1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
|
<!-- $NetBSD: faq.xml,v 1.57 2020/02/24 21:13:56 rillig Exp $ -->
<chapter id="faq"> <?dbhtml filename="faq.html"?>
<title>Frequently Asked Questions</title>
<para>This section contains hints, tips & tricks on special things in
pkgsrc that we didn't find a better place for in the previous chapters, and
it contains items for both pkgsrc users and developers.</para>
<!-- ================================================================== -->
<sect1 id="mailing-list-pointers">
<title>Are there any mailing lists for pkg-related discussion?</title>
<para>The following mailing lists may be of interest to pkgsrc users:</para>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.NetBSD.org/mailinglists/index.html#pkgsrc-users">pkgsrc-users</ulink>:
This is a general purpose list for most issues regarding
pkgsrc, regardless of platform, e.g. soliciting user help
for pkgsrc configuration, unexpected build failures, using
particular packages, upgrading pkgsrc installations,
questions regarding the pkgsrc release branches, etc. General announcements or
proposals for changes that impact the pkgsrc user community,
e.g. major infrastructure changes, new features, package
removals, etc., may also be posted.</para>
</listitem>
<listitem>
<para><ulink
url="https://www.NetBSD.org/mailinglists/index.html#pkgsrc-bulk">pkgsrc-bulk</ulink>:
A list where the results of pkgsrc bulk builds are sent and
discussed.</para>
</listitem>
<listitem>
<para><ulink
url="https://www.NetBSD.org/mailinglists/index.html#pkgsrc-changes">pkgsrc-changes</ulink>:
This list is for those who are interested in getting a
commit message for every change committed to pkgsrc. It is
also available in digest form, meaning one daily message
containing all commit messages for changes to the package
source tree in that 24 hour period.</para>
</listitem>
</itemizedlist>
<para>To subscribe, do:</para>
<programlisting>
&cprompt; echo subscribe <replaceable>listname</replaceable> | mail majordomo@NetBSD.org
</programlisting>
<para>Archives for all these mailing lists are available from
<ulink url="https://mail-index.NetBSD.org/"/>.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="faq-pkgtools">
<title>Utilities for package management (pkgtools)</title>
<para>The directory <filename>pkgsrc/pkgtools</filename> contains
a number of useful utilities for both users and developers of pkgsrc. This
section attempts only to make the reader aware of some of the utilities and when
they might be useful, and not to duplicate the documentation that comes
with each package.</para>
<para>Utilities used by pkgsrc (automatically installed when needed):</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/x11-links</filename>:
Symlinks for use by buildlink.</para>
</listitem>
</itemizedlist>
<para>OS tool augmentation (automatically installed when needed):</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/digest</filename>:
Calculates various kinds of checksums (including SHA3).</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/libnbcompat</filename>:
Compatibility library for pkgsrc tools.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/mtree</filename>: Installed on
non-BSD systems due to lack of native mtree.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkg_install</filename>:
Up-to-date replacement for
<filename>/usr/sbin/pkg_install</filename>, or for use on operating
systems where pkg_install is not present.</para>
</listitem>
</itemizedlist>
<para>Utilities used by pkgsrc (not automatically installed):</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/pkg_tarup</filename>:
Create a binary package from an
already-installed package. Used by <command>make replace</command> to
save the old package.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/dfdisk</filename>:
Adds extra functionality to pkgsrc, allowing it to fetch distfiles
from multiple locations. It currently supports the following
methods: multiple CD-ROMs and network FTP/HTTP connections.</para>
</listitem>
<listitem>
<para><filename role="pkg">devel/cpuflags</filename>: Determine
