head 1.6; access; symbols pkg_install-20240307:1.1.1.17 netbsd-8-3-RELEASE:1.3.4.1 netbsd-9-4-RELEASE:1.3.14.1 netbsd-10-0-RELEASE:1.5 netbsd-10-0-RC6:1.5 netbsd-10-0-RC5:1.5 netbsd-10-0-RC4:1.5 netbsd-10-0-RC3:1.5 netbsd-10-0-RC2:1.5 netbsd-10-0-RC1:1.5 netbsd-10:1.5.0.6 netbsd-10-base:1.5 netbsd-9-3-RELEASE:1.3.14.1 cjep_sun2x-base1:1.5 cjep_sun2x:1.5.0.4 cjep_sun2x-base:1.5 cjep_staticlib_x-base1:1.5 netbsd-9-2-RELEASE:1.3.14.1 cjep_staticlib_x:1.5.0.2 cjep_staticlib_x-base:1.5 pkg_install-20210410:1.1.1.16 pkg_install-20201218:1.1.1.15 pkg-install-20201218:1.1.1.15 pkg_install-20201212:1.1.1.15 pkg_install-20201205:1.1.1.14 pkg_install-20201202:1.1.1.14 netbsd-9-1-RELEASE:1.3 phil-wifi-20200421:1.3 phil-wifi-20200411:1.3 is-mlppp:1.3.0.16 is-mlppp-base:1.3 phil-wifi-20200406:1.3 netbsd-8-2-RELEASE:1.3 netbsd-9-0-RELEASE:1.3 netbsd-9-0-RC2:1.3 netbsd-9-0-RC1:1.3 phil-wifi-20191119:1.3 pkg_install-20191008:1.1.1.14 netbsd-9:1.3.0.14 netbsd-9-base:1.3 phil-wifi-20190609:1.3 netbsd-8-1-RELEASE:1.3 netbsd-8-1-RC1:1.3 pkgsrc-20190405:1.1.1.14 pgoyette-compat-merge-20190127:1.3 pgoyette-compat-20190127:1.3 pgoyette-compat-20190118:1.3 pgoyette-compat-1226:1.3 pgoyette-compat-1126:1.3 pgoyette-compat-1020:1.3 pgoyette-compat-0930:1.3 pgoyette-compat-0906:1.3 netbsd-7-2-RELEASE:1.1.1.13 pgoyette-compat-0728:1.3 netbsd-8-0-RELEASE:1.3 phil-wifi:1.3.0.12 phil-wifi-base:1.3 pgoyette-compat-0625:1.3 netbsd-8-0-RC2:1.3 pgoyette-compat-0521:1.3 pgoyette-compat-0502:1.3 pgoyette-compat-0422:1.3 netbsd-8-0-RC1:1.3 pgoyette-compat-0415:1.3 pgoyette-compat-0407:1.3 pgoyette-compat-0330:1.3 pkg_install-20180325:1.1.1.14 pgoyette-compat-0322:1.3 pgoyette-compat-0315:1.3 netbsd-7-1-2-RELEASE:1.1.1.13 pgoyette-compat:1.3.0.10 pgoyette-compat-base:1.3 pkg_install-20171030:1.1.1.14 netbsd-7-1-1-RELEASE:1.1.1.13 matt-nb8-mediatek:1.3.0.8 matt-nb8-mediatek-base:1.3 perseant-stdc-iso10646:1.3.0.6 perseant-stdc-iso10646-base:1.3 netbsd-8:1.3.0.4 netbsd-8-base:1.3 prg-localcount2-base3:1.3 prg-localcount2-base2:1.3 prg-localcount2-base1:1.3 prg-localcount2:1.3.0.2 prg-localcount2-base:1.3 pgoyette-localcount-20170426:1.3 bouyer-socketcan-base1:1.3 pkg_install-20170419:1.1.1.14 pgoyette-localcount-20170320:1.2 netbsd-7-1:1.1.1.13.0.12 netbsd-7-1-RELEASE:1.1.1.13 netbsd-7-1-RC2:1.1.1.13 netbsd-7-nhusb-base-20170116:1.1.1.13 bouyer-socketcan:1.2.0.4 bouyer-socketcan-base:1.2 pgoyette-localcount-20170107:1.2 netbsd-7-1-RC1:1.1.1.13 pgoyette-localcount-20161104:1.2 netbsd-7-0-2-RELEASE:1.1.1.13 localcount-20160914:1.2 netbsd-7-nhusb:1.1.1.13.0.10 netbsd-7-nhusb-base:1.1.1.13 pgoyette-localcount-20160806:1.2 pgoyette-localcount-20160726:1.2 pgoyette-localcount:1.2.0.2 pgoyette-localcount-base:1.2 netbsd-7-0-1-RELEASE:1.1.1.13 netbsd-7-0:1.1.1.13.0.8 netbsd-7-0-RELEASE:1.1.1.13 netbsd-7-0-RC3:1.1.1.13 netbsd-7-0-RC2:1.1.1.13 netbsd-7-0-RC1:1.1.1.13 netbsd-5-2-3-RELEASE:1.1.1.4.6.5 netbsd-5-1-5-RELEASE:1.1.1.4.6.5 netbsd-6-0-6-RELEASE:1.1.1.12 netbsd-6-1-5-RELEASE:1.1.1.12 netbsd-7:1.1.1.13.0.6 netbsd-7-base:1.1.1.13 yamt-pagecache-base9:1.1.1.13 yamt-pagecache-tag8:1.1.1.12 netbsd-6-1-4-RELEASE:1.1.1.12 netbsd-6-0-5-RELEASE:1.1.1.12 tls-earlyentropy:1.1.1.13.0.4 tls-earlyentropy-base:1.1.1.13 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.13 riastradh-drm2-base3:1.1.1.13 netbsd-6-1-3-RELEASE:1.1.1.12 netbsd-6-0-4-RELEASE:1.1.1.12 netbsd-5-2-2-RELEASE:1.1.1.4.6.5 netbsd-5-1-4-RELEASE:1.1.1.4.6.5 netbsd-6-1-2-RELEASE:1.1.1.12 netbsd-6-0-3-RELEASE:1.1.1.12 netbsd-5-2-1-RELEASE:1.1.1.4.6.5 netbsd-5-1-3-RELEASE:1.1.1.4.6.5 netbsd-6-1-1-RELEASE:1.1.1.12 riastradh-drm2-base2:1.1.1.13 riastradh-drm2-base1:1.1.1.13 riastradh-drm2:1.1.1.13.0.2 riastradh-drm2-base:1.1.1.13 netbsd-6-1:1.1.1.12.0.18 netbsd-6-0-2-RELEASE:1.1.1.12 netbsd-6-1-RELEASE:1.1.1.12 netbsd-6-1-RC4:1.1.1.12 pkg_install-20130420:1.1.1.13 netbsd-6-1-RC3:1.1.1.12 agc-symver:1.1.1.12.0.16 agc-symver-base:1.1.1.12 netbsd-6-1-RC2:1.1.1.12 netbsd-6-1-RC1:1.1.1.12 yamt-pagecache-base8:1.1.1.12 netbsd-5-2:1.1.1.4.6.5.0.6 netbsd-6-0-1-RELEASE:1.1.1.12 yamt-pagecache-base7:1.1.1.12 netbsd-5-2-RELEASE:1.1.1.4.6.5 netbsd-5-2-RC1:1.1.1.4.6.5 matt-nb6-plus-nbase:1.1.1.12 yamt-pagecache-base6:1.1.1.12 netbsd-6-0:1.1.1.12.0.12 netbsd-6-0-RELEASE:1.1.1.12 netbsd-6-0-RC2:1.1.1.12 tls-maxphys:1.1.1.12.0.10 tls-maxphys-base:1.1.1.13 matt-nb6-plus:1.1.1.12.0.8 matt-nb6-plus-base:1.1.1.12 netbsd-6-0-RC1:1.1.1.12 yamt-pagecache-base5:1.1.1.12 yamt-pagecache-base4:1.1.1.12 pkg_install-20120221b:1.1.1.12 pkg_install-20120221:1.1.1.12 pkg_install-20120128:1.1.1.12 netbsd-6:1.1.1.12.0.6 netbsd-6-base:1.1.1.12 netbsd-5-1-2-RELEASE:1.1.1.4.6.5 netbsd-5-1-1-RELEASE:1.1.1.4.6.5 yamt-pagecache-base3:1.1.1.12 yamt-pagecache-base2:1.1.1.12 yamt-pagecache:1.1.1.12.0.4 yamt-pagecache-base:1.1.1.12 cherry-xenmp:1.1.1.12.0.2 cherry-xenmp-base:1.1.1.12 pkg_install-20110215:1.1.1.12 bouyer-quota2-nbase:1.1.1.12 bouyer-quota2:1.1.1.11.0.2 bouyer-quota2-base:1.1.1.11 matt-mips64-premerge-20101231:1.1.1.11 matt-nb5-mips64-premerge-20101231:1.1.1.4.4.3.2.1 matt-nb5-pq3:1.1.1.4.6.5.0.4 matt-nb5-pq3-base:1.1.1.4.6.5 netbsd-5-1:1.1.1.4.6.5.0.2 netbsd-5-1-RELEASE:1.1.1.4.6.5 netbsd-5-1-RC4:1.1.1.4.6.5 matt-nb5-mips64-k15:1.1.1.4.4.3.2.1 pkg_install-20100616:1.1.1.11 netbsd-5-1-RC3:1.1.1.4.6.5 netbsd-5-1-RC2:1.1.1.4.6.5 netbsd-5-1-RC1:1.1.1.4.6.5 pkg_install-20100421:1.1.1.10 pkg_install-20100220:1.1.1.10 netbsd-5-0-2-RELEASE:1.1.1.4.4.4 pkg_install-20100204:1.1.1.10 pkg_install-20100203:1.1.1.10 pkg_install-20100130:1.1.1.10 matt-nb5-mips64-premerge-20091211:1.1.1.4.4.3 matt-premerge-20091211:1.1.1.9 pkg_install-20091115:1.1.1.9 pkg_install-20091015:1.1.1.9 pkg_install-20091008:1.1.1.8 pkg_install-20091006:1.1.1.8 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.1.1.4.4.3 matt-nb4-mips64-k7-u2a-k9b:1.1.1.4.4.3 matt-nb5-mips64-u1-k1-k5:1.1.1.4.4.3 pkg_install-20090817:1.1.1.7 matt-nb5-mips64:1.1.1.4.4.3.0.2 pkg_install-20090806:1.1.1.6 netbsd-5-0-1-RELEASE:1.1.1.4.4.3 pkg_install-20090724:1.1.1.5 pkg_install-20090610:1.1.1.4 netbsd-4:1.1.1.4.0.10 netbsd-4-0:1.1.1.4.0.8 netbsd-5:1.1.1.4.0.6 netbsd-5-0:1.1.1.4.0.4 pkg_install-20090528:1.1.1.4 pkg_install-20090527:1.1.1.4 pkg_install-20090513:1.1.1.4 jym-xensuspend-base:1.1.1.4 jym-xensuspend:1.1.1.4.0.2 jym-xensuspend-nbase:1.1.1.4 pkg_install-20090425:1.1.1.4 pkg_install-20090424:1.1.1.3 pkg_install-20090406:1.1.1.3 pkg_install-20090309:1.1.1.2 pkg_install-20090307:1.1.1.2 pkg_install-20090302:1.1.1.2 pkg_install-20090228:1.1.1.2 pkg_install-20090225:1.1.1.1 PKGSRC:1.1.1; locks; strict; comment @# @; 1.6 date 2024.06.11.09.26.57; author wiz; state Exp; branches; next 1.5; commitid cBpCGHkm00R0XxdF; 1.5 date 2021.04.10.19.49.59; author nia; state Exp; branches; next 1.4; commitid HezzTfrIXRy0DMOC; 1.4 date 2020.12.12.11.00.57; author wiz; state Exp; branches; next 1.3; commitid pvvV00GDFOoQwrzC; 1.3 date 2017.04.20.13.18.23; author joerg; state Exp; branches 1.3.4.1 1.3.14.1; next 1.2; commitid leUMp4Trjahr6hOz; 1.2 date 2015.04.28.09.48.30; author prlw1; state Exp; branches 1.2.2.1 1.2.4.1; next 1.1; commitid TSa8JbOB7Toobljy; 1.1 date 2009.02.25.21.21.41; author joerg; state Exp; branches 1.1.1.1; next ; 1.3.4.1 date 2020.12.19.13.41.22; author martin; state Exp; branches; next ; commitid cFwi1oRX0hOBbmAC; 1.3.14.1 date 2020.12.19.13.34.42; author martin; state Exp; branches; next ; commitid 76shnsLbFB1a9mAC; 1.2.2.1 date 2017.04.26.02.52.50; author pgoyette; state Exp; branches; next ; commitid ojV02aOSdzvBqZOz; 1.2.4.1 date 2017.04.21.16.52.33; author bouyer; state Exp; branches; next ; commitid dUG7nkTKALCadqOz; 1.1.1.1 date 2009.02.25.21.21.41; author joerg; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2009.02.28.19.33.45; author joerg; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2009.04.06.18.49.12; author joerg; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2009.04.25.21.38.22; author joerg; state Exp; branches 1.1.1.4.2.1 1.1.1.4.4.1 1.1.1.4.6.1 1.1.1.4.8.1 1.1.1.4.10.1; next 1.1.1.5; 1.1.1.5 date 2009.07.26.22.59.35; author joerg; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2009.08.06.16.55.27; author joerg; state Exp; branches; next 1.1.1.7; 1.1.1.7 date 2009.08.21.15.19.18; author joerg; state Exp; branches; next 1.1.1.8; 1.1.1.8 date 2009.10.07.13.19.44; author joerg; state Exp; branches; next 1.1.1.9; 1.1.1.9 date 2009.10.15.13.01.24; author joerg; state Exp; branches; next 1.1.1.10; 1.1.1.10 date 2010.01.30.21.33.50; author joerg; state Exp; branches; next 1.1.1.11; 1.1.1.11 date 2010.06.26.00.14.31; author joerg; state Exp; branches 1.1.1.11.2.1; next 1.1.1.12; 1.1.1.12 date 2011.02.18.22.32.31; author aymeric; state Exp; branches 1.1.1.12.4.1 1.1.1.12.10.1; next 1.1.1.13; 1.1.1.13 date 2013.04.20.15.26.53; author wiz; state Exp; branches; next 1.1.1.14; 1.1.1.14 date 2017.04.20.13.12.48; author joerg; state Exp; branches; next 1.1.1.15; commitid hfSoZE9pcv9B4hOz; 1.1.1.15 date 2020.12.12.10.59.13; author wiz; state Exp; branches; next 1.1.1.16; commitid zxBLActTHuf0wrzC; 1.1.1.16 date 2021.04.10.19.26.04; author nia; state Exp; branches; next 1.1.1.17; commitid p07dD6FyN8xZuMOC; 1.1.1.17 date 2024.06.11.09.15.41; author wiz; state Exp; branches; next ; commitid Hr3X57pettQNTxdF; 1.1.1.4.2.1 date 2009.04.25.21.38.22; author jym; state dead; branches; next 1.1.1.4.2.2; 1.1.1.4.2.2 date 2009.05.13.18.52.38; author jym; state Exp; branches; next ; 1.1.1.4.4.1 date 2009.04.25.21.38.22; author snj; state dead; branches; next 1.1.1.4.4.2; 1.1.1.4.4.2 date 2009.05.30.16.21.37; author snj; state Exp; branches; next 1.1.1.4.4.3; 1.1.1.4.4.3 date 2009.07.27.00.37.08; author snj; state Exp; branches 1.1.1.4.4.3.2.1; next 1.1.1.4.4.4; 1.1.1.4.4.4 date 2009.10.18.16.05.26; author bouyer; state Exp; branches; next 1.1.1.4.4.5; 1.1.1.4.4.5 date 2010.02.15.01.01.24; author snj; state Exp; branches; next ; 1.1.1.4.4.3.2.1 date 2010.04.21.05.23.10; author matt; state Exp; branches; next ; 1.1.1.4.6.1 date 2009.04.25.21.38.22; author snj; state dead; branches; next 1.1.1.4.6.2; 1.1.1.4.6.2 date 2009.05.30.16.40.33; author snj; state Exp; branches; next 1.1.1.4.6.3; 1.1.1.4.6.3 date 2009.07.27.00.40.11; author snj; state Exp; branches; next 1.1.1.4.6.4; 1.1.1.4.6.4 date 2009.10.18.16.01.51; author bouyer; state Exp; branches; next 1.1.1.4.6.5; 1.1.1.4.6.5 date 2010.02.03.00.38.23; author snj; state Exp; branches; next ; 1.1.1.4.8.1 date 2009.04.25.21.38.22; author snj; state dead; branches; next 1.1.1.4.8.2; 1.1.1.4.8.2 date 2009.06.05.17.02.00; author snj; state Exp; branches; next 1.1.1.4.8.3; 1.1.1.4.8.3 date 2009.09.05.13.37.42; author bouyer; state Exp; branches; next 1.1.1.4.8.4; 1.1.1.4.8.4 date 2009.10.18.15.48.54; author bouyer; state Exp; branches; next ; 1.1.1.4.10.1 date 2009.04.25.21.38.22; author snj; state dead; branches; next 1.1.1.4.10.2; 1.1.1.4.10.2 date 2009.06.05.17.19.41; author snj; state Exp; branches; next 1.1.1.4.10.3; 1.1.1.4.10.3 date 2009.08.18.10.33.25; author bouyer; state Exp; branches; next 1.1.1.4.10.4; 1.1.1.4.10.4 date 2009.10.18.15.41.56; author bouyer; state Exp; branches; next 1.1.1.4.10.5; 1.1.1.4.10.5 date 2010.06.12.18.25.49; author riz; state Exp; branches; next ; 1.1.1.11.2.1 date 2011.03.05.15.08.50; author bouyer; state Exp; branches; next ; 1.1.1.12.4.1 date 2014.05.22.15.51.04; author yamt; state Exp; branches; next ; commitid 2oTzauTU7C9n9yBx; 1.1.1.12.10.1 date 2013.06.23.06.28.29; author tls; state Exp; branches; next ; commitid OnlO1cBgtQRcIHUw; desc @@ 1.6 log @Merge pkg_install-20240307 @ text @.