This guide should work for DragonFlyBSD, FreeBSD, and HardenedBSD operating system. It covers ONLY packages updates/upgrades, and does not apply any other patch to base system or kernel.

NOTE: All steps documented on this page are considering that your server is dedicated to provide a Tor (bridge/guard/exit) relay service. Please be aware that services will be restarted during the automatic software update process documented here.

1. Create the Update Script

Let's use /root/bin/pkg-upgrade.sh for our setup. This is how is must look like:

#!/bin/sh
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
RAND=$(jot -r 1 900)
ENV="BATCH=yes IGNORE_OSVERSION=yes"
sleep ${RAND}
env ${ENV} pkg update -q -f && \
env ${ENV} pkg upgrade -q -U -y --fetch-only && \
env ${ENV} HANDLE_RC_SCRIPTS=yes pkg upgrade -q -U -y

2. Schedule a cron Job

For this particular schedule we opt to run the script every 0h00 (depending on your timezone), and will trigger the packages updates process itself depending on the value set to the $RAND variable - it's configured to produce a sleep between 0 and 900 seconds (15 minutes).

# echo "0 0 * * * root /bin/sh /root/bin/pkg-upgrade.sh" > /etc/cron.d/pkg-upgrade
  • If you want to change the scheduled execution of the update script, configure your crontab settings to a value you would like to use.

3. Restart cron

Finally, restart the cron daemon to make configuration changes be used.

# service cron restart