FreeBSD Post Install Setup

After you have installed FreeBSD (10.1-RELEASE in my case) these steps will help you set it up for use. I'd recommend going through this guide and executing the sections in the order in which they appear here.

Disclaimer: I'm very new to FreeBSD so these are meant more for my notes than a canonical guide for others. Read the FreeBSD Handbook instead.

Create a User

If you didn't create a user during install you can create one on first login. As root:

root@host:~# pw usermod -n username -G wheel

Adding the user to the wheel group allows you to sudo.

Configure make

Create /etc/make.conf file ...:

root@host:~# vi /etc/make.conf

...with these contents:

CC=clang
CXX=clang++
CPP=clang-cpp
WRKDIRPREFIX=/tmp
CPUTYPE?=native
WITH_PKGNG=yes

Update FreeBSD

Update the FreeBSD base system:

root@host:~# freebsd-update fetch install

Setup Ports

root@host:~# cd /usr/ports
root@host:/usr/ports# make index
root@host:/usr/ports# portsnap fetch && portsnap extract && portsnap update

Install pkg-ng

Install pkgng, as root:

root@host:~# cd /usr/ports/ports-mgmt/pkg
root@host:/usr/ports/ports-mgmt/pkg# make
root@host:/usr/ports/ports-mgmt/pkg# make install clean

Configure Poudriere

Poudriere is a great way to custom build only the packages you need to control. I set it up on one machine on my LAN and then use it to provide packages to other machines.

Source of this section is Making a binary package repository with poudriere.

Install Poudriere

root@host:~# cd /usr/ports/ports-mgmt/poudriere
root@host:/usr/ports/ports-mgmt/poudriere# make install clean

Wait for it to build and install. Its dependencies will be installed automatically. You'll just have to answer some questions. Hint: stick with the defaults if you're just starting out.

Configure Poudriere

root@host:~# cp /usr/local/etc/poudriere.conf.sample /usr/local/etc/poudriere.conf
root@host:~# vi /usr/local/etc/poudriere.conf

At least have these settings configured

## If you have a ZFS pool named tank, uncomment this
#ZPOOL=tank
## If you are only using UFS, uncomment this
#NO_ZFS=yes
FREEBSD_HOST=ftp://ftp.freebsd.org
RESOLV_CONF=/etc/resolv.conf
BASEFS=/usr/local/poudriere
USE_TMPFS=yes
DISTFILES_CACHE=/usr/ports/distfiles
USE_COLORS=no
POUDRIERE_DATA=${BASEFS}/data
CHECK_CHANGED_OPTIONS=verbose
CHECK_CHANGED_DEPS=yes
PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/pkg.key
WRKDIR_ARCHIVE_FORMAT=txz
NOLINUX=yes

Check Out Ports Tree

root@host:~# poudriere ports -c

Create a Jail

Create a jail for Poudriere for FreeBSD 10.1-RELEASE and then update it.

root@host:~# poudriere jail -c -j 10_1-r-x64 -v 10.1-RELEASE -a amd64
root@host:~# poudriere jail -u -j 10_1-r-x64

Configure Jail

root@host:~# vi /usr/local/etc/poudriere.d/10_1-r-x64-make.conf

It should at least have the following.

WITH_PKGNG=yes       # Only required for versions before 10.0
CPUTYPE?=native        # Example, for an Atom CPU
CC=clang             # Highly recommended over GCC,
CXX=clang++          # but only needed for 8.X and 9.X
CPP=clang-cpp        # since it's the default in 10.0
FETCH_BEFORE_ARGS=-p4 -T 10
MASTER_SITE_BACKUP?= http://ftp2.us.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR/}
OPTIONS_UNSET= DEBUG HELP STATIC GNUTLS DOCS EXAMPLES IPV6 MANPAGES PTH IDN LIBIDN NLS DBUS SOUND ALSA PULSEAUDIO DOCBOOK CUPS TESTS HTMLDOCS BONJOUR GSSAPI APIDOCS

Choose the Packages You Want to Build

Add the packages you want to build to a file.

root@host:~# vi /usr/local/etc/poudriere-list

For example, I'm building these packages.

editors/nano
editors/vim
lang/go
lang/python3
ports-mgmt/portmaster
ports-mgmt/poudriere
security/sudo
shells/bash

Setup for Signing Packages

Create RSA key for signing the packages.

root@host:~# mkdir -p /usr/local/etc/ssl/keys /usr/local/etc/ssl/certs
root@host:~# chmod 600 /usr/local/etc/ssl/keys
root@host:~# openssl genrsa -out /usr/local/etc/ssl/keys/pkg.key 4096
root@host:~# openssl rsa -in /usr/local/etc/ssl/keys/pkg.key -pubout > /usr/local/etc/ssl/certs/pkg.cert

Update Poudriere Ports

Update the ports tree before building packages.

root@host:~# poudriere ports -u

Build Packages

root@host:~# poudriere bulk -f /usr/local/etc/poudriere-list -j 10_1-r-x64

Configure for Local Poudriere Repo

Configure your machine to use the local Poudriere repo.

root@host:~# mkdir -p /usr/local/etc/pkg/repos
root@host:~# vi /usr/local/etc/pkg/repos/poudriere.conf

Add this to the file. Make sure the url doesn't end in a slash.

poudriere: {
  url: "file:///usr/local/poudriere/data/packages/10_1-r-x64-default",
  mirror_type: "file",
  signature_type: "pubkey",
  pubkey: "/usr/local/etc/ssl/certs/pkg.cert",
  enabled: yes
}

Refresh pkgng Repo Info

root@host:~# pkg update

Install Packages from Poudriere

root@host:~# pkg install -r poudriere bash vim go python3 portmaster portaudit

Install Bash

If you're coming from Linux like me you're used to using bash. Since I'm building bash myself in Poudriere (see above) I'll use that version.

root@host:~# pkg install -r poudriere bash
root@host:~# mount -t fdescfs fdesc /dev/fd
root@host:~# echo "fdesc    /dev/fd    fdescfs    rw    0    0" >> /etc/fstab

Now change the shell for your non-root user:

user@host:~$ chsh -s /usr/local/bin/bash

FreeBSD, Poudriere, pkg-ng Update

This is a recurring sysadmin task: keep your computer updated.

Install OS Updates

Install OS updates for the current release installed on your computer.

root@host:~# freebsd-update fetch install

Upgrade OS to New Release

Upgrade to new release, e.g. from 10.1-RELEASE to 10.2-RELEASE.

root@host:~# freebsd-update upgrade -r 10.2-RELEASE
root@host:~# freebsd-update install
root@host:~# reboot
root@host:~# freebsd-update install

Upgrade Poudriere

root@host:~# poudriere jail -u -j 10_1-r-x64
root@host:~# poudriere ports -u
root@host:~# poudriere bulk -f /usr/local/etc/poudriere-list -j 10_1-r-x64

Package Updates

To check for outdated packages that need to be updated.

root@host:~# pkg update
root@host:~# pkg version -l "<"

Install package updates only from your local Poudriere repo.

root@host:~# pkg upgrade -r poudriere

Install all other package updates from FreeBSD repo.

root@host:~# pkg upgrade

Ports Updates

root@host:~# cd /usr/ports
root@host:~# portsnap fetch update