Sun Feb 4 14:29:21 2024 UTC (113d)
pkg_install: Fix more pkg_install.conf(5) defaults documentation.

No functional change -- documentation only.


(riastradh)
diff -r1.23 -r1.24 pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in
cvs diff -r1.23 -r1.24 pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in (expand / switch to unified diff)

--- pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in 2024/02/03 17:35:26 1.23
+++ pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.5.in 2024/02/04 14:29:21 1.24
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1.\" $NetBSD: pkg_install.conf.5.in,v 1.23 2024/02/03 17:35:26 riastradh Exp $ 1.\" $NetBSD: pkg_install.conf.5.in,v 1.24 2024/02/04 14:29:21 riastradh Exp $
2.\" 2.\"
3.\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. 3.\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc.
4.\" All rights reserved. 4.\" All rights reserved.
5.\" 5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation 6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Thomas Klausner. 7.\" by Thomas Klausner.
8.\" 8.\"
9.\" Redistribution and use in source and binary forms, with or without 9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions 10.\" modification, are permitted provided that the following conditions
11.\" are met: 11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright 12.\" 1. Redistributions of source code must retain the above copyright
13.\" notice, this list of conditions and the following disclaimer. 13.\" notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" 2. Redistributions in binary form must reproduce the above copyright
@@ -57,26 +57,28 @@ Default: empty @@ -57,26 +57,28 @@ Default: empty
57Space-separated list of licenses considered acceptable when 57Space-separated list of licenses considered acceptable when
58.Dv CHECK_LICENSE 58.Dv CHECK_LICENSE
59is 59is
60.Ql yes 60.Ql yes
61or 61or
62.Ql always , 62.Ql always ,
63in addition to those listed in 63in addition to those listed in
64.Dv DEFAULT_ACCEPTABLE_LICENSES . 64.Dv DEFAULT_ACCEPTABLE_LICENSES .
65License names are case-sensitive. 65License names are case-sensitive.
66.It Dv ACTIVE_FTP No (empty or non-empty) 66.It Dv ACTIVE_FTP No (empty or non-empty)
67Default: empty 67Default: empty
68.Pp 68.Pp
69If non-empty, force the use of active FTP. 69If non-empty, force the use of active FTP.
 70Otherwise, try passive FTP first, and fall back to active FTP if the
 71server reports a syntax error.
70.It Dv CACHE_INDEX No ( So Li yes Sc or So Li no Sc ) 72.It Dv CACHE_INDEX No ( So Li yes Sc or So Li no Sc )
71Default: 73Default:
72.Li yes 74.Li yes
73.Pp 75.Pp
74If 76If
75.Ql yes , 77.Ql yes ,
76cache directory listings in memory. 78cache directory listings in memory.
77This avoids retransfers of the large directory index for HTTP. 79This avoids retransfers of the large directory index for HTTP.
78.It Dv CERTIFICATE_ANCHOR_PKGS No (empty or path) 80.It Dv CERTIFICATE_ANCHOR_PKGS No (empty or path)
79Default: empty 81Default: empty
80.Pp 82.Pp
81Path to the file containing the certificates used for validating binary 83Path to the file containing the certificates used for validating binary
82packages. 84packages.
@@ -95,27 +97,27 @@ If non-empty, path to the file containin @@ -95,27 +97,27 @@ If non-empty, path to the file containin
95validating 97validating
96.Pa pkg-vulnerabilities . 98.Pa pkg-vulnerabilities .
97The 99The
98.Pa pkg-vulnerabilities 100.Pa pkg-vulnerabilities
99is trusted when a certificate chain ends in one of the certificates 101is trusted when a certificate chain ends in one of the certificates
100contained in this file. 102contained in this file.
101The certificates must be PEM-encoded. 103The certificates must be PEM-encoded.
102.It Dv CERTIFICATE_CHAIN No (empty or path) 104.It Dv CERTIFICATE_CHAIN No (empty or path)
103Default: empty 105Default: empty
104.Pp 106.Pp
105If non-empty, path to a file containing additional certificates that 107If non-empty, path to a file containing additional certificates that
106can be used for completing certificate chains when validating binary 108can be used for completing certificate chains when validating binary
107packages or pkg-vulnerabilities files. 109packages or pkg-vulnerabilities files.
108.It Dv CHECK_LICENSE No ( So Li yes Sc , So Li no Sc , So Li always Sc ) 110.It Dv CHECK_LICENSE No ( So Li yes Sc , So Li no Sc , or So Li always Sc )
109Default: 111Default:
110.Li no 112.Li no
111.Pp 113.Pp
112When installing a package, check whether its license, as specified in 114When installing a package, check whether its license, as specified in
113the 115the
114.Dv LICENSE 116.Dv LICENSE
115build info tag, is acceptable, 117build info tag, is acceptable,
116i.e., listed in 118i.e., listed in
117.Dv ACCEPTABLE_LICENSES 119.Dv ACCEPTABLE_LICENSES
118or 120or
119.Dv DEFAULT_ACCEPTABLE_LICENSES . 121.Dv DEFAULT_ACCEPTABLE_LICENSES .
