Postinstall

Network

For a dynamic network configuration (read: DHCP), we'd use something like this in /etc/rc.conf:

hostname="len"
ifconfig_bge0="DHCP"
ifconfig_bge0_ipv6="inet6 accept_rtadv"

If we need a static network configuration, use:

ifconfig_bge0="inet 10.0.0.3 netmask 255.255.255.0"
defaultrouter=10.0.0.1
hostname=len.example.net

Restart the network configuration:

/etc/rc.d/netif restart
/etc/rc.d/routing restart

Packages

Install missing packages:

pkg install bash bash-completion curl gnupg1 lsof pv rsync screen sudo vnstat

Change a user's shell via chsh^[1]
Add vnstat_enable="YES" in /etc/rc.conf.

Encrypted swap

This can be done with geli pretty easily:^[2]

Assuming /dev/ada0p3 is the original swap device:

$ swapoff /dev/ada0p3
$ dd if=/dev/urandom of=/dev/ada0p3 bs=1024k                                                   # For the paranoid :->

Add .eli to the /etc/fstab entry:

/dev/ada0p3.eli none       swap    sw      0       0

After everything is set up, it should look like this:

$ swapinfo 
Device          512-blocks     Used    Avail Capacity
/dev/ada0p3.eli    2097152    38776  2058376     2%

Note: crashdumps^[3] may not be possible on encrypted swap partitions!^[4]

`fstab`

Move /tmp to volatile storage, either with mfs or tmpfs:

$ zfs destroy zroot/tmp
$ grep tmpfs /etc/fstab
tmpfs       /tmp               tmpfs     rw,nosuid,mode=1777,size=256m 0 0

$ mount /tmp

If needed, mount procfs and Linux process and system file systems too:

$ tail -3 /etc/fstab 
proc        /proc              procfs    rw,noexec,nosuid,nodev 0 0
linproc     /compat/linux/proc linprocfs rw,noexec,nosuid,nodev 0 0
linsys      /compat/linux/sys  linsysfs  rw,noexec,nosuid,nodev 0 0

We can add swap files too,^[5] with the help of md^[6] devices:

doas truncate -s 256m /var/tmp/swap.img
doas chmod 0600 /var/tmp/swap.img

Add to fstab:

md none swap sw,file=/var/tmp/swap.img,late 0 0

Activate all swap devices, include these with the late option set.

$ doas swapon -aL 
$ doas swapctl -lm
Device:       1MB-blocks      Used:
/dev/md0             256          0

Screensaver

On this laptop I wanted to have the LCD shut off when the (text) console was idle^[7]^[8]

$ cat /etc/rc.conf
[...]
apm_enable="YES"
blanktime="60"
saver="blank"

Enable APM^[9] in device.hints^[10]

$ grep apm.0.disabled /boot/device.hints 
hint.apm.0.disabled="0"

SMART

To enable S.M.A.R.T., use smartmontools:^[11]^[12]

pkg install smartmontools
echo 'smartd_enable="YES"' >> /etc/rc.conf
cp -i /usr/local/etc/smartd.conf.sample /usr/local/etc/smartd.conf

Start smartd and

/usr/local/etc/rc.d/smartd start

The installation package should have created /usr/local/etc/periodic/daily/smart to check on monitored devices periodically.

Memory

FreeBSD memory notation is quite different, let's explain it in short:^[13]

$ top -b -d 1 | grep -A3 ^Mem
Mem: 11M Active, 14M Inact, 106M Wired, 1846M Free
ARC: 43M Total, 9646K MFU, 32M MRU, 64K Anon, 672K Header, 1030K Other
     22M Compressed, 73M Uncompressed, 3.36:1 Ratio
Swap: 128M Total, 128M Free

Active	Memory currently being used by a process
Inactive	Memory that has been freed but is still cached since it may be used again.
Wired	Memory in use by the Kernel. This memory cannot be swapped out
Cache	Memory being used to cache data, can be freed immediately if required
Buffers	Disk cache
Free	Memory that is completely free and ready to use.
ARC Total
MFU
MRU
Anon
Header
Other
Compressed / Uncompressed
Ratio

