Every BSD variant ships with its own package management tools and service management framework. If you administer FreeBSD, OpenBSD, or NetBSD systems, you need a solid grasp of how each one handles software installation, removal, upgrades, and service control. This guide covers all three operating systems with practical examples tested on FreeBSD 14, OpenBSD 7.6, and NetBSD 10.

1. FreeBSD Package Management with pkg

FreeBSD uses pkg as its binary package manager. On a fresh FreeBSD 14 installation, the first time you run pkg, it will bootstrap itself by downloading and installing the pkg tool from the official repository.

Bootstrapping pkg

Run any pkg command and confirm the bootstrap prompt:

pkg bootstrap

Once bootstrapped, update the repository catalog before doing anything else:

pkg update

Searching for Packages

To find a package by name or description, use the search subcommand. This queries the local catalog, so make sure you have run pkg update first.

pkg search nginx

You can narrow your search to package names only with the -x flag for regex matching:

pkg search -x '^nginx-[0-9]'

Installing Packages

Install a package and all its dependencies with a single command:

pkg install nginx

To install multiple packages at once, list them separated by spaces:

pkg install vim git-lite curl

Getting Package Information

The info subcommand shows details about installed packages. Without arguments, it lists every installed package on the system.

pkg info

For detailed information about a specific package, pass its name:

pkg info nginx

To see which files a package installed on the system:

pkg info -l nginx

Removing Packages

Remove a package while leaving its dependencies in place:

pkg delete nginx

After removing packages, orphaned dependencies may remain on the system. Clean them up with:

pkg autoremove

Upgrading Packages

To upgrade all installed packages to the latest versions in the repository:

pkg upgrade

This fetches a fresh catalog, calculates the upgrade plan, and asks for confirmation before proceeding. On production servers, review the list of changes carefully before confirming.

Auditing for Vulnerabilities

FreeBSD maintains a vulnerability database. Check your installed packages against it:

pkg audit -F

The -F flag fetches the latest vulnerability database before running the audit. Run this regularly, especially on internet-facing systems.

Locking Packages

Sometimes you need to prevent a specific package from being upgraded. This is common when an application depends on a particular version and an upgrade would break things.

pkg lock nginx

To view all locked packages:

pkg lock -l

When you are ready to allow upgrades again, unlock the package:

pkg unlock nginx

2. FreeBSD Ports Collection

The Ports Collection lets you compile software from source with custom build options. This is useful when you need features that the default binary packages do not include, or when you need to apply patches.

Getting the Ports Tree

On FreeBSD 14, the recommended way to fetch and update the ports tree is with gitup or git. The older portsnap utility has been removed from the base system. Install git and clone the ports tree:

pkg install git-lite
git clone https://git.FreeBSD.org/ports.git /usr/ports

To update an existing ports tree later:

git -C /usr/ports pull

Building a Port

Navigate to the port directory and run make install clean. For example, to build nginx from ports:

cd /usr/ports/www/nginx
make install clean

A configuration dialog will appear, letting you select build options. After making your selections, the port compiles and installs along with any required dependencies.

To set options without building immediately (useful for scripting):

make config

Building Packages with Poudriere

For production environments where you manage multiple FreeBSD servers, building ports directly on each machine is impractical. Poudriere is the standard tool for building a custom package repository from ports. It creates clean jail environments to compile packages, then serves them from a local repository.

Install poudriere:

pkg install poudriere

Create a jail for building (this uses FreeBSD 14.1-RELEASE as the target):

poudriere jail -c -j fbsd14 -v 14.1-RELEASE

Create a ports tree for poudriere:

poudriere ports -c -p default

Create a list of ports you want to build and start the bulk build:

echo "www/nginx" > /usr/local/etc/poudriere.d/pkglist
echo "editors/vim" >> /usr/local/etc/poudriere.d/pkglist
poudriere bulk -j fbsd14 -p default -f /usr/local/etc/poudriere.d/pkglist

After the build completes, point your servers at the poudriere repository by editing /usr/local/etc/pkg/repos/ configuration files.

3. FreeBSD Service Management

FreeBSD uses the rc system for managing services. The main configuration file is /etc/rc.conf, and service scripts live in /etc/rc.d/ (base system) and /usr/local/etc/rc.d/ (third-party packages).

Enabling and Starting Services

Before starting a service, you must enable it in /etc/rc.conf. Use sysrc to do this cleanly:

sysrc nginx_enable=YES

Then start the service:

service nginx start

To check the current status of a service:

service nginx status

Common Service Operations

Stop a running service:

service nginx stop

Restart a service (stops then starts):

service nginx restart

Reload the configuration without a full restart (if the service supports it):

service nginx reload

List all enabled services on the system:

service -e

Disabling Services

To disable a service so it does not start at boot:

sysrc nginx_enable=NO

If you want to start a service once without enabling it permanently, use the onestart command:

service nginx onestart

4. OpenBSD Package Management with pkg_add

OpenBSD uses the pkg_add family of tools for binary package management. These tools are part of the base system and do not need to be installed separately. On OpenBSD 7.6, the package tools work with the official mirror infrastructure out of the box.

