# Install and update system and packages without FTP



## japoc (Nov 22, 2015)

Hi,

I stumbled upon this line in the FreeBSD official documentation:


> *For those situations when FTP is required*, PF provides redirection of FTP traffic to a small proxy program called ftp-proxy(8), which is included in the base system of FreeBSD. The role of the proxy is to dynamically insert and delete rules in the ruleset, using a set of anchors, in order to correctly handle FTP traffic.





> *For those situations when FTP is required*


I'm stunned because I've been looking for ways to work with FreeBSD without FTP for days and it seems impossible.

`pkg install` uses FTP and I find no way to globally override this
`freebsd-update` uses FTP and I find no way to globally override this

So are there really situations when you can admin a FreeBSD server without using FTP?
If so, how?

Thanks for your help.


----------



## tobik@ (Nov 22, 2015)

japoc said:


> freebsd-update uses FTP and I find no way to globally override this


How? freebsd-update(8) does not support anything other than HTTP.

pkg(8) also defaults to using HTTP.

How did you find out they use FTP?


----------



## wblock@ (Nov 22, 2015)

`pkg` can also use HTTP, HTTPS, or even SSH, depending on the repository.  See pkg.conf(5).  Probably freebsd-update(8) also uses fetch(8) and also can use non-FTP options, but the man page does not say.


----------



## tobik@ (Nov 22, 2015)

wblock@ said:


> Probably freebsd-update(8) also uses fetch(8) and also can use non-FTP options, but the man page does not say.


While it also uses `fetch` for some things freebsd-update(8) uses phttpget(8) to download patches which is HTTP only.


----------



## japoc (Nov 22, 2015)

Ok, I guess it was only `pkg` then. Still, I don't see how I can configure it so that it uses http by default. What file should I edit? Am I supposed to choose a single http mirror and hope it never goes down?


----------



## SirDice (Nov 23, 2015)

japoc said:


> Ok, I guess it was only `pkg` then. Still, I don't see how I can configure it so that it uses http by default.


It already uses HTTP by default.


```
FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
```


----------



## tobik@ (Nov 23, 2015)

japoc said:


> Ok, I guess it was only `pkg` then. Still, I don't see how I can configure it so that it uses http by default. What file should I edit? Am I supposed to choose a single http mirror and hope it never goes down?


Can you show us what's in /etc/pkg/FreeBSD.conf and /usr/local/etc/pkg.conf on your system? Is there anything in /usr/local/etc/pkg/repos/? What's the output of `pkg -vv`?

The server to use is pkg.freebsd.org which uses GeoDNS to select the nearest package mirror at your location. It also provides SRV records as a fallback in case a server is down (try it: `drill _http._tcp.pkg.freebsd.org SRV`).

What FreeBSD version are you using? The older package tools like `pkg_add` all used FTP by default IIRC.


----------



## japoc (Dec 4, 2015)

Thanks! The hosting company had put a file in /usr/local/etc/pkg/repos/. It referenced their own FTP mirror server. Unfortunately their mirror is FTP only. I removed the file and now `pkg` uses the default configuration, which is http.


----------

