Disclaimer don't get the wrong idea about what you've found here

What appears below are my personal notes I wish were part of my long-term memory but don't always seem to fit. I strive for accuracy and clarity and appreciate feedback. If applying any of this information anywhere, confirm for youself the correctness of your work as what you see below might very well be, albeit unintentionally, incorrect or misleading. These notes are here as an easy reference for myself.

Information worthy of a more formal presentation will appear elsewhere than this "Scratch" area. - ksb

FreeBSD Notes

The following are my FreeBSD notes. The intent here is not to duplicate the excellent documentation in the FreeBSD handbook, just to summarize what I've done and learned when getting things to work on my machines. The order is roughly the order needed when installing a new system from scratch and almost all of this is done as root.

I follow the "security branches" of the latest FreeBSD releases, for which I try to keep these notes accurate. I am more than open to feedback on any and all of this.

Table of Contents References
  1. Installation
  2. Dual Booting with WinXP
  3. Setting up /etc/rc.conf
  4. Setting up /etc/make.conf
  5. Port System
  6. Upgrading the System (including kernel)
  7. Rebuilding (just) the Kernel
  8. XOrg
  9. Sound
  10. Printing
  11. Shockwave Flash w/Firefox
  12. NIS Config
  13. PostgreSQL
  14. NTP
  15. Linux Emulation
  16. Network Setup


If you want a dual boot machine with WinXP, install XP first, as described below, then install from the latest (6.2 as of this writing) released mini-install CD. I usually burn my own CD and follow the minimal install, then run sysinstall to pick up under the "Configure" option: root password, add a user for myself, time zone, mouse and pick up, under "Distributions" the man pages, sources for everything and the ports system via FTP as I will rebuild everything else.

Dual Booting with WinXP

I use the WinXP boot manager to dual-boot between WinXP and FreeBSD.

When first setting up a machine, install WinXP first, leaving a partition for FreeBSD. Then install FreeBSD in that partition. After installing FreeBSD it will boot directly to FreeBSD. Don't worry WinXP is still there, FreeBSD just sets the partition it is installed on as the active partition, meaning in DOS-speak the bootable one. This can be changed using FreeBSD's fdisk command:

fdisk -a
and follow the prompts to set the WinXP partition as the active one so it will boot. Now it will boot straight to WinXP. Don't worry FreeBSD is still there...

Now under WinXP right-click on My Computer->Properties->Advanced->Startup and Recovery->Settings, then hit the Edit button to manually edit the startup options. This is easier than editing the C:\boot.ini file as you don't need to have any special prems. Add the line C:\BOOTSECT.BSD="FreeBSD" so the file looks something like this:

[boot loader]
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Now, still under WinXP, put in the FreeBSD install CD and copy over the file \boot\boot1 to C:\BOOTSECT.BSD

After this, when booting up, WinXP's boot manager will start, present the list of operating systems defined in boot.ini and wait the timeout for you to pick one, or go with the default. The timeout and default can be changed in WinXP in that Startup and Recovery panel.

Setting up /etc/rc.conf

After an installation, taking a look at your /etc/rc.conf file is a good idea. Nearly all possible values for this file are in /etc/defaults/rc.conf (which defines the default values as it is sourced before /etc/rc.conf).

For example, on my laptop it defined both ethernet and wlan interfaces as "DHCP" so both interfaces came up at boot time. Since I don't know which network interface I'm going to use when starting my laptop, I'd rather neither come up by default. So I commented those out and bring them up manually depending on where I am.