\" $NetBSD: pkg_install.conf.5.in,v 1.5 2021/04/10 19:49:59 nia Exp $ .\" .\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd October 28, 2014 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp The following variables are supported: .Bl -tag -width 6n .It Dv ACCEPTABLE_LICENSES No (list of license names) Default: empty .Pp Space-separated list of licenses considered acceptable when .Dv CHECK_LICENSE is .Ql yes or .Ql always , in addition to those listed in .Dv DEFAULT_ACCEPTABLE_LICENSES . License names are case-sensitive. .It Dv ACTIVE_FTP No (empty or non-empty) Default: empty .Pp If non-empty, force the use of active FTP. Otherwise, try passive FTP first, and fall back to active FTP if the server reports a syntax error. .It Dv CACHE_INDEX No ( So Li yes Sc or So Li no Sc ) Default: .Li yes .Pp If .Ql yes , cache directory listings in memory. This avoids retransfers of the large directory index for HTTP. .It Dv CERTIFICATE_ANCHOR_PKGS No (empty or path) Default: empty .Pp Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .Pp Required when .Dv VERIFIED_INSTALLATION is anything other than .Ql never . .It Dv CERTIFICATE_ANCHOR_PKGVULN No (empty or path) Default: empty .Pp If non-empty, path to the file containing the certificates used for validating .Pa pkg-vulnerabilities . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_CHAIN No (empty or path) Default: empty .Pp If non-empty, path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_LICENSE No ( So Li yes Sc , So Li no Sc , or So Li always Sc ) Default: .Li no .Pp When installing a package, check whether its license, as specified in the .Dv LICENSE build info tag, is acceptable, i.e., listed in .Dv ACCEPTABLE_LICENSES or .Dv DEFAULT_ACCEPTABLE_LICENSES . .Pp Supported values are: .Bl -tag -width ".Dv always" .It Dv no Install package no matter what license it has. .It Dv yes If package has .Dv LICENSE set, require the license to be acceptable before installing. If package is missing .Dv LICENSE , install it anyway. .It Dv always Require .Dv LICENSE to be set, and require the license to be acceptable, before installing. .El .It Dv CHECK_END_OF_LIFE No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp During vulnerability checks, consider packages that have reached end-of-life as vulnerable. .It Dv CHECK_OS_VERSION No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp If .Ql yes , pkg_add will warn if the host OS version mismatches the OS version the package was built on. .Pp For example, you can set this to .Ql no in order to install packages built for .Nx 9.0 on .Nx 10.0 , where they will still generally work. Packages for which this may not work have a more stringent version check through the .Li osabi package; see .Dv CHECK_OSABI . .It Dv CHECK_OSABI No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp If .Ql yes , the .Li osabi package checks that it matches the OS version. .Pp Packages that are tightly bound to a specific version of an operating system, such as kernel modules or .Dv sysutils/lsof , depend on the .Li osabi package to reflect this, so that even if .Dv CHECK_OS_VERSION is .Ql no , such packages will refuse to install unless .Dv CHECK_OSABI is also .Ql no . .It Dv CHECK_VULNERABILITIES No ( So Li never Sc , So Li always Sc , or So Li interactive Sc ) Default: .Ql never .Pp Check for vulnerabilities when installing a package. Supported values are: .Bl -tag -width ".Dv interactive" .It Dv never Install package even if it is known to be vulnerable. .It Dv always Install package only if it is not known to be vulnerable. .Pp If the .Pa pkg-vulnerabilities file is missing, assume package is vulnerable and refuse to install it. .It Dv interactive Install package without user interaction if it is not known to be vulnerable. Otherwise, prompt user to confirm installation. .Pp If the .Pa pkg-vulnerabilities file is missing, ignore it and install package anyway. .El .\" These appear to have been added by mistake in pkg_install-20100122; .\" nothing uses them that I can find. --riastradh, 2024-02-03 .\" .It Dv CONFIG_CACHE_CONNECTIONS .\" Limit the global connection cache to this value. .\" For FTP, this is the number of sessions without active command. .\" For HTTP, this is the number of connections open with keep-alive. .\" .It Dv CONFIG_CACHE_CONNECTIONS_HOST .\" Like .\" .Dv CONFIG_CACHE_CONNECTIONS , .\" but limit the number of connections to the host as well. .\" See .\" .Xr fetch 3 .\" for further details .It Dv DEFAULT_ACCEPTABLE_LICENSES Space separated list of licenses considered acceptable when .Dv CHECK_LICENSE is .Ql yes or .Ql always , in addition to those listed in .Dv ACCEPTABLE_LICENSES . License names are case-sensitive. .Pp The default value of .Dv DEFAULT_ACCEPTABLE_LICENSES No (list of license names) lists all licenses recorded in pkgsrc which have been either: .Bl -dash .It approved as open source by the .Lk "https://opensource.org/" "Open Source Initiative" , .It approved as free software by the .Lk "https://www.fsf.org/" "Free Software Foundation" , or .It considered free software under the Debian Free Software Guidelines by the .Lk "https://www.debian.org/" "Debian Project" , .El and are not .Sq network copyleft licenses such as the GNU Affero GPLv3. .It Dv GPG No (empty or path) Default: empty .Pp Path to .Xr gpg 1 , required for .Ic pkg_admin gpg-sign-package . (All other GPG/OpenPGP operations are done internally with .Xr libnetpgpverify 3 . ) .It Dv GPG_KEYRING_PKGVULN No (empty or path) Default: empty .Pp If non-empty, keyring to use for verifying OpenPGP signatures on .Pa pkg-vulnerabilities , overriding the default keyring. .It Dv GPG_KEYRING_SIGN No (empty or path) Default: empty .Pp If non-empty, keyring to use for signing packages with .Ic pkg_admin gpg-sign-package , overriding the default keyring. .It Dv GPG_KEYRING_VERIFY No (empty or path) Default: empty .Pp If non-empty, keyring to use for verifying package signatures on installation, overriding the default keyring. .It Dv GPG_SIGN_AS No (empty or OpenPGP user-id) Default: empty .Pp If non-empty, OpenPGP user-id to use for signing packages with .Ic pkg_admin gpg-sign-package , passed as the argument of .Ql --local-user .Pq Fl u to .Xr gpg 1 . .It Dv IGNORE_PROXY No (empty or non-empty) Default: empty .Pp If non-empty, use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL No (URL, may be specified multiple times) Default: none .Pp URL of a security advisory from the .Pa pkg-vulnerabilities that should be ignored when running: .Dl Ic pkg_admin audit May be specified multiple times to ignore multiple advisories. .It Dv PKG_DBDIR No (*) (path) Default: .Pa @@PKG_DBDIR@@ .Pp Location of the packages database. This option is overriden by the argument of the .Fl K option. .It Dv PKG_PATH No (*) (semicolon-separated list of paths or URLs) Default: empty .Pp Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR No (*) (path) Default: .No "${" Ns Dv PKG_DBDIR Ns "}" Ns Pa .refcount .Pp Location of the package reference counts database directory. .It Dv PKGVULNDIR No (path) Default: .No "${" Ns Dv PKG_DBDIR Ns "}" .Pp Directory name in which the .Pa pkg-vulnerabilities file resides. .It Dv PKGVULNURL No (URL) Default: .Lk http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz .Pp URL which is used for updating the local .Pa pkg-vulnerabilities file when running: .Dl Ic pkg_admin fetch-pkg-vulnerabilities .Pp .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO No (empty or non-empty) Default: empty .Pp If non-empty, log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION No ( So Li never Sc , So Li always Sc , So Li trusted Sc , or So Li interactive Sc ) Default: .Ql never .Pp Verification requirement for installing a package. Supported values are: .Bl -tag -width ".Dv interactive" .It Dv never Install package unconditionally. .It Dv always Install package only if it has a valid X.509 or OpenPGP signature. .It Dv trusted Install package without user interaction if it has a valid X.509 or OpenPGP signature. Otherwise, prompt user to confirm installation. .It Dv interactive Always prompt the user to confirm installation when installing a package. .Sy WARNING : This does not tell the user whether the package had a valid signature or not. .El .El .Sh FILES .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 , .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.5 log @merge pkg_install-20210410 - simplified version checking for netbsd, treat 9.0 and 9.1 as compatible - minor man page updates @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.16 2021/04/10 19:26:04 nia Exp $ d53 12 a64 3 .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES Space-separated list of licenses packages are allowed to carry. d66 19 a84 9 .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CACHE_INDEX Cache directory listings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. d88 11 a98 3 .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . d103 20 a122 6 .