| @@ -7,177 +7,248 @@ DDEESSCCRRIIPPTTIIOONN | | | @@ -7,177 +7,248 @@ DDEESSCCRRIIPPTTIIOONN |
7 | The file ppkkgg__iinnssttaallll..ccoonnff contains system defaults for the package | | 7 | The file ppkkgg__iinnssttaallll..ccoonnff contains system defaults for the package |
8 | installation tools as a list of variable-value pairs. Each line has the | | 8 | installation tools as a list of variable-value pairs. Each line has the |
9 | format VARIABLE=VALUE. If the value consists of more than one line, each | | 9 | format VARIABLE=VALUE. If the value consists of more than one line, each |
10 | line is prefixed with VARIABLE=. | | 10 | line is prefixed with VARIABLE=. |
11 | | | 11 | |
12 | The current value of a variable can be checked by running | | 12 | The current value of a variable can be checked by running |
13 | ppkkgg__aaddmmiinn ccoonnffiigg--vvaarr VVAARRIIAABBLLEE | | 13 | ppkkgg__aaddmmiinn ccoonnffiigg--vvaarr VVAARRIIAABBLLEE |
14 | | | 14 | |
15 | Some variables are overriden by environmental variables of the same name. | | 15 | Some variables are overriden by environmental variables of the same name. |
16 | Those are marked by (*). | | 16 | Those are marked by (*). |
17 | | | 17 | |
18 | The following variables are supported: | | 18 | The following variables are supported: |
19 | | | 19 | |
20 | ACCEPTABLE_LICENSES | | 20 | ACCEPTABLE_LICENSES (list of license names) |
21 | Space-separated list of licenses packages are allowed to carry. | | 21 | Default: empty |
22 | License names are case-sensitive. | | 22 | |
23 | | | 23 | Space-separated list of licenses considered acceptable when |
24 | ACTIVE_FTP | | 24 | CHECK_LICENSE is `yes' or `always', in addition to those listed |
25 | Force the use of active FTP. | | 25 | in DEFAULT_ACCEPTABLE_LICENSES. License names are case- |
26 | | | 26 | sensitive. |
27 | CACHE_INDEX | | 27 | |
28 | Cache directory listings in memory. This avoids retransfers of | | 28 | ACTIVE_FTP (empty or non-empty) |
29 | the large directory index for HTTP and is enabled by default. | | 29 | Default: empty |
| | | 30 | |
| | | 31 | If non-empty, force the use of active FTP. |
| | | 32 | |
| | | 33 | CACHE_INDEX (`yes' or `no') |
| | | 34 | Default: yes |
| | | 35 | |
| | | 36 | If `yes', cache directory listings in memory. This avoids |
| | | 37 | retransfers of the large directory index for HTTP. |
| | | 38 | |
| | | 39 | CERTIFICATE_ANCHOR_PKGS (empty or path) |
| | | 40 | Default: empty |
30 | | | 41 | |
31 | CERTIFICATE_ANCHOR_PKGS | | | |
32 | Path to the file containing the certificates used for validating | | 42 | Path to the file containing the certificates used for validating |
33 | binary packages. A package is trusted when a certificate chain | | 43 | binary packages. A package is trusted when a certificate chain |
34 | ends in one of the certificates contained in this file. The | | 44 | ends in one of the certificates contained in this file. The |
35 | certificates must be PEM-encoded. | | 45 | certificates must be PEM-encoded. |
36 | | | 46 | |
37 | CERTIFICATE_ANCHOR_PKGVULN | | 47 | Required when VERIFIED_INSTALLATION is anything other than |
38 | Analogous to CERTIFICATE_ANCHOR_PKGS. The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is | | 48 | `never'. |
| | | 49 | |
| | | 50 | CERTIFICATE_ANCHOR_PKGVULN (empty or path) |
| | | 51 | Default: empty |
| | | 52 | |
| | | 53 | If non-empty, path to the file containing the certificates used |
| | | 54 | for validating _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s. The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is |
