- NetBSD Manual Pages
PKG_ADD(1) NetBSD General Commands Manual PKG_ADD(1)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
pkg_add -- a utility for installing and upgrading software package dis-
pkg_add [-AfILMnRSuVv] [-K pkg_dbdir] [-p prefix] [-s verification-type]
[-t template] [-W viewbase] [-w view]
The pkg_add command is used to extract and upgrade packages that have
been previously created with the pkg_create(1) command. Packages are
prepared collections of pre-built binaries, documentation, configura-
tions, installation instructions and/or other files. pkg_add can recur-
sively install other packages that the current package depends on or
requires from both local disk and via FTP or HTTP.
Since the pkg_add command may execute scripts or programs contained
within a package file, your system may be susceptible to ``Trojan
horses'' or other subtle attacks from miscreants who create dangerous
You are advised to verify the competence and identity of those who pro-
vide installable package files. For extra protection, use the digital
signatures provided where possible (see the -s option), or, failing that,
use the -M flag to extract the package file, and inspect its contents and
scripts to ensure it poses no danger to your system's integrity. Pay
particular attention to any +INSTALL, +DEINSTALL, +REQUIRE, or
+MTREE_DIRS files, and inspect the +CONTENTS file for @cwd, @mode (check
for setuid), @dirrm, @exec, and @unexec directives, and/or use the
pkg_info(1) command to examine the package file.
The following command line arguments are supported:
The named packages are installed. pkg-name may be either a URL
or a local pathname, a package name of "-" will cause pkg_add to
read from stdin. If the packages are not found in the current
working directory, pkg_add will search them in each directory
named by the PKG_PATH environment variable. Any dependencies
required by the installed package will be searched in the same
location that the original package was installed from.
-A Mark package as installed automatically, as dependency of another
package. You can use
pkg_admin set automatic=YES
to mark packages this way after installation, and
pkg_admin unset automatic
to remove the mark. If you pkg_add a package without specifying
-A after it had already been automatically installed, the mark is
-f Force installation to proceed even if prerequisite packages are
not installed or the requirements script fails. Although pkg_add
will still try to find and auto-install missing prerequisite
packages, a failure to find one will not be fatal. This flag
also overrides the fatal error when the operating system or
architecture the package was built on differ from that of the
-I If an installation script exists for a given package, do not exe-
Set pkg_dbdir as the package database directory. If this option
isn't specified, then the package database directory is taken
from the value of the environment variable PKG_DBDIR if it's set,
otherwise it defaults to /var/db/pkg.
-L Don't add the package to any views after installation.
-M Run in MASTER mode. This is a very specialized mode for running
pkg_add and is meant to be run in conjunction with SLAVE mode.
When run in this mode, pkg_add does no work beyond extracting the
package into a temporary staging area (see the -t option), read-
ing in the packing list, and then dumping it (prefaced by the
current staging area) to stdout where it may be filtered by a
program such as sed(1). When used in conjunction with SLAVE
mode, it allows you to make radical changes to the package struc-
ture before acting on its contents.
-n Don't actually install a package, just report the steps that
would be taken if it was.
Set prefix as the directory in which to extract files from a
package. If a package has set its default directory, it will be
overridden by this flag. Note that only the first @cwd directive
will be replaced, since pkg_add has no way of knowing which
directory settings are relative and which are absolute. It is
rare in any case to see more than one directory transition made,
but when such does happen and you wish to have control over *all*
directory transitions, then you may then wish to look into the
use of MASTER and SLAVE modes (see the -M and -S options).
-R Do not record the installation of a package. This means that you
cannot deinstall it later, so only use this option if you know
what you are doing!
-S Run in SLAVE mode. This is a very specialized mode for running
pkg_add and is meant to be run in conjunction with MASTER mode.
When run in this mode, pkg_add expects the release contents to be
already extracted and waiting in the staging area, the location
of which is read as a string from stdin. The complete packing
list is also read from stdin, and the contents then acted on as
Use a callout to an external program to verify the binary package
being installed against an existing detached signature file. The
signature file must reside in the same directory as the binary
package. At the present time, the following verification types
are defined: none, gpg and pgp5. The signature will be verified
at install time, and the results will be displayed. If the sig-
nature type is anything other than none, the user will be asked
if pkg_add should proceed to install the binary package. The
user must then take the decision whether to proceed or not,
depending upon the amount of trust that is placed in the signa-
tory of the binary package. Please note that, at the current
time, it is not possible to use the verification feature when
using pkg_add to add a binary package via a URL - the package,
and the related detached signature file, must be local for the
verification to work.
