FreeBSD 15.1-BETA2 released, OpenBSD security patches for expat/NFS/iked, LibreNMS FreeBSD jail guide and more.
Releases
FreeBSD 15.1-BETA2: FreeBSD has announced the availability of the second BETA build for the 15.1 release cycle. The BETA2 build for FreeBSD 15.1 supports architectures including amd64, armv7, aarch64, powerpc64, powerpc64le, and riscv64.
BSDSec
OpenBSD Errata: May 8, 2026 (expat nfs iked): Errata patches for libexpat, NFS server, and iked have been released for OpenBSD 7.7 and 7.8. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility.
As always, it’s worth following BSDSec. RSS feed available.
News
LibreNMS setup guide for FreeBSD jails: This guide provides step-by-step instructions for deploying LibreNMS within a FreeBSD jail using a package-based installation approach. It covers essential prerequisites like FreeBSD 15.0-RELEASE, nginx with PHP-FPM, and MySQL 8.4, while emphasizing a minimal setup without reverse proxies or HTTPS for initial configuration. The process includes detailed steps for database setup with proper character encoding, PHP configuration with timezone settings, and nginx virtual host configuration tailored for LibreNMS. The guide also addresses critical post-installation tasks such as setting up the polling service via FreeBSD’s rc system, validating the installation, and securing the environment by removing the installer flag. While the guide focuses on a basic HTTP setup for simplicity, it explicitly notes that HTTPS becomes mandatory if exposing the instance beyond a private network or VPN.
Tutorials
FreeBSD PKGBASE minor upgrades with ZFS Boot Environments: The PKGBASE system on FreeBSD, though still experimental, lacks official support for minor version upgrades like moving from 15.0 to 15.1. This guide demonstrates a manual workaround using ZFS Boot Environments to safely upgrade the base system while preserving rollback capability. The process involves creating a new boot environment, manually updating the pkg tool and repository configuration, and performing the upgrade within the isolated environment. After rebooting into the new environment, users can verify the upgrade and optionally rename the boot environment for future use. The method also includes an alternative approach using pkg --chroot to streamline the process without mounting devfs. Both techniques ensure system stability by leveraging ZFS snapshots for recovery if issues arise.
Optimizing OpenZFS for production databases: Tuning OpenZFS for database workloads requires understanding key factors like database engine behavior, storage topology, and sync write handling. Aligning the recordsize parameter with the database’s page or extent size (typically 8KiB, 16KiB, or 64KiB) minimizes latency and improves performance, while mirror-based topologies outperform striped RAID for random-access workloads. Sync writes, though critical for data integrity, can degrade performance; mitigations include using powerloss-safe drives, adding a dedicated ZFS Intent Log (ZIL) vdev, or disabling sync for testing. Compression (e.g., lz4) often enhances performance by reducing storage bottlenecks, while disabling prefetch and atime updates can further optimize IOPS. Rewriting data may be necessary when changing topology, recordsize, or compression settings, but other adjustments like LOG vdevs or sync toggles apply dynamically. Most databases perform adequately on OpenZFS without tuning, but heavy workloads benefit from tailored optimizations.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!