pkg_install.conf
—
configuration file for package installation tools
The file pkg_install.conf
contains system defaults for
the package installation tools as a list of variable-value pairs. Each line
has the format VARIABLE=VALUE
. If the value consists
of more than one line, each line is prefixed with
VARIABLE=
.
The current value of a variable can be checked by running
pkg_admin config-var
VARIABLE
Some variables are overriden by environmental variables of the
same name. Those are marked by (*).
The following variables are supported:
ACCEPTABLE_LICENSES
- Space-separated list of licenses packages are allowed to carry. License
names are case-sensitive.
ACTIVE_FTP
- Force the use of active FTP.
CACHE_INDEX
- Cache directory listings in memory. This avoids retransfers of the large
directory index for HTTP and is enabled by default.
CERTIFICATE_ANCHOR_PKGS
- Path to the file containing the certificates used for validating binary
packages. A package is trusted when a certificate chain ends in one of the
certificates contained in this file. The certificates must be
PEM-encoded.
CERTIFICATE_ANCHOR_PKGVULN
- Analogous to
CERTIFICATE_ANCHOR_PKGS
. The
pkg-vulnerabilities is trusted when a certificate
chain ends in one of the certificates contained in this file.
CERTIFICATE_CHAIN
- Path to a file containing additional certificates that can be used for
completing certificate chains when validating binary packages or
pkg-vulnerabilities files.
CHECK_LICENSE
- Check the license conditions of packages before installing them. Supported
values are:
no
- The check is not performed.
yes
- The check is performed if the package has license conditions set.
always
- Passing the license check is required. Missing license conditions are
considered an error.
CHECK_END_OF_LIFE
- During vulnerability checks, consider packages that have reached
end-of-life as vulnerable. This option is enabled by default.
CHECK_OS_VERSION
- If "no", pkg_add will not warn if the host OS version does not
exactly match the OS version the package was built on. The default is
"yes".
CHECK_OSABI
- If "no", osabi package does not check OS version. The default is
"yes".
CHECK_VULNERABILITIES
- Check for vulnerabilities when installing packages. Supported values are:
never
- No check is performed.
always
- Passing the vulnerability check is required. A missing
pkg-vulnerabilities file is considered an error.
interactive
- The user is always asked to confirm installation of vulnerable
packages.
CONFIG_CACHE_CONNECTIONS
- Limit the global connection cache to this value. For FTP, this is the
number of sessions without active command. For HTTP, this is the number of
connections open with keep-alive.
CONFIG_CACHE_CONNECTIONS_HOST
- Like
CONFIG_CACHE_CONNECTIONS
, but limit the
number of connections to the host as well. See
fetch(3) for further
details
DEFAULT_ACCEPTABLE_LICENSES
- Space-separated list of common Free and Open Source licenses packages are
allowed to carry. The default value contains all OSI approved licenses in
pkgsrc on the date pkg_install was released. License names are
case-sensitive.
GPG
- Path to gpg(1), which can be
used to verify the signature in the
pkg-vulnerabilities file when running
pkg_admin
check-pkg-vulnerabilities -s
or
pkg_admin
fetch-pkg-vulnerabilities -s
It can also be used to verify and sign binary packages.
GPG_KEYRING_PKGVULN
- Non-default keyring to use for verifying GPG signatures of
pkg-vulnerabilities.
GPG_KEYRING_SIGN
- Non-default keyring to use for signing packages with GPG.
GPG_KEYRING_VERIFY
- Non-default keyring to use for verifying GPG signature of packages.
GPG_SIGN_AS
- User-id to use for signing packages.
IGNORE_PROXY
- Use direct connections and ignore
FTP_PROXY
and
HTTP_PROXY
.
IGNORE_URL
- One line per advisory which should be ignored when running
pkg_admin
audit
The URL from the pkg-vulnerabilities file should be
used as value.
PKG_DBDIR
(*)
- Location of the packages database. This option is always overriden by the
argument of the
-K
option.
PKG_PATH
(*)
- Search path for packages. The entries are separated by semicolon. Each
entry specifies a directory or URL to search for packages.
PKG_REFCOUNT_DBDIR
(*)
- Location of the package reference counts database directory. The default
value is ${PKG_DBDIR}.refcount.
PKGVULNDIR
- Directory name in which the pkg-vulnerabilities
file resides. Default is ${PKG_DBDIR}.
PKGVULNURL
- URL which is used for updating the local
pkg-vulnerabilities file when running
pkg_admin
fetch-pkg-vulnerabilities
The default location is ftp.NetBSD.org using HTTP. Note:
Usually, only the compression type should be changed. Currently supported
are uncompressed files and files compressed by
bzip2(1)
(.bz2) or
gzip(1)
(.gz).
VERBOSE_NETIO
- Log details of network IO to stderr.
VERIFIED_INSTALLATION
- Set trust level used when installation. Supported values are:
never
- No signature checks are performed.
always
- A valid signature is required. If the binary package can not be
verified, the installation is terminated
trusted
- A valid signature is required. If the binary package can not be
verified, the user is asked interactively.
interactive
- The user is always asked interactively when installing a package.
- /etc/pkg_install.conf
- Default location for the file described in this manual page.