security patch vs. binary upgrade

Polytropon freebsd at
Mon Jun 22 00:52:53 UTC 2015

On Sun, 21 Jun 2015 12:43:45 +0200, Lev wrote:
> Hello List,
> I installed FreeBSD 10.1 on my home server, and it runs as expected.
> I don't really understand one thing:
> What is the difference between
> pkg update/upgrade
> and
> freebsd-update fetch
> freebsd-update install
> If I patch my sustem with security patches, and then upgrade the binary
> packages will the patches lost?

FreeBSD has an important differentiation between the operating
system (FreeBSD itself) and the applications which are installed.
Those packages, "everything else", are managed by the ports tree,
or in your case, more precisely, the pkg interface to the precompiled
binary packages.

So what you're seeing here is that:

1. freebsd-update updates your OS, and

2. pkg updates your installed applications.

Both are not (directly) connected to each other. For example, you
could remove all your installed packages, and then _still_ have a
fully functional OS. This is, by the way, a common idea when moving
from one major OS version to another, which usually involves the
re-installation of all application software.

You're probably coming from Linux land where the OS itself is an
arbitrary compilation of packages, and even the OS kernel is
considered a package. Linux distributions does not have a concept
of "just the OS" directly implemented, and the distribution
maintainers decide what their "OS" consists of. Different
compilations, and even different package management tools
are therefore common.

On FreeBSD, you can update the OS and keep the versions of the
installed applications, or keep the OS version but update the
installed applications only. It's your choice. In order to achieve
this goal, two different tools are provided for the two different

> Btw... freebsd-update install writes this:
> Installing
> updates...install: ///usr/src/contrib/file/magic/Magdir/kerberos: No such file or directory
> install: ///usr/src/contrib/file/magic/Magdir/meteorological: No such file or directory install: ///usr/src/contrib/file/magic/Magdir/qt: No
> such file or directory
> install: ///usr/src/crypto/openssl/util/ No such file or directory
> Is this okay?

Not _that_ okay. :-)

The installer expects the /usr/src subtree to be present. The
easiest way to deal with that is to install it from the installation
media or via Internet. The source distribution src.txz for the
version you're running needs to be extracted to /usr/src, so the
installer will find the files it's refering to.

Once /usr/src is there, freebsd-update will keep the sources up
to date if the "src" component is enabled in its setup file,
/etc/freebsd-update.conf; see "Components" entry.

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list