the best compiler flags to optimise code for your current
CPU and compiler. </para>
</listitem>
</itemizedlist>
<para>Utilities for keeping track of installed packages, being up to date,
etc:</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/pkgin</filename>: A package
update tool similar to apt(1). Download, install, and upgrade
binary packages easily.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkg_chk</filename>: Reports on
packages whose installed versions do not match the latest pkgsrc
entries.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkgdep</filename>: Makes
dependency graphs of packages, to aid in choosing a strategy for
updating.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkgdepgraph</filename>: Makes
graphs from the output of <filename
role="pkg">pkgtools/pkgdep</filename> (uses graphviz).</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkglint</filename>: The
pkglint(1) program checks a pkgsrc entry for errors.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/lintpkgsrc</filename>: The lintpkgsrc(1) program
does various checks on the complete pkgsrc system.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/pkgsurvey</filename>: Report what
packages you have installed.</para>
</listitem>
</itemizedlist>
<para>Utilities for people maintaining or creating individual packages:</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/pkgdiff</filename>: Automate
making and maintaining patches for a package (includes pkgdiff,
pkgvi, mkpatches, etc.).</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/url2pkg</filename>: Aids in
converting to pkgsrc.</para>
</listitem>
</itemizedlist>
<para>Utilities for people maintaining pkgsrc (or: more obscure pkg
utilities)</para>
<itemizedlist>
<listitem>
<para><filename role="pkg">pkgtools/pkg_comp</filename>: Build
packages in a chrooted area.</para>
</listitem>
<listitem>
<para><filename role="pkg">pkgtools/libkver</filename>: Spoof
kernel version for chrooted cross builds.</para>
</listitem>
</itemizedlist>
</sect1>
<!-- ================================================================== -->
<sect1 id="non-root-pkgsrc">
<title>How to use pkgsrc as non-root</title>
<para>To install packages from source as a non-root user, download
pkgsrc as described in <xref linkend="getting"/>, cd into that
directory and run the command <command>./bootstrap/bootstrap
--unprivileged</command>.</para>
<para>This will install the binary part of pkgsrc to
<filename>~/pkg</filename> and put the pkgsrc configuration &mk.conf;
into <filename>~/pkg/etc</filename>.</para>
<para>For more details, see <filename>mk/unprivileged.mk</filename>.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="resume-transfers">
<title>How to resume transfers when fetching distfiles?</title>
<para>By default, resuming transfers in pkgsrc is disabled, but you can
enable this feature by adding the option
<varname>PKG_RESUME_TRANSFERS=YES</varname> into
&mk.conf;. If, during a fetch step, an incomplete
distfile is found, pkgsrc will try to resume it.</para>
<para>You can also
use a different program than the platform default program by changing the
<varname>FETCH_USING</varname> variable. You can specify the program by
using of ftp, fetch, wget or curl. Alternatively, fetching can be disabled
by using the value manual. A value of custom disables the system defaults
and dependency tracking for the fetch program. In that case you have to
provide <varname>FETCH_CMD</varname>, <varname>FETCH_BEFORE_ARGS</varname>,
<varname>FETCH_RESUME_ARGS</varname>, <varname>FETCH_OUTPUT_ARGS</varname>,
<varname>FETCH_AFTER_ARGS</varname>.</para>
<para>For example, if you want to use
<filename>wget</filename> to download, you'll have to use something
like:</para>
<programlisting>
FETCH_USING= wget
</programlisting>
</sect1>
<!-- ================================================================== -->
<sect1 id="x.org-from-pkgsrc">
<title>How can I install/use modular X.org from pkgsrc?</title>
<para>If you want to use modular X.org from pkgsrc instead of your system's own X11
(<filename>/usr/X11R6</filename>, <filename>/usr/openwin</filename>, ...)
