Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal

Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal
Book menu
Chapter 4. Installing Applications: Packages and Ports
Table of Contents
4.1. Synopsis
FreeBSD is bundled with a rich collection of system tools as part of the base system.
In addition, FreeBSD provides two complementary technologies for installing third-party software: the FreeBSD Ports Collection,
for installing from source, and packages, for installing from pre-built binaries.
Either method may be used to install software from local media or from the network.
Read this chapter to learn:
The difference between binary packages and ports.
How to find third-party software that has been ported to FreeBSD.
How to manage binary packages using pkg.
How to build third-party software from source using the Ports Collection.
How to find the files installed with the application for post-installation configuration.
What to do if a software installation fails.
4.2. Overview of Software Installation
A FreeBSD
port
is a collection of files designed to automate the process of compiling an application from source code.
The files that comprise a port contain all the necessary information to automatically download, extract, patch, compile, and install the application.
If the software has not already been adapted and tested on FreeBSD, the source code might need editing in order for it to install and run properly.
However, over
36000
third-party applications have already been ported to FreeBSD.
When feasible, these applications are made available for download as pre-compiled
packages
Packages can be manipulated with the FreeBSD package management commands.
Both packages and ports understand dependencies.
If a package or port is used to install an application and a dependent library is not already installed, the library will automatically be installed first.
A FreeBSD package contains pre-compiled copies of all the commands for an application, as well as any configuration files and documentation.
A package can be manipulated with the
pkg(8)
commands, such as
pkg install
While the two technologies are similar, packages and ports each have their own strengths.
Select the technology that meets the needs for installing a particular application.
Package Benefits
A compressed package tarball is typically smaller than the compressed tarball containing the source code for the application.
Packages do not require compilation time. For large applications, such as Firefox, KDE Plasma, or GNOME, this can be important on a slow system.
Packages do not require any understanding of the process involved in compiling software on FreeBSD.
Port Benefits
Packages are normally compiled with conservative options because they have to run on the maximum number of systems. By compiling from the port, one can change the compilation options.
Some applications have compile-time options relating to which features are installed. For example, NGINX® can be configured with a wide variety of different built-in options.
In some cases, multiple packages will exist for the same application with different settings. For example, NGINX® is available as a
nginx
package and a
nginx-lite
package, the former has many more options enabled, but this in turn requires many things to be installed as dependencies for it to work, thus increasing space consumption and attack surface.
The transitive dependencies can grow quite large, for example the full
nginx
package will pull in several X libraries which can be quite surprising, so building from ports allows to choose only the options needed without a "kitchen sink" approach. In some cases, multiple packages will exist for the same application to specify certain settings.
The licensing conditions of some software forbid binary distribution. Such software must be distributed as source code which must be compiled by the end-user.
Some people do not trust binary distributions or prefer to read through source code in order to look for potential problems.
Source code is needed in order to apply custom patches.
To keep track of updated ports, subscribe to the
FreeBSD ports mailing list
and the
FreeBSD ports bugs mailing list
Before installing an application, check
for related security issues.
To audit installed packages against known vulnerabilities, run
pkg audit -F
The remainder of this chapter explains how to use packages and ports to install and manage third-party software on FreeBSD.
4.3. Finding Software
FreeBSD’s list of available applications is growing all the time.
There are a number of ways to find software to install:
The FreeBSD web site maintains an up-to-date searchable list of all the available applications, at
Ports Portal
. The ports can be searched by application name or by software category.
Dan Langille maintains
FreshPorts
which provides a comprehensive search utility and also tracks changes to the applications in the Ports Collection. Registered users can create a customized watch list in order to receive an automated email when their watched ports are updated.
If finding a particular application becomes challenging, try searching a site like
SourceForge
or
GitHub
then check back at the
Ports Portal
to see if the application has been ported.
Search the binary package repository for an application using the
pkg(8)
command
4.4. Using pkg for Binary Package Management
pkg(8)
provides an interface for manipulating packages: registering, adding, removing and upgrading packages.
For sites wishing to only use prebuilt binary packages from the FreeBSD mirrors, managing packages with
pkg(8)
can be sufficient.
However, for those sites building from source a separate
port management tool
will be needed.
Since
pkg(8)
only works with binary packages, it is not a replacement for such tools.
Those tools can be used to install software from both binary packages and the Ports Collection, while
pkg(8)
installs only binary packages.
