How to Install Packages with pkg on FreeBSD?

Published on: December 12, 2022

.

24 min read

.

For German Version

FreeBSD is a popular server platform and free, open-source Unix-like operating system evolved from Berkeley Software Distribution (BSD). FreeBSD is an operating system intended to run modern servers, PCs, and embedded devices.

The term BSD stands for "Berkeley Software Distribution". It refers to source code releases from the University of California, Berkeley that were originally additions to AT&T's Research UNIX operating system. Multiple open-source operating system projects are based on this source code's 4.4BSD-Lite version. In addition, they incorporate several packages from other Open Source projects, particularly the GNU project.

FreeBSD has an extensive assortment of system tools as part of its base system. FreeBSD offers two complimentary mechanisms for installing third-party software:

• Ports: the FreeBSD Ports Collection is used for installing applications from source code.

• Packages: Packages are used for installing applications from pre-built binaries.

Installing software from local media or the network is possible using either technique.

In this article we will cover the following topics:

• The distinction between packages and ports on FreeBSD.

• How to locate third-party applications that have been ported to FreeBSD?

• How to handle binary packages with pkg?

What are the Differences between Ports and Packages on FreeBSD?

Packages and Ports Collection are the two major mechanisms for obtaining programs and system utilities in FreeBSD. When installing these utilities, users will be required to pick between the two bundles.

Ports is a FreeBSD method for developing extra software. With Ports, you begin with the software vendor's raw source code and construct the product to your specifications, adding and removing features as needed. The files that make up a port include all the information required to automatically download, extract, patch, build, and install a program. The source code may need to be modified for appropriate installation and operation if the software has not been previously converted and tested on FreeBSD. More than 36 thousand third-party apps have been ported to FreeBSD. When possible, these apps are made available as pre-compiled packages for download.

Packages are pre-compiled binary packages that are often smaller than whole port installs and do not need compilation time. Packages enable you swiftly install, remove, and update add-on applications. The packaging mechanism of FreeBSD is known as package or pkg. Package information is kept in an SQLite database, which may be queried for package details.

However, ports are a far more flexible alternative, enabling users to participate directly in the construction process and customize the application to their liking.

In addition, installing a program from a port assists the user in comprehending how the application is constructed, configured, and ultimately produced as a binary.

Packages and ports both comprehend dependencies. If a package or port is used to install a program and a required library is not already installed, the library will be installed automatically before the application.

A FreeBSD package includes all of an application's precompiled commands, as well as any configuration files and documentation. Using pkg(8) commands, such as pkg install, it is possible to alter packages.

While the two technologies are comparable, packages and ports possess distinct advantages. Choose the technology that matches your installation requirements for a certain application.

What are the Benefits of FreeBSD Packages?

The main advantages of FreeBSD packages are as follows:

• FreeBSD packages do not need a grasp of the software compilation process.
• Packages do not need compilation time. On a sluggish machine, this might be essential for huge programs such as Mozilla, KDE, and GNOME.
• Typically, a compressed package tarball is smaller than the compressed tarball containing the application's source code.

What are the Benefits of FreeBSD Ports?

The primary advantages of FreeBSD ports are as listed below:

• Some software's license terms prohibit binary distribution. Such software must be delivered as source code that the end-user must build.
• Packages are often constructed using conservative settings since they must run on as many platforms as possible. By compiling from the port, compilation parameters may be altered.
• Some individuals do not trust binary distributions and would rather examine source code for possible bugs.
• Some apps provide compile-time options for controlling which features are installed. Apache, for instance, may be adjusted with a vast array of built-in options. In certain instances, numerous packages for the same program exist to specify different parameters. Depending on whether or not Xorg is installed, Ghostscript is provided as a ghostscript package and a ghostscript-nox11 package. If an application has more than one or two distinct compile-time options, creating several packages quickly becomes unfeasible.
• To apply custom patches, source code is necessary.

tip

Before installing any software, check https://vuxml.freebsd.org/ for security concerns associated with the application, or run the following common to scan all installed apps for known vulnerabilities.

pkg audit -F

Does FreeBSD have a Package Manager?

Yes. pkg is the next-generation replacement for the existing FreeBSD package management tools, with several features that make working with binary packages quicker and simpler.

pkg does not replace port management utilities such as ports-mgmt/portmaster and ports-mgmt/portupgrade. These utilities can install third-party software from both binary packages and the Ports Collection, while pkg exclusively installs binary packages.

What is the History of FreeBSD Package Management?

Early versions of BSD lacked a package management. In his article "Third-party software management under BSD," Andrew Pantyukhin explains that BSD was initially built "with rich userlands so that users would never have to consider anything third-party." This is a fancy way of expressing that BSD (and other systems) were intended to have all the necessary software pre-installed.

Those wishing to install software often faced an uphill struggle. Pantyukhin said, "Before package management, as we know it existed, developers chose to spend their time addressing installation difficulties as opposed to considering deinstallation. A user had to get a file archive, extract it, maybe modify it and build it, and finally install it."

Jordan K. Hubbard, one of the founders of the FreeBSD project and developer of the current FreeBSD port system, stepped into the void. According to Michel Talon's article on the FreeBSD ports system, it is "a complicated set of tools and data files that enables retrieval, compilation and installation of software packages on a machine."

On the tenth anniversary of their package manager pkgsrc, which is based on the FreeBSD port system, the NetBSD team interviewed Hubbard. When asked why he designed the ports system, Hubbard said, "As much as I'd want to claim that it all came to me in a stroke of inspiration one day, the reality is considerably more mundane. Every new FreeBSD system I built and installed (and I was building quite a few PCs in those days) required customization with the same "extra bits" (bash, emacs, MH, etc.), and every time was the same old drill - remember where to find the bits, fetch and unpack the bits, configure/patch the bits as necessary, build and install".

Hubbard made the decision to automate the issue. As he said in the interview, he used his expertise of make "to construct bsd.port.mk and a handful of ports to test and enhance the idea. Within a few weeks, I had installed all of my favorite applications on the new machine". In August of 1994, he determined that the code was complete and made it accessible to the public. Hubbard submitted bsd.port.mk with the following note to the FreeBSD CVS repository:

"Commit my new ports make macros. Still not 100% complete yet by any means, but fairly usable at this stage."

He then uploaded ports for some of his favorite applications, including emacs, jove, and bash. In a short time, the collection of ports increased to over 200. Once Hubbard saw that the ports were gaining popularity, he wanted to simplify them. As he explained to the NetBSD interviewers:

"it was also becoming clear to me that we were going to need some sort of package management system which allowed end-users to have all the benefits of make install in the ports collection without having to actually go through all the intervening steps, so I dragooned Satoshi Asami into the role of Ports Meister and went off to write pkg_install(1) as the logical counterpart to ports."

Thus, the ports system familiar to FreeBSD users was created.

The ports system served FreeBSD well over the years, although it was more of a temporary solution than a permanent one. The ports system worked well for experienced users and server administrators, but it was more difficult for newcomers. The port system has further flaws. In fact, the author of the port system noted in the code that it was unattractive and poorly written:

"This is seriously ugly code following. Written very fast! [And subsequently made even worse.. Sigh! This code was just born to be hacked, I guess.." -jkh

"Modernizing FreeBSD package management" was the topic of Baptiste Daroussin's lecture at the 2012 BSDCan. He highlighted many issues with the port system.

To update a package, you must first remove it and then reinstall the port. Second, ports lack crucial information, like the package's license and URL. Thirdly, the ports system does a poor job of monitoring dependencies and may easily damage installations by eliminating dependencies required by other programs. Lastly, the ports system is incompatible with external repositories.

