NAME
pkg_install.conf —
configuration file
for package installation tools
DESCRIPTION
The file
pkg_install.conf contains system defaults for the
package installation tools as a list of variable-value pairs. Each line has
the format
VARIABLE=VALUE
. If the value consists of
more than one line, each line is prefixed with
VARIABLE=
.
The current value of a variable can be checked by running
pkg_admin config-var
VARIABLE
Some variables are overriden by environmental variables of the same name. Those
are marked by (*).
The following variables are supported:
-
-
ACCEPTABLE_LICENSES
- Space-separated list of licenses packages are allowed to
carry. License names are case-sensitive.
-
-
ACTIVE_FTP
- Force the use of active FTP.
-
-
CACHE_INDEX
- Cache directory listings in memory. This avoids retransfers
of the large directory index for HTTP and is enabled by default.
-
-
CERTIFICATE_ANCHOR_PKGS
- Path to the file containing the certificates used for
validating binary packages. A package is trusted when a certificate chain
ends in one of the certificates contained in this file. The certificates
must be PEM-encoded.
-
-
CERTIFICATE_ANCHOR_PKGVULN
- Analogous to
CERTIFICATE_ANCHOR_PKGS
. The
pkg-vulnerabilities is trusted when a certificate chain
ends in one of the certificates contained in this file.
-
-
CERTIFICATE_CHAIN
- Path to a file containing additional certificates that can
be used for completing certificate chains when validating binary packages
or pkg-vulnerabilities files.
-
-
CHECK_LICENSE
- Check the license conditions of packages before installing
them. Supported values are:
-
-
no
- The check is not performed.
-
-
yes
- The check is performed if the package has license
conditions set.
-
-
always
- Passing the license check is required. Missing license
conditions are considered an error.
-
-
CHECK_END_OF_LIFE
- During vulnerability checks, consider packages that have
reached end-of-life as vulnerable. This option is enabled by default.
-
-
CHECK_OSABI
- If "no", osabi package does not check OS version.
The default is "yes".
-
-
CHECK_VULNERABILITIES
- Check for vulnerabilities when installing packages.
Supported values are:
-
-
never
- No check is performed.
-
-
always
- Passing the vulnerability check is required. A missing
pkg-vulnerabilities file is considered an error.
-
-
interactive
- The user is always asked to confirm installation of
vulnerable packages.
-
-
CONFIG_CACHE_CONNECTIONS
- Limit the global connection cache to this value. For FTP,
this is the number of sessions without active command. For HTTP, this is
the number of connections open with keep-alive.
-
-
CONFIG_CACHE_CONNECTIONS_HOST
- Like
CONFIG_CACHE_CONNECTIONS
, but
limit the number of connections to the host as well. See
fetch(3) for further
details
-
-
DEFAULT_ACCEPTABLE_LICENSES
- Space-separated list of common Free and Open Source
licenses packages are allowed to carry. The default value contains all OSI
approved licenses in pkgsrc on the date pkg_install was released. License
names are case-sensitive.
-
-
GPG
- Path to gpg(1),
which can be used to verify the signature in the
pkg-vulnerabilities file when running
pkg_admin
check-pkg-vulnerabilities -s
or
pkg_admin
fetch-pkg-vulnerabilities -s
It can also be used to verify and sign binary packages.
-
-
GPG_KEYRING_PKGVULN
- Non-default keyring to use for verifying GPG signatures of
pkg-vulnerabilities.
-
-
GPG_KEYRING_SIGN
- Non-default keyring to use for signing packages with
GPG.
-
-
GPG_KEYRING_VERIFY
- Non-default keyring to use for verifying GPG signature of
packages.
-
-
GPG_SIGN_AS
- User-id to use for signing packages.
-
-
IGNORE_PROXY
- Use direct connections and ignore
FTP_PROXY
and
HTTP_PROXY
.
-
-
IGNORE_URL
- One line per advisory which should be ignored when running
pkg_admin
audit
The URL from the pkg-vulnerabilities file should be used
as value.
-
-
PKG_DBDIR
(*)
- Location of the packages database. This option is always
overriden by the argument of the -K option.
-
-
PKG_PATH
(*)
- Search path for packages. The entries are separated by
semicolon. Each entry specifies a directory or URL to search for
packages.
-
-
PKG_REFCOUNT_DBDIR
(*)
- Location of the package reference counts database
directory. The default value is
${PKG_DBDIR}.refcount.
-
-
PKGVULNDIR
- Directory name in which the
pkg-vulnerabilities file resides. Default is
${PKG_DBDIR}.
-
-
PKGVULNURL
- URL which is used for updating the local
pkg-vulnerabilities file when running
pkg_admin
fetch-pkg-vulnerabilities
The default location is ftp.NetBSD.org using HTTP. Note:
Usually, only the compression type should be changed. Currently supported
are uncompressed files and files compressed by
bzip2(1)
(.bz2) or
gzip(1)
(.gz).
-
-
VERBOSE_NETIO
- Log details of network IO to stderr.
-
-
VERIFIED_INSTALLATION
- Set trust level used when installation. Supported values
are:
-
-
never
- No signature checks are performed.
-
-
always
- A valid signature is required. If the binary package
can not be verified, the installation is terminated
-
-
trusted
- A valid signature is required. If the binary package
can not be verified, the user is asked interactively.
-
-
interactive
- The user is always asked interactively when installing
a package.
FILES
-
-
- /etc/pkg_install.conf
- Default location for the file described in this manual
page.
SEE ALSO
pkg_add(1),
pkg_admin(1),
pkg_create(1),
pkg_delete(1),
pkg_info(1)