4.4.1. Getting Started with pkg
All supported versions of FreeBSD now contain
/usr/sbin/pkg
a.k.a
pkg(7)
This is a small placeholder that has just the minimum functionality required to install the real
pkg(8)
An Internet working connection is required for the bootstrap process to succeed.
Run
pkg(8)
command line:
# pkg
The output should be similar to the following:
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]
pkg(7)
will intercept the command, and when confirmed, downloads the
pkg(8)
tarball, installs
pkg(8)
from it, bootstraps the local package database and then proceeds to run the command originally requested.
More recent versions of
pkg(7)
understand
pkg -N
as a test to see if
pkg(8)
is installed without triggering the installation, and conversely, pkg bootstrap[-f] to install
pkg(8)
(or force it to be reinstalled) without performing any other actions.
Usage information for pkg is available in the
pkg(8)
manual page or by running
pkg
without additional arguments.
Additional pkg configuration options are described in
pkg.conf(5)
Each pkg command argument is documented in a command-specific manual page.
To read the manual page for
pkg install
, for example, run this command:
# pkg help install
The rest of this section demonstrates common binary package management tasks which can be performed using
pkg(8)
Each demonstrated command provides many switches to customize its use.
Refer to a command’s help or man page for details and more examples.
4.4.2. Quarterly and Latest Ports Branches
The
Quarterly
branch provides users with a more predictable and stable experience for port and package installation and upgrades.
This is done essentially by only allowing non-feature updates.
Quarterly branches aim to receive security fixes (that may be version updates, or backports of commits), bug fixes and ports compliance or framework changes.
The Quarterly branch is cut from HEAD at the beginning of every (yearly) quarter in January, April, July, and October.
Branches are named according to the year (YYYY) and quarter (Q1-4) they are created in.
For example, the quarterly branch created in January 2023, is named 2023Q1.
And the
Latest
branch provides the latest versions of the packages to the users.
To switch
pkg(8)
from Quarterly to Latest run the following commands:
# mkdir -p /usr/local/etc/pkg/repos
# echo 'FreeBSD-ports: { url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest" }' > /usr/local/etc/pkg/repos/FreeBSD.conf
Then run this command to update the local package repositories catalogues for the Latest branch:
# pkg update -f
4.4.3. Kernel modules repositories
The kernel module repositories allow users to install ready to use kernel
modules like the ones used for graphic drivers and specific hardware.
Starting with FreeBSD 14.3, the FreeBSD Project provides kernel modules built
for every supported version. To create such a repository configuration if it
does not exist, add the following to
/usr/local/etc/pkg/repos/kmods.conf
FreeBSD-kmods:
url:
"pkg+https://pkg.FreeBSD.org/
${
ABI
/KMODSFLAVOR"
mirror_type:
"srv"
signature_type:
"fingerprints"
fingerprints:
"/usr/share/keys/pkg"
enabled:
yes
KMODSFLAVOR
respects the following pattern:
kmods_PORTBRANCH_MINORRELEASE
For instance:
Table 1. Kmodsflavor
FreeBSD Release
ports main
ports quarterly
FreeBSD 14.2-RELEASE
kmods_latest_2
kmods_quarterly_2
FreeBSD 14.3-RELEASE
kmods_latest_3
kmods_quarterly_3
FreeBSD 14.3-STABLE
kmods_latest
kmods_quarterly
FreeBSD 15.0-CURRENT
kmods_latest
4.4.4. Configure pkg
pkg.conf(5)
is the system-wide configuration file used by the
pkg(8)
tools.
The default location of this file is
/usr/local/etc/pkg.conf
FreeBSD does not need to have a
pkg.conf
file.
Many installations will work well with no
pkg.conf
at all or with an empty
pkg.conf
(other than comment lines).
Lines in the file beginning with a "#" are comments and are ignored.
The file is in UCL format.
For more information on the syntax of
libucl(3)
, please visit the
official UCL website
The following types of options are recognized - boolean, string and list options.
A boolean option is marked as enabled if one of the following values is specified in the configuration file - YES, TRUE and ON.
4.4.5. Searching Packages
To search a package
pkg-search(8)
can be used:
# pkg search nginx
The output should be similar to the following:
modsecurity3-nginx-1.0.3 Instruction detection and prevention engine / nginx Wrapper
nginx-1.22.1_2,3 Robust and small WWW server
nginx-devel-1.23.2_4 Robust and small WWW server
nginx-full-1.22.1_1,3 Robust and small WWW server (full package)
nginx-lite-1.22.1,3 Robust and small WWW server (lite package)
nginx-naxsi-1.22.1,3 Robust and small WWW server (plus NAXSI)
nginx-prometheus-exporter-0.10.0_7 Prometheus exporter for NGINX and NGINX Plus stats
nginx-ultimate-bad-bot-blocker-4.2020.03.2005_1 Nginx bad bot and other things blocker
nginx-vts-exporter-0.10.7_7 Server that scraps NGINX vts stats and export them via HTTP
p5-Nginx-ReadBody-0.07_1 Nginx embeded perl module to read and evaluate a request body
p5-Nginx-Simple-0.07_1 Perl 5 module for easy to use interface for Nginx Perl Module
p5-Test-Nginx-0.30 Testing modules for Nginx C module development
py39-certbot-nginx-2.0.0 NGINX plugin for Certbot
rubygem-passenger-nginx-6.0.15 Modules for running Ruby on Rails and Rack applications
4.4.6. Installing and Fetching Packages
To install a binary package
pkg-install(8)
can be used.
This command uses repository data to determine which version of the software to install and if it has any uninstalled dependencies.
For example, to install curl:
# pkg install curl
The output should be similar to the following:
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 9 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
ca_root_nss: 3.83
curl: 7.86.0
gettext-runtime: 0.21
indexinfo: 0.3.1
libidn2: 2.3.3
libnghttp2: 1.48.0
libpsl: 0.21.1_4
libssh2: 1.10.0.3
libunistring: 1.0