Daroussin and his colleagues devised a new approach to tackle these challenges and provide FreeBSD with up-to-date package management. On August 30, 2012, they launched the first version of the pkgng application, for which they began development in 2010. According to the release notes, pkgng is "a program aimed to replace pkg install and offer comprehensive package management for FreeBSD with contemporary functionality".

pkgng utilizes an SQLite database, which makes it extremely simple to search for metadata and other necessary information. In his essay on pkgng, Joe Maloney writes, "storing package information in a database makes searching for information about installed packages quick. Additionally, it expedites installation and removal and facilitates updates".

pkgng simplified things by using a single command (pkg) as opposed to the various commands formerly used, including pkg add, pkg create, pkg delete, pkg info, pkg updating, and pkg version. pkgng did not eliminate the ports tree, but is compatible with it. According to Daroussin, pkgng was developed to use existing ports without requiring their maintainers to alter their packages.

pkgng became the official FreeBSD package manager with FreeBSD 10 in 2014. According to the release notes, the following utilities have been removed: pkg_add, pkg_create, pkg_delete, pkg_info, pkg_updating, and pkg_version. To install binary packages, pkg(7) must now be used. pkg(7) is the FreeBSD package manager of the next generation, sometimes known as "pkgng". When upgrading from an earlier version of FreeBSD, you must run pkg2ng to convert the old package database to the new format.

Thus, a new era in FreeBSD package management had started.

Where are Packages Installed on FreeBSD?

Packages install binaries under /usr/local directory. The majority of configuration files are located under /usr/local/etc as opposed to /etc. If you come from the Linux community, you may find this unusual.Important files and directories for pkg package management system on FreeBSD are listed below:

• Official FreeBSD repositories location: /etc/pkg

• The pkg configuration file: /usr/local/etc/pkg.conf

• Package cache directory: /var/cache/pkg

• FreeBSD repository file: /etc/pkg/FreeBSD.conf

• Custom repositories directory: /usr/local/etc/pkg/repos

• SQLite database file: /var/db/pkg/local.sqlite

How to Search Applications Available on FreeBSD?

The number of available apps for FreeBSD is constantly expanding. There are several methods to discover applications to install. You may use the following ways to find the applications available on FreeBSD:

• Searching on FreeBSD.org: At https://www.FreeBSD.org/ports/, the FreeBSD website maintains an up-to-date, searchable list of all available programs. You may search for ports by program name or software category.

  

  Figure 1. Searching ports on FreeBSD.org

• Searching on FreshPorts.org: FreshPorts.org, which is maintained by Dan Langille, offers a comprehensive search facility and records changes to the programs in the Ports Collection. Registered users may establish a customized watch list to get an automatic email when the ports they are monitoring are modified.

  

  Figure 2. Searching ports on FreshPorts.org

• Using SourceForge.net or GitHub.com: Whether it becomes difficult to locate a certain program, try checking sites such as SourceForge.net or GitHub.com, then return to the FreeBSD website to see if the application has been ported.

• Searching the binary package repository for software: You may use the pkg search command to find an application on FreeBSD. For example, to search the snort package run the next command:

  pkg search snort

  You should see an output similar to the below:

  p5-Net-Snort-Parser-1.41_1 Perl modules for parsing Snort configuration files
  p5-Parse-Snort-0.9 Parse and create Snort rules
  p5-Snort-Rule-1.07_1 Perl5 extension for dynamically building snort rules
  snort-2.9.20 Lightweight network intrusion detection system
  snort-rep-1.10_1 Snort reporting tool that can produce text or HTML from logs
  snort2pfcd-3.2 Snort alert to pf blocker
  snort3-3.1.42.0,1 Lightweight network intrusion detection system
  snortsam-2.70_1 Output plugin for Snort
  snortsnarf-1.0_1,1 Generate HTML report summaries from snort incident alerts

  Package names contain the version number and, in the case of Python-based ports, the version of Python that was used to build the package. Some ports also have numerous versions available.

  There may be a variety of package versions and compilation settings available. When determining which package to install, it is preferable to indicate the program by its port origin, which is the path inside the ports tree. You may use the -o option to list the source of each package.

  pkg search -o snort

  You should see an output similar to the below:

  textproc/p5-Net-Snort-Parser Perl modules for parsing Snort configuration files
  security/p5-Parse-Snort Parse and create Snort rules
  security/p5-Snort-Rule Perl5 extension for dynamically building snort rules
  security/snort Lightweight network intrusion detection system
  security/snort-rep Snort reporting tool that can produce text or HTML from logs
  security/snort2pfcd Snort alert to pf blocker
  security/snort3 Lightweight network intrusion detection system
  security/snortsam Output plugin for Snort
  security/snortsnarf Generate HTML report summaries from snort incident alerts

  You can display less information about an application using the -q option, and you may display the whole information with the -f option.

  pkg search -f snort

  snort3-3.1.42.0,1
  Name : snort3
  Version : 3.1.42.0,1
  Origin : security/snort3
  Architecture : FreeBSD:13:amd64
  Prefix : /usr/local
  Repository : FreeBSD [pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly]
  Categories : security
  Licenses : GPLv2
  Maintainer : bofh@FreeBSD.org
  WWW : https://www.snort.org/
  Comment : Lightweight network intrusion detection system
  Options :
  ADDRESSSANITIZER: off
  DEBUG : off
  DOCS : on
  FLATBUFFERS : off
  HYPERSCAN : on
  LARGEPCAP : off
  PIE : off
  STATICDAQ : on
  THREADSANITIZER: off
  TSC : off
  Shared Libs required:
  libuuid.so.1
  libpcre.so.1
  libluajit-5.1.so.2
  libhwloc.so.15
  libhs.so.5
  libdnet.so.1
  libdaq.so.3
  Annotations :
  FreeBSD_version: 1301000
  cpe : cpe:2.3:a:snort:snort:3.1.42.0:::::freebsd13:x64	
  Flat size : 8.76MiB
  Pkg size : 1.84MiB
  Description :
  Snort 3 is the next major release of the Snort utility:
  Here are some key features of Snort 3:
  Support multiple packet processing threads
  Use a shared configuration and attribute table
  Use a simple, scriptable configuration
  Make key components pluggable
  Autodetect services for portless configuration
  Support sticky buffers in rules
  Autogenerate reference documentation
  Provide better cross platform support
  Facilitate component testing
  Additional features on the roadmap include:
  Use a shared network map
  Support pipelining of packet processing
  Support hardware offload and data plane integration
  Support proxy mode
  Windows support
  WWW: https://www.snort.org/

  Other fields that characterize an application are searchable as well. To search for a program by its description, use the -D option.

  pkg search -Dq intrusion

  fragroute-1.2_16
  aide-0.17.4
  fcheck-2.07.59_1
  ftimes-3.11.0_2
  fragrouter-1.6
  kismet-2016.07.r1_2,1
  libnids-1.24_5
  ossec-hids-server-config-3.7.0
  ossec-hids-local-config-3.7.0
  ossec-hids-agent-config-3.7.0
  ossec-hids-3.7.0
  ossec-hids-server-3.7.0
  ossec-hids-agent-3.7.0
  ossec-hids-local-3.7.0
  packit-1.8_1
  samhain-client-4.4.3
  samhain-server-4.4.3
  samhain-4.4.3
  sancp-1.6.1_6
  snort-2.9.20
  snortsam-2.70_1
  tcpreplay-4.4.2
  suricata-6.0.8
  snortsnarf-1.0_1,1
  zeek-5.0.4
  bsdhwmon-20151206
  bsmtrace-1.4_1
  bsmtrace3-3.1

  pkg search supports searching by shell globs, regular expressions, exact match, or any other field in the repository database. To view the pkg search options run the following command:

  pkg help search

  Or

  pkg search
  Usage: pkg search [-eU] [-r repo] [-S search] [-L label] [-Q mod]... [-Cgix] <pkg-name>
  pkg search [-cDdefopqRU] [-r repo] [-Cgix] <pattern>
  
  Search and Label options: comment description name origin pkg-name
  Output Modifiers: annotations arch categories comment depends-on
  description full licenses maintainer name options pkg-size
  prefix repository required-by shared-libs-required shared-libs-provided size url version www
  For more information see 'pkg help search'.