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. d124 1 a124 1 .Bl -tag -width interactiveXX d126 1 a126 1 The check is not performed. d128 6 a133 1 The check is performed if the package has license conditions set. d135 4 a138 2 Passing the license check is required. Missing license conditions are considered an error. d140 4 a143 1 .It Dv CHECK_END_OF_LIFE d146 49 a194 10 This option is enabled by default. .It Dv CHECK_OS_VERSION If "no", pkg_add will not warn if the host OS version does not exactly match the OS version the package was built on. The default is "yes". .It Dv CHECK_OSABI If "no", osabi package does not check OS version. The default is "yes". .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. d196 1 a196 1 .Bl -tag -width interactiveXX d198 1 a198 1 No check is performed. d200 6 a205 2 Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. d207 7 a213 1 The user is always asked to confirm installation of vulnerable packages. d215 13 a227 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d229 8 a236 4 Space-separated list of common Free and Open Source licenses packages are allowed to carry. The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. d238 23 a260 1 .It Dv GPG d263 35 a297 18 which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore d301 6 a306 2 .It Dv IGNORE_URL One line per advisory which should be ignored when running d308 5 a312 4 The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_DBDIR (*) d314 1 a314 1 This option is always overriden by the argument of the d317 3 a319 1 .It Dv PKG_PATH (*) d323 4 a326 1 .It Dv PKG_REFCOUNT_DBDIR (*) d328 4 a331 3 The default value is .Pa ${PKG_DBDIR}.refcount . .It Dv PKGVULNDIR d335 4 a338 3 Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL d341 1 a341 1 file when running d343 1 a343 1 The default location is ftp.NetBSD.org using HTTP. d352 9 a360 4 .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. d362 1 a362 1 .Bl -tag -width interactiveXX d364 1 a364 1 No signature checks are performed. d366 1 a366 2 A valid signature is required. If the binary package can not be verified, the installation is terminated d368 3 a370 2 A valid signature is required. If the binary package can not be verified, the user is asked interactively. d372 5 a376 1 The user is always asked interactively when installing a package. @ 1.4 log @merge pkg_install-20201212 @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.15 2020/12/12 10:59:13 wiz Exp $ @ 1.3 log @Merge pkg_install-20170419. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.21 2014/11/05 14:40:01 prlw1 Exp $ d96 4 @ 1.3.4.1 log @Pull up the following, requested by maya in #1638: external/bsd/pkg_install/dist/add/perform.c up to 1.8 external/bsd/pkg_install/dist/lib/lib.h up to 1.11 external/bsd/pkg_install/dist/lib/parse-config.c up to 1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in up to 1.4 external/bsd/pkg_install/dist/lib/pkgdb.c up to 1.5 external/bsd/pkg_install/dist/lib/plist.c up to 1.6 external/bsd/pkg_install/dist/lib/version.h up to 1.19 doc/3RDPARTY (manually edited) Merge pkg_install 20201218. Provide silent backwards compatibility for existing package installs using /var/db/pkg. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.4 2020/12/12 11:00:57 wiz Exp $ a95 4 .It Dv CHECK_OS_VERSION If "no", pkg_add will not warn if the host OS version does not exactly match the OS version the package was built on. The default is "yes". @ 1.3.14.1 log @Pull up the following, requested by maya in ticket #1155: external/bsd/pkg_install/dist/add/perform.c up to 1.8 external/bsd/pkg_install/dist/lib/lib.h up to 1.11 external/bsd/pkg_install/dist/lib/parse-config.c up to 1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in up to 1.4 external/bsd/pkg_install/dist/lib/pkgdb.c up to 1.5 external/bsd/pkg_install/dist/lib/plist.c up to 1.6 external/bsd/pkg_install/dist/lib/version.h up to 1.19 doc/3RDPARTY (manually modified) Merge pkg_install 20201218. Provide silent backwards compatibility for existing package installs using /var/db/pkg. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.4 2020/12/12 11:00:57 wiz Exp $ a95 4 .It Dv CHECK_OS_VERSION If "no", pkg_add will not warn if the host OS version does not exactly match the OS version the package was built on. The default is "yes". @ 1.2 log @Fix typos @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.13 2013/04/20 15:26:53 wiz Exp $ d30 1 a30 1 .Dd February 22, 2012 d96 3 @ 1.2.2.1 log @Sync with HEAD @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.3 2017/04/20 13:18:23 joerg Exp $ d30 1 a30 1 .Dd October 28, 2014 a95 3 .It Dv CHECK_OSABI If "no", osabi package does not check OS version. The default is "yes". @ 1.2.4.1 log @Sync with HEAD @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.3 2017/04/20 13:18:23 joerg Exp $ d30 1 a30 1 .Dd October 28, 2014 a95 3 .It Dv CHECK_OSABI If "no", osabi package does not check OS version. The default is "yes". @ 1.1 log @Initial revision @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.2 2009/02/25 15:19:00 joerg Exp $ d3 1 a3 1 .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. d30 1 a30 1 .Dd January 8, 2009 d49 3 d54 3 d59 4 d80 16 d108 17 d155 13 d179 1 a179 2 The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz d207 1 a207 1 .Bl -tag d213 4 a216 1 .Xr pkg_admin 1 @ 1.1.1.1 log @Import pkg_install-20090225: - improve diagnostic for audit-packages wrapper - new pkg_delete code: - topologocial ordering of packages - bails out before removing anything if it knows that it will run into problems later - new option -A: remove automatic installed packages that are no longer used (e.g. pkg_add foo; pkg_delete -A foo should not alter the list of installed packages) - less chatty pkg_info for -Q @ text @@ 1.1.1.2 log @Import pkg_install-20090228: - pkg_add: - more consistent PKG_PATH processing - support setting PKG_PATH in pkg_install.conf(5) - don't crash when installing package with conflicts - fix updating packages with explicit +PRESERVE - document the rules for finding packages more clearly - pkg_info: - don't complain about PKG_PATH, it is not used - sync documentation with reality @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.4 2009/02/28 16:20:50 wiz Exp $ d30 1 a30 1 .Dd February 27, 2009 a111 5 .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . @ 1.1.1.3 log @Import pkg_install-20090406: Remove premature return that broke dependency tracking for pkg_add -u. Fixes PR 41143. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.5 2009/03/10 20:33:43 joerg Exp $ d157 1 a157 1 .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" @ 1.1.1.4 log @Import pkg_install-20090425: Add logic to evaluate license conditions. As frontend for pkgsrc, pkg_admin gets two new commands (check-license and check-single-license), which can be used to evaluate a given condition. pkg_add will be changed to honour licenses at a later point. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.6 2009/04/25 21:31:14 joerg Exp $ d30 1 a30 1 .Dd April 25, 2009 a50 2 .It Dv ACCEPTABLE_LICENSES List of licenses packages are allowed to carry. a81 2 .It Dv DEFAULT_ACCEPTABLE_LICENSES List of common Free and Open Source licenses packages are allowed to carry. @ 1.1.1.5 log @Import pkg_install-20070724: - license handling: accept upper case letters. Keep license checks case-sensitive as done in the older pkgsrc logic. Document this. OK dillo@@, schmonz@@, wiz@@ - pkg_info: - fix handling of non-packages, that are valid archives - invert order of pkg_info -r to better match the expectations of make update. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.7 2009/07/24 19:06:45 joerg Exp $ a52 1 License names are case-sensitive. a85 3 The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. @ 1.1.1.6 log @Import pkg_install-20090806: - pkg_add: add support to check license conditions before installation - pkg_delete: add -k option to skip over preserve packages. - WARNS=4 clean, fix some potential uses of uninitialized variables @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.8 2009/08/06 16:53:34 joerg Exp $ a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El @ 1.1.1.7 log @Import pkg_install-20090817: Add a new command for pkg_admin: findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add would. It prints the URLs of the best match for each pattern to stdout. Rewrite the config file parser to read the file only once. Fix a bug in pkg_add's -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once. Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.9 2009/08/06 18:16:33 wiz Exp $ d30 1 a30 1 .Dd August 6, 2009 @ 1.1.1.8 log @pkg_install-20091006: - restore pkg_add -f functionality for missing dependencies (PR 42001) - pkg_admin rebuild should count packages correctly (he@@), also count @@pkgdir - fix gpg-sign-package syntax in pkg_admin(1) - change default URL for pkg-vulnerabilities to use HTTP @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.10 2009/10/07 12:53:27 joerg Exp $ d149 1 a149 1 .Pa http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz @ 1.1.1.9 log @pkg_install-20091015: Use directory index caching by default. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.11 2009/10/15 12:41:41 joerg Exp $ d30 1 a30 1 .Dd October 15, 2009 a55 4 .It Dv CACHE_INDEX Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. @ 1.1.1.10 log @pkg_install-20100130: - pkg_add -U to rplace an installed version - refactored man pages - PKG_DBDIR / PKG_REFCOUNT_DBDIR as pkg_install.conf options - synced license list - use connection cache from libfetch @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.13 2010/01/22 13:30:42 joerg Exp $ d30 1 a30 1 .Dd January 22, 2010 a48 3 Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp a100 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP this is the number of sessions without active command. For HTTP this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d136 5 a140 13 .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . d152 2 a153 1 The default location is ftp.NetBSD.org using HTTP. a187 3 .