Number of packages to be installed: 9

The process will require 11 MiB more space.
3 MiB to be downloaded

Proceed with this action? [y/N]
The new package and any additional packages that were installed as dependencies can be seen in the installed packages list:
# pkg info
The output should be similar to the following:
ca_root_nss-3.83 Root certificate bundle from the Mozilla Project
curl-7.86.0 Command line tool and library for transferring data with URLs
gettext-runtime-0.21.1 GNU gettext runtime libraries and programs
indexinfo-0.3.1 Utility to regenerate the GNU info page index
libidn2-2.3.3 Implementation of IDNA2008 internationalized domain names
libnghttp2-1.48.0 HTTP/2.0 C Library
libpsl-0.21.1_6 C library to handle the Public Suffix List
libssh2-1.10.0.3 Library implementing the SSH2 protocol
libunistring-1.0 Unicode string library
pkg-1.18.4 Package manager
To fetch a package and install it later or in another place use
pkg-fetch(8)
For example, to download
nginx-lite
# pkg fetch -d -o /usr/home/user/packages/ nginx-lite
-d
: used to fetch all the dependencies
-o
: used to specify the download directory
The output should be similar to the following:
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following packages will be fetched:

New packages to be FETCHED:
nginx-lite: 1.22.1,3 (342 KiB: 22.20% of the 2 MiB to download)
pcre: 8.45_3 (1 MiB: 77.80% of the 2 MiB to download)

Number of packages to be fetched: 2

The process will require 2 MiB more space.
2 MiB to be downloaded.

Proceed with fetching packages? [y/N]:
To install the downloaded packages
pkg-install(8)
can be used as follows:
# cd /usr/home/user/packages/
# pkg install nginx-lite-1.22.1,3.pkg
4.4.7. Obtaining Information About Installed Packages
Information about the packages installed on a system can be viewed by running
pkg-info(8)
which, when run without any switches, will list the package version for either all installed packages or the specified package.
For example, to see which version of pkg is installed, run:
# pkg info pkg
The output should be similar to the following:
pkg-1.19.0
Name : pkg
Version : 1.19.0
Installed on : Sat Dec 17 11:05:28 2022 CET
Origin : ports-mgmt/pkg
Architecture : FreeBSD:13:amd64
Prefix : /usr/local
Categories : ports-mgmt
Licenses : BSD2CLAUSE
Maintainer : pkg@FreeBSD.org
WWW : https://github.com/freebsd/pkg
Comment : Package manager
Options :
DOCS : on
Shared Libs provided:
libpkg.so.4
Annotations :
FreeBSD_version: 1301000
repo_type : binary
repository : FreeBSD
Flat size : 33.2MiB
Description :
Package management tool

WWW: https://github.com/freebsd/pkg
4.4.8. Upgrading Installed Packages
Installed packages can be upgraded to their latest versions using
pkg-upgrade(8)
# pkg upgrade
This command will compare the installed versions with those available in the repository catalogue and upgrade them from the repository.
4.4.9. Auditing Installed Packages
Software vulnerabilities are regularly discovered in third-party applications.
To address this, pkg includes a built-in auditing mechanism.
To determine if there are any known vulnerabilities for the software installed on the system, use
pkg-audit(8)
# pkg audit -F
The output should be similar to the following:
Fetching vuln.xml.xz: 100% 976 KiB 499.5kB/s 00:02
chromium-108.0.5359.98 is vulnerable:
chromium -- multiple vulnerabilities
CVE: CVE-2022-4440
CVE: CVE-2022-4439
CVE: CVE-2022-4438
CVE: CVE-2022-4437
CVE: CVE-2022-4436
WWW: https://vuxml.FreeBSD.org/freebsd/83eb9374-7b97-11ed-be8f-3065ec8fd3ec.html
4.4.10. Removing Packages
Packages that are no longer needed can be removed with
pkg-delete(8)
For example:
# pkg delete curl
The output should be similar to the following:
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
curl :7.86.0

Number of packages to be removed: 1

The operation will free 4 MiB.

Proceed with deinstallation packages? [y/N]: y
[1/1] Deinstalling curl-7.86.0...
[1/1] Deleting files for curl-7.86.0: 100%
4.4.11. Automatically Removing Unused Packages
Removing a package may leave behind dependencies which are no longer required.
Unneeded packages that were installed as dependencies (leaf packages) can be automatically detected and removed using
pkg-autoremove(8)
# pkg autoremove
The output should be similar to the following:
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages:

Installed packages to be REMOVED:
ca_root_nss-3.83

Number of packages to be removed: 1

The operation will free 723 KiB.

