FreeBSD更新和升级

FreeBSD在发行不同relase期间会持续开发: 有些人会倾向于使用官方发布版本，有些人则喜欢和最新的开发版本保持同步。不管怎样，每个官方发行版都会有安全更新和其他关键修复。不管使用哪个版本，FreeBSD都提供了必要工具来保持系统更新以及易于在不同版本之间的升级工具。

备注

在大陆访问FreeBSD的更新网站非常缓慢，甚至无法完成更新。所以可能需要设置 FreeBSD代理配置

FreeBSD update

FreeBSD提供了一个名为 freebsd-update 的工具来提供安全补丁以及更新到新发行版本的能力。该工具支持二进制安全和更新，不需要手工编译和对内核补丁。二进制更新是对所有架构提供，并且通过安全团队提供当前版本支持。有关发行版支持和产品生命周期时间，请参考 https://www.FreeBSD.org/security/

对于需要更新版本号的操作，请参考 https://www.FreeBSD.org/releases/ 信息

配置文件

/etc/freebsd-update.conf 配置文件控制了 freebsd-update 工具的工作方式，例如可以微调升级过程。默认配置是升级整个 base 系统和内核。

安全补丁

执行以下命令完成 security 和 errate patches安装更新:

安装安全和修正补丁

freebsd-update fetch
freebsd-update install

版本升级

minor version upgrades: 例如 FreeBSD 13.1 升级到 13.2
major version upgrades: 例如 FreeBSD 13.2 升级到 14.0

上述版本升级都可以通过 freebsd-update 工具完成

我的实践: FreeBSD 13.0 升级到 14.2:

FreeBSD 13.0 升级到 14.2

freebsd-update -r 14.2-RELEASE upgrade

输出:

FreeBSD 13.0 升级到 14.2 的输出

src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 13.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base

The following components of FreeBSD do not seem to be installed:
kernel/generic-dbg world/base-dbg world/lib32 world/lib32-dbg

Does this look reasonable (y/n)? y

有些升级配置会提示你冲突而无法合并，此时需要按照提示进行编辑，将你认为合理的配置保留，不需要的配置删除

升级过程会提示冲突的配置，需要手工编辑

Attempting to automatically merge changes in files... done.

The following file could not be merged automatically: /etc/group
Press Enter to edit this file in vi and resolve the conflicts
manually...

最终完成配置之后，会提示可以执行如下命令进程安装:

解决了冲突的配置后会提示执行如下命令安装

To install the downloaded upgrades, run "/usr/sbin/freebsd-update install".

现在开始正式安装升级版本:

确认无误后开始正式安装升级包

/usr/sbin/freebsd-update install

安装完成后提示需要重启并再次执行 freebsd-update install :

安装完成后提示需要重启并再次执行 freebsd-update install

src component not installed, skipped
Installing updates...
Kernel updates have been installed.  Please reboot and run
"/usr/sbin/freebsd-update install" again to finish installing updates.

重启 reboot 并按照提示再执行一次

重启后再次执行install

/usr/sbin/freebsd-update install

提示升级移除了旧的共享对象文件，并且有一个提示显示需要重建第三方软件(例如从 ports 中安装的程序)，并且需要在完成第三方软件重建后，再次执行 install

提示信息需要重建第三方程序

Completing this upgrade requires removing old shared object files.
Please rebuild all installed 3rd party software (e.g., programs
installed from the ports tree) and then run "/usr/sbin/freebsd-update install"
again to finish installing updates.

RELEASE升级问题排查

我在尝试 14.2-RELEASE 升级版本到 14.3-RELEASE 的时候总是遇到文件 fetch 错误:

版本升级时fetch错误

# freebsd-update -r 14.3-RELEASE upgrade
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 14.2-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base

The following components of FreeBSD do not seem to be installed:
kernel/generic-dbg world/base-dbg world/lib32 world/lib32-dbg

Does this look reasonable (y/n)? y

Fetching metadata signature for 14.3-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Fetching files from 14.2-RELEASE for merging... done.
Preparing to download files... done.
Fetching 1069 patches.....10....20....30....40....50....60....70....80....90....100....110....120....130....140....150....160....170....180....190....200....210....220....230....240....250....260....270....280....290....300....310....320....330....340....350....360....370....380....390....400....410....420....430....440....450....460....470....480....490....500....510....520....530....540....550....560....570....580....590....600....610....620....630....640....650....660....670....680....690....700....710....720....730....740....750....760....770....780....790....800....810....820....830....840....850....860....870....880....890....900....910....920....930....940....950....960....970....980....990....1000....1010....1020....1030....1040....1050....1060.... done.
Applying patches... done.
Fetching 54 files... ....10.. gunzip: (stdin): unexpected end of file
c00ceede97856d1a4e6f5369f151f56e29a5e8b4797ca053c25bf6a5420eba6a has incorrect hash.

最初我考虑是受到GFW影响，所以我尝试 FreeBSD代理配置设置，但是报错依旧。

我又尝试了 FreeBSD-update: gunzip: (stdin): unexpected end of file metadata is corrupt error 介绍的两种方法:

先尝试清理掉本地已经下载的缓存文件:

清理本地缓存的升级文件

rm -rf /var/db/freebsd-update/*

但是依然报错 gunzip: (stdin): unexpected end of file e02141215d8bac9351822518f491b7adb8629d379da8d6778d4c5a2b6f34affb has incorrect hash.

尝试第二个方法是修订 /etc/freebsd-update.conf ，将 ServerName 调整为 update2.FreeBSD.org 服务器:

修订升级服务器配置

# Server or server pool from which to fetch updates.  You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
#ServerName update.FreeBSD.org
ServerName update2.FreeBSD.org

然后重新执行RELEASE升级。实践验证，方法二成功