Received: by mail.netbsd.org (Postfix, from userid 605) id 32A8884D91; Fri, 11 Jun 2021 14:45:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6AA3984D91 for ; Fri, 11 Jun 2021 14:45:33 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 2vJCUkAEoQ5V for ; Fri, 11 Jun 2021 14:45:31 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 8341284D84 for ; Fri, 11 Jun 2021 14:45:31 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 80872FA95; Fri, 11 Jun 2021 14:45:31 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1623422731238790" MIME-Version: 1.0 Date: Fri, 11 Jun 2021 14:45:31 +0000 From: "Nia Alarie" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: nia@netbsd.org X-Mailer: log_accum Message-Id: <20210611144531.80872FA95@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1623422731238790 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: nia Date: Fri Jun 11 14:45:31 UTC 2021 Modified Files: pkgsrc/doc: pkgsrc.html pkgsrc.txt Log Message: doc/pkgsrc.*: regen To generate a diff of this commit: cvs rdiff -u -r1.316 -r1.317 pkgsrc/doc/pkgsrc.html cvs rdiff -u -r1.314 -r1.315 pkgsrc/doc/pkgsrc.txt Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1623422731238790 Content-Disposition: inline Content-Length: 27187 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=utf-8 Modified files: Index: pkgsrc/doc/pkgsrc.html diff -u pkgsrc/doc/pkgsrc.html:1.316 pkgsrc/doc/pkgsrc.html:1.317 --- pkgsrc/doc/pkgsrc.html:1.316 Wed Jun 2 17:10:12 2021 +++ pkgsrc/doc/pkgsrc.html Fri Jun 11 14:45:31 2021 @@ -85,11 +85,12 @@
5.1.1. Finding binary packages
5.1.2. Installing binary packages
-
5.1.3. Deinstalling packages
-
5.1.4. Getting information about installed packages
-
5.1.5. Checking for security vulnerabilities in installed packages
-
5.1.6. Finding if newer versions of your installed packages are in pkgsrc
-
5.1.7. Other administrative functions
+
5.1.3. Updating packages
+
5.1.4. Deinstalling packages
+
5.1.5. Getting information about installed packages
+
5.1.6. Checking for security vulnerabilities in installed packages
+
5.1.7. Finding if newer versions of your installed packages are in pkgsrc
+
5.1.8. Other administrative functions
5.2. Building packages from source
@@ -842,11 +843,12 @@ minutes!

5.1.1. Finding binary packages
5.1.2. Installing binary packages
-
5.1.3. Deinstalling packages
-
5.1.4. Getting information about installed packages
-
5.1.5. Checking for security vulnerabilities in installed packages
-
5.1.6. Finding if newer versions of your installed packages are in pkgsrc
-
5.1.7. Other administrative functions
+
5.1.3. Updating packages
+
5.1.4. Deinstalling packages
+
5.1.5. Getting information about installed packages
+
5.1.6. Checking for security vulnerabilities in installed packages
+
5.1.7. Finding if newer versions of your installed packages are in pkgsrc
+
5.1.8. Other administrative functions
5.2. Building packages from source
@@ -1222,11 +1224,12 @@ release -d
5.1.1. Finding binary packages
5.1.2. Installing binary packages
-
5.1.3. Deinstalling packages
-
5.1.4. Getting information about installed packages
-
5.1.5. Checking for security vulnerabilities in installed packages
-
5.1.6. Finding if newer versions of your installed packages are in pkgsrc
-
5.1.7. Other administrative functions
+
5.1.3. Updating packages
+
5.1.4. Deinstalling packages
+
5.1.5. Getting information about installed packages
+
5.1.6. Checking for security vulnerabilities in installed packages
+
5.1.7. Finding if newer versions of your installed packages are in pkgsrc
+
5.1.8. Other administrative functions
5.2. Building packages from source
@@ -1245,7 +1248,7 @@ and you can still use binary packages fr

5.1. Using binary packages

-

On the cdn.NetBSD.org +

On the cdn.NetBSD.org site and mirrors, there are collections of binary packages, ready to be installed. These binary packages have been built using the default settings for the directories, that is:

@@ -1262,8 +1265,7 @@ and you can still use binary packages fr 5.1.1. Finding binary packages

To install binary packages, you first need to know from where to get them. The first place where you should look is on the main - - pkgsrc FTP server in the directory /pub/pkgsrc/packages.

+ pkgsrc CDN in the directory /pub/pkgsrc/packages.

This directory contains binary packages for multiple platforms. First, select your operating system. (Ignore the directories with version numbers attached to it, they just exist for @@ -1283,17 +1285,16 @@ and you can still use binary packages fr

In the directory from the last section, there is a subdirectory called All/, which contains all the binary packages that are available for the platform, excluding those - that may not be distributed via FTP or CDROM (depending on which - medium you are using).