39 | trusted when a certificate chain ends in one of the certificates | | 55 | trusted when a certificate chain ends in one of the certificates |
40 | contained in this file. | | 56 | contained in this file. The certificates must be PEM-encoded. |
| | | 57 | |
| | | 58 | CERTIFICATE_CHAIN (empty or path) |
| | | 59 | Default: empty |
41 | | | 60 | |
42 | CERTIFICATE_CHAIN | | 61 | If non-empty, path to a file containing additional certificates |
43 | Path to a file containing additional certificates that can be | | 62 | that can be used for completing certificate chains when |
44 | used for completing certificate chains when validating binary | | 63 | validating binary packages or pkg-vulnerabilities files. |
45 | packages or pkg-vulnerabilities files. | | 64 | |
| | | 65 | CHECK_LICENSE (`yes', `no', `always') |
| | | 66 | Default: no |
| | | 67 | |
| | | 68 | When installing a package, check whether its license, as |
| | | 69 | specified in the LICENSE build info tag, is acceptable, i.e., |
| | | 70 | listed in ACCEPTABLE_LICENSES or DEFAULT_ACCEPTABLE_LICENSES. |
46 | | | 71 | |
47 | CHECK_LICENSE | | | |
48 | Check the license conditions of packages before installing them. | | | |
49 | Supported values are: | | 72 | Supported values are: |
50 | | | 73 | |
51 | no The check is not performed. | | 74 | no Install package no matter what license it has. |
52 | | | 75 | |
53 | yes The check is performed if the package has license | | 76 | yes If package has LICENSE set, require the license to be |
54 | conditions set. | | 77 | acceptable before installing. If package is missing |
| | | 78 | LICENSE, install it anyway. |
55 | | | 79 | |
56 | always Passing the license check is required. Missing | | 80 | always Require LICENSE to be set, and require the license to |
57 | license conditions are considered an error. | | 81 | be acceptable, before installing. |
| | | 82 | |
| | | 83 | CHECK_END_OF_LIFE (`yes' or `no') |
| | | 84 | Default: `yes' |
58 | | | 85 | |
59 | CHECK_END_OF_LIFE | | | |
60 | During vulnerability checks, consider packages that have reached | | 86 | During vulnerability checks, consider packages that have reached |
61 | end-of-life as vulnerable. This option is enabled by default. | | 87 | end-of-life as vulnerable. |
| | | 88 | |
| | | 89 | CHECK_OS_VERSION (`yes' or `no') |
| | | 90 | Default: `yes' |
| | | 91 | |
| | | 92 | If `yes', pkg_add will warn if the host OS version mismatches the |
| | | 93 | OS version the package was built on. |
| | | 94 | |
| | | 95 | For example, you can set this to `no' in order to install |
| | | 96 | packages built for NetBSD 9.0 on NetBSD 10.0, where they will |
| | | 97 | still generally work. Packages for which this may not work have |
| | | 98 | a more stringent version check through the osabi package; see |
| | | 99 | CHECK_OSABI. |
| | | 100 | |
| | | 101 | CHECK_OSABI (`yes' or `no') |
| | | 102 | Default: `yes' |
| | | 103 | |
| | | 104 | If `yes', the osabi package checks that it matches the OS |
| | | 105 | version. |
62 | | | 106 | |
63 | CHECK_OS_VERSION | | 107 | Packages that are tightly bound to a specific version of an |
64 | If "no", pkg_add will not warn if the host OS version does not | | 108 | operating system, such as kernel modules or sysutils/lsof, depend |
65 | exactly match the OS version the package was built on. The | | 109 | on the osabi package to reflect this, so that even if |
66 | default is "yes". | | 110 | CHECK_OS_VERSION is `no', such packages will refuse to install |
67 | | | 111 | unless CHECK_OSABI is also `no'. |
68 | CHECK_OSABI | | | |
69 | If "no", osabi package does not check OS version. The default is | | | |
