Basically, there are two ways of using pkgsrc. The first is to only install the package tools and to use binary packages that someone else has prepared. This is the pkg in pkgsrc. The second way is to install the src of pkgsrc, too. Then you are able to build your own packages, and you can still use binary packages from someone else. To use binary packages, you need some tools to manage them. On NetBSD, these tools are already installed. On all other operating systems, you need to install them first. For the following platforms, prebuilt versions of the package tools are available and can simply be downloaded and unpacked in the / directory: PlatformURL Solaris 9ftp://ftp0.mh.bbc.co.uk/pub/pkgsrc/packages/bootstrap-pkgsrc/ Solaris 10http://public.enst.fr/pkgsrc/packages/bootstrap-pkgsrc/ These pre-built package tools use /usr/pkg for the base directory, and /var/db/pkg for the database of installed packages. If you cannot use these directories for whatever reasons (maybe because you're not root), you have to build the package tools yourself, which is explained in . To install binary packages, you first need to know from where to get them. You can get them on CD-ROMs, DVDs, or via FTP or HTTP. The binary packages can be found at the following locations. PlatformURL NetBSDftp://ftp.NetBSD.org/pub/NetBSD/packages/ Solaris 9ftp://ftp0.mh.bbc.co.uk/pub/pkgsrc/packages/ Solaris 10http://public.enst.fr/pkgsrc/packages/ Most of these directories contain binary packages for multiple platforms. Select the appropriate subdirectories, according to your machine architecture and operating system, until you find a directory called All. This directory contains all the binary packages. Further, there are subdirectories for categories that contain symbolic links that point to the actual binary package in ../All. This directory layout is used for all package repositories, no matter if they are accessed via HTTP, FTP, NFS, CD-ROM, or the local filesystem. If you have the files on a CD-ROM or downloaded them to your hard disk, you can install them with the following command (be sure to su to root first): &rprompt; pkg_add /path/to/package.tgz If you have FTP access and you don't want to download the packages via FTP prior to installation, you can do this automatically by giving pkg_add an FTP URL: &rprompt; pkg_add ftp://ftp.NetBSD.org/pub/NetBSD/packages/<OSVERSION>/<ARCH>/All/package Note that any prerequisite packages needed to run the package in question will be installed, too, assuming they are present where you install from. To save some typing, you can set the PKG_PATH environment variable to a semicolon-separated list of paths (including remote URLs); trailing slashes are not allowed. Additionally to the All directory there exists a vulnerable directory to which binary packages with known vulnerabilities are moved, since removing them could cause missing dependencies. To use these packages, add the vulnerable directory to your PKG_PATH. However, you should run security/audit-packages regularly, especially after installing new packages, and verify that the vulnerabilities are acceptable for your configuration. An example PKG_PATH would be: ftp://ftp.NetBSD.org/pub/NetBSD/packages/<OSVERSION>/<ARCH>/All;ftp://ftp.NetBSD.org/pub/NetBSD/packages/<OSVERSION>/<ARCH>/vulnerable Please note that semicolon (';') is a shell meta-character, so you'll probably have to quote it. After you've installed packages, be sure to have /usr/pkg/bin and /usr/pkg/sbin in your PATH so you can actually start the just installed program. To deinstall a package, it does not matter whether it was installed from source code or from a binary package. The pkg_delete command does not know it anyway. To delete a package, you can just run pkg_delete package-name. The package name can be given with or without version number. Wildcards can also be used to deinstall a set of packages, for example *emacs*. Be sure to include them in quotes, so that the shell does not expand them before pkg_delete sees them. The -r option is very powerful: it removes all the packages that require the package in question and then removes the package itself. For example: &rprompt; pkg_delete -r jpeg will remove jpeg and all the packages that used it; this allows upgrading the jpeg package. The pkg_info shows information about installed packages or binary package files. The NetBSD Security-Officer and Packages Groups maintain a list of known security vulnerabilities to packages which are (or have been) included in pkgsrc. The list is available from the NetBSD FTP site at . Through security/audit-packages, this list can be downloaded automatically, and a security audit of all packages installed on a system can take place. There are two components to security/audit-packages. The first component, download-vulnerability-list, is for downloading the list of vulnerabilities from the NetBSD FTP site. The second component, audit-packages, checks to see if any of your installed packages are vulnerable. If a package is vulnerable, you will see output similar to the following: Package samba-2.0.9 has a local-root-shell vulnerability, see http://www.samba.org/samba/whatsnew/macroexploit.html One can set up security/audit-packages to download the vulnerabilities file daily, and include a package audit in the daily security script. Details on this are located in the MESSAGE file for security/audit-packages. Install pkgtools/pkglint and run lintpkgsrc with the -i argument to check if your packages are up-to-date, e.g. &cprompt; lintpkgsrc -i ... Version mismatch: 'tcsh' 6.09.00 vs 6.10.00 You can then use make update to update the package on your system and rebuild any dependencies. The pkg_admin executes various administrative functions on the package system. Please pay very careful attention to the warnings expressed in the &man.pkg.add.1; manual page about the inherent dangers of installing binary packages which you did not create yourself, and the security holes that can be introduced onto your system by indiscriminate adding of such files. The same warning of course applies to every package you install from source when you haven't completely read and understood the source code of the package, the compiler that is used to build the package and all the other tools that are involved. After obtaining pkgsrc, the pkgsrc directory now contains a set of packages, organized into categories. You can browse the online index of packages, or run make readme from the