Setting up /etc/make.conf

/etc/make.conf is a pretty important file as it effects all make commands (i.e. building the kernel, the system and ports). I custimize it to the specific CPU, compiler optimizations, CVSup details and port tweaks. Start with the example in /usr/share/examples/etc/make.conf. Here's mine:

CFLAGS= -O2 -pipe -funroll-loops
CXXFLAGS+= -fconserve-space
COPTFLAGS= -O -pipe -funroll-loops
NOPROFILE=      true    # Avoid compiling profiled libraries
X_WINDOW_SYSTEM=xorg    # Not needed after 5.X
WITH_LAME= yes          # Not sure where I picked this up from
WITH_BDB_HIGHEST=yes    # This apparently avoids a problem with portupgrade picking up old BDB versions

# CVSup update flags.  Edit SUPFILE settings to reflect whichever distribution
# file(s) you use on your site (see /usr/share/examples/cvsup/README for more
# information on CVSup and these files).  To use, do "make update" in /usr/src.
SUP=            /usr/bin/csup
SUPFLAGS=       -g -L 1 -4 -1
SUPHOST=        `/usr/local/bin/fastest_cvsup -c us -Q`
#SUPFILE=        /usr/share/examples/cvsup/standard-supfile
SUPFILE=        /root/csup/standard-supfile
#PORTSSUPFILE=   /usr/share/examples/cvsup/ports-supfile
PORTSSUPFILE=   /root/csup/ports-supfile
#DOCSUPFILE=     /usr/share/examples/cvsup/doc-supfile

# Have the openssl port overwrite the base install of openssl (the
# port then calls itself 'openssl-overwrite-base')
OPENSSL_OVERWRITE_BASE=yes      # openssl port

# Have the openssh-portable port overwrite the base install of openssh
# (the port then call itself 'openssh-overwrite-base').  A comment in
# /usr/ports/security/openssh-portable/Makefile indicates this var is
# deprecated, presumably replace by the config option for the port,
# but I'm leaving this in here since there doesn't appear to be a
# similar structure in the openssl port.
OPENSSH_OVERWRITE_BASE=yes              # openssh-portable port

Other stuff gets added in there when you upgrade certian ports, like perl. I've also had to lower the compiler optimizations when building the Kernel. Look through dmesg and the gcc man page for the value of the CPUTYPE var. The CVSup stuff is very helpful, as all you then need to do to upgrade your port tree is to do a cd /usr/port/; make update. Before 6.2 you needed to have the cvsup port installed, but /usr/bin/csup (a cvsup replacement) is now part of the base. You will though want the faster_cvsup ports installed if using the above setting for SUPHOST.

I used to have -ffast-math in CFLAGS and COPTFLAGS but that caused problems in Firefox (javascript failures at gmail login and failure to load any extensions).

Port System

The FreeBSD port system is very, very powerful. I currently use the portupgrade port to manage my ports, though I often see that there are better port management tools avaliable now. Perhaps someday, I'll "upgrade". I have a cron that runs periodically which updates the entire ports tree, then shows me which of my installed ports could be upgraded. To get all this going from a clean install:

  1. Install the port system when installing from the mini install CD. I usually forget and just run sysinstall again selecting the man pages and ports collection from the distributions section. I also like to have packages make from all the ports, so create the dir /usr/ports/packages as 755 root:wheel (which is where the port system will them store all the packages). Creating these packages is time consuming to build but will save a lot of time if you need to use them - which can happen when you want to straighten out a problem with the portsdb or some such..
  2. Get the example supfiles identified in the above /etc/make.conf file into place - with the exception of the SUPHOST value, make that a real host (one listed here). I do this by just copying from the example dir into a new /root/csup dir. Then I change only the standard-supfile as described in the Rebuilding (just) the Kernel section. The ports-supfile, I leave alone.
  3. Get the very latest ports (as sysinstall, by default, gets the 'released' versions) by having the above changes made to your /etc/make.conf file done, I use the example ports-supfile:
    cd /usr/ports
    make update
  4. Install the fastest_cvsup port
    cd /usr/ports/sysutil/fastest_cvsup
    make install package-recursive clean

    This depends on perl, so that will be installed if starting from a new install. After this is installed, you can change the SUPHOST value in /etc/make.conf back to the above value calling fastest_cvsup.

  5. Install the portupgrade port:
    cd /usr/ports/ports-mgmt/portupgrade
    make install package-recursive clean

    This depends on ruby and other ports, so they will be installed if starting from a new install.