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.1.1.11 log @pkg_install-20100616: - Recognize -C for pkg_add like the rest of the tools do - Do the existing check for pkg_add -f, it makes the combination of -f and -U a bit less surprising - Fix option handling for CHECK_VULNERABILITIES (from spz@@) - Make end-of-life check the default. pkg_install.conf(5) can be used to override the default. The existing admin -e & co continue to work as before. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.14 2010/06/16 23:02:49 joerg Exp $ d30 1 a30 1 .Dd June 16, 2010 a91 4 .It Dv CHECK_END_OF_FILE During vulnerability checks, consider packages that have reached end-of-life as vulnerable. This option is enabled by default. @ 1.1.1.11.2.1 log @Sync with HEAD @ text @d1 1 a1 1 .\" $NetBSD$ d30 1 a30 1 .Dd November 13, 2010 d55 1 a55 1 Space-separated list of licenses packages are allowed to carry. d120 1 a120 2 Space-separated list of common Free and Open Source licenses packages are allowed to carry. @ 1.1.1.12 log @Import pkg_install 20110215. --- 20110215: Fix audit-history subcommand to include patterns making use of [x-y] notation. --- 20101212: Don't warn about _ALPHA, _BETA, _PATCH, _RC, _STABLE mismatches when pkg_add'ing on NetBSD. --- 20101122: Fix crash in pkg_info -X on hand-written packages. --- 20100915: Allow https URLs. --- 20100914: Add -D flag to pkg_install, to override the "pkg_add -U" check that all depending packages have their dependencies satisfied by the new package. Essentially, split off this particular behavior as a special case of -f, so that -f works as before, unforced works as before, and one can give -D to override exactly this check, leaving all other checks intact. The -D flag is in support of make replace, as the workflow for make replace is that inter-package dependencies are sometimes violated (but then one must replace the depending packages, which is what pkg_rolling-replace does via the unsafe_depends flags). Add missing break statement in option parsing of "pkg_add -C", riding the version bump. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.15 2010/11/13 20:07:01 christos Exp $ d30 1 a30 1 .Dd November 13, 2010 d55 1 a55 1 Space-separated list of licenses packages are allowed to carry. d120 1 a120 2 Space-separated list of common Free and Open Source licenses packages are allowed to carry. @ 1.1.1.12.4.1 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.12 2011/02/18 22:32:31 aymeric Exp $ d3 1 a3 1 .\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. d30 1 a30 1 .Dd February 22, 2012 d92 1 a92 1 .It Dv CHECK_END_OF_LIFE d110 2 a111 2 For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive. d113 1 a113 1 Like d213 1 a213 1 .Xr pkg_admin 1 , @ 1.1.1.12.10.1 log @resync from head @ text @d1 1 a1 1 .\" $NetBSD$ d3 1 a3 1 .\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. d30 1 a30 1 .Dd February 22, 2012 d92 1 a92 1 .It Dv CHECK_END_OF_LIFE d110 2 a111 2 For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive. d113 1 a113 1 Like d213 1 a213 1 .Xr pkg_admin 1 , @ 1.1.1.13 log @Import pkg_install from current pkgsrc. Licence changes and less warnings when opsys doesn't match build host opsys version, and documentation updates. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.17 2012/12/17 04:34:02 agc Exp $ d3 1 a3 1 .\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. d30 1 a30 1 .Dd February 22, 2012 d92 1 a92 1 .It Dv CHECK_END_OF_LIFE d110 2 a111 2 For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive. d113 1 a113 1 Like d213 1 a213 1 .Xr pkg_admin 1 , @ 1.1.1.14 log @Import pkg_install-20170419. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.21 2014/11/05 14:40:01 prlw1 Exp $ d30 1 a30 1 .Dd October 28, 2014 d60 1 a60 1 Cache directory listings in memory. a95 3 .It Dv CHECK_OSABI If "no", osabi package does not check OS version. The default is "yes". @ 1.1.1.15 log @pkg_install: import version 20201212 from pkgsrc Two bugfixes and a check_os_version config variable. Addresses PR 55865 @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.22 2020/12/11 10:06:53 jperkin Exp $ a95 4 .It Dv CHECK_OS_VERSION If "no", pkg_add will not warn if the host OS version does not exactly match the OS version the package was built on. The default is "yes". @ 1.1.1.16 log @pkg_install-20210410 @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.1 2021/04/10 19:00:12 nia Exp $ @ 1.1.1.17 log @Import pkg_install 20240307 from pkgsrc @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.25 2024/02/04 14:43:12 riastradh Exp $ d53 3 a55 12 .Bl -tag -width 6n .It Dv ACCEPTABLE_LICENSES No (list of license names) Default: empty .Pp Space-separated list of licenses considered acceptable when .Dv CHECK_LICENSE is .Ql yes or .Ql always , in addition to those listed in .Dv DEFAULT_ACCEPTABLE_LICENSES . d57 9 a65 19 .It Dv ACTIVE_FTP No (empty or non-empty) Default: empty .Pp If non-empty, force the use of active FTP. Otherwise, try passive FTP first, and fall back to active FTP if the server reports a syntax error. .It Dv CACHE_INDEX No ( So Li yes Sc or So Li no Sc ) Default: .Li yes .Pp If .Ql yes , cache directory listings in memory. This avoids retransfers of the large directory index for HTTP. .It Dv CERTIFICATE_ANCHOR_PKGS No (empty or path) Default: empty .Pp Path to the file containing the certificates used for validating binary packages. d69 3 a71 11 .Pp Required when .Dv VERIFIED_INSTALLATION is anything other than .Ql never . .It Dv CERTIFICATE_ANCHOR_PKGVULN No (empty or path) Default: empty .Pp If non-empty, path to the file containing the certificates used for validating .Pa pkg-vulnerabilities . d76 6 a81 20 The certificates must be PEM-encoded. .It Dv CERTIFICATE_CHAIN No (empty or path) Default: empty .Pp If non-empty, path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_LICENSE No ( So Li yes Sc , So Li no Sc , or So Li always Sc ) Default: .Li no .Pp When installing a package, check whether its license, as specified in the .Dv LICENSE build info tag, is acceptable, i.e., listed in .Dv ACCEPTABLE_LICENSES or .Dv DEFAULT_ACCEPTABLE_LICENSES . .Pp d83 1 a83 1 .Bl -tag -width ".Dv always" d85 1 a85 1 Install package no matter what license it has. d87 1 a87 6 If package has .Dv LICENSE set, require the license to be acceptable before installing. If package is missing .Dv LICENSE , install it anyway. d89 2 a90 4 Require .Dv LICENSE to be set, and require the license to be acceptable, before installing. d92 1 a92 4 .It Dv CHECK_END_OF_LIFE No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp d95 10 a104 49 .It Dv CHECK_OS_VERSION No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp If .Ql yes , pkg_add will warn if the host OS version mismatches the OS version the package was built on. .Pp For example, you can set this to .Ql no in order to install packages built for .Nx 9.0 on .Nx 10.0 , where they will still generally work. Packages for which this may not work have a more stringent version check through the .Li osabi package; see .Dv CHECK_OSABI . .It Dv CHECK_OSABI No ( So Li yes Sc or So Li no Sc ) Default: .Ql yes .Pp If .Ql yes , the .Li osabi package checks that it matches the OS version. .Pp Packages that are tightly bound to a specific version of an operating system, such as kernel modules or .Dv sysutils/lsof , depend on the .Li osabi package to reflect this, so that even if .Dv CHECK_OS_VERSION is .Ql no , such packages will refuse to install unless .Dv CHECK_OSABI is also .Ql no . .It Dv CHECK_VULNERABILITIES No ( So Li never Sc , So Li always Sc , or So Li interactive Sc ) Default: .Ql never .Pp Check for vulnerabilities when installing a package. d106 1 a106 1 .Bl -tag -width ".Dv interactive" d108 1 a108 1 Install package even if it is known to be vulnerable. d110 2 a111 6 Install package only if it is not known to be vulnerable. .Pp If the .Pa pkg-vulnerabilities file is missing, assume package is vulnerable and refuse to install it. d113 1 a113 7 Install package without user interaction if it is not known to be vulnerable. Otherwise, prompt user to confirm installation. .Pp If the .Pa pkg-vulnerabilities file is missing, ignore it and install package anyway. d115 11 a125 13 .\" These appear to have been added by mistake in pkg_install-20100122; .\" nothing uses them that I can find. --riastradh, 2024-02-03 .\" .It Dv CONFIG_CACHE_CONNECTIONS .\" Limit the global connection cache to this value. .\" For FTP, this is the number of sessions without active command. .\" For HTTP, this is the number of connections open with keep-alive. .\" .It Dv CONFIG_CACHE_CONNECTIONS_HOST .\" Like .\" .Dv CONFIG_CACHE_CONNECTIONS , .\" but limit the number of connections to the host as well. .\" See .\" .Xr fetch 3 .\" for further details d127 4 a130 8 Space separated list of licenses considered acceptable when .Dv CHECK_LICENSE is .Ql yes or .Ql always , in addition to those listed in .Dv ACCEPTABLE_LICENSES . d132 1 a132 23 .Pp The default value of .Dv DEFAULT_ACCEPTABLE_LICENSES No (list of license names) lists all licenses recorded in pkgsrc which have been either: .Bl -dash .It approved as open source by the .Lk "https://opensource.org/" "Open Source Initiative" , .It approved as free software by the .Lk "https://www.fsf.org/" "Free Software Foundation" , or .It considered free software under the Debian Free Software Guidelines by the .Lk "https://www.debian.org/" "Debian Project" , .El and are not .Sq network copyleft licenses such as the GNU Affero GPLv3. .It Dv GPG No (empty or path) Default: empty .Pp d135 18 a152 35 required for .Ic pkg_admin gpg-sign-package . (All other GPG/OpenPGP operations are done internally with .Xr libnetpgpverify 3 . ) .It Dv GPG_KEYRING_PKGVULN No (empty or path) Default: empty .Pp If non-empty, keyring to use for verifying OpenPGP signatures on .Pa pkg-vulnerabilities , overriding the default keyring. .It Dv GPG_KEYRING_SIGN No (empty or path) Default: empty .Pp If non-empty, keyring to use for signing packages with .Ic pkg_admin gpg-sign-package , overriding the default keyring. .It Dv GPG_KEYRING_VERIFY No (empty or path) Default: empty .Pp If non-empty, keyring to use for verifying package signatures on installation, overriding the default keyring. .It Dv GPG_SIGN_AS No (empty or OpenPGP user-id) Default: empty .Pp If non-empty, OpenPGP user-id to use for signing packages with .Ic pkg_admin