• Using whereis and echo utilities: There are a number of ways to query the local port tree if the Ports Collection is already installed. To determine the category of a port, type whereis file, where file is the name of the application to be installed. To find the snort application on your FreeBSD, run the next command:

  whereis snort

  You should see an output similar to the below:

  snort: /usr/ports/security/snort

  Alternatively, you may use the echo command as given below:

  echo /usr/ports/*/*snort*

  You should see an output similar to the below:

  /usr/ports/security/snort /usr/ports/security/snort-rep /usr/ports/security/snort2pfcd /usr/ports/security/snort3 /usr/ports/security/snortsam /usr/ports/security/snortsnarf

• Using the Ports Collection's built-in search: To utilize the search function on FreeBSD, you may follow the steps given below:

  1. Navigate to the /usr/ports directory by running the next command:

  cd /usr/ports
  2. Execute the make search name=program-name, where program-name is the name of the software. For instance, to look for snort:

  make search name=snort

  You should see an output similar to the below:

  Port: p5-Snort-Rule-1.07_1
  Path: /usr/ports/security/p5-Snort-Rule
  Info: Perl5 extension for dynamically building snort rules
  Maint: bofh@FreeBSD.org
  B-deps: perl5-5.32.1_1
  R-deps: perl5-5.32.1_1
  WWW: https://metacpan.org/release/Snort-Rule
  
  Port: snort-rep-1.10_1
  Path: /usr/ports/security/snort-rep
  Info: Snort reporting tool that can produce text or HTML from logs
  Maint: ports@FreeBSD.org
  B-deps: perl5-5.32.1_1
  R-deps: perl5-5.32.1_1
  WWW: http://david.schweikert.ch/software/snort-rep/
  Port: snort2pfcd-3.2
  Path: /usr/ports/security/snort2pfcd
  Info: Snort alert to pf blocker
  Maint: onestsam@gmail.com
  B-deps: libcidr-1.2.3
  R-deps: barnyard2-1.13_4 ca_root_nss-3.58 daq-2.2.2 libcidr-1.2.3 libdnet-1.13_3 libpcap-1.9.1_1 openssl-1.1.1j,1 p5-Authen-NTLM-1.09_1 p5-Clone-0.45 p5-Crypt-SSLeay-0.72_3 p5-Digest-HMAC-1.03_1 p5-Encode-Locale-1.05 p5-File-Listing-6.14 p5-HTML-Parser-3.75 p5-HTML-Tagset-3.20_1 p5-HTTP-Cookies-6.09 p5-HTTP-Daemon-6.12 p5-HTTP-Date-6.05 p5-HTTP-Message-6.26 p5-HTTP-Negotiate-6.01_1 p5-IO-HTML-1.001_1 p5-IO-Socket-INET6-2.72_1 p5-IO-Socket-SSL-2.068 p5-LWP-MediaTypes-6.04 p5-LWP-Protocol-https-6.10 p5-Mozilla-CA-20200520 p5-Net-HTTP-6.19 p5-Net-SSLeay-1.88 p5-Socket6-0.29 p5-TimeDate-2.33,1 p5-Try-Tiny-0.30 p5-URI-5.05 p5-WWW-RobotRules-6.02_1 p5-libwww-6.50 pcre-8.44 perl5-5.32.1_1 pulledpork-0.7.4 snort-2.9.17
  WWW: https://github.com/onestsam/snort2pfcd
  Port: snort3-3.0.3.4,1
  Path: /usr/ports/security/snort3
  Info: Lightweight network intrusion detection system
  Maint: bofh@FreeBSD.org
  B-deps: ca_root_nss-3.58 cmake-3.19.2 curl-7.74.0 e2fsprogs-libuuid-1.45.7 expat-2.2.10 gettext-runtime-0.21 hwloc-1.11.13 hyperscan-5.2.1 indexinfo-0.3.1 jsoncpp-1.9.4 libarchive-3.4.3,1 libdaq-3.0.0.b2 libdnet-1.13_3 libffi-3.3_1 libiconv-1.16 liblz4-1.9.3,1 libnghttp2-1.42.0 libpcap-1.9.1_1 libpciaccess-0.16 libuv-1.41.0 libxml2-2.9.10_2 luajit-2.0.5_5 lzo2-2.10_1 ninja-1.10.2,2 openssl-1.1.1j,1 pciids-20201127 pcre-8.44 pkgconf-1.7.3,1 python37-3.7.9_1 readline-8.0.4 rhash-1.4.0
  R-deps: e2fsprogs-libuuid-1.45.7 hwloc-1.11.13 hyperscan-5.2.1 libdaq-3.0.0.b2 libdnet-1.13_3 libpcap-1.9.1_1 libpciaccess-0.16 libxml2-2.9.10_2 luajit-2.0.5_5 openssl-1.1.1j,1 pciids-20201127 pcre-8.44
  WWW: http://www.snort.org/
  Port: snort-2.9.17
  Path: /usr/ports/security/snort
  Info: Lightweight network intrusion detection system
  Maint: dvl@FreeBSD.org
  B-deps: bison-3.6.4,1 daq-2.2.2 gettext-runtime-0.21 indexinfo-0.3.1 libdnet-1.13_3 libpcap-1.9.1_1 libtextstyle-0.21 m4-1.4.18_1,1 openssl-1.1.1j,1 pcre-8.44
  R-deps: barnyard2-1.13_4 ca_root_nss-3.58 daq-2.2.2 libdnet-1.13_3 libpcap-1.9.1_1 openssl-1.1.1j,1 p5-Authen-NTLM-1.09_1 p5-Clone-0.45 p5-Crypt-SSLeay-0.72_3 p5-Digest-HMAC-1.03_1 p5-Encode-Locale-1.05 p5-File-Listing-6.14 p5-HTML-Parser-3.75 p5-HTML-Tagset-3.20_1 p5-HTTP-Cookies-6.09 p5-HTTP-Daemon-6.12 p5-HTTP-Date-6.05 p5-HTTP-Message-6.26 p5-HTTP-Negotiate-6.01_1 p5-IO-HTML-1.001_1 p5-IO-Socket-INET6-2.72_1 p5-IO-Socket-SSL-2.068 p5-LWP-MediaTypes-6.04 p5-LWP-Protocol-https-6.10 p5-Mozilla-CA-20200520 p5-Net-HTTP-6.19 p5-Net-SSLeay-1.88 p5-Socket6-0.29 p5-TimeDate-2.33,1 p5-Try-Tiny-0.30 p5-URI-5.05 p5-WWW-RobotRules-6.02_1 p5-libwww-6.50 pcre-8.44 perl5-5.32.1_1 pulledpork-0.7.4
  WWW: https://www.snort.org/

The "Path:" line specifies the location of the port.

tip

The integrated search method utilizes an index file. If a message indicates that the INDEX is necessary, execute make fetchindex or make index to obtain the current index file. make search will be able to execute the specified search if the INDEX is available.