Use template as the input to mktemp(3) when creating a ``staging
area''. By default, this is the string /var/tmp/instmp.XXXXXX,
but it may be necessary to override it in the situation where
space in your /var/tmp directory is limited. Be sure to leave
some number of `X' characters for mktemp(3) to fill in with a
You can get a performance boost by setting the staging area
template to reside on the same disk partition as target directo-
ries for package file installation; often this is /usr.
-u If the package that's being installed is already installed,
either in the same or a different version, an update is per-
formed. If this is specified twice, then any dependant packages
that are too old will also be updated to fulfill the dependency.
See below for a more detailed description of the process.
-V Print version number and exit.
-v Turn on verbose output.
Set viewbase as the base directory for the managed views. The
default viewbase directory is set by pkg_view(1). This value
also may be set from the LOCALBASE environment variable.
Set the view to which packages should be added after installa-
tion. The default view is set by pkg_view(1). This value also
may be set from the PKG_VIEW environment variable.
One or more pkg-name arguments may be specified, each being either a file
containing the package (these usually ending with the ``.tgz'' suffix) or
a URL pointing at a file available on an ftp or web site. Thus you may
extract files directly from their anonymous ftp or WWW locations (e.g.,
ages/2.0/i386/shells/bash-3.0nb1.tgz or pkg_add http://www.exam-
ple.org/packages/screen-4.0.tbz). Note: For ftp transfers, if you wish
to use passive mode ftp in such transfers, set the variable FTP_PAS-
SIVE_MODE to some value in your environment. Otherwise, the more stan-
dard ACTIVE mode may be used. If pkg_add consistently fails to fetch a
package from a site known to work, it may be because you have a firewall
that demands the usage of passive mode ftp.
pkg_add extracts each package's ``packing list'' into a special staging
directory in /var/tmp (or $PKG_TMPDIR if set) and then runs through the
following sequence to fully extract the contents of the package:
1. A check is made to determine if the package or another version
of it is already recorded as installed. If it is, installa-
tion is terminated if the -u option is not given.
If the -u option is given, it's assumed the package should be
replaced by the new version instead. Before doing so, all
packages that depend on the pkg being upgraded are checked if
they also work with the new version. If that test is success-
ful, replacing is prepared by moving an existing +REQUIRED_BY
file aside (if it exists), and running pkg_delete(1) on the
installed package. Installation then proceeds as if the pack-
age was not installed, and restores the +REQUIRED_BY file
2. A check is made to determine if the package conflicts (from
@pkgcfl directives, see pkg_create(1)) with an already
recorded as installed package. If it is, installation is ter-
3. All package dependencies (from @pkgdep directives, see
pkg_create(1)) are read from the packing list. If any of
these required packages are not currently installed, an
attempt is made to find and install it; if the missing package
cannot be found or installed, the installation is terminated.
If the -u option was specified twice, any required packages
that are installed, but which have a version number that is
considered to be too old, are also updated. The dependant
packages are found according to the normal PKG_PATH rules.
4. A search is made for any @option directives which control how
the package is added to the system. The only currently imple-
mented option is @option extract-in-place, which causes the
package to be extracted directly into its prefix directory
rather than moving it through a staging area in /var/tmp.
5. If @option extract-in-place is enabled, the package is now
extracted directly into its final location, otherwise it is
extracted into the staging area.
6. The package build information is extracted from the
+BUILD_INFO file and compared against the result of uname(3).
If the operating system or architecture of the package differ
from that of the host, installation is aborted. This behavior
is overridable with the -f flag.
7. The package build information from +BUILD_INFO is then checked
for USE_ABI_DEPENDS=NO (or IGNORE_RECOMMENDED). If the pack-
age was built with ABI dependency recommendations ignored, a
warning will be issued.
8. If the package contains a require script (see pkg_create(1)),
it is executed with the following arguments:
pkg-name The name of the package being installed
INSTALL Keyword denoting to the script that it is to run
an installation requirements check. (The key-
word is useful only to scripts which serve mul-
If the require script exits with a non-zero status code, the
installation is terminated.
9. If the package contains an install script, it is executed with
the following arguments:
pkg-name The name of the package being installed.