gpg-sign-package , passed as the argument of .Ql --local-user .Pq Fl u to .Xr gpg 1 . .It Dv IGNORE_PROXY No (empty or non-empty) Default: empty .Pp If non-empty, use direct connections and ignore d156 4 a159 4 .It Dv IGNORE_URL No (URL, may be specified multiple times) Default: none .Pp URL of a security advisory from the d161 2 a162 7 that should be ignored when running: .Dl Ic pkg_admin audit May be specified multiple times to ignore multiple advisories. .It Dv PKG_DBDIR No (*) (path) Default: .Pa @@PKG_DBDIR@@ .Pp d164 1 a164 1 This option is overriden by the argument of the d167 1 a167 3 .It Dv PKG_PATH No (*) (semicolon-separated list of paths or URLs) Default: empty .Pp d171 1 a171 4 .It Dv PKG_REFCOUNT_DBDIR No (*) (path) Default: .No "${" Ns Dv PKG_DBDIR Ns "}" Ns Pa .refcount .Pp d173 3 a175 4 .It Dv PKGVULNDIR No (path) Default: .No "${" Ns Dv PKG_DBDIR Ns "}" .Pp d179 3 a181 4 .It Dv PKGVULNURL No (URL) Default: .Lk http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz .Pp d184 1 a184 1 file when running: d186 1 a186 1 .Pp d195 4 a198 9 .It Dv VERBOSE_NETIO No (empty or non-empty) Default: empty .Pp If non-empty, log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION No ( So Li never Sc , So Li always Sc , So Li trusted Sc , or So Li interactive Sc ) Default: .Ql never .Pp Verification requirement for installing a package. d200 1 a200 1 .Bl -tag -width ".Dv interactive" d202 1 a202 1 Install package unconditionally. d204 2 a205 1 Install package only if it has a valid X.509 or OpenPGP signature. d207 2 a208 3 Install package without user interaction if it has a valid X.509 or OpenPGP signature. Otherwise, prompt user to confirm installation. d210 1 a210 5 Always prompt the user to confirm installation when installing a package. .Sy WARNING : This does not tell the user whether the package had a valid signature or not. @ 1.1.1.4.10.1 log @file pkg_install.conf.5.in was added on branch netbsd-4 on 2009-06-05 17:19:41 +0000 @ text @d1 167 @ 1.1.1.4.10.2 log @Pull up pkg_install-20090528, libarchive-2.5.5 and libfetch-2.23 with the associated build infrastructure as of 20090929 from HEAD. @ text @a0 167 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4 2009/04/25 21:38:22 joerg Exp $ .\" .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd April 25, 2009 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES List of licenses packages are allowed to carry. .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv DEFAULT_ACCEPTABLE_LICENSES List of common Free and Open Source licenses packages are allowed to carry. .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 @ 1.1.1.4.10.3 log @Pull up following revision(s) (requested by joerg in ticket #1346): external/bsd/pkg_install/dist/info/perform.c: revision 1.1.1.10 external/bsd/pkg_install/dist/lib/license.c: revision 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: revision 1.1.1.5 external/bsd/pkg_install/dist/lib/version.h: revision 1.1.1.17 Import pkg_install-20090724: - license handling: accept upper case letters. Keep license checks case-sensitive as done in the older pkgsrc logic. Document this. OK dillo@@, schmonz@@, wiz@@ - pkg_info: - fix handling of non-packages, that are valid archives - invert order of pkg_info -r to better match the expectations of make update. @ text @d1 1 a1 1 .\" $NetBSD$ a52 1 License names are case-sensitive. a85 3 The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. @ 1.1.1.4.10.4 log @pull up the following revisions, requested by joerg in ticket 1364: external/bsd/pkg_install/dist/add/add.h: 1.1.1.3 - 1.1.1.5 external/bsd/pkg_install/dist/add/main.c: 1.1.1.4 - 1.1.1.6 external/bsd/pkg_install/dist/add/perform.c: 1.1.1.10 - 1.1.1.12 external/bsd/pkg_install/dist/add/pkg_add.1: 1.1.1.8 external/bsd/pkg_install/dist/admin/audit.c: 1.1.1.6 external/bsd/pkg_install/dist/admin/main.c: 1.1.1.8 - 1.1.1.11 external/bsd/pkg_install/dist/admin/pkg_admin.1: 1.1.1.9 external/bsd/pkg_install/dist/create/build.c: 1.1.1.6 external/bsd/pkg_install/dist/create/create.h: 1.1.1.4 external/bsd/pkg_install/dist/create/main.c: 1.1.1.5 external/bsd/pkg_install/dist/create/perform.c: 1.1.1.4 external/bsd/pkg_install/dist/delete/pkg_delete.1: 1.1.1.5 - 1.1.1.6 external/bsd/pkg_install/dist/delete/pkg_delete.c: 1.1.1.5 external/bsd/pkg_install/dist/info/info.h: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/info/main.c: 1.1.1.6 - 1.1.1.7 external/bsd/pkg_install/dist/info/perform.c: 1.1.1.11 external/bsd/pkg_install/dist/info/show.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/config.h.in: 1.1.1.4 external/bsd/pkg_install/dist/lib/conflicts.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/decompress.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/fexec.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/file.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/gpgsig.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/iterate.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/lib.h: 1.1.1.8 - 1.1.1.9 external/bsd/pkg_install/dist/lib/license.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/parse-config.c: 1.1.1.5 - 1.1.1.7 external/bsd/pkg_install/dist/lib/pkcs7.c: 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: 1.1.1.6 - 1.1.1.8 external/bsd/pkg_install/dist/lib/pkg_io.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/pkg_signature.c: 1.1.1.6 external/bsd/pkg_install/dist/lib/pkgdb.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/plist.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/remove.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/var.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/version.h: 1.1.1.18 - 1.1.1.21 Update to pkg_install-20091008: - pkg_add: add support to check license conditions before installation - pkg_delete: add -k option to skip over preserve packages. - WARNS=4 clean, fix some potential uses of uninitialized variables - Add a new command for pkg_admin: findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add would. It prints the URLs of the best match for each pattern to stdout. - Rewrite the config file parser to read the file only once. - Fix a bug in pkg_add's -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once. - Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag. - restore pkg_add -f functionality for missing dependencies (PR 42001) - pkg_admin rebuild should count packages correctly (he@@), also count @@pkgdir - fix gpg-sign-package syntax in pkg_admin(1) - change default URL for pkg-vulnerabilities to use HTTP - Fix German accent - Don't dereference a null pointer for pkg_admin add @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.8 2009/10/07 13:19:44 joerg Exp $ d30 1 a30 1 .Dd August 6, 2009 a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El d137 1 a137 1 .Pa http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz @ 1.1.1.4.10.5 log @Pull up following revision(s) (requested by joerg in ticket #1385): external/bsd/pkg_install/dist/add/add.h patch external/bsd/pkg_install/dist/add/main.c patch external/bsd/pkg_install/dist/add/perform.c patch external/bsd/pkg_install/dist/add/pkg_add.1 patch external/bsd/pkg_install/dist/admin/README removed external/bsd/pkg_install/dist/admin/check.c patch external/bsd/pkg_install/dist/admin/main.c patch external/bsd/pkg_install/dist/admin/pkg_admin.1 patch external/bsd/pkg_install/dist/create/build.c patch external/bsd/pkg_install/dist/create/create.h patch external/bsd/pkg_install/dist/create/main.c patch external/bsd/pkg_install/dist/create/perform.c patch external/bsd/pkg_install/dist/create/pkg_create.1 patch external/bsd/pkg_install/dist/create/pl.c patch external/bsd/pkg_install/dist/delete/pkg_delete.1 patch external/bsd/pkg_install/dist/delete/pkg_delete.c patch external/bsd/pkg_install/dist/info/main.c patch external/bsd/pkg_install/dist/info/perform.c patch external/bsd/pkg_install/dist/info/pkg_info.1 patch external/bsd/pkg_install/dist/lib/conflicts.c patch external/bsd/pkg_install/dist/lib/iterate.c patch external/bsd/pkg_install/dist/lib/lib.h patch external/bsd/pkg_install/dist/lib/license.c patch external/bsd/pkg_install/dist/lib/parse-config.c patch external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in patch external/bsd/pkg_install/dist/lib/pkgdb.c patch external/bsd/pkg_install/dist/lib/version.c patch external/bsd/pkg_install/dist/lib/version.h patch pkg_install-20091115: Completely ignore @@src in pkg_create. Silently ignore the -L option. The combination of -I and -p are used by pkgsrc for the same result. Do not overwrite a string with itself using snprintf. This breaks setting the pkgdb directory internally on Linux. Explicitly check if the string is the same and otherwise just use xstrdup. Add support to query arbitrary variables with pkg_admin config-var. pkg_install-20100130: - pkg_add -U to rplace an installed version - refactored man pages - PKG_DBDIR / PKG_REFCOUNT_DBDIR as pkg_install.conf options - synced license list - use connection cache from libfetch pkg_install 20100204: - Restore PKG_PREFIX in pkg_delete (PR 42731) - Ensure that the current pkg_install version is at least as new as the version used to build the package @ text @d1 1 a1 1 .\" $NetBSD$ d30 1 a30 1 .Dd January 22, 2010 a48 3 Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp a55 4 .It Dv CACHE_INDEX Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. a96 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP this is the number of sessions without active command. For HTTP this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d132 5 a136 13 .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . d148 2 a149 1 The default location is ftp.NetBSD.org using HTTP. a183 3 .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.1.1.4.8.1 log @file pkg_install.conf.5.in was added on branch netbsd-4-0 on 2009-06-05 17:02:00 +0000 @ text @d1 167 @ 1.1.1.4.8.2 log @Apply patch (requested by joerg in ticket #1322): Pull up pkg_install-20090528, libarchive-2.5.5 and libfetch-2.23 with the associated build infrastructure as of 20090529 from HEAD. @ text @a0 167 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4 2009/04/25 21:38:22 joerg Exp $ .\" .