+ that may not be distributed via HTTP or FTP.

To install packages directly from an FTP or HTTP server, run the following commands in a Bourne-compatible shell (be sure to su to root first):

-# PATH="/usr/pkg/sbin:$PATH"
-
-# PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages"
+# PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH"
+# PKG_PATH="https://cdn.NetBSD.org/pub/pkgsrc/packages"
 # PKG_PATH="$PKG_PATH/OPSYS/ARCH/VERSIONS/All/"
 # export PATH PKG_PATH
+# pkg_add pkgin

Instead of URLs, you can also use local paths, for example if you are installing from a set of CDROMs, DVDs or an NFS-mounted @@ -1303,16 +1304,16 @@ and you can still use binary packages fr

After these preparations, installing a package is very easy:

-# pkg_add libreoffice
-# pkg_add ap24-php71-*
-
-

Note that any prerequisite packages needed to run the +# pkgin search nginx +nginx-1.19.6 Lightweight HTTP server and mail proxy server +nginx-1.18.0nb8 Lightweight HTTP server and mail proxy server +# pkgin install zsh nginx-1.19.6 vim + +

Note that pkgin is a user-friendly frontend + to the pkg_* tools.

+

Any prerequisite packages needed to run the package in question will be installed, too, assuming they are - present where you install from.

-

Adding packages might install vulnerable packages. - Thus you should run pkg_admin audit - regularly, especially after installing new packages, and verify - that the vulnerabilities are acceptable for your configuration.

+ present in the repository.

After you've installed packages, be sure to have /usr/pkg/bin and /usr/pkg/sbin in your PATH so you can actually start the just @@ -1320,45 +1321,51 @@ and you can still use binary packages fr

-5.1.3. Deinstalling packages

+5.1.3. Updating packages
+

To update binary packages, it is recommended that you use + pkgin upgrade. This will compare the remote + package repository to your locally installed packages and safely + replace any older packages.

+

Note that pkgsrc is released as quarterly branches. + If you are updating to a newer quarterly branch of pkgsrc, you may + need to adjust the repository in + /usr/pkg/etc/pkgin/repositories.conf.

+ +
+

+5.1.4. Deinstalling packages

To deinstall a package, it does not matter whether it was - installed from source code or from a binary package. The - pkg_delete command does not know it anyway. - To delete a package, you can just run pkg_delete + installed from source code or from a binary package. Neither the + pkgin or the pkg_delete + command need to know.

+

To delete a package, you can just run pkgin remove package-name. The package - name can be given with or without version number. Wildcards can - also be used to deinstall a set of packages, for example - *emacs*. Be sure to include them in quotes, - so that the shell does not expand them before - pkg_delete sees them.

-

The -r option is very powerful: it - removes all the packages that require the package in question - and then removes the package itself. For example: - -

-
-# pkg_delete -r jpeg
-
-

- - will remove jpeg and all the packages that used it; this allows - upgrading the jpeg package.

+ name can be given with or without version number.

-5.1.4. Getting information about installed packages

+5.1.5. Getting information about installed packages

The pkg_info shows information about - installed packages or binary package files.

+ installed packages or binary package files. + As with other management tools, it works with packages installed + from source or binaries.

-5.1.5. Checking for security vulnerabilities in installed packages

+5.1.6. Checking for security vulnerabilities in installed packages

The pkgsrc Security Team and Packages Groups maintain a list of - known security vulnerabilities to packages which are (or have been) + known vulnerabilities to packages which are (or have been) included in pkgsrc. The list is available from the NetBSD - - FTP site at http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities. + CDN at https://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities. +

+

+ Please note that not every "vulnerability" with a CVE assignment is + exploitable in every configuration. + Some bugs are marked as active simply because an fix was not + marked as such. + Operating system specific hardening and mitigation features may also + reduce the impact of bugs.

Through pkg_admin fetch-pkg-vulnerabilities, @@ -1379,8 +1386,7 @@ and you can still use binary packages fr https://www.samba.org/samba/whatsnew/macroexploit.html

You may wish to have the - - vulnerabilities + vulnerabilities file downloaded daily so that it remains current. This may be done by adding an appropriate entry to the root users crontab(5) entry. For example the entry @@ -1417,24 +1423,21 @@ check_pkg_vulnerabilities=YES

-5.1.6. Finding if newer versions of your installed packages are in pkgsrc

+5.1.7. Finding if newer versions of your installed packages are in pkgsrc

Install pkgtools/lintpkgsrc and run lintpkgsrc with the -i - argument to check if your packages are up-to-date, e.g. + argument to check if any packages are stale, e.g. 

