From 695ecfab6744cb8350339790572f31831a71b73c Mon Sep 17 00:00:00 2001 From: wiz Date: Fri, 6 May 2005 23:03:41 +0000 Subject: Sync with usr.sbin/pkg_install/add/pkg_add.1 v1.59. --- pkgtools/pkg_install/files/add/pkg_add.1 | 57 +++++++++++++++++++++++------ pkgtools/pkg_install/files/add/pkg_add.cat1 | 29 ++++++++++----- 2 files changed, 65 insertions(+), 21 deletions(-) diff --git a/pkgtools/pkg_install/files/add/pkg_add.1 b/pkgtools/pkg_install/files/add/pkg_add.1 index b8538f9aa97..4e34115a579 100644 --- a/pkgtools/pkg_install/files/add/pkg_add.1 +++ b/pkgtools/pkg_install/files/add/pkg_add.1 @@ -1,4 +1,4 @@ -.\" $NetBSD: pkg_add.1,v 1.13 2005/02/05 00:28:58 jlam Exp $ +.\" $NetBSD: pkg_add.1,v 1.14 2005/05/06 23:03:41 wiz Exp $ .\" .\" FreeBSD install - a package for the installation and maintenance .\" of non-core utilities. @@ -17,7 +17,7 @@ .\" .\" @(#)pkg_add.1 .\" -.Dd February 4, 2005 +.Dd May 7, 2005 .Dt PKG_ADD 1 .Os .Sh NAME @@ -62,7 +62,9 @@ depends on or requires from both local disk and via FTP or HTTP. Since the .Nm command may execute scripts or programs contained within a package file, -your system may be susceptible to ``Trojan horses'' or other subtle +your system may be susceptible to +.Dq Trojan horses +or other subtle attacks from miscreants who create dangerous package files. .Pp You are advised to verify the competence and identity of those who @@ -228,14 +230,17 @@ Use .Ar template as the input to .Xr mktemp 3 -when creating a ``staging area.'' +when creating a +.Dq staging area . By default, this is the string .Pa /var/tmp/instmp.XXXXXX , but it may be necessary to override it in the situation where space in your .Pa /var/tmp directory is limited. -Be sure to leave some number of `X' characters for +Be sure to leave some number of +.Sq X +characters for .Xr mktemp 3 to fill in with a unique ID. .Pp @@ -281,7 +286,9 @@ environment variable. One or more .Ar pkg-name arguments may be specified, each being either a file containing the -package (these usually ending with the ``.tgz'' suffix) or a +package (these usually ending with the +.Dq .tgz +suffix) or a URL pointing at a file available on an ftp or web site. Thus you may extract files directly from their anonymous ftp or WWW locations (e.g., @@ -310,7 +317,8 @@ passive mode ftp. .Sh TECHNICAL DETAILS .Nm -extracts each package's "packing list" +extracts each package's +.Dq packing list into a special staging directory in /var/tmp (or $PKG_TMPDIR if set) and then runs through the following sequence to fully extract the contents of the package: @@ -573,7 +581,7 @@ will try to install binary packages listed in dependencies list. .Pp You can specify a compiled binary package explicitly on the command line. .Bd -literal -# pkg_add /usr/pkgsrc/packages/All/tcsh-6.10.00.tgz +# pkg_add /usr/pkgsrc/packages/All/tcsh-6.14.00.tgz .Ed .Pp If you omit the version number, @@ -587,16 +595,41 @@ emits more messages to terminal. # pkg_add -v /usr/pkgsrc/packages/All/unzip .Ed .Pp -You can grab a compiled binary package from remote location, by specifying +You can grab a compiled binary package from remote location by specifying a URL. The URL can be put into an environment variable, .Ev PKG_PATH . .Bd -literal -# pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/mozilla-1.7.3nb2.tgz +# pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/firefox-1.0.3.tgz # export PKG_PATH=ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All -# pkg_add -v mozilla +# pkg_add -v firefox .Ed +.Pp +Over time, as problems are found in packages, they will be moved +from the +.Pa All +subdirectory into the +.Pa vulnerable +subdirectory. +If you want to accept vulnerable packages by default +(and know what you are doing), +you can add the +.Pa vulnerable +directory to your +.Ev PKG_PATH +like this: +.Bd -literal +# export PKG_PATH="ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All;ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/vulnerable" +.Ed +.Pp +(The quotes are needed because semicolon +.Pq Sq \&; +is a shell meta-character.) +If you do this, consider installing and using the +.Pa security/audit-packages +package and running it after every +.Nm . .Sh SEE ALSO .Xr pkg_admin 1 , .Xr pkg_create 1 , @@ -633,6 +666,6 @@ invocations due to exec argument-space limitations--this depends on the value returned by .Fn sysconf _SC_ARG_MAX ) . .Pp -Pkg upgrading needs a lot more work to be really universal. +Package upgrading needs a lot more work to be really universal. .Pp Sure to be others. diff --git a/pkgtools/pkg_install/files/add/pkg_add.cat1 b/pkgtools/pkg_install/files/add/pkg_add.cat1 index e7325ccf26b..5745786212e 100644 --- a/pkgtools/pkg_install/files/add/pkg_add.cat1 +++ b/pkgtools/pkg_install/files/add/pkg_add.cat1 @@ -119,7 +119,7 @@ OOPPTTIIOONNSS --tt _t_e_m_p_l_a_t_e Use _t_e_m_p_l_a_t_e as the input to mktemp(3) when creating a ``staging - area.'' By default, this is the string _/_v_a_r_/_t_m_p_/_i_n_s_t_m_p_._X_X_X_X_X_X, + area''. By default, this is the string _/_v_a_r_/_t_m_p_/_i_n_s_t_m_p_._X_X_X_X_X_X, but it may be necessary to override it in the situation where space in your _/_v_a_r_/_t_m_p directory is limited. Be sure to leave some number of `X' characters for mktemp(3) to fill in with a @@ -163,7 +163,7 @@ OOPPTTIIOONNSS that demands the usage of _p_a_s_s_i_v_e _m_o_d_e ftp. TTEECCHHNNIICCAALL DDEETTAAIILLSS - ppkkgg__aadddd extracts each package's "packing list" into a special staging + ppkkgg__aadddd extracts each package's ``packing list'' into a special staging directory in /var/tmp (or $PKG_TMPDIR if set) and then runs through the following sequence to fully extract the contents of the package: @@ -327,20 +327,31 @@ EEXXAAMMPPLLEESS You can specify a compiled binary package explicitly on the command line. - # pkg_add /usr/pkgsrc/packages/All/tcsh-6.10.00.tgz + # pkg_add /usr/pkgsrc/packages/All/tcsh-6.14.00.tgz If you omit the version number, ppkkgg__aadddd will install the latest version available. With --vv, ppkkgg__aadddd emits more messages to terminal. # pkg_add -v /usr/pkgsrc/packages/All/unzip - You can grab a compiled binary package from remote location, by specify- - ing a URL. The URL can be put into an environment variable, PKG_PATH. + You can grab a compiled binary package from remote location by specifying + a URL. The URL can be put into an environment variable, PKG_PATH. - # pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/mozilla-1.7.3nb2.tgz + # pkg_add -v ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All/firefox-1.0.3.tgz # export PKG_PATH=ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All - # pkg_add -v mozilla + # pkg_add -v firefox + + Over time, as problems are found in packages, they will be moved from the + _A_l_l subdirectory into the _v_u_l_n_e_r_a_b_l_e subdirectory. If you want to accept + vulnerable packages by default (and know what you are doing), you can add + the _v_u_l_n_e_r_a_b_l_e directory to your PKG_PATH like this: + + # export PKG_PATH="ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/All;ftp://ftp.NetBSD.org/pub/NetBSD/packages/2.0/i386/vulnerable" + + (The quotes are needed because semicolon (`;') is a shell meta-charac- + ter.) If you do this, consider installing and using the + _s_e_c_u_r_i_t_y_/_a_u_d_i_t_-_p_a_c_k_a_g_e_s package and running it after every ppkkgg__aadddd. SSEEEE AALLSSOO pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1), mktemp(3), @@ -365,8 +376,8 @@ BBUUGGSS exec argument-space limitations--this depends on the value returned by ssyyssccoonnff(___S_C___A_R_G___M_A_X)). - Pkg upgrading needs a lot more work to be really universal. + Package upgrading needs a lot more work to be really universal. Sure to be others. -NetBSD 2.0 February 4, 2005 NetBSD 2.0 +NetBSD 2.0 May 7, 2005 NetBSD 2.0 -- cgit v1.2.3