The FreeBSD Release Engineering Team is announcing the availability of FreeBSD version 13.2-RELEASE on 11/April/2023. It is the third release of the stable/13 branches. I updated my FreeBSD version 13.1 to 13.2 using the CLI over an ssh-based session. Here are my quick notes.
| Tutorial details | |
|---|---|
| Difficulty level | Intermediate |
| Root privileges | Yes |
| Requirements | Unix terminal |
| Category | System Management |
| Prerequisites | FreeBSD 13.1 |
| OS compatibility | FreeBSD • Jails • Unix |
| Est. reading time | 4 minutes |
nixCraft: Privacy First, Reader Supported
- nixCraft is a one-person operation. I create all the content myself, with no help from AI or ML. I keep the content accurate and up-to-date.
- Your privacy is my top priority. I don’t track you, show you ads, or spam you with emails. Just pure content in the true spirit of Linux and FLOSS.
- Fast and clean browsing experience. nixCraft is designed to be fast and easy to use. You won’t have to deal with pop-ups, ads, cookie banners, or other distractions.
- Support independent content creators. nixCraft is a labor of love, and it’s only possible thanks to the support of our readers. If you enjoy the content, please support us on Patreon or share this page on social media or your blog. Every bit helps.
What’s new in FreeBSD 13.2 releases?
- OpenSSH version 9.2p1.
- OpenSSL version 1.1.1t.
- The bhyve hypervisor now supports more than 16 vCPUs in a guest.
- Security feature such as Address Space Layout Randomization (ASLR) is now enabled for 64-bit executables by default.
- OpenZFS version 2.1.9.
- Taking snapshots on UFS filesystems when running with journaled soft updates is now possible.
- The kernel wg(4) WireGuard driver is now available.
- And much more.
Step 1 – Make a backup
Keeping verified FreeBSD system backups would be best before upgrading your system. Make sure you backup all data, config files and databases.
Step 2 – Update installed pacakges
Use the freebsd-update command to fetch and install any pending security updates and apply them for the FreeBSD 13.1 release.
Fully patch the 13.1 FreeBSD release
For instance:# freebsd-update fetch
# freebsd-update install
Outputs:
src component not installed, skipped Looking up update.FreeBSD.org mirrors... 2 mirrors found. Fetching metadata signature for 13.1-RELEASE from update2.freebsd.org... done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 13.1-RELEASE-p7.
Reboot the FreeBSD system if a new FreeBSD kernel installed. For example:# reboot
Type the cat command to check the FreeBSD version as follows:# cat /etc/os-release
Outputs:
NAME=FreeBSD VERSION="13.1-RELEASE-p7" VERSION_ID="13.1" ID=freebsd ANSI_COLOR="0;31" PRETTY_NAME="FreeBSD 13.1-RELEASE-p7" CPE_NAME="cpe:/o:freebsd:freebsd:13.1" HOME_URL="https://FreeBSD.org/" BUG_REPORT_URL="https://bugs.FreeBSD.org/"
Updating all packages
Next, apply all pending updates to your packages. Type the pkg command:# pkg update
# pkg upgrade
Sample session:
Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking for upgrades (13 candidates): 100% Processing candidates (13 candidates): 100% The following 13 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: curl: 7.88.1 -> 8.0.1 drm-510-kmod: 5.10.163_4 -> 5.10.163_5 duf: 0.8.1_12 -> 0.8.1_13 edk2-bhyve: g202202_1 -> g202202_2 grub2-bhyve: 0.40_8 -> 0.40_9 libgpg-error: 1.46 -> 1.47 mesa-libs: 22.3.7 -> 22.3.7_1 p5-CGI: 4.55 -> 4.56 readline: 8.2.0 -> 8.2.1 vim: 9.0.1366 -> 9.0.1441 wayland: 1.21.0 -> 1.22.0 zsh: 5.9_1 -> 5.9_2 zstd: 1.5.4 -> 1.5.4_1 Number of packages to be upgraded: 13 20 MiB to be downloaded. Proceed with this action? [y/N]: y [1/13] Fetching p5-CGI-4.56.pkg: 100% 155 KiB 158.8kB/s 00:01 [2/13] Fetching zstd-1.5.4_1.pkg: 100% 613 KiB 627.3kB/s 00:01 [3/13] Fetching edk2-bhyve-g202202_2.pkg: 100% 923 KiB 945.5kB/s 00:01 [4/13] Fetching zsh-5.9_2.pkg: 100% 5 MiB 2.4MB/s 00:02 [5/13] Fetching grub2-bhyve-0.40_9.pkg: 100% 472 KiB 483.5kB/s 00:01 [6/13] Fetching vim-9.0.1441.pkg: 100% 8 MiB 2.8MB/s 00:03 [7/13] Fetching duf-0.8.1_13.pkg: 100% 750 KiB 767.8kB/s 00:01 [8/13] Fetching wayland-1.22.0.pkg: 100% 126 KiB 129.4kB/s 00:01 [9/13] Fetching drm-510-kmod-5.10.163_5.pkg: 100% 3 MiB 2.6MB/s 00:01 [10/13] Fetching mesa-libs-22.3.7_1.pkg: 100% 268 KiB 274.5kB/s 00:01 [11/13] Fetching libgpg-error-1.47.pkg: 100% 321 KiB 328.3kB/s 00:01 [12/13] Fetching curl-8.0.1.pkg: 100% 1 MiB 1.5MB/s 00:01 [13/13] Fetching readline-8.2.1.pkg: 100% 367 KiB 375.8kB/s 00:01 Checking integrity... done (0 conflicting) [1/13] Upgrading readline from 8.2.0 to 8.2.1... [1/13] Extracting readline-8.2.1: 100% [2/13] Upgrading zstd from 1.5.4 to 1.5.4_1... [2/13] Extracting zstd-1.5.4_1: 100% [3/13] Upgrading wayland from 1.21.0 to 1.22.0... [3/13] Extracting wayland-1.22.0: 100% [4/13] Upgrading p5-CGI from 4.55 to 4.56... [4/13] Extracting p5-CGI-4.56: 100% [5/13] Upgrading edk2-bhyve from g202202_1 to g202202_2... [5/13] Extracting edk2-bhyve-g202202_2: 100% [6/13] Upgrading zsh from 5.9_1 to 5.9_2... [6/13] Extracting zsh-5.9_2: 100% [7/13] Upgrading grub2-bhyve from 0.40_8 to 0.40_9... [7/13] Extracting grub2-bhyve-0.40_9: 100% [8/13] Upgrading vim from 9.0.1366 to 9.0.1441... [8/13] Extracting vim-9.0.1441: 100% [9/13] Upgrading duf from 0.8.1_12 to 0.8.1_13... [9/13] Extracting duf-0.8.1_13: 100% [10/13] Upgrading drm-510-kmod from 5.10.163_4 to 5.10.163_5... [10/13] Extracting drm-510-kmod-5.10.163_5: 100% [11/13] Upgrading mesa-libs from 22.3.7 to 22.3.7_1... [11/13] Extracting mesa-libs-22.3.7_1: 100% [12/13] Upgrading libgpg-error from 1.46 to 1.47... [12/13] Extracting libgpg-error-1.47: 100% [13/13] Upgrading curl from 7.88.1 to 8.0.1... [13/13] Extracting curl-8.0.1: 100% ===== Message from grub2-bhyve-0.40_9: -- ===> NOTICE: The grub2-bhyve port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://docs.freebsd.org/en/articles/contributing/#ports-contributing
WARNING! Watch all configuration files merge and upgrade carefully, especially the sshd config. Wrong or invalid sshd config file will result in a disaster as you won’t able to connect to the FreeBSD server. Make a backup. The nixCraft or author is not responsible for data or ssh connectivity loss.