70 | "yes". | | | |
71 | | | 112 | |
72 | CHECK_VULNERABILITIES | | 113 | CHECK_VULNERABILITIES (`never', `always', `interactive') |
73 | Check for vulnerabilities when installing packages. Supported | | 114 | Default: `never' |
| | | 115 | |
| | | 116 | Check for vulnerabilities when installing a package. Supported |
74 | values are: | | 117 | values are: |
75 | | | 118 | |
76 | never No check is performed. | | 119 | never Install package even if it is known to be |
| | | 120 | vulnerable. |
| | | 121 | |
| | | 122 | always Install package only if it is not known to be |
| | | 123 | vulnerable. |
77 | | | 124 | |
78 | always Passing the vulnerability check is required. A | | 125 | If the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file is missing, |
79 | missing pkg-vulnerabilities file is considered an | | 126 | assume package is vulnerable and refuse to |
80 | error. | | 127 | install it. |
81 | | | 128 | |
82 | interactive The user is always asked to confirm installation | | 129 | interactive Install package without user interaction if it |
83 | of vulnerable packages. | | 130 | is not known to be vulnerable. Otherwise, |
84 | | | 131 | prompt user to confirm installation. |
85 | CONFIG_CACHE_CONNECTIONS | | 132 | |
86 | Limit the global connection cache to this value. For FTP, this | | 133 | If the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file is missing, |
87 | is the number of sessions without active command. For HTTP, this | | 134 | ignore it and install package anyway. |
88 | is the number of connections open with keep-alive. | | | |
89 | | | | |
90 | CONFIG_CACHE_CONNECTIONS_HOST | | | |
91 | Like CONFIG_CACHE_CONNECTIONS, but limit the number of | | | |
92 | connections to the host as well. See fetch(3) for further | | | |
93 | details | | | |
94 | | | 135 | |
95 | DEFAULT_ACCEPTABLE_LICENSES | | 136 | DEFAULT_ACCEPTABLE_LICENSES |
96 | Space-separated list of common Free and Open Source licenses | | 137 | Space separated list of licenses considered acceptable when |
97 | packages are allowed to carry. The default value contains all | | 138 | CHECK_LICENSE is `yes' or `always', in addition to those listed |
98 | OSI approved licenses in pkgsrc on the date pkg_install was | | 139 | in ACCEPTABLE_LICENSES. License names are case-sensitive. |
99 | released. License names are case-sensitive. | | | |
100 | | | | |
101 | GPG Path to gpg(1), which can be used to verify the signature in the | | | |
102 | _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running | | | |
103 | ppkkgg__aaddmmiinn cchheecckk--ppkkgg--vvuullnneerraabbiilliittiieess --ss | | | |
104 | or | | | |
105 | ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess --ss | | | |
106 | It can also be used to verify and sign binary packages. | | | |
107 | | | | |
108 | GPG_KEYRING_PKGVULN | | | |
109 | Non-default keyring to use for verifying GPG signatures of | | | |
110 | _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s. | | | |
111 | | | 140 | |
112 | GPG_KEYRING_SIGN | | 141 | The default value of DEFAULT_ACCEPTABLE_LICENSES (list of license |
113 | Non-default keyring to use for signing packages with GPG. | | 142 | names) lists all licenses recorded in pkgsrc which have been |
| | | 143 | either: |
114 | | | 144 | |
115 | GPG_KEYRING_VERIFY | | 145 | -- approved as open source by the _O_p_e_n _S_o_u_r_c_e _I_n_i_t_i_a_t_i_v_e: |
116 | Non-default keyring to use for verifying GPG signature of | | 146 | hhttttppss::////ooppeennssoouurrccee..oorrgg//, |
117 | packages. | | 147 | |
| | | 148 | -- approved as free software by the _F_r_e_e _S_o_f_t_w_a_r_e _F_o_u_n_d_a_t_i_o_n: |