Proceed with deinstalling packages? [y/N]:
Packages installed as dependencies are called
automatic
packages.
Non-automatic packages, i.e the packages that were explicitly installed not as a dependency to another package, can be listed using:
# pkg prime-list
The output should be similar to the following:
nginx
openvpn
sudo
pkg prime-list
is an alias command declared in
/usr/local/etc/pkg.conf
There are many others that can be used to query the package database of the system.
For instance, command
pkg prime-origins
can be used to get the origin port directory of the list mentioned above:
# pkg prime-origins
The output should be similar to the following:
www/nginx
security/openvpn
security/sudo
This list can be used to rebuild all packages installed on a system using build tools such as
ports-mgmt/poudriere
or
ports-mgmt/synth
Marking an installed package as automatic can be done using:
# pkg set -A 1 devel/cmake
Once a package is a leaf package and is marked as automatic, it gets selected by
pkg autoremove
Marking an installed package as
not
automatic can be done using:
# pkg set -A 0 devel/cmake
4.4.12. Removing Stale Packages
By default, pkg stores binary packages in a cache directory defined by
PKG_CACHEDIR
in
pkg.conf(5)
Only copies of the latest installed packages are kept. Older versions of pkg kept all previous packages.
To remove these outdated binary packages, run:
# pkg clean
The entire cache may be cleared by running:
# pkg clean -a
4.4.13. Locking and Unlocking Packages
pkg-lock(8)
is used to lock packages against reinstallation, modification or deletion.
pkg-unlock(8)
unlocks the named packages.
Either variant only has an effect on currently installed packages.
Consequently it is impossible to block installation of a new package by using this mechanism, unless such an installation implies updating a locked package.
For example, to lock
nginx-lite
# pkg lock nginx-lite
And to unlock
nginx-lite
# pkg unlock nginx-lite
4.4.14. Modifying Package Metadata
Software within the FreeBSD Ports Collection can undergo major version number changes.
To address this, pkg has a built-in command to update package origins.
This can be useful, for example, if
lang/python3
is renamed to
lang/python311
so that
lang/python3
can now represent version
3.11
To change the package origin for the above example, run:
# pkg set -o lang/python3:lang/python311
As another example, to update
lang/ruby31
to
lang/ruby32
, run:
# pkg set -o lang/ruby31:lang/ruby32
When changing package origins, it is important to reinstall packages that are dependent on the package with the modified origin.
To force a reinstallation of dependent packages, run:
# pkg install -Rf lang/ruby32
4.5. Using the Ports Collection
The Ports Collection is a set of
Makefiles
, patches, and description files.
Each set of these files is used to compile and install an individual application on FreeBSD, and is called a
port
By default, the Ports Collection itself is stored as a subdirectory of
/usr/ports
Before installing and using the Ports Collection, please be aware that it is generally ill-advised to use the Ports Collection in conjunction with the binary packages provided via pkg to install software.
pkg, by default, tracks quarterly branch-releases of the ports tree and not HEAD.
Dependencies could be different for a port in HEAD compared to its counterpart in a quarterly branch release and this could result in conflicts between dependencies installed by pkg and those from the Ports Collection.
If the Ports Collection and pkg must be used in conjunction, then be sure that the Ports Collection and pkg are on the same branch release of the ports tree.
The Ports Collection contains directories for software categories.
Inside each category are subdirectories for individual applications.
Each application subdirectory contains a set of files that tells FreeBSD how to compile and install that program, called a
ports skeleton
Each port skeleton includes these files and directories:
Makefile
: contains statements that specify how the application should be compiled and where its components should be installed.
distinfo
: contains the names and checksums of the files that must be downloaded to build the port.
files/
: this directory contains any patches needed for the program to compile and install on FreeBSD. This directory may also contain other files used to build the port.
pkg-descr
: provides a more detailed description of the program.
pkg-plist
: a list of all the files that will be installed by the port. It also tells the ports system which files to remove upon deinstallation.
Some ports include
pkg-message
or other files to handle special situations.
For more details on these files, and on ports in general, refer to the
FreeBSD Porter’s Handbook
The port does not include the actual source code, also known as a
distfile
The extract portion of building a port will automatically save the downloaded source to
/usr/ports/distfiles
4.5.1. Installing the Ports Collection
Before an application can be compiled using a port, the Ports Collection must first be installed.
If it was not installed during the installation of FreeBSD, use the following method to install it:
Procedure: Git Method
If more control over the ports tree is needed or if local changes need to be maintained, or if running FreeBSD-CURRENT,
Git can be used to obtain the Ports Collection.
Refer to
the Git Primer
for a detailed description of Git.
We add
--depth 1
to the git command line to clone the tree without obtaining the commit history, which saves time and is acceptable for most users.
When maintaining custom changes to the ports tree, or need the history for any reason, omit the
--depth 1
argument below.
Git must be installed before it can be used to check out the ports tree. If a copy of the ports tree is already present, install Git like this:
# cd /usr/ports/devel/git
# make install clean
If the ports tree is not available, or pkg is being used to manage packages, Git can be installed as a package:
# pkg install git
Check out a copy of the HEAD branch of the ports tree:
# git clone --depth 1 https://git.FreeBSD.org/ports.git /usr/ports
Or, check out a copy of a quarterly branch:
# git clone --depth 1 https://git.FreeBSD.org/ports.git -b 2023Q1 /usr/ports
As needed, update
/usr/ports
after the initial Git checkout:
# git -C /usr/ports pull
As needed, switch
/usr/ports
to a different quarterly branch:
# git -C /usr/ports fetch --depth 1 origin 2023Q2:2023Q2
# git -C /usr/ports switch 2023Q2
4.5.2. Installing Ports
This section provides basic instructions on using the Ports Collection to install or remove software.
The detailed description of available
make
targets and environment variables is available in
ports(7)
Before compiling any port, be sure to update the Ports Collection as described in the previous section.
Since the installation of any third-party software can introduce security vulnerabilities, it is recommended to first check
for known security issues related to the port.
Alternatively, run
pkg audit -F
before installing a new port.
This command can be configured to automatically perform a security audit and an update of the vulnerability database during the daily security system check. For more information, refer to
pkg-audit(8)
and
periodic(8)
Using the Ports Collection assumes a working Internet connection.
It also requires superuser privilege.
To compile and install the port, change to the directory of the port to be installed, then type
make install
at the prompt.
Messages will indicate the progress:
# cd /usr/ports/sysutils/lsof
# make install
>>
lsof_4.88D.freebsd.tar.gz doesn
't seem to exist in /usr/ports/distfiles/.
>> Attempting to fetch from ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/.
===> Extracting for lsof-4.88
...
[extraction output snipped]
...
>> Checksum OK for lsof_4.88D.freebsd.tar.gz.
===> Patching for lsof-4.88.d,8
===> Applying FreeBSD patches for lsof-4.88.d,8
===> Configuring for lsof-4.88.d,8
...
[configure output snipped]
...
===> Building for lsof-4.88.d,8
...
[compilation output snipped]
...