120.Pp 122.Pp
121Supported values are: 123Supported values are:
@@ -175,27 +177,27 @@ package checks that it matches the OS ve @@ -175,27 +177,27 @@ package checks that it matches the OS ve
175Packages that are tightly bound to a specific version of an operating 177Packages that are tightly bound to a specific version of an operating
176system, such as kernel modules or 178system, such as kernel modules or
177.Dv sysutils/lsof , 179.Dv sysutils/lsof ,
178depend on the 180depend on the
179.Li osabi 181.Li osabi
180package to reflect this, so that even if 182package to reflect this, so that even if
181.Dv CHECK_OS_VERSION 183.Dv CHECK_OS_VERSION
182is 184is
183.Ql no , 185.Ql no ,
184such packages will refuse to install unless 186such packages will refuse to install unless
185.Dv CHECK_OSABI 187.Dv CHECK_OSABI
186is also 188is also
187.Ql no . 189.Ql no .
188.It Dv CHECK_VULNERABILITIES No ( So Li never Sc , So Li always Sc , So Li interactive Sc ) 190.It Dv CHECK_VULNERABILITIES No ( So Li never Sc , So Li always Sc , or So Li interactive Sc )
189Default: 191Default:
190.Ql never 192.Ql never
191.Pp 193.Pp
192Check for vulnerabilities when installing a package. 194Check for vulnerabilities when installing a package.
193Supported values are: 195Supported values are:
194.Bl -tag -width ".Dv interactive" 196.Bl -tag -width ".Dv interactive"
195.It Dv never 197.It Dv never
196Install package even if it is known to be vulnerable. 198Install package even if it is known to be vulnerable.
197.It Dv always 199.It Dv always
198Install package only if it is not known to be vulnerable. 200Install package only if it is not known to be vulnerable.
199.Pp 201.Pp
200If the 202If the
201.Pa pkg-vulnerabilities 203.Pa pkg-vulnerabilities
@@ -255,97 +257,113 @@ and are not @@ -255,97 +257,113 @@ and are not
255licenses such as the GNU Affero GPLv3. 257licenses such as the GNU Affero GPLv3.
256.It Dv GPG No (empty or path) 258.It Dv GPG No (empty or path)
257Default: empty 259Default: empty
258.Pp 260.Pp
259Path to 261Path to
260.Xr gpg 1 , 262.Xr gpg 1 ,
261required for 263required for
262.Ic pkg_admin gpg-sign-package . 264.Ic pkg_admin gpg-sign-package .
263(All other GPG/OpenPGP operations are done internally with 265(All other GPG/OpenPGP operations are done internally with
264.Xr libnetpgpverify 3 . ) 266.Xr libnetpgpverify 3 . )
265.It Dv GPG_KEYRING_PKGVULN No (empty or path) 267.It Dv GPG_KEYRING_PKGVULN No (empty or path)
266Default: empty 268Default: empty
267.Pp 269.Pp
268If non-empty, keyring to use for verifying GPG signatures on 270If non-empty, keyring to use for verifying OpenPGP signatures on
269.Pa pkg-vulnerabilities , 271.Pa pkg-vulnerabilities ,
270overriding the default keyring. 272overriding the default keyring.
271.It Dv GPG_KEYRING_SIGN No (empty or path) 273.It Dv GPG_KEYRING_SIGN No (empty or path)
272Default: empty 274Default: empty
273.Pp 275.Pp
274If non-empty, keyring to use for signing packages with 276If non-empty, keyring to use for signing packages with
275.Ic pkg_admin gpg-sign-package , 277.Ic pkg_admin gpg-sign-package ,
276overriding the default keyring. 278overriding the default keyring.
277.It Dv GPG_KEYRING_VERIFY No (empty or path) 279.It Dv GPG_KEYRING_VERIFY No (empty or path)
278Default: empty 280Default: empty
279.Pp 281.Pp
280If non-empty, keyring to use for verifying package signatures on 282If non-empty, keyring to use for verifying package signatures on
281installation, overriding the default keyring. 283installation, overriding the default keyring.
282.It Dv GPG_SIGN_AS No (empty or OpenPGP user-id) 284.It Dv GPG_SIGN_AS No (empty or OpenPGP user-id)
283OpenpGP user-id to use for signing packages with 285Default: empty
 286.Pp
 287If non-empty, OpenPGP user-id to use for signing packages with
284.Ic pkg_admin gpg-sign-package , 288.Ic pkg_admin gpg-sign-package ,
285passed as the argument of 289passed as the argument of
286.Ql --local-user 290.Ql --local-user
287.Pq Fl u 291.Pq Fl u
288to 292to
289.Xr gpg 1 . 293.Xr gpg 1 .