To obtain fewer results, use the quicksearch feature by running the next command:

make quicksearch name=snort

You should see an output similar to the below:

Port: p5-Parse-Snort-0.9
Path: /usr/ports/security/p5-Parse-Snort
Info: Parse and create Snort rules
Port: p5-Snort-Rule-1.07_1
Path: /usr/ports/security/p5-Snort-Rule
Info: Perl5 extension for dynamically building snort rules
Port: snort-rep-1.10_1
Path: /usr/ports/security/snort-rep
Info: Snort reporting tool that can produce text or HTML from logs
Port: snort2pfcd-3.2
Path: /usr/ports/security/snort2pfcd
Info: Snort alert to pf blocker
Port: snort3-3.0.3.4,1
Path: /usr/ports/security/snort3
Info: Lightweight network intrusion detection system
Port: snortsam-2.70_1
Path: /usr/ports/security/snortsam
Info: Output plugin for Snort
Port: snortsnarf-1.0_1,1
Path: /usr/ports/security/snortsnarf
Info: Generate HTML report summaries from snort incident alerts
 
Port: snort-2.9.17
Path: /usr/ports/security/snort
Info: Lightweight network intrusion detection system
....

For a more comprehensive search, use make search key=string or make quicksearch key=string, where string is the text to search for. When the application's name is unknown, the content may be found in comments, descriptions, or dependencies to locate ports related to a given topic.

When using search or quicksearch, case sensitivity applies to the search string. For a more comprehensive search, use make search key=string or make quicksearch key=string, where string is the text to search for. When the application's name is unknown, the content may be found in comments, descriptions, or dependencies to locate ports related to a given topic.

When using search or quicksearch, case sensitivity applies to the search string. The search results for "SNORT" are identical to the results for "snort."

How to Use pkg for Binary Package Management?

In this section we wil cover using the pkg tool for binary package management on FreeBSD. You will learn how to install pkg tool, change port branches, install and remove packages, view installed applications, lock and unlock packages, audit applications, restore package database. We will lastly outline how to define and configure package repositories.

How to Install pkg on FreeBSD?

The pkg utility is not preloaded by default in FreeBSD, however, you may quickly install pkg by running the next command:

pkg bootstrap

Also, when you attempt to install a package for the first time, pkg asks you to install the package management tool. For instance, if the first package you want to install on a fresh FreeBSD is wget, you will see the following question in the terminal:

The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]:

After pressing Y and Enter, the installation of the package management program will begin. The first software package you want to install will be installed once the prerequisite is in place.

How to Change Quarterly Port Branches to the Latest?

The Quarterly branch offers customers a more reliable installation and upgrading experience for ports and packages. Essentially, this is achieved by only permitting updates without new features. Quarterly branches are intended to receive security patches (which may be version upgrades or backports of commits), bug fixes, port compliance updates, and framework modifications. The Quarterly branch is cut from HEAD every January, April, July, and October at the beginning of each (annual) quarter. According to the year (YYYY) and quarter (Q1-4) of their creation, branches are given their names. For instance, 2022Q1 is the name of the quarterly branch that was founded in January 2022. And the Latest branch supplies customers with the most recent package versions.

To change from quarterly to most recent, follow the steps given below:

1. Create a new repo directory and configuration file using the following commands:

   mkdir -p /usr/local/etc/pkg/repos
   cp /etc/pkg/FreeBSD.conf /usr/local/etc/pkg/repos/FreeBSD.conf

2. Edit the /usr/local/etc/pkg/repos/FreeBSD.conf via vi.

3. In the url: line of the file, replace the string quarterly with latest.

   FreeBSD: {
   url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
   mirror_type: "srv",
   signature_type: "fingerprints",
   fingerprints: "/usr/share/keys/pkg",
   enabled: yes
   }

4. Run the next command to update repository information to the most recent version:

   pkg update -f

   You should see an output similar to the below:

   Updating FreeBSD repository catalogue...
   Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
   Fetching packagesite.pkg: 100% 6 MiB 2.3MB/s 00:03
   Processing entries: 0%
   Processing entries: 100%
   FreeBSD repository update completed. 32628 packages processed.
   Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
   Fetching packagesite.pkg: 100% 2 KiB 2.1kB/s 00:01
   Processing entries: 100%
   All repositories are up to date.
   pkg update -f 4.56s user 0.60s system 16% cpu 30.676 total

How to Configure pkg Tool?

The pkg tool is meant to be very versatile, with several possibilities for each subcommand. The system-wide configuration file for pkg, stored at /usr/local/etc/pkg.conf, enables you to set customized but consistent behavior for most applications. This file includes pkg defaults that have been commented out. Simply by reading this file, you may learn a great deal about the behavior of pkg.

There are several commented-out configuration options and quite a few aliases, and the configuration is written in universal configuration language (UCL). Variables may be assigned integer, string, or Boolean values.

In pkg.conf, you may specify aliases for pkg subcommands. At the end of pkg.conf, there is a section titled ALIAS. When you routinely execute complicated commands, you should create aliases.

Content of the /usr/local/etc/pkg.conf file is given below:

# System-wide configuration file for pkg(8)
# For more information on the file format and
# options please refer to the pkg.conf(5) man page
# Note: you don't need to have a pkg.conf file. Many installations
# will work well with no pkg.conf at all or with an empty pkg.conf
# (other than comment lines). You can also override any of these
# settings from the environment.
# Configuration options -- default values.

#PKG_DBDIR = "/var/db/pkg";
#PKG_CACHEDIR = "/var/cache/pkg";
#PORTSDIR = "/usr/ports";
#INDEXDIR = "";
#INDEXFILE = "INDEX-10"; # Autogenerated
#HANDLE_RC_SCRIPTS = false;
#DEFAULT_ALWAYS_YES = false;
#ASSUME_ALWAYS_YES = false;
#REPOS_DIR [
# "/etc/pkg/",
# "/usr/local/etc/pkg/repos/",
#]
#PLIST_KEYWORDS_DIR = "";
#SYSLOG = true;
#ABI = "freebsd:10:x86:64"; # Autogenerated
#DEVELOPER_MODE = false;
#VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
#FETCH_RETRY = 3;
#PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
#PKG_ENABLE_PLUGINS = true;
#PLUGINS [
#]
#DEBUG_SCRIPTS = false;
#PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
#PERMISSIVE = false;
#REPO_AUTOUPDATE = true;
#NAMESERVER = "";
#HTTP_USER_AGENT = "Custom_User_Manager";
#EVENT_PIPE = "";
#FETCH_TIMEOUT = 30;
#UNSET_TIMESTAMP = false;
#SSH_RESTRICT_DIR = "";
#PKG_ENV {
#}
#PKG_SSH_ARGS = "";
#DEBUG_LEVEL = 0;
#ALIAS {
#}
#CUDF_SOLVER = "";
#SAT_SOLVER = "";
#RUN_SCRIPTS = true;
#CASE_SENSITIVE_MATCH = false;
#IP_VERSION = 0

# Sample alias settings
ALIAS : {
all-depends: query %dn-%dv,
annotations: info -A,
build-depends: info -qd,
cinfo: info -Cx,
comment: query -i "%c",
csearch: search -Cx,
desc: query -i "%e",
download: fetch,
iinfo: info -ix,
isearch: search -ix,
prime-list: "query -e '%a = 0' '%n'",
prime-origins: "query -e '%a = 0' '%o'",
leaf: "query -e '%#r == 0' '%n-%v'",
list: info -ql,
noauto = "query -e '%a == 0' '%n-%v'",
options: query -i "%n - %Ok: %Ov",
origin: info -qo,
orphans: version -vRl\?,
provided-depends: info -qb,
rall-depends: rquery %dn-%dv,
raw: info -R,
rcomment: rquery -i "%c",
rdesc: rquery -i "%e",
required-depends: info -qr,
roptions: rquery -i "%n - %Ok: %Ov",
shared-depends: info -qB,
show: info -f -k,
size: info -sq,
unmaintained = "query -e '%m = \"[email protected]\"' '%o (%w)'",
runmaintained = "rquery -e '%m = \"[email protected]\"' '%o (%w)'",
}