===> Installing for lsof-4.88.d,8
...
[installation output snipped]
...
===> Generating temporary packing list
===> Compressing manual pages for lsof-4.88.d,8
===> Registering installation for lsof-4.88.d,8
===> SECURITY NOTE:
This port has installed the following binaries which execute with
increased privileges.
/usr/local/sbin/lsof
Since
lsof
is a program that runs with increased privileges, a security warning is displayed as it is installed.
Once the installation is complete, the prompt will be returned.
Some shells keep a cache of the commands that are available in the directories listed in the
PATH
environment variable, to speed up lookup operations for the executable file of these commands.
Users of the
tcsh
shell should type
rehash
so that a newly installed command can be used without specifying its full path.
Use
hash -r
instead for the
sh
shell.
Refer to the documentation for the shell for more information.
During installation, a working subdirectory is created which contains all the temporary files used during compilation.
Removing this directory saves disk space and minimizes the chance of problems later when upgrading to the newer version of the port:
# make clean
===>
Cleaning
for
lsof-88.d,8
To save this extra step, instead use
make install clean
when compiling the port.
4.5.2.1. Customizing Ports Installation
Some ports provide build options which can be used to enable or disable application components, provide security options, or allow for other customizations.
Examples include
www/firefox
and
security/gpgme
If the port depends upon other ports which have configurable options,
it may pause several times for user interaction as the default behavior is to prompt the user to select options from a menu.
To avoid this and do all of the configuration in one batch, run
make config-recursive
within the port skeleton.
Then, run
make install [clean]
to compile and install the port.
When using
config-recursive
, the list of ports to configure are gathered by the
all-depends-list
target.
It is recommended to run
make config-recursive
until all dependent ports options have been defined,
and ports options screens no longer appear, to be certain that all dependency options have been configured.
There are several ways to revisit a port’s build options menu in order to add, remove, or change these options after a port has been built.
One method is to
cd
into the directory containing the port and type
make config
Another option is to use
make showconfig
Another option is to execute
make rmconfig
which will remove all selected options and allows to start over.
All of these options, and others, are explained in great detail in
ports(7)
The ports system uses
fetch(1)
to download the source files, which supports various environment variables.
The
FTP_PASSIVE_MODE
FTP_PROXY
, and
FTP_PASSWORD
variables may need to be set if the FreeBSD system is behind a firewall or FTP/HTTP proxy.
See
fetch(3)
for the complete list of supported variables.
For users who cannot be connected to the Internet all the time,
make fetch
can be run within
/usr/ports
to fetch all distfiles, or within a category, such as
/usr/ports/net
, or within the specific port skeleton.
Note that if a port has any dependencies, running this command in a category or ports skeleton will
not
fetch the distfiles of ports from another category.
Instead, use
make fetch-recursive
to also fetch the distfiles for all the dependencies of a port.
In rare cases, such as when an organization has a local distfiles repository, the
MASTER_SITES
variable can be used to override the download locations specified in the
Makefile
When using, specify the alternate location:
# cd /usr/ports/directory
# make MASTER_SITE_OVERRIDE= \
ftp://ftp.organization.org/pub/FreeBSD/ports/distfiles/ fetch
The
WRKDIRPREFIX
and
PREFIX
variables can override the default working and target directories. For example:
# make WRKDIRPREFIX=/usr/home/example/ports install
will compile the port in
/usr/home/example/ports
and install everything under
/usr/local
# make PREFIX=/usr/home/example/local install
will compile the port in
/usr/ports
and install it in
/usr/home/example/local
. And:
# make WRKDIRPREFIX=../ports PREFIX=../local install
will combine the two.
These can also be set as environmental variables.
Refer to the manual page for the shell for instructions on how to set an environmental variable.
4.5.3. Removing Installed Ports
Installed ports can be uninstalled using
pkg delete
Examples for using this command can be found in the
pkg-delete(8)
manual page.
Alternately,
make deinstall
can be run in the port's directory:
# cd /usr/ports/sysutils/lsof
# make deinstall
===>
Deinstalling
for
sysutils/lsof
===>
Deinstalling
Deinstallation has been requested
for
the following 1 packages:

