Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
FREEBSD-UPDATE(8)       FreeBSD System Manager's Manual      FREEBSD-UPDATE(8)

     freebsd-update - fetch and install binary updates to FreeBSD

     freebsd-update [-b basedir] [-d workdir] [-f conffile] [-F] [-k KEY]
                    [-r newrelease] [-s server] [-t address]
                    [--not-running-from-cron] command ...

     The freebsd-update tool is used to fetch, install, and rollback binary
     updates to the FreeBSD base system.  Note that updates are only available
     if they are being built for the FreeBSD release and architecture being
     used; in particular, the FreeBSD Security Team only builds updates for
     releases shipped in binary form by the FreeBSD Release Engineering Team,
     e.g., FreeBSD 9.3-RELEASE and FreeBSD 10.1-RELEASE, but not FreeBSD
     9.3-STABLE or FreeBSD 11-CURRENT.

     The following options are supported:

     -b basedir     Operate on a system mounted at basedir.  (default: /, or
                    as given in the configuration file.)

     -d workdir     Store working files in workdir.  (default:
                    /var/db/freebsd-update/, or as given in the configuration

     -f conffile    Read configuration options from conffile.  (default:

     -F             Force freebsd-update fetch to proceed where it normally
                    would not, such as an unfinished upgrade

     -k KEY         Trust an RSA key with SHA256 of KEY.  (default: read value
                    from configuration file.)

     -r newrelease  Specify the new release to which freebsd-update should
                    upgrade (upgrade command only).

     -s server      Fetch files from the specified server or server pool.
                    (default: read value from configuration file.)

     -t address     Mail output of cron command, if any, to address.
                    (default: root, or as given in the configuration file.)

                    Force freebsd-update fetch to proceed when there is no
                    controlling tty.  This is for use by automated scripts and
                    orchestration tools.  Please do not run freebsd-update
                    fetch from crontab or similar using this flag, see:
                    freebsd-update cron

     --currently-running release
                    Don't detect the currently-running release; instead,
                    assume that the system is running the specified release.
                    This is most likely to be useful when upgrading jails.

     The command can be any one of the following:

     fetch     Based on the currently installed world and the configuration
               options set, fetch all available binary updates.

     cron      Sleep a random amount of time between 1 and 3600 seconds, then
               download updates as if the fetch command was used.  If updates
               are downloaded, an email will be sent (to root or a different
               address if specified via the -t option or in the configuration
               file).  As the name suggests, this command is designed for
               running from cron(8); the random delay serves to minimize the
               probability that a large number of machines will simultaneously
               attempt to fetch updates.

     upgrade   Fetch files necessary for upgrading to a new release.  Before
               using this command, make sure that you read the announcement
               and release notes for the new release in case there are any
               special steps needed for upgrading.  Note that this command may
               require up to 500 MB of space in workdir depending on which
               components of the FreeBSD base system are installed.

     install   Install the most recently fetched updates or upgrade.

     rollback  Uninstall the most recently installed updates.

     IDS       Compare the system against a "known good" index of the
               installed release.

     +o   If your clock is set to local time, adding the line

               0 3 * * * root /usr/sbin/freebsd-update cron

         to /etc/crontab will check for updates every night.  If your clock is
         set to UTC, please pick a random time other than 3AM, to avoid overly
         imposing an uneven load on the server(s) hosting the updates.

     +o   In spite of its name, freebsd-update IDS should not be relied upon as
         an "Intrusion Detection System", since if the system has been
         tampered with it cannot be trusted to operate correctly.  If you
         intend to use this command for intrusion-detection purposes, make
         sure you boot from a secure disk (e.g., a CD).

     /etc/freebsd-update.conf  Default location of the freebsd-update
                               configuration file.

     /var/db/freebsd-update/   Default location where freebsd-update stores
                               temporary files and downloaded updates.


     Colin Percival <>

FreeBSD                          March 2, 2015                         FreeBSD


Want to link to this manual page? Use this URL:

home | help