you will have to add the following line into
&mk.conf;:</para>
<programlisting>
X11_TYPE=modular
</programlisting>
</sect1>
<!-- ================================================================== -->
<sect1 id="fetch-behind-firewall">
<title>How to fetch files from behind a firewall</title>
<para>If you are sitting behind a firewall which does not allow direct
connections to Internet hosts (i.e. non-NAT), you may specify the
relevant proxy hosts. This is done using an environment variable in the
form of a URL, e.g. in Amdahl, the machine
<quote>orpheus.amdahl.com</quote> is one of the firewalls, and it uses
port 80 as the proxy port number. So the proxy environment variables
are:</para>
<programlisting>
ftp_proxy=ftp://orpheus.amdahl.com:80/
http_proxy=http://orpheus.amdahl.com:80/
</programlisting>
</sect1>
<!-- ================================================================== -->
<sect1 id="fetch-https">
<title>How to fetch files from HTTPS sites</title>
<para>Some fetch tools are not prepared to support HTTPS by default
(for example, the one in NetBSD 6.0), or the one installed by the
pkgsrc bootstrap (to avoid an openssl dependency that low in the
dependency graph).</para>
<para>Usually you won't notice, because distribution files are
mirrored weekly to <quote>ftp.NetBSD.org</quote>, but that might not
be often enough if you are following pkgsrc-current. In that case, set
<varname>FETCH_USING</varname> in your &mk.conf; file to
<quote>curl</quote> or <quote>wget</quote>, which are both compiled
with HTTPS support by default. Of course, these tools need to be
installed before you can use them this way.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="passive-ftp">
<title>How do I tell <command>make fetch</command> to do passive FTP?</title>
<para>This depends on which utility is used to retrieve distfiles. From
<filename>bsd.pkg.mk</filename>, <varname>FETCH_CMD</varname> is assigned
the first available command from the following list:</para>
<itemizedlist>
<listitem>
<para><filename>${LOCALBASE}/bin/ftp</filename></para>
</listitem>
<listitem>
<para><filename>/usr/bin/ftp</filename></para>
</listitem>
</itemizedlist>
<para>On a default NetBSD installation, this will be
<filename>/usr/bin/ftp</filename>, which automatically tries passive
connections first, and falls back to active connections if the server
refuses to do passive. For the other tools, add the following to your
&mk.conf; file:
<varname>PASSIVE_FETCH=1</varname>.</para>
<para>Having that option present will prevent
<filename>/usr/bin/ftp</filename> from falling back to active
transfers.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="fetching-all-distfiles">
<title>How to fetch all distfiles at once</title>
<para>You would like to download all the distfiles in a single batch
from work or university, where you can't run a <command>make
fetch</command>. There is an archive of distfiles on <ulink
url="ftp://ftp.NetBSD.org/pub/pkgsrc/distfiles/">ftp.NetBSD.org</ulink>,
but downloading the entire directory may not be appropriate.</para>
<para>The answer here is to do a <command>make fetch-list</command> in
<filename>/usr/pkgsrc</filename> or one of its subdirectories, carry the
resulting list to your machine at work/school and use it there. If you
don't have a NetBSD-compatible &man.ftp.1; (like tnftp) at work, don't
forget to set <varname>FETCH_CMD</varname> to something that fetches a
URL:</para>
<para>At home:</para>
<screen>&cprompt; <userinput>cd /usr/pkgsrc</userinput>
&cprompt; <userinput>make fetch-list FETCH_CMD=wget DISTDIR=/tmp/distfiles >/tmp/fetch.sh</userinput>
&cprompt; <userinput>scp /tmp/fetch.sh work:/tmp</userinput></screen>
<para>At work:</para>
<screen>&cprompt; <userinput>sh /tmp/fetch.sh</userinput></screen>
<para>then tar up <filename>/tmp/distfiles</filename> and take it
home.</para>
<para>If you have a machine running NetBSD, and you want to get
<emphasis>all</emphasis> distfiles (even ones that aren't for your
machine architecture), you can do so by using the above-mentioned
<command>make fetch-list</command> approach, or fetch the distfiles
directly by running:</para>
<screen>&cprompt; <userinput>make mirror-distfiles</userinput></screen>
<para>If you even decide to ignore
<varname>NO_{SRC,BIN}_ON_{FTP,CDROM}</varname>, then you can get everything
by running:</para>
<screen>&cprompt; <userinput>make fetch NO_SKIP=yes</userinput></screen>
</sect1>
<!-- ================================================================== -->
<sect1 id="tmac.andoc-missing">
<title>What does <quote>Don't know how to make
/usr/share/tmac/tmac.andoc</quote> mean?</title>
<para>When compiling the <filename role="pkg">pkgtools/pkg_install</filename>