Step 3 – Upgrading FreeBSD 13.1 to 13.2 release
The syntax is as follows:# freebsd-update -r 13.2-RELEASE upgrade
Click to enlarge
You may see additional prompts about your system. Review those changes carefully. For example, here is the prompt about updating my /etc/passwd:
The following file could not be merged automatically: /etc/passwd Press Enter to edit this file in vim and resolve the conflicts manually... The following changes, which occurred between FreeBSD 13.1-RELEASE and FreeBSD 13.2-RELEASE have been merged into /etc/passwd: --- current version +++ new version @@ -1,8 +1,12 @@ +<<<<<<< current version # $FreeBSD$ # root:*:0:0:Charlie &:/root:/usr/local/bin/bash +======= +root:*:0:0:Charlie &:/root:/bin/csh +>>>>>>> 13.2-RELEASE toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5:System &:/:/usr/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin Does this look reasonable (y/n)? y
Another one is about my sshd config:
The following changes, which occurred between FreeBSD 13.1-RELEASE and FreeBSD 13.2-RELEASE have been merged into /etc/ssh/sshd_config: --- current version +++ new version @@ -1,7 +1,6 @@ # $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ -# $FreeBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin @@ -56,10 +55,11 @@ #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # Change to yes to enable built-in password authentication. +# Note that passwords may also be accepted via KbdInteractiveAuthentication. #PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable PAM authentication #KbdInteractiveAuthentication yes @@ -77,11 +77,11 @@ # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. #UsePAM yes @@ -103,11 +103,11 @@ #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20211221 +#VersionAddendum FreeBSD-20230316 # no default banner path #Banner none # override default of no subsystems Does this look reasonable (y/n)? y
Review changes
Once all issues are resolved, you will get information about what will happen during the upgrade process. Read all info carefully.
The following files will be removed as part of updating to 13.2-RELEASE-p0: /boot/kernel/iwlwifi-Qu-b0-hr-b0-68.ucode.ko /boot/kernel/iwlwifi-Qu-b0-jf-b0-68.ucode.ko /boot/kernel/iwlwifi-Qu-c0-hr-b0-68.ucode.ko /boot/kernel/iwlwifi-Qu-c0-jf-b0-68.ucode.ko /boot/kernel/iwlwifi-QuZ-a0-hr-b0-68.ucode.ko /boot/kernel/iwlwifi-QuZ-a0-jf-b0-68.ucode.ko ... ..... /usr/lib/debug/boot/kernel/iwlwifi-so-a0-hr-b0-68.ucode.ko.debug /usr/lib/debug/boot/kernel/iwlwifi-so-a0-jf-b0-68.ucode.ko.debug /usr/lib/debug/boot/kernel/iwlwifi-ty-a0-gf-a0-68.ucode.ko.debug /usr/share/man/man9/ithread.9.gz /usr/share/man/man9/ithread_add_handler.9.gz /usr/share/man/man9/ithread_create.9.gz /usr/share/man/man9/ithread_destroy.9.gz /usr/share/man/man9/ithread_priority.9.gz /usr/share/man/man9/ithread_remove_handler.9.gz /usr/share/man/man9/ithread_schedule.9.gz /usr/share/zoneinfo/posixrules /usr/tests/usr.bin/timeout .... .. The following files will be added as part of updating to 13.2-RELEASE-p0: /bin/nproc /bin/timeout /boot/kernel/bcm5974.ko /boot/kernel/dpdk_lpm4.ko /boot/kernel/dpdk_lpm6.ko ... ... The following files will be updated as part of updating to 13.2-RELEASE-p0: /bin/[ /bin/cat /bin/chflags /bin/chio /bin/chmod /bin/cp /bin/csh /bin/date /bin/dd /bin/df /bin/domainname /bin/echo /bin/ed /bin/expr /bin/freebsd-version /bin/getfacl /bin/hostname /bin/kenv /bin/kill /bin/link /bin/ln /bin/ls /bin/mkdir /bin/mv /usr/share/openssl/man/man3/BIO_f_buffer.3.gz /usr/share/openssl/man/man3/BIO_f_cipher.3.gz /usr/share/openssl/man/man3/BIO_f_md.3.gz To install the downloaded upgrades, run "/usr/sbin/freebsd-update install".
Installing the downloaded 13.2 release updates
Type the following command:# freebsd-update install
Outputs:
src component not installed, skipped
Creating snapshot of existing boot environment... done.
Installing updates...
Kernel updates have been installed. Please reboot and run
"/usr/sbin/freebsd-update install" again to finish installing updates.