Configuring Package Mirrors

Set the PKG_PATH environment variable or, more commonly, configure the installurl file. On OpenBSD 7.6, this file should already exist:

cat /etc/installurl

If it is missing or you want to change the mirror, write the URL of your preferred mirror:

echo "https://cdn.openbsd.org/pub/OpenBSD" > /etc/installurl

Installing Packages

Install a package by name:

pkg_add nginx

If multiple versions or flavors exist, pkg_add will present a selection list. You can specify the flavor directly to avoid the prompt:

pkg_add nginx--

Searching for Packages

Search for available packages using pkg_info with the -Q flag:

pkg_info -Q nginx

For a more detailed search that includes descriptions:

pkg_info -a | grep -i nginx

Getting Package Information

List all installed packages:

pkg_info

Show details about a specific installed package:

pkg_info nginx

See the files installed by a package:

pkg_info -L nginx

Removing Packages

Remove a package and its unused dependencies:

pkg_delete nginx

To clean up orphaned dependencies left behind after package removals:

pkg_delete -a

Be careful with pkg_delete -a as it removes all packages. To remove only unused dependencies, use:

pkg_delete -aX

Upgrading Packages

Upgrade all installed packages to the latest versions:

pkg_add -u

Upgrade a specific package:

pkg_add -u nginx

On OpenBSD, the syspatch utility handles base system patches separately from packages. Always run both to keep the full system current:

syspatch
pkg_add -u

5. OpenBSD Service Management with rcctl

OpenBSD provides rcctl for managing services. It is a cleaner interface than manually editing /etc/rc.conf.local, though it modifies that same file under the hood.

Enabling and Starting Services

Enable a service so it starts at boot:

rcctl enable nginx

Start the service immediately:

rcctl start nginx

Check the status of a service:

rcctl check nginx

Stopping and Disabling Services

Stop a running service:

rcctl stop nginx

Disable a service so it no longer starts at boot:

rcctl disable nginx

Restart a service:

rcctl restart nginx

Setting Service Flags

Some services accept runtime flags. Set them through rcctl:

rcctl set nginx flags -c /etc/nginx/nginx.conf

View the current flags for a service:

rcctl get nginx

List all services and their states:

rcctl ls all

List only services that are currently enabled:

rcctl ls on

6. NetBSD Package Management with pkgin and pkgsrc

NetBSD offers two approaches to package management: pkgin for binary packages (similar to apt or pkg) and pkgsrc for building from source. On NetBSD 10, both methods are well supported.

Setting Up pkgin

If pkgin is not already installed, you can bootstrap it from pkgsrc or grab it from the binary repository. On a fresh NetBSD 10 installation, install it with pkg_add:

export PKG_PATH="https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r | cut -d_ -f1)/All"
pkg_add pkgin

Configure the repository URL in /usr/pkg/etc/pkgin/repositories.conf, then update the database:

pkgin update

Installing Packages with pkgin

Search for a package:

pkgin search nginx

Install a package:

pkgin install nginx

Remove a package:

pkgin remove nginx

Clean up orphaned dependencies:

pkgin autoremove

Upgrading with pkgin

Upgrade all installed packages:

pkgin upgrade

To perform a full distribution upgrade (when moving between pkgsrc branches):

pkgin full-upgrade

Building from pkgsrc

pkgsrc is the NetBSD package source collection and works on many other operating systems too. Fetch the pkgsrc tree:

cd /usr
ftp https://cdn.NetBSD.org/pub/pkgsrc/pkgsrc-2024Q4/pkgsrc.tar.xz
tar -xf pkgsrc.tar.xz

To build and install a package from source, navigate to the package directory and use make:

cd /usr/pkgsrc/www/nginx
make install clean

You can keep pkgsrc updated with CVS or by downloading a newer quarterly tarball. The quarterly branches (like 2024Q4) are stable snapshots that receive security fixes.

To see available build options for a package before compiling:

cd /usr/pkgsrc/www/nginx
make show-options

7. NetBSD Service Management

NetBSD uses an rc system similar to FreeBSD. Services are controlled through /etc/rc.conf and scripts in /etc/rc.d/ (base system services) and /usr/pkg/share/examples/rc.d/ (third-party packages).