lsof-4.88.d,8

The deinstallation will free 229 kB
1/1] Deleting lsof-4.88.d,8...
done
It is recommended to read the messages as the port is uninstalled.
If the port has any applications that depend upon it, this information will be displayed but the uninstallation will proceed.
In such cases, it may be better to reinstall the application in order to prevent broken dependencies.
4.5.4. Upgrading Ports
Over time, newer versions of software become available in the Ports Collection.
This section describes how to determine which software can be upgraded and how to perform the upgrade.
To determine if newer versions of installed ports are available, ensure that the latest version of the ports tree is installed,
using the updating command described in
Git Method
The following command will list the installed ports which are out of date:
# pkg version -l "<"
Before attempting an upgrade, read
/usr/ports/UPDATING
from the top of the file to the date closest to the last time ports were upgraded or the system was installed.
This file describes various issues and additional steps users may encounter and need to perform when updating a port, including such things as file format changes, changes in locations of configuration files, or any incompatibilities with previous versions.
Make note of any instructions which match any of the ports that need upgrading and follow these instructions when performing the upgrade.
4.5.4.1. Tools to Upgrade and Manage Ports
The Ports Collection contains several utilities to perform the actual upgrade.
Each has its strengths and weaknesses.
Historically, most installations used either Portmaster or Portupgrade.
Synth is a newer alternative.
The choice of which tool is best for a particular system is up to the system administrator.
It is recommended practice to back up data before using any of these tools.
4.5.4.2. Upgrading Ports Using Portmaster
ports-mgmt/portmaster
is a very small utility for upgrading installed ports.
It is designed to use the tools installed with the FreeBSD base system without depending on other ports or databases.
To install this utility as a port:
# cd /usr/ports/ports-mgmt/portmaster
# make install clean
Portmaster defines four categories of ports:
Root port: has no dependencies and is not a dependency of any other ports.
Trunk port: has no dependencies, but other ports depend upon it.
Branch port: has dependencies and other ports depend upon it.
Leaf port: has dependencies but no other ports depend upon it.
To list these categories and search for updates:
# portmaster -L
===>>>
Root ports
No dependencies, not depended on
===>>>
ispell-3.2.06_18
===>>>
screen-4.0.3
===>>>
New version available: screen-4.0.3_1
===>>>
tcpflow-0.21_1
===>>>
7 root ports
...
===>>>
Branch ports
Have dependencies, are depended on
===>>>
apache22-2.2.3
===>>>
New version available: apache22-2.2.8
...
===>>>
Leaf ports
Have dependencies, not depended on
===>>>
automake-1.9.6_2
===>>>
bash-3.1.17
===>>>
New version available: bash-3.2.33
...
===>>>
32 leaf ports
===>>>
137 total installed ports
===>>>
83 have new versions available
This command is used to upgrade all outdated ports:
# portmaster -a
By default, Portmaster makes a backup package before deleting the existing port.
If the installation of the new version is successful, Portmaster deletes the backup.
Using
-b
instructs Portmaster not to automatically delete the backup.
Adding
-i
starts Portmaster in interactive mode, prompting for confirmation before upgrading each port.
Many other options are available.
Read through the manual page for
portmaster(8)
for details regarding their usage.
If errors are encountered during the upgrade process, add
-f
to upgrade and rebuild all ports:
# portmaster -af
Portmaster can also be used to install new ports on the system, upgrading all dependencies before building and installing the new port.
To use this function, specify the location of the port in the Ports Collection:
# portmaster shells/bash
More information about
ports-mgmt/portmaster
may be found in its
pkg-descr
4.5.4.3. Upgrading Ports Using Portupgrade
Portupgrade is deprecated and will be removed in the near future.
ports-mgmt/portupgrade
is another utility that can be used to upgrade ports.
It installs a suite of applications which can be used to manage ports.
However, it is dependent upon Ruby. To install the port:
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
Before performing an upgrade using this utility, it is recommended to scan the list of installed ports using
pkgdb -F
and to fix all the inconsistencies it reports.
To upgrade all the outdated ports installed on the system, use
portupgrade -a
Alternately, include
-i
to be asked for confirmation of every individual upgrade:
# portupgrade -ai
To upgrade only a specified application instead of all available ports, use
portupgrade
pkgname
It is very important to include
-R
to first upgrade all the ports required by the given application:
# portupgrade -R firefox
If
-P
is included, Portupgrade searches for available packages in the local directories listed in
PKG_PATH
If none are available locally, it then fetches packages from a remote site.
If packages can not be found locally or fetched remotely, Portupgrade will use ports.
To avoid using ports entirely, specify
-PP
This last set of options tells Portupgrade to abort if no packages are available:
# portupgrade -PP gnome3
To just fetch the port distfiles, or packages, if
-P
is specified, without building or installing anything, use