How to View Installed Packages?

pkg info may be used to display information about the packages installed on a system. When running without any switches, pkg info will show the package version for either all installed packages or the given package.

pkg info

You should see an output similar to the below:

autoconf-2.69_3 Automatically configure source code on many Un*x platforms
autoconf-wrapper-20131203 Wrapper script for GNU autoconf
automake-1.16.5 GNU Standards-compliant Makefile generator
bash-5.1.16 GNU Project's Bourne Again SHell
boost-libs-1.72.0_6 Free portable C++ libraries (without Boost.Python)
ca_root_nss-3.76 Root certificate bundle from the Mozilla Project
cmake-3.22.2 Cross-platform Makefile generator
curl-7.82.0 Command line tool and library for transferring data with URLs
dtrace-toolkit-1.0_6 Collection of useful scripts for DTrace
easy-rsa-3.0.8_1 Small RSA key management package based on openssl
expat-2.4.8 XML 1.0 parser written in C
fasd-1.0.1 Shell helper program to autocomplete paths faster
fusefs-libs3-3.10.5 FUSE library version 3 for filesystems implemented in userspace
fusefs-sshfs-3.7.2 Mount remote directories over ssh
gdb-11.2 GNU Project Debugger
gettext-0.21 GNU gettext meta package
gettext-runtime-0.21 GNU gettext runtime libraries and programs
gettext-tools-0.21 GNU gettext development and translation tools
git-2.35.2 Distributed source code management tool
glib-2.70.4_3,2 Some useful routines of C programming (current stable version)
gmake-4.3_2 GNU version of 'make' utility
gmp-6.2.1 Free library for arbitrary precision arithmetic
go-1.18.1,1 Go programming language
icu-70.1_1,1 International Components for Unicode (from IBM)
indexinfo-0.3.1 Utility to regenerate the GNU info page index
jansson-2.14 C library for encoding, decoding, and manipulating JSON data
jsoncpp-1.9.5 JSON reader and writer library for C++
libarchive-3.6.0,1 Library to create and read several streaming archive formats
libedit-3.1.20210910,1 Command line editor library
libevent-2.1.12 API for executing callback functions on events or timeouts
libffi-3.3_1 Foreign Function Interface
libiconv-1.16 Character set conversion library
liblz4-1.9.3,1 LZ4 compression library, lossless and very fast
libmaxminddb-1.6.0 Library for the MaxMind DB file format used for GeoIP2
libnghttp2-1.46.0 HTTP/2.0 C Library
libqrencode-4.1.1 C library for encoding data in a QR Code symbol
libssh2-1.10.0,3 Library implementing the SSH2 protocol
libtermkey-0.22 Easy processing of keyboard entry from terminal-based programs
libtextstyle-0.21 Text styling library
libtool-2.4.6_1 Generic shared library support script
libunwind-20211201_1 Generic stack unwinding library
libuv-1.42.0 Multi-platform support library with a focus on asynchronous I/O
libvterm-0.1.1 Implementation of a VT220/xterm/ECMA-48 terminal emulator
libxml2-2.9.13_1 XML parser library for GNOME
libyaml-0.2.5 YAML 1.1 parser and emitter written in C
luajit-openresty-2.1.20220310 Just-In-Time Compiler for Lua (OpenResty branch)
luv-1.41.0.0_3 libuv bindings for lua
lzo2-2.10_1 Portable speedy, lossless data compression library
m4-1.4.19,1 GNU M4
mosh-1.3.2_18 Mobile terminal that supports intermittent connectivity
mpdecimal-2.5.1 C/C++ arbitrary precision decimal floating point libraries
mpfr-4.1.0_1 Library for multiple-precision floating-point computations
msgpack-3.3.0 Efficient binary serialization, like JSON but smaller and faster
nano-6.0 Nano's ANOther editor, an enhanced free Pico clone
nmap-7.91_2 Port scanning utility for large networks
openssl-1.1.1o,1 TLSv1.3 capable SSL and crypto library
openvpn-2.5.6 Secure IP/Ethernet tunnel daemon
p5-Authen-SASL-2.16_1 Perl5 module for SASL authentication
p5-CGI-4.54 Handle Common Gateway Interface requests and responses
p5-Clone-0.45 Recursively copy Perl datatypes
p5-Digest-HMAC-1.04 Perl5 interface to HMAC Message-Digest Algorithms
p5-Encode-Locale-1.05 Determine the locale encoding
p5-Error-0.17029 Error/exception handling in object-oriented programming style
p5-GSSAPI-0.28_2 Perl extension providing access to the GSSAPIv2 library
p5-HTML-Parser-3.77 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20_1 Some useful data table in parsing HTML
p5-HTTP-Date-6.05 Conversion routines for the HTTP protocol date formats
p5-HTTP-Message-6.36 Representation of HTTP style messages
p5-IO-HTML-1.004 Open an HTML file with automatic charset detection
p5-IO-Socket-INET6-2.72_1 Perl module with object interface to AF_INET6 domain sockets
p5-IO-Socket-SSL-2.074 Perl5 interface to SSL sockets
p5-LWP-MediaTypes-6.04 Guess media type for a file or a URL
p5-Mozilla-CA-20211001 Perl extension for Mozilla CA cert bundle in PEM format
p5-Net-SSLeay-1.90 Perl5 interface to SSL
p5-Socket6-0.29 IPv6 related part of the C socket.h defines and structure manipulators
p5-TimeDate-2.33,1 Perl5 module containing a better/faster date parser for absolute dates
p5-URI-5.10 Perl5 interface to Uniform Resource Identifier (URI) references
pcre-8.45_1 Perl Compatible Regular Expressions library
pcre2-10.39_1 Perl Compatible Regular Expressions library, version 2
perl5-5.32.1_1 Practical Extraction and Report Language
pkcs11-helper-1.28.0 Helper library for multiple PKCS#11 providers
pkg-1.18.4 Package manager
png-1.6.37_1 Library for manipulating PNG images
protobuf-3.19.4,1 Data interchange format library
python3-3_3 Meta-port for the Python interpreter 3.x
python38-3.8.13 Interpreted object-oriented programming language
readline-8.1.2 Library for editing command lines as they are typed
rhash-1.4.2 Utility and library for computing and checking of file hashes
ripgrep-13.0.0_8 Command line search tool
rsync-3.2.3_1 Network file distribution/synchronization utility
ruby-2.7.6,1 Object-oriented interpreted scripting language
source-highlight-3.1.9_1 C/C++ and Java sources to HTML converter
sqlite3-3.37.2,1 SQL database engine in a C library
sudo-1.9.10 Allow others to run commands as root
the_silver_searcher-2.2.0 Code-searching tool similar to ack but faster
tinycdb-0.78_2 Analogous to cdb, but faster
tmux-3.2a Terminal Multiplexer
tree-sitter-0.20.6 Incremental parser generator
unibilium-2.1.0 Very basic terminfo library
universal-ctags-p5.9.20220306.0_2 Fork of Exuberant Ctags to generate index/tag files
valgrind-3.18.1,1 Memory debugging and profiling tool
vim-8.2.4669 Improved version of the vi editor (console flavor)
wireguard-go-0.0.20220316_1,1 WireGuard implementation in Go
wireguard-tools-1.0.20210914_1 Fast, modern and secure VPN Tunnel
xxhash-0.8.1 Extremely fast non-cryptographic hash algorithm
zenarmor-1.11.4 Next Generation Firewall Extensions for FreeBSD
zenarmor-agent-1.12.1 ZENARMOR Cloud Agent
zsh-5.8.1 The Z shell
zstd-1.5.2 Fast real-time compression algorithm

To obtain additional information about an installed package, type pkg info followed by the package's name. This displays the package installation details in a report that is readable by humans. You can view a wealth of useful information, including the software's version, installation time, license, compile-time flags, and more.