Resize root disk

This being a virtual system, resizing (growing) the underlying disk was easy to do. But then FreeBSD needed to be coerced to use that newly available disk space too:

$ dmesg | grep vtblk
vtblk0: <VirtIO Block Adapter> on virtio_pci2
vtblk0: 20480MB (41943040 512 byte sectors)

For some reason the partition status was CORRUPT:

$ gpart status vtbd0
  Name   Status  Components
vtbd0p1  CORRUPT  vtbd0
vtbd0p2  CORRUPT  vtbd0
vtbd0p3  CORRUPT  vtbd0

Recover^[14] with:

$ gpart recover vtbd0
vtbd0 recovered

Let's look at our partitions now:

$ gpart status vtbd0
    Name  Status  Components
 vtbd0p1      OK  vtbd0
 vtbd0p2      OK  vtbd0
 vtbd0p3      OK  vtbd0

$ gpart show -l
=>      40  41942960  vtbd0  GPT  (20G)
        40      1024      1  gptboot0  (512K)
      1064       984         - free -  (492K)
      2048    262144      2  swap0  (128M)
    264192  16512984      3  zfs0  (7.9G)
  16777176  25165824         - free -  (12G)

We have 12 GB of unallocated space now, and want this to be added to vtbd0p3. Adding 16512984 + 25165824 gives us the final partition size:

$ gpart resize -i 3 -s 41678808 vtbd0
vtbd0p3 resized

$ gpart show -l
=>      40  41942960  vtbd0  GPT  (20G)
        40      1024      1  gptboot0  (512K)
      1064       984         - free -  (492K)
      2048    262144      2  swap0  (128M)
    264192  41678808      3  zfs0  (20G)

$ zpool get autoexpand zroot
NAME   PROPERTY    VALUE   SOURCE
zroot  autoexpand  on      local

$ zpool list
NAME    SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
zroot  19.8G  7.60G  12.2G        -         -    36%    38%  1.12x    ONLINE  -

Clone root disk

TBD

Update

Update package repository catalogues, then update the installed packages:

doas pkg update                                                                                # Use pkg-static if needed, e.g. after a major system upgrade
doas pkg upgrade

To update^[15] the base system:

$ doas freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.3-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... 
Preparing to download files... done.
[...]
The following files will be added as part of updating to 9.3-RELEASE-p16:
The following files will be updated as part of updating to 9.3-RELEASE-p16:

$ doas freebsd-update install
Installing updates....done.

Upgrade

To upgrade^[16] to another release, use:

$ uname -r
11.0-RELEASE

$ freebsd-update -r 12.0-RELEASE upgrade
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for  11.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
[...]
Fetching metadata signature for 12.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system...
Fetching files from  11.0-RELEASE for merging... done.
Preparing to download files...

To install the downloaded upgrades, run "/usr/sbin/freebsd-update install".

$ freebsd-update install
Installing updates...
Kernel updates have been installed.  Please reboot and run
"/usr/sbin/freebsd-update install" again to finish installing updates.

Reboot, then continue with:

$ freebsd-update install
Installing updates... done.

Now the updated kernel should be bootable and the upgrade should now be completed.

If all is well, and no freebsd-update rollback is required, /var/db/freebsd-update/files can be emptied:^[17]^[18]

$ du -sh /var/db/freebsd-update/files; find /var/db/freebsd-update/files | wc -l
781M    /var/db/freebsd-update/files
29428

$ find /var/db/freebsd-update/files/ -type f -mtime +30 -ls -delete

If needed, update userland tools:

pkg update                                                                                     # Use pkg-static if needed, e.g. after a major system upgrade
pkg upgrade

Building

Since 2020, FreeBSD switched to Git as their version control system:^[19]

git clone https://git.FreeBSD.org/src.git /usr/src/
git switch origin/release/12.0.0