package, you get the error from make that it doesn't know how to make
<filename>/usr/share/tmac/tmac.andoc</filename>? This indicates that
you don't have installed the <quote>text</quote> set (nroff, ...) from
the NetBSD base distribution on your machine. It is recommended to do
that to format man pages.</para>
<para>In the case of the <filename
role="pkg">pkgtools/pkg_install</filename> package, you
can get away with setting <varname>NOMAN=YES</varname> either in the
environment or in &mk.conf;.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="bsd.own.mk-missing">
<title>What does <quote>Could not find bsd.own.mk</quote> mean?</title>
<para>You didn't install the compiler set, <filename>comp.tgz</filename>,
when you installed your NetBSD machine. Please get and install it, by
extracting it in <filename>/</filename>:</para>
<screen>&rprompt; <userinput>cd /</userinput>
&rprompt; <userinput>tar --unlink -zxvpf .../comp.tgz</userinput></screen>
<para><filename>comp.tgz</filename> is part of every NetBSD release. Get
the one that corresponds to your release (determine via <command>uname
-r</command>).</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="using-sudo-with-pkgsrc">
<title>Using 'sudo' with pkgsrc</title>
<para>When installing packages as non-root user and using the just-in-time
&man.su.1; feature of pkgsrc, it can become annoying to type in the root
password for each required package installed. To avoid this, the sudo
package can be used, which does password caching over a limited time. To
use it, install sudo (either as binary package or from
<filename role="pkg">security/sudo</filename>) and then put the
following into your &mk.conf;, somewhere
<emphasis>after</emphasis> the definition of the
<varname>LOCALBASE</varname> variable:</para>
<programlisting>
.if exists(${LOCALBASE}/bin/sudo)
SU_CMD= ${LOCALBASE}/bin/sudo /bin/sh -c
.endif
</programlisting>
</sect1>
<!-- ================================================================== -->
<sect1 id="faq.conf">
<title>How do I change the location of configuration files?</title>
<para>As the system administrator, you can choose where configuration files
are installed. The default settings make all these files go into
<filename>${PREFIX}/etc</filename> or some of its subdirectories; this may
be suboptimal depending on your expectations (e.g., a read-only,
NFS-exported <varname>PREFIX</varname> with a need of per-machine
configuration of the provided packages).</para>
<para>In order to change the defaults, you can modify the
<varname>PKG_SYSCONFBASE</varname> variable (in
&mk.conf;) to point to your preferred configuration
directory; some common examples include <filename>/etc</filename> or
<filename>/etc/pkg</filename>.</para>
<para>Furthermore, you can change this value on a per-package basis by
setting the <varname>PKG_SYSCONFDIR.${PKG_SYSCONFVAR}</varname> variable.
<varname>PKG_SYSCONFVAR</varname>'s value usually matches the name of the
package you would like to modify, that is, the contents of
<varname>PKGBASE</varname>.</para>
<para>Note that after changing these settings, you must rebuild and
reinstall any affected packages.</para>
</sect1>
<!-- ================================================================== -->
<sect1 id="audit-packages">
<title>Automated security checks</title>
<para>Please be aware that there can often be bugs in third-party software,
and some of these bugs can leave a machine vulnerable to exploitation by
attackers. In an effort to lessen the exposure, the NetBSD packages team
maintains a database of known-exploits to packages which have at one time
been included in pkgsrc. The database can be downloaded automatically, and
a security audit of all packages installed on a system can take place. To
do this, refer to the following two tools (installed as part of the
<filename role="pkg">pkgtools/pkg_install</filename> package):</para>
<orderedlist>
<listitem>
<para><command>pkg_admin fetch-pkg-vulnerabilities</command>, an easy way to
download a list of the security vulnerabilities information. This list
is kept up to date by the pkgsrc security team, and is distributed
from the NetBSD ftp server:</para>
<para><ulink
url="ftp://ftp.NetBSD.org/pkgsrc/distfiles/pkg-vulnerabilities"/></para>
</listitem>
<listitem>
<para><command>pkg_admin audit</command>, an easy way to audit the
current machine, checking each known vulnerability. If a
vulnerable package is installed, it will be shown by output to stdout,
including a description of the type of vulnerability, and a URL
containing more information.</para>
</listitem>
</orderedlist>
<para>Use of these tools is strongly recommended!