 % lintpkgsrc -i
 ...
 Version mismatch: 'tcsh' 6.09.00 vs 6.10.00
-

You can then use make update to update the - package on your system and rebuild any dependencies. -

-5.1.7. Other administrative functions

+5.1.8. Other administrative functions

The pkg_admin executes various administrative functions on the package system.

@@ -3017,7 +3020,7 @@ do this, refer to the following two tool containing more information.

Use of these tools is strongly recommended! -See Section 5.1.5, “Checking for security vulnerabilities in installed packages” for instructions on how to automate checking and +See Section 5.1.6, “Checking for security vulnerabilities in installed packages” for instructions on how to automate checking and reporting.

If this database is installed, pkgsrc builds will use it to perform a security check before building any package.

Index: pkgsrc/doc/pkgsrc.txt diff -u pkgsrc/doc/pkgsrc.txt:1.314 pkgsrc/doc/pkgsrc.txt:1.315 --- pkgsrc/doc/pkgsrc.txt:1.314 Wed Jun 2 17:10:12 2021 +++ pkgsrc/doc/pkgsrc.txt Fri Jun 11 14:45:31 2021 @@ -67,12 +67,13 @@ I. The pkgsrc user's guide 5.1.1. Finding binary packages 5.1.2. Installing binary packages - 5.1.3. Deinstalling packages - 5.1.4. Getting information about installed packages - 5.1.5. Checking for security vulnerabilities in installed packages - 5.1.6. Finding if newer versions of your installed packages are in + 5.1.3. Updating packages + 5.1.4. Deinstalling packages + 5.1.5. Getting information about installed packages + 5.1.6. Checking for security vulnerabilities in installed packages + 5.1.7. Finding if newer versions of your installed packages are in pkgsrc - 5.1.7. Other administrative functions + 5.1.8. Other administrative functions 5.2. Building packages from source @@ -721,12 +722,13 @@ Table of Contents 5.1.1. Finding binary packages 5.1.2. Installing binary packages - 5.1.3. Deinstalling packages - 5.1.4. Getting information about installed packages - 5.1.5. Checking for security vulnerabilities in installed packages - 5.1.6. Finding if newer versions of your installed packages are in + 5.1.3. Updating packages + 5.1.4. Deinstalling packages + 5.1.5. Getting information about installed packages + 5.1.6. Checking for security vulnerabilities in installed packages + 5.1.7. Finding if newer versions of your installed packages are in pkgsrc - 5.1.7. Other administrative functions + 5.1.8. Other administrative functions 5.2. Building packages from source @@ -1053,11 +1055,12 @@ Table of Contents 5.1.1. Finding binary packages 5.1.2. Installing binary packages - 5.1.3. Deinstalling packages - 5.1.4. Getting information about installed packages - 5.1.5. Checking for security vulnerabilities in installed packages - 5.1.6. Finding if newer versions of your installed packages are in pkgsrc - 5.1.7. Other administrative functions + 5.1.3. Updating packages + 5.1.4. Deinstalling packages + 5.1.5. Getting information about installed packages + 5.1.6. Checking for security vulnerabilities in installed packages + 5.1.7. Finding if newer versions of your installed packages are in pkgsrc + 5.1.8. Other administrative functions 5.2. Building packages from source @@ -1091,8 +1094,8 @@ yourself, which is explained in Section 5.1.1. Finding binary packages To install binary packages, you first need to know from where to get them. The -first place where you should look is on the main pkgsrc FTP server in the -directory /pub/pkgsrc/packages. +first place where you should look is on the main pkgsrc CDN in the directory / +pub/pkgsrc/packages. This directory contains binary packages for multiple platforms. First, select your operating system. (Ignore the directories with version numbers attached to @@ -1110,17 +1113,16 @@ tools for managing binary packages and t In the directory from the last section, there is a subdirectory called All/, which contains all the binary packages that are available for the platform, -excluding those that may not be distributed via FTP or CDROM (depending on -which medium you are using). +excluding those that may not be distributed via HTTP or FTP. To install packages directly from an FTP or HTTP server, run the following commands in a Bourne-compatible shell (be sure to su to root first): -# PATH="/usr/pkg/sbin:$PATH" - -# PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages" +# PATH="/usr/pkg/sbin:/usr/pkg/bin:$PATH" +# PKG_PATH="https://cdn.NetBSD.org/pub/pkgsrc/packages" # PKG_PATH="$PKG_PATH/OPSYS/ARCH/VERSIONS/All/" # export PATH PKG_PATH +# pkg_add pkgin Instead of URLs, you can also use local paths, for example if you are installing from a set of CDROMs, DVDs or an NFS-mounted repository. If you want @@ -1129,49 +1131,56 @@ in PKG_PATH. After these preparations, installing a package is very easy: -# pkg_add libreoffice -# pkg_add ap24-php71-* +# pkgin search nginx +nginx-1.19.6 Lightweight