  6. Now you can use either the ports tree:
    cd /usr/ports/path/to/whatever
    make install package-recursive clean
    or portupgrade
    portinstall -pL /var/tmp/portupgrade/%s::%s.log whatever

    to install new ports. That -L arg will put logs of the build under /var/tmp/portupgrade/ and the -p will create a package for the port (under /usr/ports/packages) which can make re-installing a port quickly done without rebuilding it.

  7. The port tree itself can then be updated manually by doing the following:
    cd /usr/ports
    make update                          # Does the actual update of the ports tree
    portsdb -Fu                          # Get a INDEX and update the port DB
    pkgdb -fFu                           # Rebuild the package DB.
    portversion -v | grep -v up-to-date  # Show the ports which could be updated.
  8. I have the following script which is run via cron periodically:

    #set -x
    cd /usr/ports && \
    echo "==== Running: make update === `date` ====" > $LOG && \
    make update >> $LOG && \
    echo "==== Running: portsdb -Uu === `date` ====" >> $LOG && \
    portsdb -Uu >> $LOG && \
    echo "==== Running: pkgdb -fFu === `date` ====" >> $LOG && \
    pkgdb -fFu >> $LOG && \
    echo "==== Running: portupgrade -aFR --batch === `date` ====" >> $LOG && \
    portupgrade -aFR --batch >> $LOG && \
    echo "==== Running: portversion -v | grep -v up-to-date === `date` ====" >> $LOG && \
    portversion -v | grep -v up-to-date | tee -a $LOG && \
    echo "==== Done === `date` ====" >> $LOG

    Note that this is nearly the same as above but it doesn't fetch the INDEX it rebuilds it locally from scratch - which takes a long time, (it also fetches all newly needed distfiles) but I do it via cron when I'm not waiting for it:

    # crontab -l
    # Update the ports tree
    0 1 * * Sun,Tue,Thu /root/csup/port_update.sh
  9. To upgrade all upgradable ports:
    1. Read /usr/ports/UPDATING for special notes.
    2. Use portupgrade -a to upgrade all ports:
      portupgrade -apL /var/tmp/portupgrade/%s::%s.log
      optionally adding in a -x flag to skip certian ports for upgrading:
      portupgrade -apL /var/tmp/portupgrade/%s::%s.log -x xorg\*

Here're some handy commands for investigating ports:

Upgrading the System (including kernel)

FreeBSD comes with a base system of tools and utilities, including the kernel. The sources for all this lives under /usr/src (which originally was populated using sysinstall).

The first thing is to get the latest sources for everything under /usr/src. Setting up /etc/make.conf as described above will help, specifically the stable-supfile. I use the one from the example dir changing only the host which strictly speaking won't be used if SUPHOST is specified in /etc/make.conf. This important thing in that file is that release=cvs and tag=RELENG_6_2 to pick up the "security branch". Updating the system sources can then be done by:

# cd /usr/src
# make update

More details on this are here

What follows is a very abbreviated summary of the directions from the FreeBSD Handbook on Rebuilding "world".

  1. Read /usr/src/UPDATING
  2. Review options in /etc/make.conf regarding the building of the system and kernel.
  3. If you haven't already, create your own Kernel Configuration File as described here. This is the file identified below as the 'KERNCONF=FOO' line.
  4. Quick mergemaster before building anything. Delete temproot if it exists, keep the one it creates for running mergemaster after rebuilding.
    # cd /usr/src/usr.sbin/mergemaster
    # ./mergemaster -p
  5. Reboot to single user mode & remount file systems w/r, etc. (Done only to speed up the compiling):
    # reboot
    # fsck -p
    # mount -u /
    # mount -a -t ufs
    # swapon -a
    Note that if using ZFS, rather than the mount commands use:
    # zfs set readonly=off zroot
    # zfs mount -a
  6. Compile the base system (if there are problems, remove the -j4)
    # cd /usr/src
    # make -j4 buildworld
  7. Compile and install a new Kernel (either GENERIC or the one you wrote for the given machine).
    # make -j4 buildkernel KERNCONF=FUZZ
    # make -j4 installkernel KERNCONF=FUZZ
  8. Reboot to new kernel to single user mode & remount file systems w/r, etc.
    # reboot (into single-user)
    # fsck -p
    # mount -u /
    # mount -a -t ufs
    # swapon -a
  9. Install the new base system
    # cd /usr/src
    # make installworld

