How do I non-interactively update FreeBSD system (and ports)?

Question

Essentially, I am looking for a fully silent, non-interactive version of

freebsd-update fetch
freebsd-update install

and

portsnap fetch update

score 9 · Answer 1 · edited Jun 16 '20 at 05:26

9

On FreeBSD-10.2 there's a new option to allow this:

freebsd-update fetch --not-running-from-cron

From the manpage:

 --not-running-from-cron
        Force freebsd-update fetch to proceed when there is no
        controlling tty.  This is for use by automated scripts and
        orchestration tools.  Please do not run freebsd-update
        fetch from crontab or similar using this flag, see:
        freebsd-update cron

edited Jun 16 '20 at 05:26

weakish

211
2
7

answered Nov 22 '15 at 23:28

ZoFreX

308
1
3
9

Ah, still giving the crazy MORE button. – hyperknot Dec 11 '15 at 03:41
1

This should be the accepted answer. – dentarg May 31 '16 at 08:49
@dentarg Except it doesn't work. As zsero says, the fetch operation will still require some interaction to complete. – Ken Wayne VanderLinde May 11 '17 at 11:41
@KenWayneVanderLinde I see what you mean, but it is working as intended. As stated above, `freebsd-update(8)` says: "Force freebsd-update fetch to proceed when there is **no controlling tty**. This is for use by automated scripts and orchestration tools". Works great for me, when using Ansible, for example. – dentarg May 12 '17 at 12:29
1

@dentarg It also helped me as well, it just doesn't fully answer the question as stated. – Ken Wayne VanderLinde Jun 09 '17 at 18:18
If you want to try this from the commandline, you can do it this way: `freebsd-update install --not-running-from-cron – Sec Aug 22 '18 at 13:28

uchida · Answer 2 · 2014-12-21T22:05:06.953

8

On FreeBSD 10.0R and later, set PAGER environment variable on freebsd-update

env PAGER=cat freebsd-update fetch
freebsd-update install

For portsnap(8) on FreeBSD 10.0R and later, default behaviour, namely without --interactive option, is non-interactive.

portsnap fetch update

edited Dec 21 '14 at 22:05

answered Dec 21 '14 at 20:29

uchida

191
1
2

For FreeBSD 10+, this should be the preferred way, rather the monkey patching I describe above. – oberstet Nov 14 '16 at 13:01
1

It's documented now: https://svnweb.freebsd.org/base?view=revision&revision=r367678 – Mateusz Piotrowski Nov 14 '20 at 13:10

oberstet · Accepted Answer · 2016-11-14T13:01:11.860

4

For FreeBSD < 10, the following works:

Allow freebsd-update to run fetch without stdin attached to a terminal:

sed 's/\[ ! -t 0 \]/false/' /usr/sbin/freebsd-update > /tmp/freebsd-update
chmod +x /tmp/freebsd-update

Allow portsnap to run fetch without stdin attached to a terminal:

sed 's/\[ ! -t 0 \]/false/' /usr/sbin/portsnap > /tmp/portsnap
chmod +x /tmp/portsnap

Credits: veewee

For FreeBSD 10+, the solution in the answer below by @uchida should be preferred!

edited Nov 14 '16 at 13:01

answered May 18 '13 at 13:40

oberstet

319
1
4
14

Outstanding! I was looking for this to automate an installation! – Vinícius Ferrão Apr 23 '14 at 02:33

score 3 · Answer 4 · answered May 16 '13 at 15:39

3

Blindly installing updates (even freebsd-update updates) can be a Bad Thing: One option in rc.conf changes, and suddenly your machine has no SSH daemon anymore.

Similarly you probably don't want to blindly install all available port updates via portsnap / portupgrade -a -- you might take a major version number bump and break the universe, or you might just have a port with new configuration options that need to be changed (you can make ports just accept whatever their defaults are, but sometimes that's not what you want).

The best way to do this is to use a configuration management tool like Puppet or radmind to deploy your changes.
Make a machine template based on a box you've successfully upgraded and tested, then deploy that to the rest of your environment. This ensures that you're pushing out a working system configuration, and that you only have to do the manual steps once (on the machine you're templating from).

answered May 16 '13 at 15:39

voretaq7

79,879
17
130
214

Does `freebsd-update` overwrite configuration data like `rc.conf`? But even if so: we want to automatically (nightly) create VM images (OVA, AMI, ..) from scratch. Hence, there is no problem of configs overwritten, since after base install, the system is first updated, and then configured. So how do I run `freebsd-update` and `portsnap` unattended? On RH Linux, I just fire `yum -y update` and voila. How do I do that with FreeBSD? – oberstet May 16 '13 at 18:22
`freebsd-update` generally doesn't overwrite configuration files, but it will replace stock `rc` scripts in `/etc/rc.d` when they're updated. (I believe it checks `rc.conf` and friends for obvious problems, but I could be wrong. I still build my systems the old fashioned way with `make world` & `mergemaster`). – voretaq7 May 16 '13 at 18:26
the short answer to your question though is "You don't blindly install updates." -- it's irresponsible to do so (I can tell you horror stories of production environments destroyed by `yum -y update`). If the tool asks you a question it's because it really needs you to stop, think, and respond. You can always pipe `yes` to `freebsd-upgrade` and run `portupgrade --batch` if you want to, but IMHO that's a pretty big foot-gun. – voretaq7 May 16 '13 at 18:28
already tried: `yes | freebsd-upgrade ...` does not work .. it bails out "you should not run non-interactive ..". However, I am updating a _fresh_ install. I fail to see any risk in doing that. – oberstet May 16 '13 at 18:38
1

@oberstet that's only for fetch (and it tells you what to do about it *in the error message*). Also to be blunt I don't think you know the requirements of `freebsd-upgrade` better than the dude who wrote it (he's been doing this longer than ***I*** have, and he's pretty good at this whole "write stuff that doesn't destroy the universe" thing), but if you *really* think you know better it's just a shell script -- You can copy it and hack to your heart's content to make it behave how you want... – voretaq7 May 16 '13 at 19:02
So you say `freebsd-update` (sorry, I meant _update_ not _upgrade_) could destroy a system _freshly_ installed from ISOs when answering "yes" to everything it asks? Rgd the fetch: I don't want to use cron, I want to fetch updates immediately (from Fabric/ssh). So I have to _hack_ `freebsd-upgrade`? – oberstet May 16 '13 at 19:20
3

No it won't destroy a newly installed system. He's worrying you'll blow up your systems and obviously didn't read any of the bits about nightly images. – Florian Heigl Apr 26 '14 at 21:13

score -1 · Answer 5 · answered Sep 20 '17 at 17:22

For FreeBSD version > 11

freebsd-update is a script and there is "Function for asking the user if everything is ok". The function is:

continuep ()

It is enough to comment all in this function but the line with

return 0

After that this function returns positive answer to "y/n" question.

Important! Remember, this is NOT recommended and do that only on your OWN risk!

# /tmp/freebsd-update -r 11.1-RELEASE upgrade ; while [ $? -eq 1 ] ; do sleep 3; /tmp/freebsd-update -r 11.1-RELEASE upgrade ; done

How do I non-interactively update FreeBSD system (and ports)?

5 Answers5