1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
.\" $NetBSD: pkg_install.conf.5,v 1.1.2.2 2008/08/21 16:04:39 joerg Exp $
.\"
.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Thomas Klausner.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd August 21, 2008
.Dt PKG_INSTALL.CONF 5
.Os
.Sh NAME
.Nm pkg_install.conf
.Nd configuration file for package installation tools
.Sh DESCRIPTION
The file
.Nm
contains system defaults for the package installation tools
as a list of variable-value pairs.
Each line has the format
.Ev VARIABLE=VALUE .
If the value consists of more than one line, each line is prefixed with
.Ev VARIABLE= .
.Pp
The current value of a variable can be checked by running
.Dl Ic pkg_admin config-var VARIABLE
.Pp
The following variables are supported:
.Bl -tag -width indent
.It Dv ACTIVE_FTP
Force the use of active FTP.
.It Dv CERTIFICATE_ANCHOR_PKGS
Path to the file containing the certificates used for validating
binary packages.
A package is trusted when a certificate chain ends in one of the
certificates contained in this file.
The certificates must be PEM-encoded.
.It Dv CERTIFICATE_ANCHOR_PKGVULN
Analogous to
.Dv CERTIFICATE_ANCHOR_PKGS .
The
.Pa pkg-vulnerabilities
is trusted when a certificate chain ends in one of the certificates
contained in this file.
.It Dv CERTIFICATE_CHAIN
Path to a file containing additional certificates that can be used
for completing certicate chains when validating binary packages or
pkg-vulnerabilities files.
.It Dv GPG
Deprecated.
Path to
.Xr gpg 1 ,
which can be used to verify the signature in the
.Pa pkg-vulnerabilities
file when running
.Dl Ic pkg_admin check-pkg-vulnerabilities -s
or
.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
.It Dv IGNORE_PROXY
Use direct connections and ignore
.Pa FTP_PROXY
and
.Pa HTTP_PROXY .
.It Dv IGNORE_URL
One line per advisory which should be ignored when running
.Dl Ic pkg_admin audit
The URL from the
.Pa pkg-vulnerabilities
file should be used as value.
.It Dv PKGVULNDIR
Directory name in which the
.Pa pkg-vulnerabilities
file resides.
Default is
.Pa ${PKG_DBDIR} .
.It Dv PKGVULNURL
URL which is used for updating the local
.Pa pkg-vulnerabilities
file when running
.Dl Ic pkg_admin fetch-pkg-vulnerabilities
The default is
.Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz
.Em Note :
Usually, only the compression type should be changed.
Currently supported are uncompressed files and files compressed by
.Xr bzip2 1
.Pq Pa .bz2
or
.Xr gzip 1
.Pq Pa .gz .
.It Dv VERBOSE_NETIO
Log details of network IO to stderr.
.It Dv VERIFIED_INSTALLATION
Set trust level used when installation.
Supported values are:
.Bl -tag -width interactiveXX
.It Dv never
No signature checks are performed.
.It Dv always
A valid signature is required.
If the binary package can not be verified, the installation is terminated
.It Dv trusted
A valid signature is required.
If the binary package can not be verified, the user is asked interactively.
.It Dv interactive
The user is always asked interactively when installing a package.
.El
.El
.Sh FILES
.Bl -tag
.It Pa @SYSCONFDIR@/pkg_install.conf
Default location for the file described in this manual page.
.El
.Sh SEE ALSO
.Xr pkg_add 1 ,
.Xr pkg_admin 1
|