    (I worked around a "touch: not found" error here by using "make installworld PATH=$PATH")

  10. The full mergemaster: where -U tries to auto upgrade files that have not been user modified (yea it ignores RCS keyword changes!) and -i automatically installs new files. Start by keeping temproot (from the pre-buildworld mergemaster -p run), but remove it afterwards).
    # mergemaster -Ui

    When deciding on whether to delete or install files then mergemaster finds differences: the temporary ones (under ./etc/) are the new incoming ones. Unless it is a file I've modified, I take the new ("temporary") ones. Even when it is modified, I'll often take the new one and redo my edits later.

You're done:

# reboot

I then portupgrade -f the openssl-overwrite-base (security/openssl) and openssh-portable-overwrite-base (security/openssh-portable) ports (see the relevent /etc/make.conf and make config settings above) because the build/install world has installed the base versions.

Rebuilding (just) the Kernel

To cvsup core system (kernel et al) sources:
# cd /root/cvsup

# Make sure tag in stable-supfile is correct (RELENG_4_10, RELENG 5_2, etc.)
cvsup -g stable-supfile

To rebuild the kernel:
# cd /sys/i386/conf

Now create a new config file for the new kernel.
Edit this config file.  Change the name of the kernel, ident, and
drivers and devices as needed

# cd /usr/src

Compile the kernel.
# make buildkernel KERNCONF=MYKERNEL

Install the new kernel.
# make installkernel KERNCONF=MYKERNEL

# reboot
You will now have a new /boot/kernel dir with the new kernel in it.  The old
one is in /boot/kernel.old, cp it if you want to save it.


Let X build your initial /etc/X11/XF86Config file for you (into
# XFree86 -configure

Another way to generate it is using:
# xf86cfg -textmode

For Matrox cards, the mga_hal port provides drivers for X, and the
mgapdesk port provides an GUI interface for generating the
/etc/X11/xorg.conf file (supporting multi-head).

If you need to figure out a ModeLine, use
# xvidtune
Then click the Show button to display the Modeline used.

To add mouse wheel support, try adding:
        Option      "Buttons" "5"
        Option      "ZAxisMapping" "4 5"
to the mouse "InputDevice" section.

To adjust the gamma, look at figure 2 here:
http://radsite.lbl.gov/radiance/refer/Notes/gamma.html and use xgamma to
the 2.2 look the closest.  When you know what the gamma adjustment needs to
be, add a line like this:
        Gamma 0.8
to the Monitor section.


Kernel module

To get sound working you need to have the proper kernel module loaded for your sound card.

To see what kind of sound card the kernel saw at boot up:

$ dmesg | grep pcm
pcm0: <HDA ATI R6xx HDMI PCM #0 HDMI> at cad 0 nid 1 on hdac0
pcm1: <HDA Realtek ALC888 PCM #0 Analog> at cad 2 nid 1 on hdac1
pcm2: <HDA Realtek ALC888 PCM #1 Digital> at cad 2 nid 1 on hdac1
Or which one is already loaded:
$ cat /dev/sndstat 
FreeBSD Audio Driver (newpcm: 64bit 2009061500/amd64)
Installed devices:
pcm0: <HDA ATI R6xx HDMI PCM #0 HDMI> (play)
pcm1: <HDA Realtek ALC888 PCM #0 Analog> (play/rec) default
pcm2: <HDA Realtek ALC888 PCM #1 Digital> (play)
So I want the hda driver. This output also show that I have multiple sound devices, see below for dealing with those.

A brute force way of finding a sound driver would be to load all of them:

# cd /boot/kernel
# kldload snd_*    # load them all
and see what stuck, using either of:
$ kldstat | grep snd_
$ cat /dev/sndstat

Once you know what kind of sound card you have, look in /boot/default/loader.conf and search for the line that loads the module specific to your sound card. Add that to your /boot/loader.conf

# emacs /boot/default/loader.conf /boot/loader.conf
# grep snd_ /boot/loader.conf
snd_hda_load="YES"              # Intel High Definition Audio (Controller)

Test the sound card

Loading the driver will (in FreeBSD 5.x or later) usually create the /dev/dsp sound device entry for you. If it exists, then try to send some noise to it:

# cat ~/.profile > /dev/dsp
If this works, then you're done. All sound aware apps should pick this up and use it for sound.