| | | 149 | hhttttppss::////wwwwww..ffssff..oorrgg//, or |
| | | 150 | |
| | | 151 | -- considered free software under the Debian Free Software |
| | | 152 | Guidelines by the _D_e_b_i_a_n _P_r_o_j_e_c_t: hhttttppss::////wwwwww..ddeebbiiaann..oorrgg//, |
| | | 153 | and are not `network copyleft' licenses such as the GNU Affero |
| | | 154 | GPLv3. |
| | | 155 | |
| | | 156 | GPG (empty or path) |
| | | 157 | Default: empty |
| | | 158 | |
| | | 159 | Path to gpg(1), required for ppkkgg__aaddmmiinn ggppgg--ssiiggnn--ppaacckkaaggee. (All |
| | | 160 | other GPG/OpenPGP operations are done internally with |
| | | 161 | libnetpgpverify(3).) |
118 | | | 162 | |
119 | GPG_SIGN_AS | | 163 | GPG_KEYRING_PKGVULN (empty or path) |
120 | User-id to use for signing packages. | | 164 | Default: empty |
121 | | | 165 | |
122 | IGNORE_PROXY | | 166 | If non-empty, keyring to use for verifying GPG signatures on |
123 | Use direct connections and ignore FTP_PROXY and HTTP_PROXY. | | 167 | _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s, overriding the default keyring. |
124 | | | 168 | |
125 | IGNORE_URL | | 169 | GPG_KEYRING_SIGN (empty or path) |
126 | One line per advisory which should be ignored when running | | 170 | Default: empty |
| | | 171 | |
| | | 172 | If non-empty, keyring to use for signing packages with ppkkgg__aaddmmiinn |
| | | 173 | ggppgg--ssiiggnn--ppaacckkaaggee, overriding the default keyring. |
| | | 174 | |
| | | 175 | GPG_KEYRING_VERIFY (empty or path) |
| | | 176 | Default: empty |
| | | 177 | |
| | | 178 | If non-empty, keyring to use for verifying package signatures on |
| | | 179 | installation, overriding the default keyring. |
| | | 180 | |
| | | 181 | GPG_SIGN_AS (empty or OpenPGP user-id) |
| | | 182 | OpenpGP user-id to use for signing packages with ppkkgg__aaddmmiinn |
| | | 183 | ggppgg--ssiiggnn--ppaacckkaaggee, passed as the argument of `--local-user' (--uu) |
| | | 184 | to gpg(1). |
| | | 185 | |
| | | 186 | IGNORE_PROXY (empty or non-empty) |
| | | 187 | Default: empty |
| | | 188 | |
| | | 189 | If non-empty, use direct connections and ignore FTP_PROXY and |
| | | 190 | HTTP_PROXY. |
| | | 191 | |
| | | 192 | IGNORE_URL (URL, maybe specified multiple times) |
| | | 193 | One URL per advisory which should be ignored when running |
127 | ppkkgg__aaddmmiinn aauuddiitt | | 194 | ppkkgg__aaddmmiinn aauuddiitt |
128 | The URL from the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file should be used as | | 195 | The URL from the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file should be used as |
129 | value. | | 196 | value. |
130 | | | 197 | |
131 | PKG_DBDIR (*) | | 198 | PKG_DBDIR (*; path) |
132 | Location of the packages database. This option is always | | 199 | Location of the packages database. This option is overriden by |
133 | overriden by the argument of the --KK option. | | 200 | the argument of the --KK option. |
134 | | | 201 | |
135 | PKG_PATH (*) | | 202 | PKG_PATH (*; colon-separated list of paths or URLs) |
136 | Search path for packages. The entries are separated by | | 203 | Search path for packages. The entries are separated by |
137 | semicolon. Each entry specifies a directory or URL to search for | | 204 | semicolon. Each entry specifies a directory or URL to search for |
138 | packages. | | 205 | packages. |
139 | | | 206 | |
140 | PKG_REFCOUNT_DBDIR (*) | | 207 | PKG_REFCOUNT_DBDIR (*; path) |
141 | Location of the package reference counts database directory. The | | 208 | Location of the package reference counts database directory. The |
