FreeBSD Post Install Setup
FreeBSD Post Install Setup
After you have installed FreeBSD (10.1-RELEASE in my case) these steps will help you set it up for use. I'd recommend going through this guide and executing the sections in the order in which they appear here.
Disclaimer: I'm very new to FreeBSD so these are meant more for my notes than a canonical guide for others. Read the FreeBSD Handbook instead.
Create a User
If you didn't create a user during install you can create one on first login. As root:
root@host:~# pw usermod -n username -G wheel
Adding the user to the wheel group allows you to sudo.
Configure make
Create /etc/make.conf file ...:
root@host:~# vi /etc/make.conf
...with these contents:
CC=clang CXX=clang++ CPP=clang-cpp WRKDIRPREFIX=/tmp CPUTYPE?=native WITH_PKGNG=yes
Update FreeBSD
Update the FreeBSD base system:
root@host:~# freebsd-update fetch install
Setup Ports
root@host:~# cd /usr/ports root@host:/usr/ports# make index root@host:/usr/ports# portsnap fetch && portsnap extract && portsnap update
Install pkg-ng
Install pkgng, as root:
root@host:~# cd /usr/ports/ports-mgmt/pkg root@host:/usr/ports/ports-mgmt/pkg# make root@host:/usr/ports/ports-mgmt/pkg# make install clean
Configure Poudriere
Poudriere is a great way to custom build only the packages you need to control. I set it up on one machine on my LAN and then use it to provide packages to other machines.
Source of this section is Making a binary package repository with poudriere.
Install Poudriere
root@host:~# cd /usr/ports/ports-mgmt/poudriere root@host:/usr/ports/ports-mgmt/poudriere# make install clean
Wait for it to build and install. Its dependencies will be installed automatically. You'll just have to answer some questions. Hint: stick with the defaults if you're just starting out.
Configure Poudriere
root@host:~# cp /usr/local/etc/poudriere.conf.sample /usr/local/etc/poudriere.conf root@host:~# vi /usr/local/etc/poudriere.conf
At least have these settings configured
## If you have a ZFS pool named tank, uncomment this
#ZPOOL=tank
## If you are only using UFS, uncomment this
#NO_ZFS=yes
FREEBSD_HOST=ftp://ftp.freebsd.org
RESOLV_CONF=/etc/resolv.conf
BASEFS=/usr/local/poudriere
USE_TMPFS=yes
DISTFILES_CACHE=/usr/ports/distfiles
USE_COLORS=no
POUDRIERE_DATA=${BASEFS}/data
CHECK_CHANGED_OPTIONS=verbose
CHECK_CHANGED_DEPS=yes
PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/pkg.key
WRKDIR_ARCHIVE_FORMAT=txz
NOLINUX=yes
Check Out Ports Tree
root@host:~# poudriere ports -c
Create a Jail
Create a jail for Poudriere for FreeBSD 10.1-RELEASE and then update it.
root@host:~# poudriere jail -c -j 10_1-r-x64 -v 10.1-RELEASE -a amd64 root@host:~# poudriere jail -u -j 10_1-r-x64
Configure Jail
root@host:~# vi /usr/local/etc/poudriere.d/10_1-r-x64-make.conf
It should at least have the following.
WITH_PKGNG=yes # Only required for versions before 10.0
CPUTYPE?=native # Example, for an Atom CPU
CC=clang # Highly recommended over GCC,
CXX=clang++ # but only needed for 8.X and 9.X
CPP=clang-cpp # since it's the default in 10.0
FETCH_BEFORE_ARGS=-p4 -T 10
MASTER_SITE_BACKUP?= http://ftp2.us.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR/}
OPTIONS_UNSET= DEBUG HELP STATIC GNUTLS DOCS EXAMPLES IPV6 MANPAGES PTH IDN LIBIDN NLS DBUS SOUND ALSA PULSEAUDIO DOCBOOK CUPS TESTS HTMLDOCS BONJOUR GSSAPI APIDOCS
Choose the Packages You Want to Build
Add the packages you want to build to a file.
root@host:~# vi /usr/local/etc/poudriere-list
For example, I'm building these packages.
editors/nano editors/vim lang/go lang/python3 ports-mgmt/portmaster ports-mgmt/poudriere security/sudo shells/bash
Setup for Signing Packages
Create RSA key for signing the packages.
root@host:~# mkdir -p /usr/local/etc/ssl/keys /usr/local/etc/ssl/certs root@host:~# chmod 600 /usr/local/etc/ssl/keys root@host:~# openssl genrsa -out /usr/local/etc/ssl/keys/pkg.key 4096 root@host:~# openssl rsa -in /usr/local/etc/ssl/keys/pkg.key -pubout > /usr/local/etc/ssl/certs/pkg.cert
Update Poudriere Ports
Update the ports tree before building packages.
root@host:~# poudriere ports -u
Build Packages
root@host:~# poudriere bulk -f /usr/local/etc/poudriere-list -j 10_1-r-x64
Configure for Local Poudriere Repo
Configure your machine to use the local Poudriere repo.
root@host:~# mkdir -p /usr/local/etc/pkg/repos root@host:~# vi /usr/local/etc/pkg/repos/poudriere.conf
Add this to the file. Make sure the url doesn't end in a slash.
poudriere: {
url: "file:///usr/local/poudriere/data/packages/10_1-r-x64-default",
mirror_type: "file",
signature_type: "pubkey",
pubkey: "/usr/local/etc/ssl/certs/pkg.cert",
enabled: yes
}
Refresh pkgng Repo Info
root@host:~# pkg update
Install Packages from Poudriere
root@host:~# pkg install -r poudriere bash vim go python3 portmaster portaudit
Install Bash
If you're coming from Linux like me you're used to using bash. Since I'm building bash myself in Poudriere (see above) I'll use that version.
root@host:~# pkg install -r poudriere bash root@host:~# mount -t fdescfs fdesc /dev/fd root@host:~# echo "fdesc /dev/fd fdescfs rw 0 0" >> /etc/fstab
Now change the shell for your non-root user:
user@host:~$ chsh -s /usr/local/bin/bash
FreeBSD, Poudriere, pkg-ng Update
This is a recurring sysadmin task: keep your computer updated.
Install OS Updates
Install OS updates for the current release installed on your computer.
root@host:~# freebsd-update fetch install
Upgrade OS to New Release
Upgrade to new release, e.g. from 10.1-RELEASE to 10.2-RELEASE.
root@host:~# freebsd-update upgrade -r 10.2-RELEASE root@host:~# freebsd-update install root@host:~# reboot root@host:~# freebsd-update install
Upgrade Poudriere
root@host:~# poudriere jail -u -j 10_1-r-x64 root@host:~# poudriere ports -u root@host:~# poudriere bulk -f /usr/local/etc/poudriere-list -j 10_1-r-x64
Package Updates
To check for outdated packages that need to be updated.
root@host:~# pkg update root@host:~# pkg version -l "<"
Install package updates only from your local Poudriere repo.
root@host:~# pkg upgrade -r poudriere
Install all other package updates from FreeBSD repo.
root@host:~# pkg upgrade
Ports Updates
root@host:~# cd /usr/ports root@host:~# portsnap fetch update