| @@ -1651,61 +1651,54 @@ and you can still use binary packages fr | | | @@ -1651,61 +1651,54 @@ and you can still use binary packages fr |
1651 | operating system already provides those tools. Download the file and | | 1651 | operating system already provides those tools. Download the file and |
1652 | extract it in the <code class="filename">/</code> directory. It will create | | 1652 | extract it in the <code class="filename">/</code> directory. It will create |
1653 | the directories <code class="filename">/usr/pkg</code> (containing the tools | | 1653 | the directories <code class="filename">/usr/pkg</code> (containing the tools |
1654 | for managing binary packages) and <code class="filename">/var/db/pkg</code> | | 1654 | for managing binary packages) and <code class="filename">/var/db/pkg</code> |
1655 | (the database of installed packages).</p> | | 1655 | (the database of installed packages).</p> |
1656 | </div> | | 1656 | </div> |
1657 | <div class="sect2" lang="en"> | | 1657 | <div class="sect2" lang="en"> |
1658 | <div class="titlepage"><div><div><h3 class="title"> | | 1658 | <div class="titlepage"><div><div><h3 class="title"> |
1659 | <a name="installing-binary-packages"></a>4.1.2. Installing binary packages</h3></div></div></div> | | 1659 | <a name="installing-binary-packages"></a>4.1.2. Installing binary packages</h3></div></div></div> |
1660 | <p>In the directory from the last section, there is a | | 1660 | <p>In the directory from the last section, there is a |
1661 | subdirectory called <code class="filename">All</code>, which contains all the | | 1661 | subdirectory called <code class="filename">All</code>, which contains all the |
1662 | binary packages that are available for the platform, excluding those | | 1662 | binary packages that are available for the platform, excluding those |
1663 | that may not be distributed via FTP or CDROM (depending on which | | 1663 | that may not be distributed via FTP or CDROM (depending on which |
1664 | medium you are using), and the ones that have vulnerabilities and | | 1664 | medium you are using). There may be an extra directory for packages |
1665 | therefore are considered insecure to install without thinking | | 1665 | that have vulnerabilities and therefore are considered insecure to install |
1666 | before.</p> | | 1666 | without checking the implications first. This method has been replaced by |
| | | 1667 | setting CHECK_VULNERABILITIES=yes in pkg_install.conf so pkg_add will |
| | | 1668 | complain about vulnerabilities, instead.</p> |
1667 | <p>To install packages directly from an FTP or HTTP server, run | | 1669 | <p>To install packages directly from an FTP or HTTP server, run |
1668 | the following commands in a Bourne-compatible shell (be sure to | | 1670 | the following commands in a Bourne-compatible shell (be sure to |
1669 | <span class="command"><strong>su</strong></span> to root first):</p> | | 1671 | <span class="command"><strong>su</strong></span> to root first):</p> |
1670 | <pre class="screen"> | | 1672 | <pre class="screen"> |
1671 | <code class="prompt">#</code> <strong class="userinput"><code>PATH="/usr/pkg/sbin:$PATH"</code></strong> | | 1673 | <code class="prompt">#</code> <strong class="userinput"><code>PATH="/usr/pkg/sbin:$PATH"</code></strong> |
1672 | <code class="prompt">#</code> <strong class="userinput"><code>PKG_PATH="ftp://ftp.NetBSD.org/pub/pkgsrc/packages/<em class="replaceable"><code>OPSYS</code></em>/<em class="replaceable"><code>ARCH</code></em>/<em class="replaceable"><code>VERSIONS</code></em>/All"</code></strong> | | 1674 | <code class="prompt">#</code> <strong class="userinput"><code>PKG_PATH="ftp://ftp.NetBSD.org/pub/pkgsrc/packages/<em class="replaceable"><code>OPSYS</code></em>/<em class="replaceable"><code>ARCH</code></em>/<em class="replaceable"><code>VERSIONS</code></em>/All"</code></strong> |
1673 | <code class="prompt">#</code> <strong class="userinput"><code>export PATH PKG_PATH</code></strong> | | 1675 | <code class="prompt">#</code> <strong class="userinput"><code>export PATH PKG_PATH</code></strong> |
1674 | </pre> | | 1676 | </pre> |