See <xref linkend="vulnerabilities"/> for instructions on how to automate checking and
reporting.</para>
<para>If this database is installed, pkgsrc builds will use it to
perform a security check before building any package.</para>
</sect1>
<sect1 id="ufaq-cflags">
<title>Why do some packages ignore my <varname>CFLAGS</varname>?</title>
<para>When you add your own preferences to the
<varname>CFLAGS</varname> variable in your
&mk.conf;, these flags are passed in
environment variables to the <filename>./configure</filename>
scripts and to &man.make.1;. Some package authors ignore the
<varname>CFLAGS</varname> from the environment variable by
overriding them in the <filename>Makefile</filename>s of their
package.</para>
<para>Currently there is no solution to this problem. If you
really need the package to use your <varname>CFLAGS</varname>
you should run <command>make patch</command> in the package
directory and then inspect any <filename>Makefile</filename> and
<filename>Makefile.in</filename> for whether they define
<varname>CFLAGS</varname> explicitly. Usually you can remove
these lines. But be aware that some <quote>smart</quote>
programmers write so bad code that it only works for the
specific combination of <varname>CFLAGS</varname> they have
chosen.</para>
<para>To find out where the CFLAGS are ignored, add the following lines to &mk.conf;:</para>
<programlisting>
CPPFLAGS+= -Dpkgsrc___CPPFLAGS
CFLAGS+= -Dpkgsrc___CFLAGS
CXXFLAGS+= -Dpkgsrc___CXXFLAGS
</programlisting>
<para>Then run <command>bmake show-all-configure show-all-build</command>
to see whether the above flags are passed to the actual build
commands in general.</para>
<para>To find out whether the flags are passed to individual compiler
commands, have a look at the file <filename>work/.work.log</filename>. In
most cases, the flags from the original command lines (the lines starting
with <literal>[*]</literal>) are passed unmodified to the actual compiler
(the lines starting with <literal><.></literal>). If the flag is
missing from the actual compiler command, it must have been removed by
the <link linkend="build.wrapper">pkgsrc compiler wrappers</link>.</para>
</sect1>
<sect1 id="ufaq-fail">
<title>A package does not build. What shall I do?</title>
<procedure>
<step><para>Make sure that your copy of pkgsrc is consistent. A
case that occurs often is that people only update pkgsrc in
parts, because of performance reasons. Since pkgsrc is one large
system, not a collection of many small systems, there are
sometimes changes that only work when the whole pkgsrc tree is
updated.</para></step>
<step><para>Make sure that you don't have any CVS conflicts.
Search for <quote><<<<<<</quote> or
<quote>>>>>>></quote> in all your pkgsrc
files.</para></step>
<step><para>Make sure that you don't have old copies of the packages
extracted. Run <command>make clean clean-depends</command> to
verify this.</para></step>
<step><para>If you are a package developer who wants to invest
some work, have a look at <xref linkend="fixes"/>.</para></step>
<step><para>If the problem still exists, write a mail to the
<literal>pkgsrc-users</literal> mailing list.</para></step>
</procedure>
</sect1>
<sect1 id="faq.rcs-conflicts">
<title>What does <quote>Makefile appears to contain unresolved cvs/rcs/??? merge conflicts</quote> mean?</title>
<para>You have modified a file from pkgsrc, and someone else has
modified that same file afterwards in the CVS repository. Both changes
are in the same region of the file, so when you updated pkgsrc, the
<literal>cvs</literal> command marked the conflicting changes in the
file. Because of these markers, the file is no longer a valid
<filename>Makefile</filename>.</para>
<para>Have a look at that file, and if you don't need your local changes
anymore, you can remove that file and run <command>cvs -q update
-dP</command> in that directory to download the current version.</para>
</sect1>
</chapter>
|