Before you reboot the system, ensure there are no errors in sshd_config file to avoid losing invalid config issues. Type:$ sudo /usr/sbin/sshd -t
If there are errors in /etc/ssh/sshd_config fix it, and then only reboot the FreeBSD server. I don’t have any errors in my sshd_config. Hence, I am going to reboot the FreeBSD system using the reboot command or shutdown command. For example:# reboot
Finally, run the following command again to install pending updates after you boot into a new FreeBSD kernel for 13.2 release. For instance:# freebsd-update install
Step 4 – Upgrading packages for FreeBSD 13.2 release
Type the pkg command:# pkg-static install -f pkg
Outputs:
Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be REINSTALLED: pkg-1.19.1_1 Number of packages to be reinstalled: 1 8 MiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching pkg-1.19.1_1.pkg: 100% 8 MiB 2.9MB/s 00:03 Checking integrity... done (0 conflicting) [1/1] Reinstalling pkg-1.19.1_1... [1/1] Extracting pkg-1.19.1_1: 100%
Now apply pending updates if any:# pkg update
# pkg upgrade
# freebsd-update fetch
# freebsd-update install
Are you using FreeBSD ports? If so, don’t forget to upgrade your FreeBSD ports using the portsnap command and portmaster command. For example:$ sudo portmaster -af
At this stage, I would like to reboot the system again to ensure that everything comes back and all services are started at boot time. Of course, this is optional, but I recommend step:# reboot
Step 5 – Verification
Finally, verify everything is working correctly:$ freebsd-version
$ uname -r
Make sure all services are running on FreeBSD:# ps aux
# sockstat -l
# sockstat -4
# sockstat -6
# netstat -a -n | grep LISTEN
# top
See FreeBSD Unix Find Out Which Programs Are Listening On a Given Port Number for more info. Also, do check out for errors in log file using the cat command/grep/egrep command and other tools. For example:# tail -f /var/log/messages
# tail -f /var/log/nginx/dev-web-server.log
# grep error /path/to/app/log.file
# grep -E -i 'err|warn|cri' /var/log/messages
Removing unwanted/unused dependencies in FreeBSD package (optional)
Upgrade may leave some orphan binary packages, and we can get rid of them too using the pkg command. For example:# pkg autoremove
Here is what I see:
Checking integrity... done (0 conflicting) Deinstallation has been requested for the following 3 packages: Installed packages to be REMOVED: libimagequant: 4.1.1_1 libpthread-stubs: 0.4 pciids: 20230223 Number of packages to be removed: 3 The operation will free 16 MiB. Proceed with deinstalling packages? [y/N]: y [1/3] Deinstalling pciids-20230223... [1/3] Deleting files for pciids-20230223: 100% [2/3] Deinstalling libpthread-stubs-0.4... [2/3] Deleting files for libpthread-stubs-0.4: 100% [3/3] Deinstalling libimagequant-4.1.1_1... [3/3] Deleting files for libimagequant-4.1.1_1: 100%
Step 6 – How to upgrade FreeBSD jail from 13.1 to 13.2
Do you want to upgrade running FreeBSD jails to the 13.2 release? Fear not. It is easy too. First, get the running jails list:# jls
Say your jail path is /jails/gitserver# freebsd-update -b /jails/gitserver/ --currently-running 13.1-RELEASE -r 13.2-RELEASE upgrade
Next, running subsequent jail upgrade and install commands can be done normally with -b for jail directory.
Install downloaded upgrades for jai
# freebsd-update -b /jails/gitserver/ install
Reboot/restart our jail
# /etc/rc.d/jail restart
# freebsd-update -b /jails/gitserver/ install
# jls
Note down jail id and gain shell
# jexec 4 sh
Upgrade all package inside jail too
# pkg-static install -f pkg
# pkg bootstrap -f
# pkg update
# pkg upgrade
Do you need to clean the local cache of fetched remote packages? Try:# pkg clean -n #<--Dry run and see what it does
Outputs:
The cleanup will free 3 GiB
# pkg clean
Exit out of the FreeBSD jail
# exit
Summing up
That is all. It was a straightforward procedure. I like Wireguard as a part of the base FreeBSD system. Give it a try. Do read the FreeBSD release notes here and the following manual pages using the man command:$ man pkg
$ man jls
$ man freebsd-update
If you have many FreeBSD servers, use IT automation tools such as Ansible or Puppet to automate the procedure. On a related note, you can reimagine your cloud server with 13.2 release and deploy the app using Ansible.
See also
Did you notice? ????
nixCraft is ad-free to protect your privacy and security. We rely on reader support to keep the site running. Please consider subscribing to us on Patreon or supporting us with a one-time support through PayPal or purchase official merchandise. Your support will help us cover the costs of hosting, CDN, DNS, and tutorial creation.