FreeBSD Ports and Packages
The FreeBSD ports system is the most traditional of the three, and provided the inspiration for Gentoo’s portage system. The ports tree is a directory structure with individual ported applications ("ports") in directories organized by category.
Inside a port’s directory is a brief description of the port, any patches required to build it, and a BSD Makefile that’s used for the actual building. The traditional way of installing software is to change into the ports directory and then run the following command sequence:
# make && make install
The first command fetches all required files and builds the port. Before doing this, the command checks that the dependencies are installed (and builds and installs them, if not). The second command installs the port, checking that it isn’t already installed—if it is, then it can be upgraded or reinstalled.
The ports tree is upgraded using cvsup, a program that multiplexes CVS transfers. As such, each user has an exact copy of the version in CVS at the time of check-out, meaning that the user can install a new version of a port as soon as it’s committed to the tree. Binary packages compiled from the ports tree usually make it to the FreeBSD FTP server a day or two later, and may take a while to propagate to all of the mirrors.
For many FreeBSD users, the make sequence is no longer the preferred way of installing ports. Instead, a tool known as portupgrade (itself installable from ports) is commonly used. This tool provides a simple interface for common actions such as installing, upgrading, or removing a port or collection of ports. portupgrade can also be used to install binary packages, if they exist, and fall back to using the port if the binary version has not yet been built—a particularly useful feature if time is short.
One nice feature of the FreeBSD ports tree is a tool called portaudit. This tool checks the currently installed ports against a published list of vulnerabilities, and warns the administrator when installing new ports with known holes. Running this tool in a nightly cron job can provide a quick email warning to the administrator, noting any known security problems.