security patch vs. binary upgrade

Matthew Seaman matthew at
Sun Jun 28 15:45:49 UTC 2015

On 28/06/2015 15:39, Polytropon wrote:
> there's also the suggestion
> to remove /usr/local entirely (after having copied any needed
> configuration of course!) and re-instantiate it using mtree,
> and removing the package database, then finally perform the
> reinstallation. However I don't know if pkg (in comparison
> to old pkg_* tools) likes that approach. :-)

Works fine with pkg(8) so long as you tell pkg that all the ports have
been deleted when you nuke /usr/local.  Which boils down to either:

a) use pkg(8) to delete everything:

    pkg delete -a

  (which will actually delete everything except pkg(8) itself.  You may
   need to 'pkg unlock' stuff beforehand though.)  Do this before
  nuking /usr/local.

b) move aside your old package database, and start again with a fresh
   one.  You can do this before or after nuking /usr/local:

   cd /var/db/pkg
   mv local.sqlite local.sqlite.old

Then after cleaning out /usr/local:

   pkg bootstrap -f

and proceed with installing whatever ports you want.  Oh, and make sure
you keep a backup of /usr/local/etc somewhere, as you'll inevitably want
to reinstate some of the config files from there.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 971 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the freebsd-questions mailing list