NAME

pkg_install.conf — configuration file for package installation tools

DESCRIPTION

The file pkg_install.conf contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format VARIABLE=VALUE. If the value consists of more than one line, each line is prefixed with VARIABLE=.

The current value of a variable can be checked by running

pkg_admin config-var VARIABLE

Some variables are overriden by environmental variables of the same name. Those are marked by (*).

The following variables are supported:

ACCEPTABLE_LICENSES

Space-separated list of licenses packages are allowed to carry. License names are case-sensitive.

ACTIVE_FTP

Force the use of active FTP.

CACHE_INDEX

Cache directory listenings in memory. This avoids retransfers of the large directory index for HTTP and is enabled by default.

CERTIFICATE_ANCHOR_PKGS

Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded.

CERTIFICATE_ANCHOR_PKGVULN

Analogous to CERTIFICATE_ANCHOR_PKGS. The pkg-vulnerabilities is trusted when a certificate chain ends in one of the certificates contained in this file.

CERTIFICATE_CHAIN

Path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files.

CHECK_LICENSE

Check the license conditions of packages before installing them. Supported values are:

no

The check is not performed.

yes

The check is performed if the package has license conditions set.

always

Passing the license check is required. Missing license conditions are considered an error.

CHECK_END_OF_LIFE

During vulnerability checks, consider packages that have reached end-of-life as vulnerable. This option is enabled by default.

CHECK_VULNERABILITIES

Check for vulnerabilities when installing packages. Supported values are:

never

No check is performed.

always

Passing the vulnerability check is required. A missing pkg-vulnerabilities file is considered an error.

interactive

The user is always asked to confirm installation of vulnerable packages.

CONFIG_CACHE_CONNECTIONS

Limit the global connection cache to this value. For FTP, this is the number of sessions without active command. For HTTP, this is the number of connections open with keep-alive.

CONFIG_CACHE_CONNECTIONS_HOST

Like CONFIG_CACHE_CONNECTIONS, but limit the number of connections to the host as well. See fetch(3) for further details

DEFAULT_ACCEPTABLE_LICENSES

Space-separated list of common Free and Open Source licenses packages are allowed to carry. The default value contains all OSI approved licenses in pkgsrc on the date pkg_install was released. License names are case-sensitive.

GPG

Path to gpg(1), which can be used to verify the signature in the pkg-vulnerabilities file when running

pkg_admin check-pkg-vulnerabilities -s

or

pkg_admin fetch-pkg-vulnerabilities -s

It can also be used to verify and sign binary packages.

GPG_KEYRING_PKGVULN

Non-default keyring to use for verifying GPG signatures of pkg-vulnerabilities.

GPG_KEYRING_SIGN

Non-default keyring to use for signing packages with GPG.

GPG_KEYRING_VERIFY

Non-default keyring to use for verifying GPG signature of packages.

GPG_SIGN_AS

User-id to use for signing packages.

IGNORE_PROXY

Use direct connections and ignore FTP_PROXY and HTTP_PROXY.

IGNORE_URL

One line per advisory which should be ignored when running

pkg_admin audit

The URL from the pkg-vulnerabilities file should be used as value.

PKG_DBDIR (*)

Location of the packages database. This option is always overriden by the argument of the -K option.

PKG_PATH (*)

Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages.

PKG_REFCOUNT_DBDIR (*)

Location of the package reference counts database directory. The default value is ${PKG_DBDIR}.refcount.

PKGVULNDIR

Directory name in which the pkg-vulnerabilities file resides. Default is ${PKG_DBDIR}.

PKGVULNURL

URL which is used for updating the local pkg-vulnerabilities file when running

pkg_admin fetch-pkg-vulnerabilities

The default location is ftp.NetBSD.org using HTTP. Note: Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by bzip2(1) (.bz2) or gzip(1) (.gz).

VERBOSE_NETIO

Log details of network IO to stderr.

VERIFIED_INSTALLATION

Set trust level used when installation. Supported values are:

never

No signature checks are performed.

always

A valid signature is required. If the binary package can not be verified, the installation is terminated

trusted

A valid signature is required. If the binary package can not be verified, the user is asked interactively.

interactive

The user is always asked interactively when installing a package.

FILES

/etc/pkg_install.conf

Default location for the file described in this manual page.

SEE ALSO

pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1)