For instance to view the details of the zenarmor package on FreeBSD run the next command:

pkg info zenarmor

You should see an output similar to the below:

zenarmor-1.11.4
Name : zenarmor
Version : 1.11.4
Installed on : Sat Sep 3 22:54:55 2022 +03
Origin : security/zenarmor
Architecture : FreeBSD:13:amd64
Prefix : /usr/local
Categories : security
Licenses :
Maintainer : opensource@sunnyvalley.io
WWW : https://www.zenarmor.com/
Comment : Next Generation Firewall Extensions for FreeBSD
Annotations :
FreeBSD_version: 1300139
repo_type : binary
repository : SunnyValley
Flat size : 79.1MiB
Description :
Sensei is a plugin for network platforms empowering them with
state of the art next generation network security features, such as
* Application Control
* Cloud Application Control
* Advanced Network Analytics
* All-ports Full TLS Inspection
* Cloud Threat Intelligence
* Web Security & Web Filtering
* Active Directory Integration
Note: Zenarmor is a commercial project. The source code for the
core product is closed source.
WWW: https://www.zenarmor.com/sensei

How to Install Packages?

Use the following command to install a binary package, where packagename is the name of the package to install:

pkg install packagename

This command utilizes repository data to determine which software version to install and whether or not it has any uninstalled dependencies.

For instance, to install curl run the following command:

pkg install curl

You should see an output similar to the below:

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 4 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
libidn2: 2.3.3_1 [FreeBSD]
libpsl: 0.21.1_6 [FreeBSD]
libunistring: 1.1 [FreeBSD]
Installed packages to be UPGRADED:
curl: 7.82.0 -> 7.85.0 [FreeBSD]
Number of packages to be installed: 3
Number of packages to be upgraded: 1
The process will require 4 MiB more space.
2 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/4] Fetching libidn2-2.3.3_1.pkg: 100% 133 KiB 136.4kB/s 00:01
[2/4] Fetching libunistring-1.1.pkg: 100% 554 KiB 567.5kB/s 00:01
[3/4] Fetching curl-7.85.0.pkg: 100% 1 MiB 1.5MB/s 00:01
[4/4] Fetching libpsl-0.21.1_6.pkg: 100% 63 KiB 64.1kB/s 00:01
Checking integrity... done (0 conflicting)
[1/4] Installing libunistring-1.1...
[1/4] Extracting libunistring-1.1: 100%
[2/4] Installing libidn2-2.3.3_1...
[2/4] Extracting libidn2-2.3.3_1: 100%
[3/4] Installing libpsl-0.21.1_6...
[3/4] Extracting libpsl-0.21.1_6: 100%
[4/4] Upgrading curl from 7.82.0 to 7.85.0...
[4/4] Extracting curl-7.85.0: 100%

When installing packages with pkg install, pkg searches the local package catalog before downloading the required package from the pkg.FreeBSD.org repository. Once the package has been installed, it is registered in the /var/db/pkg/local.sqlite SQLite database. Avoid deleting this file, since doing so may cause your system to lose track of which packages have been installed. If the program has dependencies, pkg will determine them and install them in addition to the main package. Automatic packages are dependencies deployed as dependents.

How to Run "pkg install" Command?

The pkg install command is used to install packages from remote or local archives. Multiple package names can be specified on the command line, either explicitly or by matching against package names (or origins) in repository catalogues utilizing shell globbing or regular expressions. Syntax of the pkg install command is given below:

pkg	install	     [-AfIMnFqRUy]	[-r	 reponame]     [-Cgix]
	   _pkg-origin|pkg-name|pkg-name-version_ ...

pkg	install       [--{automatic,force,no-scripts,ignore-missing}]
	   [--{dry-run,fetch-only,quiet,recursive,no-repo-update,yes}]
	   [--repository					     reponame]
	   [--{case-sensitive,glob,case-insensitive,regex}]
	   _pkg-origin|pkg-name|pkg-name-version_ ...

pkg install first updates any outdated repository catalogues, unless the pkg.conf variable REPO_AUTOUPDATE is set to NO. It then generates an inventory of all the product installations that must be completed.

Any already installed and up-to-date applications will be removed from the list unless the -f (force) option is provided, in which case they will be reinstalled.

Examining the dependencies of packages on the list and adding any absent packages to the installation list. These implicitly introduced programs are marked as candidates for automatic removal.

Autoremoval markers are persistent and will survive reinstallation or upgrade of the packages in question, even if the packages are subsequently named explicitly on the command line.

Any already installed but out-of-date programs, whether specified on the command line or based on the sum of their dependencies, are added as upgrade tasks to the work list. The work list is sorted into dependency order, and pkg install will present it to the user for approval before proceeding, unless the -y option or the ASSUME_ALWAYS_YES setting in pkg.conf are used to override this behavior.

Packages are downloaded from the repositories into the local package cache if they are not already present or if the checksum of the cached package file differs from the checksum of the package file in the repository. Packages may be downloaded from any of the repositories specified in pkg.conf(5) or in the /usr/local/etc/pkg/repo files.

Package repository catalogues are automatically updated whenever pkg install is executed by a user ID with write access to the package database, unless disabled by the -U flag or REPO_AUTOUPDATE = NO in pkg.conf(5).

pkg install supports the following parameters:

• -A, --automatic: Mark the installed packages as automatic. Will be automatically removed if no other packages depend on them.
• -C, --case-sensitive: Make the standard or the regular expression (-x) matching against pkg-name case sensitive.
• -f, --force: Force the reinstallation of the package if already installed.
• -g, --glob: Treat the package names as shell glob patterns.
• -I, --no-scripts: If any installation scripts (pre-install or post-install) exist for a given package, do not execute them. When a package is updated, deinstallation scripts (pre-deinstall orpost-deinstall) are not run either.
• -i, --case-insensitive: Make the standard or the regular expression (-x) matching against pkg-name case insensitive. This is the default, unless modified by setting CASE_SENSITIVE_MATCH to true in pkg.conf.
• -M, --ignore-missing: Force the installation of the package with missing dependencies.
• -n, --dry-run: Dry-run mode. The list of changes to packages is always printed, but no changes are actually made.
• -F, --fetch-only: Do not perform actual installation of packages, merely fetch packages that should be upgraded and detect possible conflicts.
• -q, --quiet: Force quiet output, except when -n is used, where pkg install will always show packages to be installed, upgraded or deleted.
• -R, --recursive: When used with -f, reinstalls any packages that require the given package.
• -r reponame, --repository reponame: Install packages from only the named repository, irrespective of the configured "active" status from repo.conf.
• -U, --no-repo-update: Suppress the automatic update of the local copy of the repository catalogue from remote. Automatic repository catalogue updates are only attempted when the effective UID of the process has write access to the package database. Otherwise they are silently ignored.
• -x, --regex: Treat the package names as regular expressions according to the "modern" or "extended" syntax of re_format(7).
• -y, --yes: Assume yes when asked for confirmation before package installation.

How to Download Packages with pkg?

The package manager may simply download packages from the internet and store them in a single spot on the hard drive. This permits installation at a later time. The pkg fetch command may be used to get a package without installing it. You can use the -d flag to retrieve all dependencies in addition to the specified package. The downloaded packages are cached in the /var/cache/pkg directory. Once packages have been obtained, pkg will add them to this directory.