Let's not build as root but as a different user:

pw group add -n wsrc -M root,dummy
chgrp wsrc /usr/obj/
chmod g+w  /usr/obj/

Configuration

Consult both make.conf and src.conf to adjust some build options. For example:

$ cat /etc/make.conf 
NO_KERNELCLEAN=true

$ cat /etc/src.conf 
WITHOUT_AUTOFS=1
WITHOUT_CLEAN=1
WITHOUT_IPSEC_SUPPORT=1
WITHOUT_KERNEL_SYMBOLS=1
WITHOUT_WIRELESS_SUPPORT=1

Kernel

While explained in the handbook, here's the short version.^[20]

cd /usr/src/
export MAKEOBJDIRPREFIX=/usr/obj                                                               # Adjust as needed, if needed at all.
export LD=ld.lld                                                                               # A newer linker may be needed for now.^[21]
export JOBS=$(/sbin/sysctl -n hw.ncpu)

make -j${JOBS} buildkernel   KERNCONF=$(uname -i)
doas make      installkernel KERNCONF=$(uname -i)                                              # sudo or doas needed

If we were to create a different configuration:

cd /usr/src/sys/$(uname -m)/conf/
cp GENERIC MYCONF

Edit MYCONF as needed and set KERNCONF=MYCONF and build as shown above.

Reboot - and if all goes well, our new kernel should be running.

The running kernel configuration can be displayed with sysctl kern.conftxt or config -x /boot/kernel/kernel.

Userland

If needed, we can build the whole system from source. Assuming we have a current source tree, here's the short version:

cd /usr/src
export MAKEOBJDIRPREFIX=/usr/obj                                                               # Adjust as needed, if needed at all.
export JOBS=$(/sbin/sysctl -n hw.ncpu)

unset LD                                                                                       # No LD override is needed here!^[22]
make -j${JOBS} buildworld

export LD=ld.lld                                                                               # A newer linker may be needed for now.^[21]
make -j${JOBS} buildkernel
doas make      installkernel                                                                   # sudo or doas needed

Boot into the new kernel, and if the system comes back online, install world:

cd /usr/src
doas make installworld                                                                         # sudo or doas needed

Update configuration files with mergemaster

doas mergemaster

Reboot again into the updated system.

Ports

Again, the handbook has this topic pretty much covered. Let's only show some examples here:

Fetch and extract a current port snapshot into /usr/ports:

portsnap fetch
portsnap extract

Or, when updating an already existing /usr/ports tree:

portsnap fetch
portsnap update

We can also use Git to checkout the ports tree:

git clone https://github.com/freebsd/freebsd-ports.git /usr/ports                              # SVN variant: svn checkout https://svn.FreeBSD.org/ports/head /usr/ports 
                                                                                               #              svn update /usr/ports

Install a port:

$ cd /usr/ports/*/cowsay && pwd
/usr/ports/games/cowsay

$ make install

Uninstall with:

$ make deinstall

Links

References

[1] ss(1)

[2] 18.13. Encrypting Swap

[3] Kernel Debugging

[4] Crash dumps and encrypted swap

[5] Chapter 14. Configuration, Services, Logging and Power Management

[6] (4)

[7] reen_saver does not switch DVI monitor power off

[8] Should green_saver.ko shut off a laptop's backlight?

[9] FreeBSD on Laptops: APM

[10] 13.4. Device Hints

[11] smartmontools

[12] Monitoring your HDD using SMART and Nagios

[13] What do the different memory counters in FreeBSD mean?

[14] rt(8) - control utility for the disk partitioning GEOM class

[15] Applying Security Patches

[16] Performing Major and Minor Version Upgrades

[17] /var/db/freebsd-update/ be safely deleted?

[18] Is it safe to clean /var/db/freebsd-update/files ?

[19] Appendix A. Obtaining FreeBSD: Using Git

[20] How To Customize and Recompile Your Kernel on FreeBSD 10.1

[LD-21] 21.0 ^21.1 Can't build kernel anymore: amd64 kernel requires linker ifunc support

[22] Buildowrld tries to use old ld, and fails

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

FreeBSD

Contents