pkgsrc directory to build local README.html files for all packages, viewable with any web browser such as www/lynx or www/firefox. The default prefix for installed packages is /usr/pkg. If you wish to change this, you should do so by setting LOCALBASE in mk.conf. You should not try to use multiple different LOCALBASE definitions on the same system (inside a chroot is an exception). The rest of this chapter assumes that the package is already in pkgsrc. If it is not, see for instructions how to create your own packages. To build packages from source, you need a working C compiler. On NetBSD, you need to install the comp and the text distribution sets. If you want to build X11-related packages, the xbase and xcomp distribution sets are required, too. The first step for building a package is downloading the distfiles (i.e. the unmodified source). If they have not yet been downloaded, pkgsrc will fetch them automatically. If you have all files that you need in the distfiles directory, you don't need to connect. If the distfiles are on CD-ROM, you can mount the CD-ROM on /cdrom and add: DISTDIR=/cdrom/pkgsrc/distfiles to your mk.conf. You can overwrite some of the major distribution sites to fit to sites that are close to your own. By setting one or two variables you can modify the order in which the master sites are accessed. MASTER_SORT contains a whitespace delimited list of domain suffixes. MASTER_SORT_REGEX is even more flexible, it contains a whitespace delimited list of regular expressions. It has higher priority than MASTER_SORT. Have a look at pkgsrc/mk/defaults/mk.conf to find some examples. This may save some of your bandwidth and time. You can change these settings either in your shell's environment, or, if you want to keep the settings, by editing the /etc/mk.conf file, and adding the definitions there. If a package depends on many other packages (such as meta-pkgs/kde3), the build process may alternate between periods of downloading source, and compiling. To ensure you have all the source downloaded initially you can run the command: &cprompt; make fetch-list | sh which will output and run a set of shell commands to fetch the necessary files into the distfiles directory. You can also choose to download the files manually. Once the software has downloaded, any patches will be applied, then it will be compiled for you. This may take some time depending on your computer, and how many other packages the software depends on and their compile time. If using bootstrap or pkgsrc on a non-NetBSD system, use the pkgsrc bmake command instead of make in the examples in this guide. For example, type &cprompt; cd misc/figlet &cprompt; make at the shell prompt to build the various components of the package. The next stage is to actually install the newly compiled program onto your system. Do this by entering: &cprompt; make install while you are still in the directory for whatever package you are installing. Installing the package on your system may require you to be root. However, pkgsrc has a just-in-time-su feature, which allows you to only become root for the actual installation step. That's it, the software should now be installed and setup for use. You can now enter: &cprompt; make clean to remove the compiled files in the work directory, as you shouldn't need them any more. If other packages were also added to your system (dependencies) to allow your program to compile, you can tidy these up also with the command: &cprompt; make clean-depends Taking the figlet utility as an example, we can install it on our system by building as shown in . The program is installed under the default root of the packages tree - /usr/pkg. Should this not conform to your tastes, set the LOCALBASE variable in your environment, and it will use that value as the root of your packages tree. So, to use /usr/local, set LOCALBASE=/usr/local in your environment. Please note that you should use a directory which is dedicated to packages and not shared with other programs (i.e., do not try and use LOCALBASE=/usr). Also, you should not try to add any of your own files or directories (such as src/, obj/, or pkgsrc/) below the LOCALBASE tree. This is to prevent possible conflicts between programs and other files installed by the package system and whatever else may have been installed there. Some packages look in /etc/mk.conf to alter some configuration options at build time. Have a look at pkgsrc/mk/defaults/mk.conf to get an overview of what will be set there by default. Environment variables such as LOCALBASE can be set in /etc/mk.conf to save having to remember to set them each time you want to use pkgsrc. Occasionally, people want to look under the covers to see what is going on when a package is building or being installed. This may be for debugging purposes, or out of simple curiosity. A number of utility values have been added to help with this. If you invoke the &man.make.1; command with PKG_DEBUG_LEVEL=2, then a huge amount of information will be displayed. For example, make patch PKG_DEBUG_LEVEL=2 will show all the commands that are invoked, up to and including the patch stage. If you want to know the value of a certain &man.make.1; definition, then the VARNAME definition should be used, in conjunction with the show-var target. e.g. to show the expansion of the &man.make.1; variable LOCALBASE: &cprompt; make show-var VARNAME=LOCALBASE /usr/pkg &cprompt; If you want to install a binary package that you've either created yourself (see next section), that you put into pkgsrc/packages manually or that is located on a remote FTP server, you can use the "bin-install" target. This target will install a binary package - if available - via &man.pkg.add.1;, else do a make package. The list of remote FTP sites searched is kept in the variable BINPKG_SITES, which defaults to ftp.NetBSD.org. Any flags that should be added to &man.pkg.add.1; can be put into BIN_INSTALL_FLAGS. See pkgsrc/mk/defaults/mk.conf for more details. A final word of warning: If you set up a system that has a non-standard setting for LOCALBASE, be sure to set that before any packages are installed, as you cannot use several directories for the same purpose. Doing so will result in pkgsrc not being able to properly detect your installed packages, and fail miserably. Note also that precompiled binary packages are usually built with the default LOCALBASE of /usr/pkg, and that you should not install any if you use a non-standard LOCALBASE.