To download nginx package with dependencies run the following command:

pkg fetch -d nginx

You should see an output similar to the below:

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following packages will be fetched:
  
New packages to be FETCHED:
nginx: 1.22.1_2,3 (462 KiB: 27.82% of the 2 MiB to download)
pcre: 8.45_3 (1 MiB: 72.18% of the 2 MiB to download)
Number of packages to be fetched: 2
The process will require 2 MiB more space.
2 MiB to be downloaded.
Proceed with fetching packages? [y/N]: y
Fetching nginx-1.22.1_2,3.pkg: 100% 462 KiB 473.2kB/s 00:01
Fetching pcre-8.45_3.pkg: 100% 1 MiB 1.2MB/s 00:01

After a fetch, execute pkg install normally to install a downloaded package. The installation procedure utilizes the cached files instead of the downloaded data.

To install nginx package with dependencies after fetching run the following command:

pkg install nginx

You should see an output similar to the below:

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nginx: 1.22.1_2,3 [FreeBSD]
Number of packages to be installed: 1
The process will require 1 MiB more space.
Proceed with this action? [y/N]: y
[1/1] Installing nginx-1.22.1_2,3...
===> Creating groups.
Using existing group 'www'.
===> Creating users
Using existing user 'www'.
[1/1] Extracting nginx-1.22.1_2,3: 100%
=====
Message from nginx-1.22.1_2,3:
--
Recent version of the NGINX introduces dynamic modules support. In
FreeBSD ports tree this feature was enabled by default with the DSO
knob. Several vendor's and third-party modules have been converted
to dynamic modules. Unset the DSO knob builds an NGINX without
dynamic modules support.
To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks. When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.
Default path for the NGINX dynamic modules is
/usr/local/libexec/nginx.

How to Delete Stale Packages?

PKG caches binary packages by default in the cache directory specified by PKG CACHEDIR in pkg.conf (5). Only copies of the most recent packages installed are retained. Earlier versions of pkg retained all previously installed packages. The package cache directory might expand in size over time. The pkg clean command removes any cached packages that have been superseded by later versions, as well as any package files that have been removed from the repository. Use the -a switch to delete all cached package files.

pkg clean -a

You should see an output similar to the below:

The following package files will be deleted:
/var/cache/pkg/p5-Clone-0.45~cfaf371064.pkg
/var/cache/pkg/tmux-3.2a~b0a828ab4b.pkg
/var/cache/pkg/libyaml-0.2.5.pkg
/var/cache/pkg/gmp-6.2.1.pkg
/var/cache/pkg/glib-2.70.4_3,2~0ef02eed07.pkg
/var/cache/pkg/protobuf-3.19.4,1~fc9e919e34.pkg
/var/cache/pkg/ruby-2.7.6,1.pkg
/var/cache/pkg/luv-1.41.0.0_3~4227c1bb22.pkg
.............................
/var/cache/pkg/pkcs11-helper-1.28.0~331b817f69.pkg
/var/cache/pkg/gmake-4.3_2~54be7f1f1b.pkg
/var/cache/pkg/vim-8.2.4669~c8dc83cb38.pkg
/var/cache/pkg/luv-1.41.0.0_3.pkg
/var/cache/pkg/gettext-runtime-0.21.pkg
/var/cache/pkg/icu-70.1_1,1~463967eb33.pkg
The cleanup will free 379 MiB
Proceed with cleaning the cache? [y/N]: y
Deleting files: 100%
All done

How to Uninstall Packages?

Use the following command to remove a binary package, where packagename is the name of the package to install:

pkg delete packagename

For instance, to delete the curl package, run the following command:

pkg delete curl

You should see an output similar to the below:

Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 3 packages (of 0 packages in the universe):
Installed packages to be REMOVED:
cmake: 3.22.2
curl: 7.85.0
git: 2.35.2
Number of packages to be removed: 3
The operation will free 67 MiB.
Proceed with deinstalling packages? [y/N]: y
[1/3] Deinstalling cmake-3.22.2...
[1/3] Deleting files for cmake-3.22.2: 100%
[2/3] Deinstalling git-2.35.2...
[2/3] Deleting files for git-2.35.2: 100%
==> You should manually remove the "git_daemon" user.
==> You should manually remove the "git_daemon" group
[3/3] Deinstalling curl-7.85.0...
[3/3] Deleting files for curl-7.85.0: 100%

How to Lock Packages?

There may be occasions when you wish a server package to never update. When a package is locked, pkg will no longer upgrade, downgrade, remove, or reinstall it. It applies the same criteria to both the package's dependencies and the programs on which it relies.

Use the following command to lock a binary package, where packagename is the name of the package to install:

pkg lock packagename

For instance, to lock the openssl package, run the following command:

pkg lock openssl

You should see an output similar to the below:

openssl-1.1.1o,1: lock this package? [y/N]: y
Locking openssl-1.1.1o,1
openssl-1.1.1o,1: already locked

Use the -l flag to list all currently locked packages on the system:

pkg lock -l

You should see an output similar to the below:

Currently locked packages:
openssl-1.1.1o,1

To remove the lock, enter the command pkg unlock:

pkg unlock openssl

You should see an output similar to the below:

openssl-1.1.1o,1: unlock this package? [y/N]: y
Unlocking openssl-1.1.1o,1
openssl-1.1.1o,1: already unlocked

To lock or unlock all applications on your system, use -a option and press y for confirmation:

pkg lock -a

pkg unlock -a

How to Upgrade Installed Packages?

To upgrade installed packages, you may run the following command:

pkg upgrade

This command will compare the installed versions to those in the repository's catalog and then upgrade them from the repository.

You should see an output similar to the below:

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (69 candidates): 100%
Processing candidates (69 candidates): 100%
The following 73 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
autoconf-switch: 20220527 [FreeBSD]
go119: 1.19.3 [FreeBSD]
luajit-devel: 2.1.0.20221122 [FreeBSD]
python39: 3.9.15_1 [FreeBSD]
Installed packages to be UPGRADED:
autoconf: 2.69_3 -> 2.71 [FreeBSD]
bash: 5.1.16 -> 5.2.12 [FreeBSD]
boost-libs: 1.72.0_6 -> 1.80.0_1 [FreeBSD]
ca_root_nss: 3.76 -> 3.85 [FreeBSD]
dtrace-toolkit: 1.0_6 -> 1.0_7 [FreeBSD]
easy-rsa: 3.0.8_1 -> 3.1.1 [FreeBSD]
expat: 2.4.8 -> 2.5.0 [FreeBSD]
........
xxhash: 0.8.1 -> 0.8.1_2 [FreeBSD]
zenarmor: 1.11.4 -> 1.12.1 [SunnyValley]
zsh: 5.8.1 -> 5.9_1 [FreeBSD]
zstd: 1.5.2 -> 1.5.2_1 [FreeBSD]
Installed packages to be REINSTALLED:
python3-3_3 [FreeBSD] (direct dependency changed: python39)
Number of packages to be installed: 4
Number of packages to be upgraded: 68
Number of packages to be reinstalled: 1
The process will require 147 MiB more space.
282 MiB to be downloaded.
Proceed with this action? [y/N]:

To upgrade a specific application you may run the next command where package_name is the name of the package to update:

pkg upgrade package_name

How to Audit Installed Packages?

Regularly, vulnerabilities in third-party programs are uncovered. In response, pkg incorporates an auditing tool. To check if the installed program has any known vulnerabilities, use the following command:

pkg audit -F

You should see an output similar to the below:

Fetching vuln.xml.xz: 100% 974 KiB 997.4kB/s 00:01
go119-1.19.3 is vulnerable:
go -- multiple vulnerabilities
CVE: CVE-2022-41717
CVE: CVE-2022-41720
WWW: https://vuxml.FreeBSD.org/freebsd/6f5192f5-75a7-11ed-83c0-411d43ce7fe4.html
python39-3.9.15_1 is vulnerable:
Python -- multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/050eba46-7638-11ed-820d-080027d3a315.html
ruby-3.0.4_3,1 is vulnerable:
rubygem-cgi -- HTTP response splitting vulnerability
CVE: CVE-2021-33621
WWW: https://vuxml.FreeBSD.org/freebsd/84ab03b6-6c20-11ed-b519-080027f5fec9.html
python38-3.8.15_1 is vulnerable:
Python -- multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/050eba46-7638-11ed-820d-080027d3a315.html
4 problem(s) in 4 installed package(s) found.