Creating /dev/dsp sound device

In the case that the /dev/dsp device does not get created automatically after a reboot, as was my case because I have multiple sound cards, (one on the main board, one on the video card) try the following:

Figure out which of the existing /dev/dsp* devices to use. I ran the following loop:

# for d in /dev/dsp*; do echo $d; cat ~/.profile > $d; sleep 1; done
6 times, with the speakers plugged into each of the 6 different ports in the back of the machine. Eventually I figured out it was /dev/dsp1.0 and the lower middle yellow port.

To put that info into place, I ran:

# sysctl hw.snd.default_unit=1
Surprisingly, a /dev/dsp was not created, but Skype started making sounds at me, so it worked!

To make that permanent I added the following to /etc/sysctl.conf

# to make /dev/dsp point to /dev/dsp1.0

After the next reboot, the /dev/dsp device was there and sound still worked.


Copied the itg2 entry from pesto:/etc/printcap.  Namely:

and added that to /etc/printcap and:
changed: /usr/spool to /var/spool
removed the line: :if=/usr/local/libexec/psif:\

Ending up with:

I tried leaving in the psif call with a 'portinstall lprps-letter' but I got
ioctl errors in /var/log/lpd-errs

  mkdir /var/spool/lpd/itg2

to /etc/rc.conf

Add to user ~/.bashrc:
export PRINTER=itg2

Shockwave Flash w/Firefox

Getting Shockwave Flash to run under FreeBSD is, without question, one of the biggest disappointments in running FreeBSD on the desktop. In short, Macromedia/Adobe doesn't support Flash on FreeBSD. There are efforts to implement open-source replacements but none seem ready yet.

Since Linux is supported, using emulation in some say is the alternative. The most straightforward would be to run all of Firefox or Opera under linux emulation, but for now, here's how I have Flash7 working under native Firefox. Unfortunately (or perhaps fortunately) sound doesn't work, so this isn't very good for YouTube but it gets rid of most of the broken media links.

  1. Set up Linux Emulation
  2. Install the linuxpluginwrapper port and copy into /etc/libmap.conf all of, or just the flash parts from /usr/local/share/examples/linuxpluginwrapper/libmap.conf-FreeBSD6
  3. Install the linux-flashplugin7 port. Then make the following 2 symlinks:
    cd /usr/local/lib/browser_plugins
    ln -s /usr/local/lib/npapi/linux-flashplugin/libflashplayer.so .
    ln -s /usr/local/lib/npapi/linux-flashplugin/flashplayer.xpt .
  4. Restart Firefox and go to about:plugins to see if Shockwave Flash shows up. It should. Then see what Macromedia itself says about your flash plugin.

I tried doing this with the linux-flashplugin9 port, but it didn't work. When hitting the about:plugin page (after starting firefox from a terminal command line) I would see:

$ firefox
LoadPlugin: failed to initialize shared library /usr/local/lib/npapi/linux-flashplugin/libflashplayer.so [Shared object "libfreetype.so.6" not found, required by "libflashplayer.so"]
This seems like it should be a pretty simple thing to fix (by say adding a line in /etc/libmap.conf) but I think this requires support by the linuxpluginwrapper port (which doesn't appear to be getting much love these days...)

I should figure out how to use all of firefix or Opera under linux emulation for sound, etc.



To install the postgresql ports (81-client and 81-server):

# portinstall postgresql*

Then add postgresql_enable="YES" to /etc/rc.conf or the following init and start commands won't work.