PRE-INSTALL Keyword denoting that the script is to perform
any actions needed before the package is
If the install script exits with a non-zero status code, the
installation is terminated.
10. If @option extract-in-place is not present in the packing
list, then it is used as a guide for moving (or copying, as
necessary) files from the staging area into their final loca-
11. If the package contains an mtreefile file (see pkg_create(1)),
then mtree is invoked as:
mtree -u -f mtreefile -d -e -p prefix
where prefix is either the prefix specified with the -p flag
or, if no -p flag was specified, the name of the first direc-
tory named by a @cwd directive within this package.
12. If an install script exists for the package, it is executed
with the following arguments:
pkg_name The name of the package being installed.
POST-INSTALL Keyword denoting that the script is to perform
any actions needed after the package has been
13. After installation is complete, a copy of the packing list,
deinstall script, description, and display files are copied
into /var/db/pkg/<pkg-name> for subsequent possible use by
pkg_delete(1). Any package dependencies are recorded in the
other packages' /var/db/pkg/<other-pkg>/+REQUIRED_BY file (if
an alternate package database directory is specified, then it
overrides the /var/db/pkg path shown above).
14. If the package is a depoted package, then add it to the
15. The staging area is deleted and the program terminates.
16. Finally, if we were upgrading a package, any +REQUIRED_BY file
that was moved aside before upgrading was started is now moved
back into place.
The install and require scripts are called with the environment variable
PKG_PREFIX set to the installation prefix (see the -p option above).
This allows a package author to write a script that reliably performs
some action on the directory where the package is installed, even if the
user might change it with the -p flag to pkg_add. The scripts are also
called with the PKG_METADATA_DIR environment variable set to the location
of the +* meta-data files, and with the PKG_REFCOUNT_DBDIR environment
variable set to the location of the package reference counts database
LOCALBASE This is the location of the viewbase directory in which all
the views are managed. The default viewbase directory is
PKG_DBDIR If the -K flag isn't given, then PKG_DBDIR is the location of
the package database directory. The default package database
directory is /var/db/pkg.
PKG_PATH The value of the PKG_PATH is used if a given package can't be
found, it's usually set to /usr/pkgsrc/packages/All. The
environment variable should be a series of entries separated
by semicolons. Each entry consists of a directory name or
URL. The current directory may be indicated implicitly by an
empty directory name, or explicitly by a single period. FTP
URLs may not end with a slash.
Location of the package reference counts database directory.
The default location is the path to the package database
directory with ``.refcount'' appended to the path, e.g.
PKG_TMPDIR Staging directory for installing packages, defaults to
/var/tmp. Set to directory with lots of free disk if you run
out of space when installing a binary package.
PKG_VIEW The default view can be specified in the PKG_VIEW environment
In all cases, pkg_add will try to install binary packages listed in
You can specify a compiled binary package explicitly on the command line.
# pkg_add /usr/pkgsrc/packages/All/tcsh-6.14.00.tgz
If you omit the version number, pkg_add will install the latest version
available. With -v, pkg_add emits more messages to terminal.
# pkg_add -v /usr/pkgsrc/packages/All/unzip
You can grab a compiled binary package from remote location by specifying
a URL. The URL can be put into an environment variable, PKG_PATH.
# pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/firefox-1.0.3.tgz
# export PKG_PATH=ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All
# pkg_add -v firefox
Over time, as problems are found in packages, they will be moved from the
All subdirectory into the vulnerable subdirectory. If you want to accept
vulnerable packages by default (and know what you are doing), you can add
the vulnerable directory to your PKG_PATH like this:
# export PKG_PATH="ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All;ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/vulnerable"
(The quotes are needed because semicolon (`;') is a shell meta-charac-
ter.) If you do this, consider installing and using the
security/audit-packages package and running it after every pkg_add.
pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1), mktemp(3),
sysconf(3), packages(7), mtree(8)
Initial work and ongoing development.
NetBSD wildcard dependency processing, pkgdb, upgrading, etc.
Hard links between files in a distribution are only preserved if either
(1) the staging area is on the same file system as the target directory
of all the links to the file, or (2) all the links to the file are brack-
eted by @cwd directives in the contents file, and and the link names are
extracted with a single tar command (not split between invocations due to
exec argument-space limitations--this depends on the value returned by
Package upgrading needs a lot more work to be really universal.
Sure to be others.
NetBSD 4.0 April 3, 2006 NetBSD 4.0