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd April 25, 2009 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES List of licenses packages are allowed to carry. .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv DEFAULT_ACCEPTABLE_LICENSES List of common Free and Open Source licenses packages are allowed to carry. .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 @ 1.1.1.4.8.3 log @Pull up the following revisions (requested by joerg in ticket #1346): external/bsd/pkg_install/dist/info/perform.c 1.1.1.10 external/bsd/pkg_install/dist/lib/license.c 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in 1.1.1.5 external/bsd/pkg_install/dist/lib/version.h 1.1.1.17 Import pkg_install-20090724: - license handling: accept upper case letters. Keep license checks case-sensitive as done in the older pkgsrc logic. Document this. OK dillo@@, schmonz@@, wiz@@ - pkg_info: - fix handling of non-packages, that are valid archives - invert order of pkg_info -r to better match the expectations of make update.' external/bsd/pkg_install @ text @d1 1 a1 1 .\" $NetBSD$ a52 1 License names are case-sensitive. a85 3 The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. @ 1.1.1.4.8.4 log @pull up the following revisions, requested by joerg in ticket 1364: external/bsd/pkg_install/dist/add/add.h: 1.1.1.3 - 1.1.1.5 external/bsd/pkg_install/dist/add/main.c: 1.1.1.4 - 1.1.1.6 external/bsd/pkg_install/dist/add/perform.c: 1.1.1.10 - 1.1.1.12 external/bsd/pkg_install/dist/add/pkg_add.1: 1.1.1.8 external/bsd/pkg_install/dist/admin/audit.c: 1.1.1.6 external/bsd/pkg_install/dist/admin/main.c: 1.1.1.8 - 1.1.1.11 external/bsd/pkg_install/dist/admin/pkg_admin.1: 1.1.1.9 external/bsd/pkg_install/dist/create/build.c: 1.1.1.6 external/bsd/pkg_install/dist/create/create.h: 1.1.1.4 external/bsd/pkg_install/dist/create/main.c: 1.1.1.5 external/bsd/pkg_install/dist/create/perform.c: 1.1.1.4 external/bsd/pkg_install/dist/delete/pkg_delete.1: 1.1.1.5 - 1.1.1.6 external/bsd/pkg_install/dist/delete/pkg_delete.c: 1.1.1.5 external/bsd/pkg_install/dist/info/info.h: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/info/main.c: 1.1.1.6 - 1.1.1.7 external/bsd/pkg_install/dist/info/perform.c: 1.1.1.11 external/bsd/pkg_install/dist/info/show.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/config.h.in: 1.1.1.4 external/bsd/pkg_install/dist/lib/conflicts.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/decompress.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/fexec.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/file.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/gpgsig.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/iterate.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/lib.h: 1.1.1.8 - 1.1.1.9 external/bsd/pkg_install/dist/lib/license.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/parse-config.c: 1.1.1.5 - 1.1.1.7 external/bsd/pkg_install/dist/lib/pkcs7.c: 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: 1.1.1.6 - 1.1.1.8 external/bsd/pkg_install/dist/lib/pkg_io.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/pkg_signature.c: 1.1.1.6 external/bsd/pkg_install/dist/lib/pkgdb.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/plist.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/remove.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/var.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/version.h: 1.1.1.18 - 1.1.1.21 Update to pkg_install-20091008: - pkg_add: add support to check license conditions before installation - pkg_delete: add -k option to skip over preserve packages. - WARNS=4 clean, fix some potential uses of uninitialized variables - Add a new command for pkg_admin: findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add would. It prints the URLs of the best match for each pattern to stdout. - Rewrite the config file parser to read the file only once. - Fix a bug in pkg_add's -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once. - Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag. - restore pkg_add -f functionality for missing dependencies (PR 42001) - pkg_admin rebuild should count packages correctly (he@@), also count @@pkgdir - fix gpg-sign-package syntax in pkg_admin(1) - change default URL for pkg-vulnerabilities to use HTTP - Fix German accent - Don't dereference a null pointer for pkg_admin add @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.8 2009/10/07 13:19:44 joerg Exp $ d30 1 a30 1 .Dd August 6, 2009 a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El d137 1 a137 1 .Pa http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz @ 1.1.1.4.6.1 log @file pkg_install.conf.5.in was added on branch netbsd-5 on 2009-05-30 16:40:33 +0000 @ text @d1 167 @ 1.1.1.4.6.2 log @Pull up following revision(s) (requested by joerg in ticket #784): UPDATING: patch distrib/sets/lists/base/mi: patch distrib/sets/lists/etc/mi: patch distrib/sets/lists/man/mi: patch external/bsd/pkg_install/Makefile.inc: patch external/bsd/pkg_install/prepare-import.sh: patch external/bsd/pkg_install/dist/add/add.h: pkg_install-20090528 external/bsd/pkg_install/dist/add/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/add/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/add/pkg_add.1: pkg_install-20090528 external/bsd/pkg_install/dist/admin/admin.h: pkg_install-20090528 external/bsd/pkg_install/dist/admin/audit.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/check.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/pkg_admin.1: pkg_install-20090528 external/bsd/pkg_install/dist/bpm/bpm.1: pkg_install-20090528 external/bsd/pkg_install/dist/create/build.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/create.h: pkg_install-20090528 external/bsd/pkg_install/dist/create/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/pkg_create.1: pkg_install-20090528 external/bsd/pkg_install/dist/create/pl.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/util.c: pkg_install-20090528 external/bsd/pkg_install/dist/delete/pkg_delete.1: pkg_install-20090528 external/bsd/pkg_install/dist/info/info.h: pkg_install-20090528 external/bsd/pkg_install/dist/info/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/info/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/info/pkg_info.1: pkg_install-20090528 external/bsd/pkg_install/dist/info/show.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/automatic.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/config.h.in: pkg_install-20090528 external/bsd/pkg_install/dist/lib/conflicts.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/decompress.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/dewey.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/fexec.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/file.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/global.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/iterate.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/lib.h: pkg_install-20090528 external/bsd/pkg_install/dist/lib/lpkg.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/opattern.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_io.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_summary.5: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkgdb.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/plist.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/str.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/var.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/version.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/version.h: pkg_install-20090528 external/bsd/pkg_install/dist/lib/vulnerabilities-file.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/audit-packages.sh.in: pkg_install-20090528 external/bsd/pkg_install/dist/admin/download-vulnerability-list.sh.in: pkg_install-20090528 external/bsd/pkg_install/dist/delete/pkg_delete.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/gpgsig.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/license.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/parse-config.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkcs7.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_signature.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/remove.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/xwrapper.c: pkg_install-20090528 external/bsd/pkg_install/dist/x509/pkgsrc.cnf: pkg_install-20090528 external/bsd/pkg_install/dist/x509/pkgsrc.sh: pkg_install-20090528 external/bsd/pkg_install/dist/x509/signing.txt: pkg_install-20090528 external/bsd/pkg_install/lib/Makefile: patch external/bsd/pkg_install/sbin/Makefile: patch external/bsd/pkg_install/sbin/Makefile.inc: patch external/bsd/pkg_install/sbin/pkg_add/Makefile: patch external/bsd/pkg_install/sbin/pkg_admin/Makefile: patch external/bsd/pkg_install/sbin/pkg_create/Makefile: patch external/bsd/pkg_install/sbin/pkg_delete/Makefile: patch external/bsd/pkg_install/sbin/pkg_info/Makefile: patch external/bsd/pkg_install/dist/add/extract.c: removed external/bsd/pkg_install/dist/add/futil.c: removed external/bsd/pkg_install/dist/add/verify.c: removed external/bsd/pkg_install/dist/add/verify.h: removed external/bsd/pkg_install/dist/admin/config.c: removed external/bsd/pkg_install/dist/audit-packages/AUTHORS: removed external/bsd/pkg_install/dist/audit-packages/COPYING: removed external/bsd/pkg_install/dist/audit-packages/README: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.1.in: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.c: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.5.in: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.in: removed external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.1.in: removed external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.sh.in: removed external/bsd/pkg_install/dist/delete/delete.h: removed external/bsd/pkg_install/dist/delete/main.c: removed external/bsd/pkg_install/dist/delete/perform.c: removed external/bsd/pkg_install/dist/lib/ftpio.c: removed external/bsd/pkg_install/dist/lib/path.c: removed external/bsd/pkg_install/dist/lib/path.h: removed external/bsd/pkg_install/dist/lib/pen.c: removed external/bsd/pkg_install/dist/lib/pexec.c: removed external/bsd/pkg_install/dist/view/linkfarm.1: removed external/bsd/pkg_install/dist/view/linkfarm.sh.in: removed external/bsd/pkg_install/dist/view/pkg_view.1: removed external/bsd/pkg_install/dist/view/pkg_view.sh.in: removed external/bsd/pkg_install/sbin/audit-packages/Makefile: removed external/bsd/pkg_install/sbin/pkg_view/Makefile: removed Merge pkg_install-20090528 from HEAD. @ text @a0 167 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4 2009/04/25 21:38:22 joerg Exp $ .