.\" $NetBSD: pkg_install.conf.5.in,v 1.3.14.1 2020/12/19 13:34:42 martin Exp $ .\" .\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Thomas Klausner. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .Dd October 28, 2014 .Dt PKG_INSTALL.CONF 5 .Os .Sh NAME .Nm pkg_install.conf .Nd configuration file for package installation tools .Sh DESCRIPTION The file .Nm contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format .Ev VARIABLE=VALUE . If the value consists of more than one line, each line is prefixed with .Ev VARIABLE= . .Pp The current value of a variable can be checked by running .Dl Ic pkg_admin config-var VARIABLE .Pp Some variables are overriden by environmental variables of the same name. Those are marked by (*). .Pp The following variables are supported: .Bl -tag -width indent .It Dv ACCEPTABLE_LICENSES Space-separated list of licenses packages are allowed to carry. License names are case-sensitive. .It Dv ACTIVE_FTP Force the use of active FTP. .It Dv CACHE_INDEX Cache directory listings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default. .It Dv CERTIFICATE_ANCHOR_PKGS Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. .It Dv CERTIFICATE_ANCHOR_PKGVULN Analogous to .Dv CERTIFICATE_ANCHOR_PKGS . The .Pa pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file. .It Dv CERTIFICATE_CHAIN Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. .It Dv CHECK_LICENSE Check the license conditions of packages before installing them. Supported values are: .Bl -tag -width interactiveXX .It Dv no The check is not performed. .It Dv yes The check is performed if the package has license conditions set. .It Dv always Passing the license check is required. Missing license conditions are considered an error. .El .It Dv CHECK_END_OF_LIFE During vulnerability checks, consider packages that have reached end-of-life as vulnerable. This option is enabled by default. .It Dv CHECK_OS_VERSION If "no", pkg_add will not warn if the host OS version does not exactly match the OS version the package was built on. The default is "yes". .It Dv CHECK_OSABI If "no", osabi package does not check OS version. The default is "yes". .It Dv CHECK_VULNERABILITIES Check for vulnerabilities when installing packages. Supported values are: .Bl -tag -width interactiveXX .It Dv never No check is performed. .It Dv always Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error. .It Dv interactive The user is always asked to confirm installation of vulnerable packages. .El .It Dv CONFIG_CACHE_CONNECTIONS Limit the global connection cache to this value. For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive. .It Dv CONFIG_CACHE_CONNECTIONS_HOST Like .Dv CONFIG_CACHE_CONNECTIONS , but limit the number of connections to the host as well. See .Xr fetch 3 for further details .It Dv DEFAULT_ACCEPTABLE_LICENSES Space-separated list of common Free and Open Source licenses packages are allowed to carry. The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive. .It Dv GPG Path to .Xr gpg 1 , which can be used to verify the signature in the .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin check-pkg-vulnerabilities -s or .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s It can also be used to verify and sign binary packages. .It Dv GPG_KEYRING_PKGVULN Non-default keyring to use for verifying GPG signatures of .Pa pkg-vulnerabilities . .It Dv GPG_KEYRING_SIGN Non-default keyring to use for signing packages with GPG. .It Dv GPG_KEYRING_VERIFY Non-default keyring to use for verifying GPG signature of packages. .It Dv GPG_SIGN_AS User-id to use for signing packages. .It Dv IGNORE_PROXY Use direct connections and ignore .Ev FTP_PROXY and .Ev HTTP_PROXY . .It Dv IGNORE_URL One line per advisory which should be ignored when running .Dl Ic pkg_admin audit The URL from the .Pa pkg-vulnerabilities file should be used as value. .It Dv PKG_DBDIR (*) Location of the packages database. This option is always overriden by the argument of the .Fl K option. .It Dv PKG_PATH (*) Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. .It Dv PKG_REFCOUNT_DBDIR (*) Location of the package reference counts database directory. The default value is .Pa ${PKG_DBDIR}.refcount . .It Dv PKGVULNDIR Directory name in which the .Pa pkg-vulnerabilities file resides. Default is .Pa ${PKG_DBDIR} . .It Dv PKGVULNURL URL which is used for updating the local .Pa pkg-vulnerabilities file when running .Dl Ic pkg_admin fetch-pkg-vulnerabilities The default location is ftp.NetBSD.org using HTTP. .Em Note : Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by .Xr bzip2 1 .Pq Pa .bz2 or .Xr gzip 1 .Pq Pa .gz . .It Dv VERBOSE_NETIO Log details of network IO to stderr. .It Dv VERIFIED_INSTALLATION Set trust level used when installation. Supported values are: .Bl -tag -width interactiveXX .It Dv never No signature checks are performed. .It Dv always A valid signature is required. If the binary package can not be verified, the installation is terminated .It Dv trusted A valid signature is required. If the binary package can not be verified, the user is asked interactively. .It Dv interactive The user is always asked interactively when installing a package. .El .El .Sh FILES .Bl -tag -width ".Pa @SYSCONFDIR@/pkg_install.conf" .It Pa @SYSCONFDIR@/pkg_install.conf Default location for the file described in this manual page. .El .Sh SEE ALSO .Xr pkg_add 1 , .Xr pkg_admin 1 , .Xr pkg_create 1 , .Xr pkg_delete 1 , .Xr pkg_info 1