (default: read value from configuration file.) -r newrelease Specify the new release (e.g., 11.2-RELEASE) to which freebsd-update should upgrade (upgrade command only). -s server Fetch files from the specified server or server pool. (default: read value from configuration file.) -t address Mail output of cron command, if any, to address. (de- fault: root, or as given in the configuration file.) --not-running-from-cron Force freebsd-update fetch to proceed when there is no controlling tty(4). This is for use by automated scripts and orchestration tools. Please do not run freebsd-update fetch from crontab(5) or similar using this flag, see: freebsd-update cron --currently-running release Do not detect the currently-running release; instead, assume that the system is running the specified release. This is most likely to be useful when upgrading jails. COMMANDS The command can be any one of the following: fetch Based on the currently installed world and the configuration options set, fetch all available binary updates. cron Sleep a random amount of time between 1 and 3600 seconds, then download updates as if the fetch command was used. If updates are downloaded, an email will be sent (to root or a different address if specified via the -t option or in the configuration file). As the name suggests, this command is designed for running from cron(8); the random delay serves to minimize the probability that a large number of machines will simultaneously attempt to fetch updates. upgrade Fetch files necessary for upgrading to a new release. Before using this command, make sure that you read the announcement and release notes for the new release in case there are any special steps needed for upgrading. Note that this command may require up to 500 MB of space in workdir depending on which components of the FreeBSD base system are installed. updatesready Check if there are fetched updates ready to install. Returns exit code 2 if there are no updates to install. install Install the most recently fetched updates or upgrade. Re- turns exit code 2 if there are no updates to install and the fetch command wasn't passed as an earlier argument in the same invocation. rollback Uninstall the most recently installed updates. IDS Compare the system against a "known good" index of the in- stalled release. showconfig Show configuration options after parsing conffile and command line options. TIPS • If your clock is set to local time, adding the line 0 3 * * * root /usr/sbin/freebsd-update cron to /etc/crontab will check for updates every night. If your clock is set to UTC, please pick a random time other than 3AM, to avoid overly imposing an uneven load on the server(s) hosting the up- dates. • In spite of its name, freebsd-update IDS should not be relied upon as an "Intrusion Detection System", since if the system has been tampered with it cannot be trusted to operate correctly. If you intend to use this command for intrusion-detection purposes, make sure you boot from a secure disk (e.g., a CD). ENVIRONMENT PAGER The pager program used to present various reports during the ex- ecution. (Default: "/usr/bin/less".) PAGER can be set to "cat" when a non-interactive pager is de- sired. FILES /etc/freebsd-update.conf Default location of the freebsd-update con- figuration file. /var/db/freebsd-update/ Default location where freebsd-update stores temporary files, downloaded updates, and files required for rollback. All files under /var/db/freebsd-update/ may be deleted if an upgrade is not in progress and rollback will not be required. SEE ALSO freebsd-version(1), uname(1), freebsd-update.conf(5), nextboot(8) AUTHORS Colin Percival <cperciva@FreeBSD.org> BUGS In patch level situations for example, 13.2-RELEASE-p1 up to 13.2-RE- LEASE-p2: if any previous modification to a file in /etc/ will conflict with an available update, then freebsd-update will make no attempt to merge. Instead: freebsd-update will print a list of affected locally- modified files. FreeBSD 13.2 October 4, 2023 FREEBSD-UPDATE(8)
NAME | SYNOPSIS | DESCRIPTION | BINARY UPDATES AVAILABILITY | OPTIONS | COMMANDS | TIPS | ENVIRONMENT | FILES | SEE ALSO | AUTHORS | BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=freebsd-update&manpath=FreeBSD+14.2-RELEASE+and+Ports>