1675 | <p>Instead of URLs, you can also use local paths, for example if | | 1677 | <p>Instead of URLs, you can also use local paths, for example if |
1676 | you are installing from a set of CDROMs, DVDs or an NFS-mounted | | 1678 | you are installing from a set of CDROMs, DVDs or an NFS-mounted |
1677 | repository. If you want to install packages from multiple sources, | | 1679 | repository. If you want to install packages from multiple sources, |
1678 | you can separate them by a semicolon in | | 1680 | you can separate them by a semicolon in |
1679 | <code class="varname">PKG_PATH</code>.</p> | | 1681 | <code class="varname">PKG_PATH</code>.</p> |
1680 | <p>After these preparations, installing a package is very | | 1682 | <p>After these preparations, installing a package is very |
1681 | easy:</p> | | 1683 | easy:</p> |
1682 | <pre class="screen"> | | 1684 | <pre class="screen"> |
1683 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add openoffice2</code></strong> | | 1685 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add openoffice2</code></strong> |
1684 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add kde-3.5.7</code></strong> | | 1686 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add kde-3.5.7</code></strong> |
1685 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add ap2-php5-*</code></strong> | | 1687 | <code class="prompt">#</code> <strong class="userinput"><code>pkg_add ap2-php5-*</code></strong> |
1686 | </pre> | | 1688 | </pre> |
1687 | <p>Note that any prerequisite packages needed to run the | | 1689 | <p>Note that any prerequisite packages needed to run the |
1688 | package in question will be installed, too, assuming they are | | 1690 | package in question will be installed, too, assuming they are |
1689 | present where you install from.</p> | | 1691 | present where you install from.</p> |
1690 | <p>As mentioned above, packages for which vulnerabilities get | | | |
1691 | known are not stored in the <code class="filename">All</code> subdirectory. | | | |
1692 | They don't get deleted since that could be very frustrating if many | | | |
1693 | other packages depend on it. Instead, they are moved to the | | | |
1694 | <code class="filename">vulnerable</code> subdirectory. So you may need to add | | | |
1695 | this directory to the <code class="varname">PKG_PATH</code> variable. | | | |
1696 | However, you should run <span class="command"><strong>pkg_admin audit</strong></span> | | | |
1697 | regularly, especially after installing new packages, and verify | | | |
1698 | that the vulnerabilities are acceptable for your configuration.</p> | | | |
1699 | <p>After you've installed packages, be sure to have | | 1692 | <p>After you've installed packages, be sure to have |
1700 | <code class="filename">/usr/pkg/bin</code> and <code class="filename">/usr/pkg/sbin</code> in your | | 1693 | <code class="filename">/usr/pkg/bin</code> and <code class="filename">/usr/pkg/sbin</code> in your |
1701 | <code class="varname">PATH</code> so you can actually start the just | | 1694 | <code class="varname">PATH</code> so you can actually start the just |
1702 | installed program.</p> | | 1695 | installed program.</p> |
1703 | </div> | | 1696 | </div> |
1704 | <div class="sect2" lang="en"> | | 1697 | <div class="sect2" lang="en"> |
1705 | <div class="titlepage"><div><div><h3 class="title"> | | 1698 | <div class="titlepage"><div><div><h3 class="title"> |
1706 | <a name="using.pkg_delete"></a>4.1.3. Deinstalling packages</h3></div></div></div> | | 1699 | <a name="using.pkg_delete"></a>4.1.3. Deinstalling packages</h3></div></div></div> |
1707 | <p>To deinstall a package, it does not matter whether it was | | 1700 | <p>To deinstall a package, it does not matter whether it was |
1708 | installed from source code or from a binary package. The | | 1701 | installed from source code or from a binary package. The |
1709 | <span class="command"><strong>pkg_delete</strong></span> command does not know it anyway. | | 1702 | <span class="command"><strong>pkg_delete</strong></span> command does not know it anyway. |
1710 | To delete a package, you can just run <span class="command"><strong>pkg_delete | | 1703 | To delete a package, you can just run <span class="command"><strong>pkg_delete |
