Three years ago today, Colin Percival announced the availability of the first version of FreeBSD Portsnap. Almost a year later, in August 2005, Portsnap was added to the FreeBSD base system, and since then it has grown to four official mirrors and now supports almost 40 thousand users. Happy birthday Portsnap!

CVSup is slow, insecure, and a memory hog. However, until now it’s been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important.

To provide a secure, lightweight, and fast alternative to CVSup, I’ve written portsnap. As the name suggests, this is a system for building, *signing*, and distributing compressed snapshots of the ports tree, which can then be extracted into /usr/ports as needed.

Portsnap is:

  • Lightweight. It’s a 15kB shell script which uses under 50kB of other binaries.
  • Designed for frequent updating. Unlike CVSup, it doesn’t need to transmit a complete list of files in the ports tree each time it runs; in fact, if there are no updates available, it only needs to fetch a single file of 256 bytes.
  • Secure. Using code from FreeBSD Update, the ports snapshots are signed using a 2048-bit RSA key.
  • HTTP-only. That’s right, you don’t need to beg your network maintainer to allow outgoing connections on port 5999 any more. :-)

FreeBSD handbook chapter on how to use portsnap can be found here.