How to Remove Automatically Unused Packages?

When a package is removed, it may leave behind dependencies that are no longer necessary. Unnecessary packages loaded as dependents (leaf packages) may be automatically identified and deleted by running the next command:

pkg autoremove

You should see an output similar to the below and press y to proceed:

Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 38 packages:
Installed packages to be REMOVED:
ca_root_nss: 3.85
jsoncpp: 1.9.5
libarchive: 3.6.1,1
libidn2: 2.3.3_1
............
p5-Mozilla-CA: 20221114
p5-Net-SSLeay: 1.92
p5-Socket6: 0.29
p5-TimeDate: 2.33,1
p5-URI: 5.15
python38: 3.8.15_1
rhash: 1.4.3
tree-sitter: 0.20.7
unibilium: 2.1.1
Number of packages to be removed: 38
The operation will free 138 MiB.
Proceed with deinstalling packages? [y/N]

Automatic packages are packages installed as dependencies. Non-automatic packages, i.e. packages that were explicitly installed and not as a dependent on another package, may be listed with the following command:

pkg prime-list

You should see an output similar to the below:

autoconf
automake
dtrace-toolkit
fasd
fusefs-sshfs
gdb
gettext
......
universal-ctags
valgrind
vim
wireguard-go
wireguard-tools
zenarmor
zenarmor-agent
zsh

The /usr/local/etc/pkg.conf file defines the alias command pkg prime-list. There are several other ways to query the system's package database. For example, the command pkg prime-origins may be used to get the origin port directory from the preceding list.

pkg prime-origins

You should see an output similar to the below:

devel/autoconf
devel/automake
sysutils/dtrace-toolkit
deskutils/fasd
sysutils/fusefs-sshfs
devel/gdb
devel/gettext
.......
devel/universal-ctags
devel/valgrind
editors/vim
net/wireguard-go
net/wireguard-tools
security/zenarmor
security/zenarmor-agent
shells/zsh

How to Restore Package Database?

Unlike conventional package management systems, pkg offers its own backup mechanism for the package database. By default, this capability is enabled.

In periodic.conf, you may set daily_backup_pkgdb_enable="NO" to prevent the periodic script from backing up the package database.

To restore the contents of a prior package database backup, use the following command, substituting the location of the backup for /path/to/pkg.sql:

pkg backup -r /path/to/pkg.sql

Before restoring a backup taken by the periodic script, the backup must be decompressed.

To do a manual backup of the pkg database, use the following command, substituting /path/to/pkg.sql with an appropriate file name and location:

pkg backup -d /path/to/pkg.sql
Dumping database:
Backing up: 100%

How to Define and Configure Repositories?

pkg supports package repositories, which are named collections of packages. You may add, delete, activate, and disable repositories. Each repository should be configured in its own file utilizing UCL format. The official FreeBSD repository directory is /etc/pkg. FreeBSD ships with "FreeBSD" repository activated. Its configuration file is located in /etc/pkg/FreeBSD.conf.

As required, you may add or delete repositories. As /etc/pkg is reserved for official FreeBSD repositories, another directory will be required. The customary path is /usr/local/etc/pkg/repo. If you wish to use a different directory, you will need to adjust the REPO_DIRS option in pkg.conf. The local repository directory does not exist by default, thus mkdir -p /usr/local/etc/pkg/repos must be used to create it. In this directory, put your own repository settings.

It does not matter what the filename is, but it must match *.conf and a priority option should be included to indicate the preferred order. This is a simple integer, with greater values indicating more desired repositories. Priority defaults to 0 if not specified explicitly.

To deactivate the default FreeBSD.conf, generate the following file in /usr/local/etc/pkg/repos:

FreeBSD: { enabled: no }

Execute the next command to quickly determine which repositories you have setup:

pkg -vv

You should see an output similar to the below:

Version : 1.18.4
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-13";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
"/etc/pkg/",
"/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:13:amd64";
ALTABI = "freebsd:13:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.18.4";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
PKG_SSH_ARGS = "";
DEBUG_LEVEL = 0;
ALIAS {
all-depends = "query %dn-%dv";
annotations = "info -A";
build-depends = "info -qd";
cinfo = "info -Cx";
comment = "query -i \"%c\"";
csearch = "search -Cx";
desc = "query -i \"%e\"";
download = "fetch";
iinfo = "info -ix";
isearch = "search -ix";
prime-list = "query -e '%a = 0' '%n'";
prime-origins = "query -e '%a = 0' '%o'";
leaf = "query -e '%#r == 0' '%n-%v'";
list = "info -ql";
noauto = "query -e '%a == 0' '%n-%v'";
options = "query -i \"%n - %Ok: %Ov\"";
origin = "info -qo";
orphans = "version -vRl?";
provided-depends = "info -qb";
rall-depends = "rquery %dn-%dv";
raw = "info -R";
rcomment = "rquery -i \"%c\"";
rdesc = "rquery -i \"%e\"";
required-depends = "info -qr";
roptions = "rquery -i \"%n - %Ok: %Ov\"";
shared-depends = "info -qB";
show = "info -f -k";
size = "info -sq";
unmaintained = "query -e '%m = \"[email protected]\"' '%o (%w)'";
runmaintained = "rquery -e '%m = \"[email protected]\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPTS = true;
CASE_SENSITIVE_MATCH = false;
LOCK_WAIT = 1;
LOCK_RETRIES = 5;
SQLITE_PROFILE = false;
WORKERS_COUNT = 0;
READ_LOCK = false;
IP_VERSION = 0;
AUTOMERGE = true;
VERSION_SOURCE = "";
CONSERVATIVE_UPGRADE = true;
PKG_CREATE_VERBOSE = false;
AUTOCLEAN = false;
DOT_FILE = "";
REPOSITORIES {
}
VALID_URL_SCHEME [
"pkg+http",
"pkg+https",
"https",
"http",
"file",
"ssh",
"tcp",
]
ALLOW_BASE_SHLIBS = false;
WARN_SIZE_LIMIT = 1048576;
METALOG = "";
OSVERSION = 1300139;
IGNORE_OSVERSION = false;
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
"NULL",
]
COMPRESSION_LEVEL = -1;
ARCHIVE_SYMLINK = false;
REPO_ACCEPT_LEGACY_PKG = false;
FILES_IGNORE_GLOB [
"NULL",
]
FILES_IGNORE_REGEX [
"NULL",
]
Repositories:
FreeBSD: {
url : "pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/latest",
enabled : yes,
priority : 0,
mirror_type : "SRV",
signature_type : "FINGERPRINTS",
fingerprints : "/usr/share/keys/pkg"
}
SunnyValley: {
url : "https://updates.sunnyvalley.io/FreeBSD/FreeBSD:13:amd64",
enabled : yes,
priority : 7
}

After adding a repository, you should fetch the repository catalogues using the next command:

pkg update

If you have established more than one repository, you will likely want to install certain packages from a particular repository while allowing others to be retrieved from any repository that has them.

Installing a package from a specific repository is possible:

pkg install -r myrepo zsh

where myrepo is one of the tags shown by pkg -vv.

Additionally, you may use pkg to construct a package repository.

To establish a package repository, the pkg create command must be used.

The following example creates a repository containing all presently installed packages:

cd /path/myrepo_directory
pkg create -a
pkg repo .

The scripts listed above will build a repository for all packages installed on your system. Now you may share your repository with others by informing them about your repository.