FREEBSD-UPDATE(8) BSD System Manager's Manual FREEBSD-UPDATE(8)NAMEfreebsd-update — fetch and install binary updates to FreeBSD
SYNOPSISfreebsd-update [-b basedir] [-d workdir] [-f conffile] [-k KEY]
[-r newrelease] [-s server] [-t address] command ...
The freebsd-update tool is used to fetch, install, and rollback binary
updates to the FreeBSD base system. Note that updates are only available
if they are being built for the FreeBSD release and architecture being
used; in particular, the FreeBSD Security Team only builds updates for
releases shipped in binary form by the FreeBSD Release Engineering Team,
e.g., FreeBSD 7.3-RELEASE and FreeBSD 8.0, but not FreeBSD 6.3-STABLE or
The following options are supported
-b basedir Operate on a system mounted at basedir. (default: /, or as
given in the configuration file.)
-d workdir Store working files in workdir. (default:
/var/db/freebsd-update/, or as given in the configuration
-f conffile Read configuration options from conffile. (default:
-k KEY Trust an RSA key with SHA256 of KEY. (default: read value
from configuration file.)
Specify the new release to which freebsd-update should
upgrade (upgrade command only).
-s server Fetch files from the specified server or server pool.
(default: read value from configuration file.)
-t address Mail output of cron command, if any, to address. (default:
root, or as given in the configuration file.)
The command can be any one of the following:
fetch Based on the currently installed world and the configuration
options set, fetch all available binary updates.
cron Sleep a random amount of time between 1 and 3600 seconds,
then download updates as if the fetch command was used. If
updates are downloaded, an email will be sent (to root or a
different address if specified via the -t option or in the
configuration file). As the name suggests, this command is
designed for running from cron(8); the random delay serves
to minimize the probability that a large number of machines
will simultaneously attempt to fetch updates.
upgrade Fetch files necessary for upgrading to a new release.
Before using this command, make sure that you read the
announcement and release notes for the new release in case
there are any special steps needed for upgrading.
install Install the most recently fetched updates or upgrade.
rollback Uninstall the most recently installed updates.
IDS Compare the system against a "known good" index of the
· If your clock is set to local time, adding the line
0 3 * * * root /usr/sbin/freebsd-update cron
to /etc/crontab will check for updates every night. If your clock is
set to UTC, please pick a random time other than 3AM, to avoid overly
imposing an uneven load on the server(s) hosting the updates.
· In spite of its name, IDS should not be relied upon as an "Intrusion
Detection System", since if the system has been tampered with it can‐
not be trusted to operate correctly. If you intend to use this com‐
mand for intrusion-detection purposes, make sure you boot from a
secure disk (e.g., a CD).
/etc/freebsd-update.conf Default location of the freebsd-update configu‐
/var/db/freebsd-update/ Default location where freebsd-update stores
temporary files and downloaded updates.
Colin Percival ⟨cperciva@FreeBSD.org⟩
FreeBSD July 14, 2010 FreeBSD