1711 | <em class="replaceable"><code>package-name</code></em></strong></span>. The package | | 1704 | <em class="replaceable"><code>package-name</code></em></strong></span>. The package |
| @@ -2606,29 +2599,27 @@ SKIP_LICENSE_CHECK= yes | | | @@ -2606,29 +2599,27 @@ SKIP_LICENSE_CHECK= yes |
2606 | to the directory where all log files are created. Otherwise the | | 2599 | to the directory where all log files are created. Otherwise the |
2607 | log files are created in the pkgsrc directory.</p></li> | | 2600 | log files are created in the pkgsrc directory.</p></li> |
2608 | <li><p>Another important variable is | | 2601 | <li><p>Another important variable is |
2609 | <code class="varname">BULK_PREREQ</code>, which is a list of packages that | | 2602 | <code class="varname">BULK_PREREQ</code>, which is a list of packages that |
2610 | should be always available while building other | | 2603 | should be always available while building other |
2611 | packages.</p></li> | | 2604 | packages.</p></li> |
2612 | </ul></div> | | 2605 | </ul></div> |
2613 | <p>Some other options are scattered in the pkgsrc | | 2606 | <p>Some other options are scattered in the pkgsrc |
2614 | infrastructure:</p> | | 2607 | infrastructure:</p> |
2615 | <div class="itemizedlist"><ul type="disc"> | | 2608 | <div class="itemizedlist"><ul type="disc"> |
2616 | <li><p><code class="varname">ALLOW_VULNERABLE_PACKAGES</code> | | 2609 | <li><p><code class="varname">ALLOW_VULNERABLE_PACKAGES</code> |
2617 | should be set to <code class="literal">yes</code>. The purpose of the bulk | | 2610 | should be set to <code class="literal">yes</code>. The purpose of the bulk |
2618 | builds is creating binary packages, no matter if they are | | 2611 | builds is creating binary packages, no matter if they are |
2619 | vulnerable or not. When uploading the packages to a public | | 2612 | vulnerable or not. Leaving this variable unset would prevent the bulk |
2620 | server, the vulnerable packages will be put into a directory of | | | |
2621 | their own. Leaving this variable unset would prevent the bulk | | | |
2622 | build system from even trying to build them, so possible | | 2613 | build system from even trying to build them, so possible |
2623 | building errors would not show up.</p></li> | | 2614 | building errors would not show up.</p></li> |
2624 | <li><p><code class="varname">CHECK_FILES</code> | | 2615 | <li><p><code class="varname">CHECK_FILES</code> |
2625 | (<code class="filename">pkgsrc/mk/check/check-files.mk</code>) can be set to | | 2616 | (<code class="filename">pkgsrc/mk/check/check-files.mk</code>) can be set to |
2626 | “<span class="quote">yes</span>” to check that the installed set of files | | 2617 | “<span class="quote">yes</span>” to check that the installed set of files |
2627 | matches the <code class="filename">PLIST</code>.</p></li> | | 2618 | matches the <code class="filename">PLIST</code>.</p></li> |
2628 | <li><p><code class="varname">CHECK_INTERPRETER</code> | | 2619 | <li><p><code class="varname">CHECK_INTERPRETER</code> |
2629 | (<code class="filename">pkgsrc/mk/check/check-interpreter.mk</code>) can be set to | | 2620 | (<code class="filename">pkgsrc/mk/check/check-interpreter.mk</code>) can be set to |
2630 | “<span class="quote">yes</span>” to check that the installed | | 2621 | “<span class="quote">yes</span>” to check that the installed |
2631 | “<span class="quote">#!</span>”-scripts will find their | | 2622 | “<span class="quote">#!</span>”-scripts will find their |
2632 | interpreter.</p></li> | | 2623 | interpreter.</p></li> |
2633 | <li><p><code class="varname">PKGSRC_RUN_TEST</code> can be | | 2624 | <li><p><code class="varname">PKGSRC_RUN_TEST</code> can be |
2634 | set to “<span class="quote"><code class="literal">yes</code></span>” to run each | | 2625 | set to “<span class="quote"><code class="literal">yes</code></span>” to run each |
| @@ -2922,29 +2913,27 @@ chroot-# | | @@ -2922,29 +2913,27 @@ chroot-# | |
2922 | <p>Next, test if your ssh connection really works:</p> | | 2913 | <p>Next, test if your ssh connection really works:</p> |
