This guide should work for DragonFlyBSD, FreeBSD, and HardenedBSD operating system. It covers ONLY packages updates/upgrades, and does not apply any other patch to base system or kernel.

If you are running FreeBSD 15.0-RELEASE or above, the base system will be updated via pkg as well. Otherwise you would still need to rely on freebsd-update or building it from source. For more information, please see the official FreeBSD Wiki or the Handbook.

NOTE: All steps documented on this page are considering that your server is dedicated to provide a Tor (bridge/guard/exit) relay service. Please be aware that services will be restarted during the automatic software update process documented here.

1. Create the Update Script

Let's use /root/bin/pkg-upgrade.sh for our setup. This is how is must look like:

#!/bin/sh
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
RAND=$(jot -r 1 1980 5940)
ENV="BATCH=yes IGNORE_OSVERSION=yes"
sleep ${RAND}
env ${ENV} pkg update -q -f && \
env ${ENV} pkg upgrade -q -U -y --fetch-only && \
env ${ENV} HANDLE_RC_SCRIPTS=yes pkg upgrade -q -U -y

2. Schedule a cron Job

For this particular schedule we opt to run the script every 0h00 (depending on your timezone), and will trigger the packages updates process itself depending on the value set to the $RAND variable - it's configured to produce a sleep between 1980 and 5940 seconds (or: 33 and 99 minutes).

More information about the use of jot in there can be found here - thanks to our anonymous cypherpunks. Adapt that to your needs should it be more suited to you.

# echo "0 0 * * * root /bin/sh /root/bin/pkg-upgrade.sh" > /etc/cron.d/pkg-upgrade

• If you want to change the scheduled execution of the update script, configure your crontab settings to a value you would like to use.

3. Restart cron

Finally, restart the cron daemon to make configuration changes be used.

# service cron restart