\" .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd April 25, 2009 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES List of licenses packages are allowed to carry. .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv DEFAULT_ACCEPTABLE_LICENSES List of common Free and Open Source licenses packages are allowed to carry. .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 @ 1.1.1.4.6.3 log @Pull up following revision(s) (requested by joerg in ticket #877): external/bsd/pkg_install/dist/info/perform.c: pkg_install-20090724 external/bsd/pkg_install/dist/lib/license.c: pkg_install-20090724 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: pkg_install-20090724 external/bsd/pkg_install/dist/lib/version.h: pkg_install-20090724 Import pkg_install-20070724: - license handling: accept upper case letters. Keep license checks case-sensitive as done in the older pkgsrc logic. Document this. OK dillo@@, schmonz@@, wiz@@ - pkg_info: - fix handling of non-packages, that are valid archives - invert order of pkg_info -r to better match the expectations of make update. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4.6.2 2009/05/30 16:40:33 snj Exp $ a52 1 License names are case-sensitive. a85 3 The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. @ 1.1.1.4.6.4 log @pull up the following revisions, requested by joerg in ticket 1364: external/bsd/pkg_install/dist/add/add.h: 1.1.1.3 - 1.1.1.5 external/bsd/pkg_install/dist/add/main.c: 1.1.1.4 - 1.1.1.6 external/bsd/pkg_install/dist/add/perform.c: 1.1.1.10 - 1.1.1.12 external/bsd/pkg_install/dist/add/pkg_add.1: 1.1.1.8 external/bsd/pkg_install/dist/admin/audit.c: 1.1.1.6 external/bsd/pkg_install/dist/admin/main.c: 1.1.1.8 - 1.1.1.11 external/bsd/pkg_install/dist/admin/pkg_admin.1: 1.1.1.9 external/bsd/pkg_install/dist/create/build.c: 1.1.1.6 external/bsd/pkg_install/dist/create/create.h: 1.1.1.4 external/bsd/pkg_install/dist/create/main.c: 1.1.1.5 external/bsd/pkg_install/dist/create/perform.c: 1.1.1.4 external/bsd/pkg_install/dist/delete/pkg_delete.1: 1.1.1.5 - 1.1.1.6 external/bsd/pkg_install/dist/delete/pkg_delete.c: 1.1.1.5 external/bsd/pkg_install/dist/info/info.h: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/info/main.c: 1.1.1.6 - 1.1.1.7 external/bsd/pkg_install/dist/info/perform.c: 1.1.1.11 external/bsd/pkg_install/dist/info/show.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/config.h.in: 1.1.1.4 external/bsd/pkg_install/dist/lib/conflicts.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/decompress.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/fexec.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/file.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/gpgsig.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/iterate.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/lib.h: 1.1.1.8 - 1.1.1.9 external/bsd/pkg_install/dist/lib/license.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/parse-config.c: 1.1.1.5 - 1.1.1.7 external/bsd/pkg_install/dist/lib/pkcs7.c: 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: 1.1.1.6 - 1.1.1.8 external/bsd/pkg_install/dist/lib/pkg_io.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/pkg_signature.c: 1.1.1.6 external/bsd/pkg_install/dist/lib/pkgdb.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/plist.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/remove.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/var.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/version.h: 1.1.1.18 - 1.1.1.21 Update to pkg_install-20091008: - pkg_add: add support to check license conditions before installation - pkg_delete: add -k option to skip over preserve packages. - WARNS=4 clean, fix some potential uses of uninitialized variables - Add a new command for pkg_admin: findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add would. It prints the URLs of the best match for each pattern to stdout. - Rewrite the config file parser to read the file only once. - Fix a bug in pkg_add's -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once. - Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag. - restore pkg_add -f functionality for missing dependencies (PR 42001) - pkg_admin rebuild should count packages correctly (he@@), also count @@pkgdir - fix gpg-sign-package syntax in pkg_admin(1) - change default URL for pkg-vulnerabilities to use HTTP - Fix German accent - Don't dereference a null pointer for pkg_admin add @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.8 2009/10/07 13:19:44 joerg Exp $ d30 1 a30 1 .Dd August 6, 2009 a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El d137 1 a137 1 .Pa http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz @ 1.1.1.4.6.5 log @Apply patch (requested by joerg in ticket #1295): Update pkg_install to 20100130. pkg_install-20091115: Completely ignore @@src in pkg_create. Silently ignore the -L option. The combination of -I and -p are used by pkgsrc for the same result. Do not overwrite a string with itself using snprintf. This breaks setting the pkgdb directory internally on Linux. Explicitly check if the string is the same and otherwise just use xstrdup. Add support to query arbitrary variables with pkg_admin config-var. pkg_install-20100130: - pkg_add -U to rplace an installed version - refactored man pages - PKG_DBDIR / PKG_REFCOUNT_DBDIR as pkg_install.conf options - synced license list - use connection cache from libfetch @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.10 2010/01/30 21:33:50 joerg Exp $ d30 1 a30 1 .Dd January 22, 2010 a48 3 Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp a55 4 .It Dv CACHE_INDEX Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. a96 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP this is the number of sessions without active command. For HTTP this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d132 5 a136 13 .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . d148 2 a149 1 The default location is ftp.NetBSD.org using HTTP. a183 3 .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.1.1.4.4.1 log @file pkg_install.conf.5.in was added on branch netbsd-5-0 on 2009-05-30 16:21:37 +0000 @ text @d1 167 @ 1.1.1.4.4.2 log @Pull up following revision(s) (requested by joerg in ticket #784): distrib/sets/lists/base/mi: patch distrib/sets/lists/etc/mi: patch distrib/sets/lists/man/mi: patch external/bsd/pkg_install/Makefile.inc: patch external/bsd/pkg_install/prepare-import.sh: patch external/bsd/pkg_install/dist/add/add.h: pkg_install-20090528 external/bsd/pkg_install/dist/add/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/add/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/add/pkg_add.1: pkg_install-20090528 external/bsd/pkg_install/dist/admin/admin.h: pkg_install-20090528 external/bsd/pkg_install/dist/admin/audit.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/check.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/pkg_admin.1: pkg_install-20090528 external/bsd/pkg_install/dist/bpm/bpm.1: pkg_install-20090528 external/bsd/pkg_install/dist/create/build.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/create.h: pkg_install-20090528 external/bsd/pkg_install/dist/create/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/pkg_create.1: pkg_install-20090528 external/bsd/pkg_install/dist/create/pl.c: pkg_install-20090528 external/bsd/pkg_install/dist/create/util.c: pkg_install-20090528 external/bsd/pkg_install/dist/delete/pkg_delete.1: pkg_install-20090528 external/bsd/pkg_install/dist/info/info.h: pkg_install-20090528 external/bsd/pkg_install/dist/info/main.c: pkg_install-20090528 external/bsd/pkg_install/dist/info/perform.c: pkg_install-20090528 external/bsd/pkg_install/dist/info/pkg_info.1: pkg_install-20090528 external/bsd/pkg_install/dist/info/show.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/automatic.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/config.h.in: pkg_install-20090528 external/bsd/pkg_install/dist/lib/conflicts.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/decompress.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/dewey.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/fexec.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/file.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/global.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/iterate.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/lib.h: pkg_install-20090528 external/bsd/pkg_install/dist/lib/lpkg.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/opattern.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_io.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_summary.5: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkgdb.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/plist.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/str.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/var.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/version.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/version.h: pkg_install-20090528 external/bsd/pkg_install/dist/lib/vulnerabilities-file.c: pkg_install-20090528 external/bsd/pkg_install/dist/admin/audit-packages.sh.in: pkg_install-20090528 external/bsd/pkg_install/dist/admin/download-vulnerability-list.sh.in: pkg_install-20090528 external/bsd/pkg_install/dist/delete/pkg_delete.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/gpgsig.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/license.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/parse-config.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkcs7.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: pkg_install-20090528 external/bsd/pkg_install/dist/lib/pkg_signature.