PKG_INSTALL.CONF(5) NetBSD File Formats Manual PKG_INSTALL.CONF(5)
NAME
pkg_install.conf -- configuration file for package installation tools
DESCRIPTION
The file pkg_install.conf contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format VARIABLE=VALUE. If the value consists of more than one line, each line is prefixed with VARIABLE=. The current value of a variable can be checked by running pkg_admin config-var VARIABLE Some variables are overriden by environmental variables of the same name. Those are marked by (*). The following variables are supported: ACCEPTABLE_LICENSES (list of license names) Default: empty Space-separated list of licenses considered acceptable when CHECK_LICENSE is `yes' or `always', in addition to those listed in DEFAULT_ACCEPTABLE_LICENSES. License names are case-sensi- tive. ACTIVE_FTP (empty or non-empty) Default: empty If non-empty, force the use of active FTP. Otherwise, try pas- sive FTP first, and fall back to active FTP if the server reports a syntax error. CACHE_INDEX (`yes' or `no') Default: yes If `yes', cache directory listings in memory. This avoids retransfers of the large directory index for HTTP. CERTIFICATE_ANCHOR_PKGS (empty or path) Default: empty Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The cer- tificates must be PEM-encoded. Required when VERIFIED_INSTALLATION is anything other than `never'. CERTIFICATE_ANCHOR_PKGVULN (empty or path) Default: empty If non-empty, path to the file containing the certificates used for validating pkg-vulnerabilities. The pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. CERTIFICATE_CHAIN (empty or path) Default: empty If non-empty, path to a file containing additional certificates that can be used for completing certificate chains when validat- ing binary packages or pkg-vulnerabilities files. CHECK_LICENSE (`yes', `no', or `always') Default: no When installing a package, check whether its license, as speci- fied in the LICENSE build info tag, is acceptable, i.e., listed in ACCEPTABLE_LICENSES or DEFAULT_ACCEPTABLE_LICENSES. Supported values are: no Install package no matter what license it has. yes If package has LICENSE set, require the license to be acceptable before installing. If package is missing LICENSE, install it anyway. always Require LICENSE to be set, and require the license to be acceptable, before installing. CHECK_END_OF_LIFE (`yes' or `no') Default: `yes' During vulnerability checks, consider packages that have reached end-of-life as vulnerable. CHECK_OS_VERSION (`yes' or `no') Default: `yes' If `yes', pkg_add will warn if the host OS version mismatches the OS version the package was built on. For example, you can set this to `no' in order to install pack- ages built for NetBSD 9.0 on NetBSD 10.0, where they will still generally work. Packages for which this may not work have a more stringent version check through the osabi package; see CHECK_OSABI. CHECK_OSABI (`yes' or `no') Default: `yes' If `yes', the osabi package checks that it matches the OS ver- sion. Packages that are tightly bound to a specific version of an oper- ating system, such as kernel modules or sysutils/lsof, depend on the osabi package to reflect this, so that even if CHECK_OS_VERSION is `no', such packages will refuse to install unless CHECK_OSABI is also `no'. CHECK_VULNERABILITIES (`never', `always', or `interactive') Default: `never' Check for vulnerabilities when installing a package. Supported values are: never Install package even if it is known to be vulnera- ble. always Install package only if it is not known to be vul- nerable. If the pkg-vulnerabilities file is missing, assume package is vulnerable and refuse to install it. interactive Install package without user interaction if it is not known to be vulnerable. Otherwise, prompt user to confirm installation. If the pkg-vulnerabilities file is missing, ignore it and install package anyway. DEFAULT_ACCEPTABLE_LICENSES Space separated list of licenses considered acceptable when CHECK_LICENSE is `yes' or `always', in addition to those listed in ACCEPTABLE_LICENSES. License names are case-sensitive. The default value of DEFAULT_ACCEPTABLE_LICENSES (list of license names) lists all licenses recorded in pkgsrc which have been either: - approved as open source by the Open Source Initiative: https://opensource.org/, - approved as free software by the Free Software Foundation: https://www.fsf.org/, or - considered free software under the Debian Free Software Guidelines by the Debian Project: https://www.debian.org/, and are not `network copyleft' licenses such as the GNU Affero GPLv3. GPG (empty or path) Default: empty Path to gpg(1), required for pkg_admin gpg-sign-package. (All other GPG/OpenPGP operations are done internally with libnetpgpverify(3).) GPG_KEYRING_PKGVULN (empty or path) Default: empty If non-empty, keyring to use for verifying OpenPGP signatures on pkg-vulnerabilities, overriding the default keyring. GPG_KEYRING_SIGN (empty or path) Default: empty If non-empty, keyring to use for signing packages with pkg_admin gpg-sign-package, overriding the default keyring. GPG_KEYRING_VERIFY (empty or path) Default: empty If non-empty, keyring to use for verifying package signatures on installation, overriding the default keyring. GPG_SIGN_AS (empty or OpenPGP user-id) Default: empty If non-empty, OpenPGP user-id to use for signing packages with pkg_admin gpg-sign-package, passed as the argument of `--local-user' (-u) to gpg(1). IGNORE_PROXY (empty or non-empty) Default: empty If non-empty, use direct connections and ignore FTP_PROXY and HTTP_PROXY. IGNORE_URL (URL, may be specified multiple times) Default: none URL of a security advisory from the pkg-vulnerabilities that should be ignored when running: pkg_admin audit May be specified multiple times to ignore multiple advisories. PKG_DBDIR (*) (path) Default: @PKG_DBDIR@ Location of the packages database. This option is overriden by the argument of the -K option. PKG_PATH (*) (semicolon-separated list of paths or URLs) Default: empty Search path for packages. The entries are separated by semi- colon. Each entry specifies a directory or URL to search for packages. PKG_REFCOUNT_DBDIR (*) (path) Default: ${PKG_DBDIR}.refcount Location of the package reference counts database directory. PKGVULNDIR (path) Default: ${PKG_DBDIR} Directory name in which the pkg-vulnerabilities file resides. PKGVULNURL (URL) Default: http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz URL which is used for updating the local pkg-vulnerabilities file when running: pkg_admin fetch-pkg-vulnerabilities Note: Usually, only the compression type should be changed. Cur- rently supported are uncompressed files and files compressed by bzip2(1) (.bz2) or gzip(1) (.gz). VERBOSE_NETIO (empty or non-empty) Default: empty If non-empty, log details of network IO to stderr. VERIFIED_INSTALLATION (`never', `always', `trusted', or `interactive') Default: `never' Verification requirement for installing a package. Supported values are: never Install package unconditionally. always Install package only if it has a valid X.509 or OpenPGP signature. trusted Install package without user interaction if it has a valid X.509 or OpenPGP signature. Otherwise, prompt user to confirm installation. interactive Always prompt the user to confirm installation when installing a package. WARNING: This does not tell the user whether the package had a valid signature or not.
FILES
/etc/pkg_install.conf Default location for the file described in this manual page.
SEE ALSO
pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1) NetBSD 10.99 October 28, 2014 NetBSD 10.99
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.