-F
For further information on all of the available switches, refer to the manual page for
portupgrade
More information about
ports-mgmt/portupgrade
may be found in its
pkg-descr
4.5.5. Ports and Disk Space
Using the Ports Collection will use up disk space over time.
After building and installing a port, running
make clean
within the ports skeleton will clean up the temporary
work
directory.
If Portmaster is used to install a port, it will automatically remove this directory unless
-K
is specified.
If Portupgrade is installed, this command will remove all
work
directories found within the local copy of the Ports Collection:
# portsclean -C
In addition, outdated source distribution files accumulate in
/usr/ports/distfiles
over time.
To use Portupgrade to delete all the distfiles that are no longer referenced by any ports:
# portsclean -D
Portupgrade can remove all distfiles not referenced by any port currently installed on the system:
# portsclean -DD
If Portmaster is installed, use:
# portmaster --clean-distfiles
By default, this command is interactive and prompts the user to confirm if a distfile should be deleted.
In addition to these commands,
ports-mgmt/pkg_cutleaves
automates the task of removing installed ports that are no longer needed.
4.6. Building Packages with poudriere
poudriere is a
BSD
-licensed utility for creating and testing FreeBSD packages.
It uses FreeBSD jails to set up isolated compilation environments.
These jails can be used to build packages for versions of FreeBSD that are different from the system on which it is installed, and also to build packages for i386 if the host is an amd64 system.
Once the packages are built, they are in a layout identical to the official mirrors.
These packages are usable by
pkg(8)
and other package management tools.
poudriere is installed using the
ports-mgmt/poudriere
package or port.
The installation includes a sample configuration file
/usr/local/etc/poudriere.conf.sample
Copy this file to
/usr/local/etc/poudriere.conf
Edit the copied file to suit the local configuration.
While
ZFS
is not required on the system running poudriere, it is beneficial.
When
ZFS
is used,
ZPOOL
must be specified in
/usr/local/etc/poudriere.conf
and
FREEBSD_HOST
should be set to a nearby mirror.
Defining
CCACHE_DIR
enables the use of
devel/ccache
to cache compilation and reduce build times for frequently-compiled code.
It may be convenient to put poudriere datasets in an isolated tree mounted at
/poudriere
Defaults for the other configuration values are adequate.
The number of processor cores detected is used to define how many builds will run in parallel.
Supply enough virtual memory, either with
RAM
or swap space.
If virtual memory runs out, the compilation jails will stop and be torn down, resulting in weird error messages.
4.6.1. Initialize Jails and Port Trees
After configuration, initialize poudriere so that it installs a jail with the required FreeBSD tree and a ports tree.
Specify a name for the jail using
-j
and the FreeBSD version with
-v
On systems running FreeBSD/amd64, the architecture can be set with
-a
to either
i386
or
amd64
The default is the architecture shown by
uname
# poudriere jail -c -j 13amd64 -v 13.1-RELEASE
00:00:00] Creating 13amd64 fs at /poudriere/jails/13amd64...
done
00:00:00] Using pre-distributed MANIFEST
for
FreeBSD 13.1-RELEASE amd64
00:00:00] Fetching base
for
FreeBSD 13.1-RELEASE amd64
/poudriere/jails/13amd64/fromftp/base.txz 125 MB 4110 kBps 31s
00:00:33] Extracting base...
done
00:00:54] Fetching src
for
FreeBSD 13.1-RELEASE amd64
/poudriere/jails/13amd64/fromftp/src.txz 154 MB 4178 kBps 38s
00:01:33] Extracting src...
done
00:02:31] Fetching lib32
for
FreeBSD 13.1-RELEASE amd64
/poudriere/jails/13amd64/fromftp/lib32.txz 24 MB 3969 kBps 06s
00:02:38] Extracting lib32...
done
00:02:42] Cleaning up...
done
00:02:42] Recording filesystem state
for
clean...
done
00:02:42] Upgrading using ftp
/etc/resolv.conf -> /poudriere/jails/13amd64/etc/resolv.conf
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update4.freebsd.org...
done
Fetching metadata signature
for
13.1-RELEASE from update4.freebsd.org...
done
Fetching metadata index...
done
Fetching 2 metadata files...
done
Inspecting system...
done
Preparing to download files...
done
Fetching 124 patches.....10....20....30....40....50....60....70....80....90....100....110....120..
done
Applying patches...
done
Fetching 6 files...
done
The following files will be added as part of updating to
13.1-RELEASE-p1:
/usr/src/contrib/unbound/.github
/usr/src/contrib/unbound/.github/FUNDING.yml
/usr/src/contrib/unbound/contrib/drop2rpz
/usr/src/contrib/unbound/contrib/unbound_portable.service.in
/usr/src/contrib/unbound/services/rpz.c
/usr/src/contrib/unbound/services/rpz.h
/usr/src/lib/libc/tests/gen/spawnp_enoexec.sh
The following files will be updated as part of updating to
13.1-RELEASE-p1:
…]
Installing updates...Scanning //usr/share/certs/blacklisted
for
certificates...
Scanning //usr/share/certs/trusted
for
certificates...
done
13.1-RELEASE-p1
00:04:06] Recording filesystem state
for
clean...
done
00:04:07] Jail 13amd64 13.1-RELEASE-p1 amd64 is ready to be used
# poudriere ports -c -p local -m git+https
00:00:00] Creating
local
fs at /poudriere/ports/local...
done
00:00:00] Checking out the ports tree...
done
On a single computer, poudriere can build ports with multiple configurations, in multiple jails, and from different port trees.
Custom configurations for these combinations are called