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/remove.c: pkg_install-20090528 external/bsd/pkg_install/dist/lib/xwrapper.c: pkg_install-20090528 external/bsd/pkg_install/dist/x509/pkgsrc.cnf: pkg_install-20090528 external/bsd/pkg_install/dist/x509/pkgsrc.sh: pkg_install-20090528 external/bsd/pkg_install/dist/x509/signing.txt: pkg_install-20090528 external/bsd/pkg_install/lib/Makefile: patch external/bsd/pkg_install/sbin/Makefile: patch external/bsd/pkg_install/sbin/Makefile.inc: patch external/bsd/pkg_install/sbin/pkg_add/Makefile: patch external/bsd/pkg_install/sbin/pkg_admin/Makefile: patch external/bsd/pkg_install/sbin/pkg_create/Makefile: patch external/bsd/pkg_install/sbin/pkg_delete/Makefile: patch external/bsd/pkg_install/sbin/pkg_info/Makefile: patch external/bsd/pkg_install/dist/add/extract.c: removed external/bsd/pkg_install/dist/add/futil.c: removed external/bsd/pkg_install/dist/add/verify.c: removed external/bsd/pkg_install/dist/add/verify.h: removed external/bsd/pkg_install/dist/admin/config.c: removed external/bsd/pkg_install/dist/audit-packages/AUTHORS: removed external/bsd/pkg_install/dist/audit-packages/COPYING: removed external/bsd/pkg_install/dist/audit-packages/README: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.1.in: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.c: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.5.in: removed external/bsd/pkg_install/dist/audit-packages/audit-packages.conf.in: removed external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.1.in: removed external/bsd/pkg_install/dist/audit-packages/download-vulnerability-list.sh.in: removed external/bsd/pkg_install/dist/delete/delete.h: removed external/bsd/pkg_install/dist/delete/main.c: removed external/bsd/pkg_install/dist/delete/perform.c: removed external/bsd/pkg_install/dist/lib/ftpio.c: removed external/bsd/pkg_install/dist/lib/path.c: removed external/bsd/pkg_install/dist/lib/path.h: removed external/bsd/pkg_install/dist/lib/pen.c: removed external/bsd/pkg_install/dist/lib/pexec.c: removed external/bsd/pkg_install/dist/view/linkfarm.1: removed external/bsd/pkg_install/dist/view/linkfarm.sh.in: removed external/bsd/pkg_install/dist/view/pkg_view.1: removed external/bsd/pkg_install/dist/view/pkg_view.sh.in: removed external/bsd/pkg_install/sbin/audit-packages/Makefile: removed external/bsd/pkg_install/sbin/pkg_view/Makefile: removed Merge pkg_install-20090528 from HEAD. @ text @a0 167 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4 2009/04/25 21:38:22 joerg Exp $ .\" .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd April 25, 2009 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES List of licenses packages are allowed to carry. .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv DEFAULT_ACCEPTABLE_LICENSES List of common Free and Open Source licenses packages are allowed to carry. .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag -width ".Pa @@SYSCONFDIR@@/pkg_install.conf" .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 @ 1.1.1.4.4.3 log @Pull up following revision(s) (requested by joerg in ticket #877): external/bsd/pkg_install/dist/info/perform.c: pkg_install-20090724 external/bsd/pkg_install/dist/lib/license.c: pkg_install-20090724 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: pkg_install-20090724 external/bsd/pkg_install/dist/lib/version.h: pkg_install-20090724 Import pkg_install-20070724: - license handling: accept upper case letters. Keep license checks case-sensitive as done in the older pkgsrc logic. Document this. OK dillo@@, schmonz@@, wiz@@ - pkg_info: - fix handling of non-packages, that are valid archives - invert order of pkg_info -r to better match the expectations of make update. @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4.4.2 2009/05/30 16:21:37 snj Exp $ a52 1 License names are case-sensitive. a85 3 The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. @ 1.1.1.4.4.3.2.1 log @sync to netbsd-5 @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4.6.5 2010/02/03 00:38:23 snj Exp $ d30 1 a30 1 .Dd January 22, 2010 a48 3 Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp a55 4 .It Dv CACHE_INDEX Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El a84 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP this is the number of sessions without active command. For HTTP this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d120 5 a124 13 .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . d136 2 a137 1 The default location is ftp.NetBSD.org using HTTP. a171 3 .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.1.1.4.4.4 log @pull up the following revisions, requested by joerg in ticket 1075: external/bsd/pkg_install/dist/add/add.h: 1.1.1.3 - 1.1.1.5 external/bsd/pkg_install/dist/add/main.c: 1.1.1.4 - 1.1.1.6 external/bsd/pkg_install/dist/add/perform.c: 1.1.1.10 - 1.1.1.12 external/bsd/pkg_install/dist/add/pkg_add.1: 1.1.1.8 external/bsd/pkg_install/dist/admin/audit.c: 1.1.1.6 external/bsd/pkg_install/dist/admin/main.c: 1.1.1.8 - 1.1.1.11 external/bsd/pkg_install/dist/admin/pkg_admin.1: 1.1.1.9 external/bsd/pkg_install/dist/create/build.c: 1.1.1.6 external/bsd/pkg_install/dist/create/create.h: 1.1.1.4 external/bsd/pkg_install/dist/create/main.c: 1.1.1.5 external/bsd/pkg_install/dist/create/perform.c: 1.1.1.4 external/bsd/pkg_install/dist/delete/pkg_delete.1: 1.1.1.5 - 1.1.1.6 external/bsd/pkg_install/dist/delete/pkg_delete.c: 1.1.1.5 external/bsd/pkg_install/dist/info/info.h: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/info/main.c: 1.1.1.6 - 1.1.1.7 external/bsd/pkg_install/dist/info/perform.c: 1.1.1.11 external/bsd/pkg_install/dist/info/show.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/config.h.in: 1.1.1.4 external/bsd/pkg_install/dist/lib/conflicts.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/decompress.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/fexec.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/file.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/gpgsig.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/iterate.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/lib.h: 1.1.1.8 - 1.1.1.9 external/bsd/pkg_install/dist/lib/license.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/parse-config.c: 1.1.1.5 - 1.1.1.7 external/bsd/pkg_install/dist/lib/pkcs7.c: 1.1.1.4 external/bsd/pkg_install/dist/lib/pkg_install.conf.5.in: 1.1.1.6 - 1.1.1.8 external/bsd/pkg_install/dist/lib/pkg_io.c: 1.1.1.7 external/bsd/pkg_install/dist/lib/pkg_signature.c: 1.1.1.6 external/bsd/pkg_install/dist/lib/pkgdb.c: 1.1.1.4 - 1.1.1.5 external/bsd/pkg_install/dist/lib/plist.c: 1.1.1.5 external/bsd/pkg_install/dist/lib/remove.c: 1.1.1.2 external/bsd/pkg_install/dist/lib/var.c: 1.1.1.3 external/bsd/pkg_install/dist/lib/version.h: 1.1.1.18 - 1.1.1.21 Update to pkg_install-20091008: - pkg_add: add support to check license conditions before installation - pkg_delete: add -k option to skip over preserve packages. - WARNS=4 clean, fix some potential uses of uninitialized variables - Add a new command for pkg_admin: findbest. It takes one or more patterns and searches for the best match in PKG_PATH, just like pkg_add would. It prints the URLs of the best match for each pattern to stdout. - Rewrite the config file parser to read the file only once. - Fix a bug in pkg_add's -P handling. For dependencies the pkgdb path was computed incorrectly and included destdir more than once. - Fix the ACTIVE_FTP option to actually set the "a" flag and not the old "p" flag. - restore pkg_add -f functionality for missing dependencies (PR 42001) - pkg_admin rebuild should count packages correctly (he@@), also count @@pkgdir - fix gpg-sign-package syntax in pkg_admin(1) - change default URL for pkg-vulnerabilities to use HTTP - Fix German accent - Don't dereference a null pointer for pkg_admin add @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.8 2009/10/07 13:19:44 joerg Exp $ d30 1 a30 1 .Dd August 6, 2009 a72 12 .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El d137 1 a137 1 .Pa http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz @ 1.1.1.4.4.5 log @Apply patch (requested by joerg in ticket #1298): Update pkg_install to 20100204. pkg_install-20091115: Completely ignore @@src in pkg_create. Silently ignore the -L option. The combination of -I and -p are used by pkgsrc for the same result. Do not overwrite a string with itself using snprintf. This breaks setting the pkgdb directory internally on Linux. Explicitly check if the string is the same and otherwise just use xstrdup. Add support to query arbitrary variables with pkg_admin config-var. pkg_install-20100130: - pkg_add -U to rplace an installed version - refactored man pages - PKG_DBDIR / PKG_REFCOUNT_DBDIR as pkg_install.conf options - synced license list - use connection cache from libfetch pkg_install 20100204: - Restore PKG_PREFIX in pkg_delete (PR 42731) - Ensure that the current pkg_install version is at least as new as the version used to build the package @ text @d1 1 a1 1 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.4.6.5 2010/02/03 00:38:23 snj Exp $ d30 1 a30 1 .Dd January 22, 2010 a48 3 Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp a55 4 .It Dv CACHE_INDEX Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. a96 11 .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP this is the number of sessions without active command. For HTTP this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details d132 5 a136 13 .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . d148 2 a149 1 The default location is ftp.NetBSD.org using HTTP. a183 3 .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1 @ 1.1.1.4.2.1 log @file pkg_install.conf.5.in was added on branch jym-xensuspend on 2009-05-13 18:52:38 +0000 @ text @d1 167 @ 1.1.1.4.2.2 log @Sync with HEAD. Second commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html @ text @a0 163 .\" $NetBSD: pkg_install.conf.5.in,v 1.1.1.2 2009/02/28 19:33:45 joerg Exp $ .\" .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd February 27, 2009 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_PATH Search path as used by .Nm pkg_add . Overridden by the environment variable .Ev PKG_PATH . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default is .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag .It Pa @@SYSCONFDIR@@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 @