290.It Dv IGNORE_PROXY No (empty or non-empty) 294.It Dv IGNORE_PROXY No (empty or non-empty)
291Default: empty 295Default: empty
292.Pp 296.Pp
293If non-empty, use direct connections and ignore 297If non-empty, use direct connections and ignore
294.Ev FTP_PROXY 298.Ev FTP_PROXY
295and 299and
296.Ev HTTP_PROXY . 300.Ev HTTP_PROXY .
297.It Dv IGNORE_URL No (URL, maybe specified multiple times) 301.It Dv IGNORE_URL No (URL, may be specified multiple times)
298One URL per advisory which should be ignored when running 302Default: none
299.Dl Ic pkg_admin audit 303.Pp
300The URL from the 304URL of a security advisory from the
301.Pa pkg-vulnerabilities 305.Pa pkg-vulnerabilities
302file should be used as value. 306that should be ignored when running:
303.It Dv PKG_DBDIR No (*; path) 307.Dl Ic pkg_admin audit
 308May be specified multiple times to ignore multiple advisories.
 309.It Dv PKG_DBDIR No (*) (path)
 310Default:
 311.Pa @PKG_DBDIR@
 312.Pp
304Location of the packages database. 313Location of the packages database.
305This option is overriden by the argument of the 314This option is overriden by the argument of the
306.Fl K 315.Fl K
307option. 316option.
308.It Dv PKG_PATH No (*; colon-separated list of paths or URLs) 317.It Dv PKG_PATH No (*) (semicolon-separated list of paths or URLs)
 318Default: empty
 319.Pp
309Search path for packages. 320Search path for packages.
310The entries are separated by semicolon. 321The entries are separated by semicolon.
311Each entry specifies a directory or URL to search for packages. 322Each entry specifies a directory or URL to search for packages.
312.It Dv PKG_REFCOUNT_DBDIR No (*; path) 323.It Dv PKG_REFCOUNT_DBDIR No (*) (path)
 324Default:
 325.No "${" Ns Dv PKG_DBDIR Ns "}" Ns Pa .refcount
 326.Pp
313Location of the package reference counts database directory. 327Location of the package reference counts database directory.
314The default value is 
315.Pa ${PKG_DBDIR}.refcount . 
316.It Dv PKGVULNDIR No (path) 328.It Dv PKGVULNDIR No (path)
 329Default:
 330.No "${" Ns Dv PKG_DBDIR Ns "}"
 331.Pp
317Directory name in which the 332Directory name in which the
318.Pa pkg-vulnerabilities 333.Pa pkg-vulnerabilities
319file resides. 334file resides.
320Default is 
321.Pa ${PKG_DBDIR} . 
322.It Dv PKGVULNURL No (URL) 335.It Dv PKGVULNURL No (URL)
 336Default:
 337.Lk http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz
 338.Pp
323URL which is used for updating the local 339URL which is used for updating the local
324.Pa pkg-vulnerabilities 340.Pa pkg-vulnerabilities
325file when running 341file when running:
326.Dl Ic pkg_admin fetch-pkg-vulnerabilities 342.Dl Ic pkg_admin fetch-pkg-vulnerabilities
327The default location is ftp.NetBSD.org using HTTP. 343.Pp
328.Em Note : 344.Em Note :
329Usually, only the compression type should be changed. 345Usually, only the compression type should be changed.
330Currently supported are uncompressed files and files compressed by 346Currently supported are uncompressed files and files compressed by
331.Xr bzip2 1 347.Xr bzip2 1
332.Pq Pa .bz2 348.Pq Pa .bz2
333or 349or
334.Xr gzip 1 350.Xr gzip 1
335.Pq Pa .gz . 351.Pq Pa .gz .
336.It Dv VERBOSE_NETIO No (empty or non-empty) 352.It Dv VERBOSE_NETIO No (empty or non-empty)
 353Default: empty
 354.Pp
337If non-empty, log details of network IO to stderr. 355If non-empty, log details of network IO to stderr.
338.It Dv VERIFIED_INSTALLATION No ( So Li never Sc , So Li always Sc , So Li trusted Sc , So Li interactive Sc ) 356.It Dv VERIFIED_INSTALLATION No ( So Li never Sc , So Li always Sc , So Li trusted Sc , or So Li interactive Sc )
339Default: 357Default:
340.Ql never 358.Ql never
341.Pp 359.Pp
342Verification requirement for installing a package. 360Verification requirement for installing a package.
343Supported values are: 361Supported values are:
344.Bl -tag -width interactive 362.Bl -tag -width interactive
345.It Dv never 363.It Dv never
346Install package unconditionally. 364Install package unconditionally.
347.It Dv always 365.It Dv always
348Install package only if it has a valid X.509 or OpenPGP signature. 366Install package only if it has a valid X.509 or OpenPGP signature.
349.It Dv trusted 367.It Dv trusted
350Install package without user interaction if it has a valid X.509 or 368Install package without user interaction if it has a valid X.509 or
351OpenPGP signature. 369OpenPGP signature.