sets
See the CUSTOMIZATION section of
poudriere(8)
for details after
ports-mgmt/poudriere
or
ports-mgmt/poudriere-devel
is installed.
The basic configuration shown here puts a single jail-, port-, and set-specific
make.conf
in
/usr/local/etc/poudriere.d
The filename in this example is created by combining the jail name, port name, and set name:
13amd64-local-workstation-make.conf
The system
make.conf
and this new file are combined at build time to create the
make.conf
used by the build jail.
Packages to be built are entered in
13amd64-local-workstation-pkglist
(ports with
FLAVORS
can be defined with @FLAVOR):
editors/emacs
devel/git
devel/php-composer2@php82
ports-mgmt/pkg
...
Options and dependencies for the specified ports are configured:
# poudriere options -j 13amd64 -p local -z workstation -f 13amd64-local-workstation-pkglist
Finally, packages are built and a package repository is created:
# poudriere bulk -j 13amd64 -p local -z workstation -f 13amd64-local-workstation-pkglist
While running, pressing
Ctrl
displays the current state of the build.
poudriere also builds files in
/poudriere/logs/bulk/jailname
that can be used with a web server to display build information.
After completion, the new packages are now available for installation from the poudriere repository.
For more information on using poudriere, see
poudriere(8)
and the main web site,
4.6.2. Configuring pkg Clients to Use a poudriere Repository
While it is possible to use both a custom repository along side of the official repository, sometimes it is useful to disable the official repository.
This is done by creating a configuration file that overrides and disables the official configuration file.
Create
/usr/local/etc/pkg/repos/FreeBSD.conf
that contains the following:
FreeBSD: {
enabled: no
Usually it is easiest to serve a poudriere repository to the client machines via HTTP.
Set up a webserver to serve up the package directory, for instance:
/usr/local/poudriere/data/packages/13amd64
, where
13amd64
is the name of the build.
If the URL to the package repository is:
then the repository configuration file in
/usr/local/etc/pkg/repos/custom.conf
would look like:
custom: {
url: "https://pkg.example.com/13amd64",
enabled: yes,
If exposing the package repository to the internet is not desired, the
file://
protocol can be used to point to the repository directly:
custom: {
url: "file:///usr/local/poudriere/data/packages/11amd64",
enabled: yes,
4.7. Post-Installation Considerations
Regardless of whether the software was installed from a binary package or port, most third-party applications require some level of configuration after installation.
The following commands and locations can be used to help determine what was installed with the application.
Most applications install at least one default configuration file in
/usr/local/etc
. In cases where an application has a large number of configuration files, a subdirectory will be created to hold them. Often, sample configuration files are installed which end with a suffix such as
.sample
. The configuration files should be reviewed and possibly edited to meet the system’s needs. To edit a sample file, first copy it without the
.sample
extension.
Applications which provide documentation will install it into
/usr/local/share/doc
and many applications also install manual pages. This documentation should be consulted before continuing.
Some applications run services which must be added to
/etc/rc.conf
before starting the application. These applications usually install a startup script in
/usr/local/etc/rc.d
. See
Starting Services
for more information.
By design, applications do not run their startup script upon installation, nor do they run their stop script upon deinstallation or upgrade.
This decision is left to the individual system administrator.
Users of
csh(1)
should run
rehash
to rebuild the known binary list in the shells
PATH
Use
pkg info
to determine which files, man pages, and binaries were installed with the application.
4.8. Dealing with Broken Ports
When a port does not build or install, try the following:
Search to see if there is a fix pending for the port in the
Problem Report database
. If so, implementing the proposed fix may fix the issue.
Ask the maintainer of the port for help. Type
make maintainer
in the ports skeleton or read the port’s
Makefile
to find the maintainer’s email address. Remember to include the output leading up to the error in the email to the maintainer.
Some ports are not maintained by an individual but instead by a group maintainer represented by a
mailing list
Many, but not all, of these addresses look like
freebsd-listname@FreeBSD.org
Please take this into account when sending an email.
In particular, ports maintained by
ports@FreeBSD.org
are not maintained by a specific individual.
Instead, any fixes and support come from the general community who subscribe to that mailing list. More volunteers are always needed!
If there is no response to the email, use Bugzilla to submit a bug report using the instructions in
Writing FreeBSD Problem Reports
Fix it! The
Porter’s Handbook
includes detailed information on the ports infrastructure, enabling the fixing of occasional broken ports or the submission of new ones. Install the package instead of the port using the instructions in
Using pkg for Binary Package Management
Last modified on
: January 6, 2026 by
Brian Dorsey
Prev
Next
Table of Contents
Resources
Download PDF
Edit this page