HTTP server and mail proxy server +nginx-1.18.0nb8 Lightweight HTTP server and mail proxy server +# pkgin install zsh nginx-1.19.6 vim -Note that any prerequisite packages needed to run the package in question will -be installed, too, assuming they are present where you install from. +Note that pkgin is a user-friendly frontend to the pkg_* tools. -Adding packages might install vulnerable packages. Thus you should run -pkg_admin audit regularly, especially after installing new packages, and verify -that the vulnerabilities are acceptable for your configuration. +Any prerequisite packages needed to run the package in question will be +installed, too, assuming they are present in the repository. After you've installed packages, be sure to have /usr/pkg/bin and /usr/pkg/sbin in your PATH so you can actually start the just installed program. -5.1.3. Deinstalling packages +5.1.3. Updating packages -To deinstall a package, it does not matter whether it was installed from source -code or from a binary package. The pkg_delete command does not know it anyway. -To delete a package, you can just run pkg_delete package-name. The package name -can be given with or without version number. Wildcards can also be used to -deinstall a set of packages, for example *emacs*. Be sure to include them in -quotes, so that the shell does not expand them before pkg_delete sees them. +To update binary packages, it is recommended that you use pkgin upgrade. This +will compare the remote package repository to your locally installed packages +and safely replace any older packages. -The -r option is very powerful: it removes all the packages that require the -package in question and then removes the package itself. For example: +Note that pkgsrc is released as quarterly branches. If you are updating to a +newer quarterly branch of pkgsrc, you may need to adjust the repository in /usr +/pkg/etc/pkgin/repositories.conf. -# pkg_delete -r jpeg +5.1.4. Deinstalling packages +To deinstall a package, it does not matter whether it was installed from source +code or from a binary package. Neither the pkgin or the pkg_delete command need +to know. -will remove jpeg and all the packages that used it; this allows upgrading the -jpeg package. +To delete a package, you can just run pkgin remove package-name. The package +name can be given with or without version number. -5.1.4. Getting information about installed packages +5.1.5. Getting information about installed packages The pkg_info shows information about installed packages or binary package -files. +files. As with other management tools, it works with packages installed from +source or binaries. -5.1.5. Checking for security vulnerabilities in installed packages +5.1.6. Checking for security vulnerabilities in installed packages -The pkgsrc Security Team and Packages Groups maintain a list of known security +The pkgsrc Security Team and Packages Groups maintain a list of known vulnerabilities to packages which are (or have been) included in pkgsrc. The -list is available from the NetBSD FTP site at http://ftp.NetBSD.org/pub/NetBSD/ +list is available from the NetBSD CDN at https://cdn.NetBSD.org/pub/NetBSD/ packages/vulns/pkg-vulnerabilities. +Please note that not every "vulnerability" with a CVE assignment is exploitable +in every configuration. Some bugs are marked as active simply because an fix +was not marked as such. Operating system specific hardening and mitigation +features may also reduce the impact of bugs. + Through pkg_admin fetch-pkg-vulnerabilities, this list can be downloaded automatically, and a security audit of all packages installed on a system can take place. @@ -1212,20 +1221,17 @@ check_pkg_vulnerabilities=YES see daily.conf(5) and security.conf(5) for more details. -5.1.6. Finding if newer versions of your installed packages are in pkgsrc +5.1.7. Finding if newer versions of your installed packages are in pkgsrc Install pkgtools/lintpkgsrc and run lintpkgsrc with the "-i" argument to check -if your packages are up-to-date, e.g. +if any packages are stale, e.g. % lintpkgsrc -i ... Version mismatch: 'tcsh' 6.09.00 vs 6.10.00 -You can then use make update to update the package on your system and rebuild -any dependencies. - -5.1.7. Other administrative functions +5.1.8. Other administrative functions The pkg_admin executes various administrative functions on the package system. @@ -2575,7 +2581,7 @@ following two tools (installed as part o by output to stdout, including a description of the type of vulnerability, and a URL containing more information. -Use of these tools is strongly recommended! See Section 5.1.5, "Checking for +Use of these tools is strongly recommended! See Section 5.1.6, "Checking for security vulnerabilities in installed packages" for instructions on how to automate checking and reporting. --_----------=_1623422731238790--