To initialize the database, run

# /usr/local/etc/rc.d/010.pgsql.sh initdb
This also set up all the files under ~pgsql

To start, stop or check status of PostgreSQL use:

# /usr/local/etc/rc.d/010.pgsql.sh start|stop|status

FreeBSD's PostgreSQL port now by default logs to syslog. See ~pgsql/data/postgresql.conf for more info

Create a new database user (the -e is just to see the SQL commands used):

# su - pgsql
$ bash  
[pgsql@fuzz ~]$ createuser -e foouser
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) n

Create a new database, as the pgsql user (the -e is just to see the SQL commands used):

$ createdb -e foodb

Try logging into the new db as the new user:

psql -U foouser -d foodb

# To turn on TCP connections from other hosts:
  # In ~pgsql/data/postgresql.conf
tcpip_socket = true
  # In ~pgsql/data/pg_hba.conf, add a line like the following:
host    foo       foo   trust
# This will allow anyone on to log in to the foo db as the
foo user.  That command there would be:
psql -h -U foo -d foo

# For the JDBC drivers:
portinstall postgresql-jdbc

su - pgsql
Look through post-install-notes

NTP: Network Time Protocol

This doesn't seem to work entirely...

Create /etc/ntp.conf:
server chronos01.lbl.gov prefer
server tic.lbl.gov
server toc.lbl.gov

restrict default ignore
driftfile /var/db/ntp.drift

To immediately update the system time (with /etc/ntp.conf in place):
# ntpd -gq

To have ntpd started with system startup, ddd into /etc/rc.conf:

To start ntpd manually without restarting:
# ntpd -p /var/run/ntpd.pid -f /var/db/ntpd.drift

Linux Emulation

Most of this is from the
handbook on Linux Binary Compatibility.
  1. First, get the linux.ko module loaded at boot time by adding into /etc/rc.conf:
    Use kldstat to list currently loaded kernel modules. To add it without rebooting:
    kldload /boot/kernel/linux.ko
  2. Then build the linux_base port (which is currently Fedora Core 4):
    portinstall -L /var/tmp/portupgrade/%s::%s.log linux_base-fc-4

    Looking through the logs will give lots of good info on this port.

  3. To provide a Linux style /proc file system add the following to /etc/fstab:
    linprocfs    /compat/linux/proc    linprocfs    rw    0  0
    To mount it immediately (I think I've got this right...):
    mount -t linprocfs linprocfs /compat/linux/proc
  4. If using NIS under linux (or just using linux apps like acroread which check the current user ID), /usr/ports/emulators/linux_base-fc4/pkg-message has some important info on setting that up. Basically under /compat/linux/etc edit yp.conf defining:
    domainname   your NIS domain
    ypserver     your NIS domain server
    then add nis to the passwd, shadow & group lines of nsswitch.conf:
    passwd:     files nis
    shadow:     files nis
    group:      files nis

Network Setup

Static IP
Add (something simlar) the following to /etc/rc.conf

ifconfig_em0="inet  netmask"

Add the following to /etc/rc.conf
ifconfig_em0="syncdhcp" # The 'sync' will cause other network services
                        # to wait for the interface to get a license
                        # before proceeding (and failing)

To get your hostname sent to the DHCP server (which might then be
configured to add you into DNS) add the following to your /etc/dhclient.conf
send host-name "icepad";

This is a bit trickier.

Rebuild kernel to support the ath driver by adding
device ath
device ath_hal
device wlan

ifconfig will now show the ath0 interface

Bring it up so to search for SSIDs
# ifconfig ath0 up

Search for SSIDs by either:
# wiconfig ath0 -l
(This lists stations but doesn't show signal strengths for some reason)
# dstumbler ath0
(This lists stations, doesn't show signal strengths)
# dstumbler ath0 -s
(This lists only one station but does show it's strength.)

Attach to a particular station:
# ifconfig ath0 up ssid 
or if you need a wepkey
# ifconfig ath0 up ssid  wepmode on wepkey <0x0123456789>

The get DHCP info:
dhclient ath0

To release an existing DHCP license:
dhclient em0 -r

Keith S. Beattie is responsible for this document, located at http://dst.lbl.gov/~ksb/Scratch/FreeBSD_notes.html, which is subject to LBNL's Privacy & Security Notice, Copyright Status and Disclaimers.

Last Modified: Wednesday, 16-Aug-2017 16:18:05 PDT