FreeBSD 11 default packages, can I remove them?

December 14, 2016 288 views
Server Optimization FreeBSD

I just spun up a FreeBSD 11 (no ZFS) droplet.
When I run pkg info I get a long list of installed packages, a few of them have to do with X11 but I don't plan on using a GUI. Is there any reason to keep them around or could I just remove everything?

Here are the packages installed:
arping-2.15_1 ARP level "ping" utility
avahi-app-0.6.31_5 Service discovery on a local network
avahi-autoipd-0.6.31 IPv4LL network address configuration daemon
ca_root_nss-3.27.1 Root certificate bundle from the Mozilla Project
curl-7.51.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers
dbus-1.8.20 Message bus system for inter-application communication
dbus-glib-0.104 GLib bindings for the D-BUS messaging system
expat-2.2.0 XML 1.0 parser written in C
gdbm-1.12 GNU database manager
gettext-runtime- GNU gettext runtime libraries and programs
glib-2.46.2_3 Some useful routines of C programming (current stable version)
gnome_subr-1.0 Common startup and shutdown subroutines used by GNOME scripts
gobject-introspection-1.46.0 Generate interface introspection data for GObject libraries
indexinfo-0.2.5 Utility to regenerate the GNU info page index
kbproto-1.0.7 KB extension headers
libICE-1.0.9_1,1 Inter Client Exchange library for X11
libSM-1.2.2_3,1 Session Management library for X11
libX11-1.6.4,1 X11 library
libXau-1.0.8_3 Authentication Protocol library for X11
libXdmcp-1.1.2 X Display Manager Control Protocol library
libdaemon-0.14_1 Lightweight C library that eases the writing of UNIX daemons
libffi-3.2.1 Foreign Function Interface
libiconv-1.14_9 Character set conversion library
libnet-1.1.6_4,1 C library for creating IP packets
libpthread-stubs-0.3_6 This library provides weak aliases for pthread functions
libxcb-1.11.1 The X protocol C-language Binding (XCB) library
libxml2-2.9.4 XML parser library for GNOME
pcre-8.39 Perl Compatible Regular Expressions library
perl5-5.20.3_15 Practical Extraction and Report Language
pkg-1.8.8 Package manager
py27-pip-8.0.2 Tool for installing and managing Python packages
py27-setuptools27-23.1.0 Python packages installer
python2-2_3 The "meta-port" for version 2 of the Python interpreter
python27-2.7.12 Interpreted object-oriented programming language
readline-6.3.8 Library for editing command lines as they are typed
rsync-3.1.2_5 Network file distribution/synchronization utility
sudo-1.8.18p1 Allow others to run commands as root
vim-lite-8.0.0019_1 Improved version of the vi editor (lite package)
xproto-7.0.28 X11 protocol headers

2 Answers
lordgordon December 14, 2016
Accepted Answer

Usually FreeBSD is installed with the very minimal set of packages required to have a working system. So, I strongly advise not to remove such packages, specially on a remote machine. In fact in your list there is really nothing you can safely remove but vim. You can safely remove vim and replace it with nano. Yet, I strongly suggest to learn vim as it is more powerful and useful on a remote machine.

Regarding X11, don't worry, only some headers are installed for compatibility with package builds. X11 is not installed!

You can check the details of every package in the official port database. You may want to try to remove them in a local vm with Vagrant to see what happens. Beware that most of the package you listed are dependencies of other packages.



  • Also, belive me: that's not a "long list" for a strong server system such as FreeBSD.

    • Thank you. I received a reply on a different thread that pointed to old response to a similar question and it said that most of the packages are dependencies of avahi-autoipd so I guess I'll leave them installed

Vanilla FreeBSD does not come with any packages preinstalled so yes you can remove them and see if it affects the web console in any way.
SSH is part of base OS and you will have access to reinstall these packages if needed.

In my local node I have the bare minimum packages for running lighttpd + FastCGI + PHP 7.

  • Yes, but this is not a vanilla FreeBSD, is a minimal FreeBSD tailored to work with DigitalOcean.

    Have you managed to have a working droplet without avahi-autoipd? If your machine is unable to obtain a valid IP address, it's hard to fix it with ssh.

    • hmm.. I haven't tried this yet.. cuz, I never faced space issue and felt to clean up some space.

    • You are right about them packages required for IP.
      Still, I tried removing all except pkg (using pkg remove -a), then after reboot, public IP accessibility stopped. However, I could connect to the node console from DO web console, but this does NOT work over restrictive proxies, so be careful.

      Thinking that if I had console access I could recover network access, I launched a new instance, locked avahi-autoipd, set root password after checking that sshd won't allow root login and thought of removing sudo.
      So that as root I can recover by installing the required packages and get ssh access, but this seemed too much of a hassle.

      Instead to see how much space I can get, I removed py27-pip (11MB freed), curl (3MB freed, can replace with built in fetch from FreeBSD), vim-lite (22 MB freed, can use default FreeBSD vi). So I guess we can remove such applications. And replace fat applications with lightweight equivalents, like sudo(4MB) with doas (14KB).

      Before removal the size from pkg stats was 237MB, after removing above packages it came down to 196MB.

      • Thanks, good to know!

        Anyway, to me the issue is not the space itself but the risks to increase the attack surface (with too many avoidables packages).

        I guess that removing sudo, pkg, py27 and vim could be a viable option if you have an "immutable server" (ie: for every change you reload the entire server with some automation provided by Terraform and Packer).

        Otherwise, as you noticed, removing them make server management really painful.

Have another answer? Share your knowledge.