2923 | <pre class="screen">chroot-<code class="prompt">#</code> <strong class="userinput"><code>ssh ftp.NetBSD.org date</code></strong> </pre> | | 2914 | <pre class="screen">chroot-<code class="prompt">#</code> <strong class="userinput"><code>ssh ftp.NetBSD.org date</code></strong> </pre> |
2924 | <p>Use "-l yourNetBSDlogin" here as appropriate!</p> | | 2915 | <p>Use "-l yourNetBSDlogin" here as appropriate!</p> |
2925 | <p>Now after all this works, you can exit the sandbox and start | | 2916 | <p>Now after all this works, you can exit the sandbox and start |
2926 | the upload:</p> | | 2917 | the upload:</p> |
2927 | <pre class="screen"> | | 2918 | <pre class="screen"> |
2928 | chroot-<code class="prompt">#</code> <strong class="userinput"><code>exit</code></strong> | | 2919 | chroot-<code class="prompt">#</code> <strong class="userinput"><code>exit</code></strong> |
2929 | <code class="prompt">#</code> <strong class="userinput"><code>cd /usr/sandbox/usr/pkgsrc</code></strong> | | 2920 | <code class="prompt">#</code> <strong class="userinput"><code>cd /usr/sandbox/usr/pkgsrc</code></strong> |
2930 | <code class="prompt">#</code> <strong class="userinput"><code>sh mk/bulk/do-sandbox-upload</code></strong> | | 2921 | <code class="prompt">#</code> <strong class="userinput"><code>sh mk/bulk/do-sandbox-upload</code></strong> |
2931 | </pre> | | 2922 | </pre> |
2932 | <p>The upload process may take quite some time. Use <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?ls+1+NetBSD-current"><span class="citerefentry"><span class="refentrytitle">ls</span>(1)</span></a> or | | 2923 | <p>The upload process may take quite some time. Use <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?ls+1+NetBSD-current"><span class="citerefentry"><span class="refentrytitle">ls</span>(1)</span></a> or |
2933 | <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?du+1+NetBSD-current"><span class="citerefentry"><span class="refentrytitle">du</span>(1)</span></a> on the FTP server to monitor progress of the | | 2924 | <a class="citerefentry" href="http://netbsd.gw.com/cgi-bin/man-cgi?du+1+NetBSD-current"><span class="citerefentry"><span class="refentrytitle">du</span>(1)</span></a> on the FTP server to monitor progress of the |
2934 | upload. The upload script will take care of not uploading | | 2925 | upload. The upload script will take care of not uploading |
2935 | restricted packages and putting vulnerable packages into the | | 2926 | restricted packages.</p> |
2936 | <code class="filename">vulnerable</code> subdirectory.</p> | | | |
2937 | <p>After the upload has ended, first thing is to revoke ssh access:</p> | | | |
2938 | <pre class="screen">nbftp% <strong class="userinput"><code>vi ~/.ssh/authorized_keys</code></strong> | | 2927 | <pre class="screen">nbftp% <strong class="userinput"><code>vi ~/.ssh/authorized_keys</code></strong> |
2939 | Gdd:x! </pre> | | 2928 | Gdd:x! </pre> |
2940 | <p>Use whatever is needed to remove the key you've entered | | 2929 | <p>Use whatever is needed to remove the key you've entered |
2941 | before! Last, move the uploaded packages out of the | | 2930 | before! Last, move the uploaded packages out of the |
2942 | <code class="filename">upload</code> directory to have them accessible | | 2931 | <code class="filename">upload</code> directory to have them accessible |
2943 | to everyone:</p> | | 2932 | to everyone:</p> |
2944 | <pre class="screen"> | | 2933 | <pre class="screen"> |
2945 | nbftp% <strong class="userinput"><code>cd /pub/NetBSD/packages/packages-20xxQy/NetBSD-a.b.c/arch</code></strong> | | 2934 | nbftp% <strong class="userinput"><code>cd /pub/NetBSD/packages/packages-20xxQy/NetBSD-a.b.c/arch</code></strong> |
2946 | nbftp% <strong class="userinput"><code>mv upload/* .</code></strong> | | 2935 | nbftp% <strong class="userinput"><code>mv upload/* .</code></strong> |
2947 | nbftp% <strong class="userinput"><code>rmdir upload</code></strong> | | 2936 | nbftp% <strong class="userinput"><code>rmdir upload</code></strong> |
2948 | nbftp% <strong class="userinput"><code>chmod 755 .</code></strong> | | 2937 | nbftp% <strong class="userinput"><code>chmod 755 .</code></strong> |
2949 | </pre> | | 2938 | </pre> |
2950 | </div> | | 2939 | </div> |