Enabling Services

Third-party service scripts need to be copied to /etc/rc.d/ before they can be used. After installing a package, check for an rc script:

cp /usr/pkg/share/examples/rc.d/nginx /etc/rc.d/

Then enable the service in /etc/rc.conf:

echo "nginx=YES" >> /etc/rc.conf

Controlling Services

Start the service:

/etc/rc.d/nginx start

Stop the service:

/etc/rc.d/nginx stop

Restart the service:

/etc/rc.d/nginx restart

Check the status of a service:

/etc/rc.d/nginx status

On NetBSD 10, you can also use the service command as a wrapper, similar to FreeBSD:

service nginx start

Disabling Services

Set the service to NO in /etc/rc.conf:

echo "nginx=NO" >> /etc/rc.conf

A cleaner approach is to edit /etc/rc.conf directly and change the existing line from YES to NO, rather than appending duplicate entries.

8. Comparison Table: FreeBSD vs OpenBSD vs NetBSD

The following table summarizes the key differences in package and service management across the three major BSD operating systems.

TaskFreeBSD 14OpenBSD 7.6NetBSD 10
Binary package toolpkgpkg_add / pkg_infopkgin
Install a packagepkg install namepkg_add namepkgin install name
Remove a packagepkg delete namepkg_delete namepkgin remove name
Search for packagespkg search namepkg_info -Q namepkgin search name
Upgrade all packagespkg upgradepkg_add -upkgin upgrade
Package infopkg info namepkg_info namepkgin pkg-descr name
Clean orphanspkg autoremovepkg_delete -aXpkgin autoremove
Source buildsPorts (/usr/ports)Ports (/usr/ports)pkgsrc (/usr/pkgsrc)
Enable a servicesysrc name_enable=YESrcctl enable nameEdit /etc/rc.conf: name=YES
Start a serviceservice name startrcctl start name/etc/rc.d/name start
Stop a serviceservice name stoprcctl stop name/etc/rc.d/name stop
List enabled servicesservice -ercctl ls ongrep =YES /etc/rc.conf
Base system patchesfreebsd-updatesyspatchsysupgrade / source build

9. Useful Tips for Each OS

FreeBSD Tips

Use the quarterly package branch for stability. FreeBSD offers two package branches: latest (rolling updates) and quarterly (updated every three months with a focus on stability). Production servers generally do better on the quarterly branch. Check which branch you are on:

pkg -vv | grep url

Create package backups before major upgrades. Dump a list of all installed packages so you can recreate the environment if something goes wrong:

pkg prime-list > /root/pkg-list.txt

To reinstall everything from that list on a fresh system:

pkg install $(cat /root/pkg-list.txt)

Check what depends on a package before removing it. This prevents accidentally breaking other software:

pkg info -r nginx

Use pkg-static for recovery. If a bad upgrade breaks the dynamic pkg binary, pkg-static is a statically linked version that still works:

pkg-static install -f pkg

OpenBSD Tips

Always run syspatch after an upgrade. OpenBSD releases binary patches for the base system between releases. Apply them regularly:

syspatch

Use fw_update for firmware. OpenBSD separates non-free firmware into its own package mechanism. After installation or kernel upgrades, update firmware:

fw_update

Check for package quirks. Some OpenBSD packages ship with important post-installation notes. Read them with:

pkg_info -M nginx

Track packages installed manually vs. as dependencies. OpenBSD marks packages as auto-installed when pulled in as dependencies. View manually installed packages with:

pkg_info -mq

Keep /etc/installurl current. If you upgrade from OpenBSD 7.5 to 7.6, verify the installurl points to the correct release version so that pkg_add -u pulls packages for the right release.

NetBSD Tips

Pick the right pkgsrc branch. Use quarterly branches (like 2024Q4) for production and the HEAD branch for the latest software. Mixing branches causes problems, so stick with one.

Use binary packages when possible. Building everything from pkgsrc source takes significant time and resources. Use pkgin for binary packages and only build from source when you need specific compile options.

Set PKG_PATH correctly. If pkgin is not yet installed, make sure your PKG_PATH matches your architecture and NetBSD version:

export PKG_PATH="https://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/10.0/All"

Use pkg_rolling-replace for complex upgrades. When building from pkgsrc, this tool rebuilds packages in the correct dependency order:

cd /usr/pkgsrc/pkgtools/pkg_rolling-replace
make install clean
pkg_rolling-replace -u

Copy rc scripts after every package update. When pkgin upgrades a package, the rc script in /usr/pkg/share/examples/rc.d/ might be updated. Compare it with your copy in /etc/rc.d/ and update as needed.

Summary

All three BSD operating systems provide solid, well-documented tools for managing packages and services. FreeBSD gives you the most polished binary package experience with pkg and the flexibility of poudriere for custom builds. OpenBSD keeps things minimal and secure with pkg_add and the straightforward rcctl tool. NetBSD offers pkgin for quick binary installs alongside the portable pkgsrc framework that runs on dozens of platforms.

Whichever BSD you run, the core workflow is the same: keep your package catalog updated, audit for vulnerabilities regularly, and test upgrades before applying them to production. The tools differ in syntax, but the administrative mindset stays consistent across all three systems.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here