142 | default value is _$_{_P_K_G___D_B_D_I_R_}_._r_e_f_c_o_u_n_t. | | 209 | default value is _$_{_P_K_G___D_B_D_I_R_}_._r_e_f_c_o_u_n_t. |
143 | | | 210 | |
144 | PKGVULNDIR | | 211 | PKGVULNDIR (path) |
145 | Directory name in which the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file resides. | | 212 | Directory name in which the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file resides. |
146 | Default is _$_{_P_K_G___D_B_D_I_R_}. | | 213 | Default is _$_{_P_K_G___D_B_D_I_R_}. |
147 | | | 214 | |
148 | PKGVULNURL | | 215 | PKGVULNURL (URL) |
149 | URL which is used for updating the local _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file | | 216 | URL which is used for updating the local _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file |
150 | when running | | 217 | when running |
151 | ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess | | 218 | ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess |
152 | The default location is ftp.NetBSD.org using HTTP. _N_o_t_e: | | 219 | The default location is ftp.NetBSD.org using HTTP. _N_o_t_e: |
153 | Usually, only the compression type should be changed. Currently | | 220 | Usually, only the compression type should be changed. Currently |
154 | supported are uncompressed files and files compressed by bzip2(1) | | 221 | supported are uncompressed files and files compressed by bzip2(1) |
155 | (_._b_z_2) or gzip(1) (_._g_z). | | 222 | (_._b_z_2) or gzip(1) (_._g_z). |
156 | | | 223 | |
157 | VERBOSE_NETIO | | 224 | VERBOSE_NETIO (empty or non-empty) |
158 | Log details of network IO to stderr. | | 225 | If non-empty, log details of network IO to stderr. |
159 | | | 226 | |
160 | VERIFIED_INSTALLATION | | 227 | VERIFIED_INSTALLATION (`never', `always', `trusted', `interactive') |
161 | Set trust level used when installation. Supported values are: | | 228 | Default: `never' |
162 | | | 229 | |
163 | never No signature checks are performed. | | 230 | Verification requirement for installing a package. Supported |
| | | 231 | values are: |
164 | | | 232 | |
165 | always A valid signature is required. If the binary | | 233 | never Install package unconditionally. |
166 | package can not be verified, the installation is | | | |
167 | terminated | | | |
168 | | | 234 | |
169 | trusted A valid signature is required. If the binary | | 235 | always Install package only if it has a valid X.509 or |
170 | package can not be verified, the user is asked | | 236 | OpenPGP signature. |
171 | interactively. | | | |
172 | | | 237 | |
173 | interactive The user is always asked interactively when | | 238 | trusted Install package without user interaction if it has a |
174 | installing a package. | | 239 | valid X.509 or OpenPGP signature. Otherwise, prompt |
| | | 240 | user to confirm installation. |
| | | 241 | |
| | | 242 | interactive Always prompt the user to confirm installation when |
| | | 243 | installing a package. WWAARRNNIINNGG: This does not tell |
| | | 244 | the user whether the package had a valid signature |
| | | 245 | or not. |
175 | | | 246 | |
176 | FFIILLEESS | | 247 | FFIILLEESS |
177 | _@_S_Y_S_C_O_N_F_D_I_R_@_/_p_k_g___i_n_s_t_a_l_l_._c_o_n_f Default location for the file | | 248 | _@_S_Y_S_C_O_N_F_D_I_R_@_/_p_k_g___i_n_s_t_a_l_l_._c_o_n_f Default location for the file |
178 | described in this manual page. | | 249 | described in this manual page. |
179 | | | 250 | |
180 | SSEEEE AALLSSOO | | 251 | SSEEEE AALLSSOO |
181 | pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1) | | 252 | pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1) |
182 | | | 253 | |
183 | pkgsrc October 28, 2014 pkgsrc | | 254 | pkgsrc October 28, 2014 pkgsrc |