PKG_INSTALL.CONF(5) File Formats Manual PKG_INSTALL.CONF(5) NNAAMMEE ppkkgg__iinnssttaallll..ccoonnff - configuration file for package installation tools DDEESSCCRRIIPPTTIIOONN The file ppkkgg__iinnssttaallll..ccoonnff contains system defaults for the package installation tools as a list of variable-value pairs. Each line has the format VARIABLE=VALUE. If the value consists of more than one line, each line is prefixed with VARIABLE=. The current value of a variable can be checked by running ppkkgg__aaddmmiinn ccoonnffiigg--vvaarr VVAARRIIAABBLLEE Some variables are overriden by environmental variables of the same name. Those are marked by (*). The following variables are supported: ACCEPTABLE_LICENSES (list of license names) Default: empty Space-separated list of licenses considered acceptable when CHECK_LICENSE is `yes' or `always', in addition to those listed in DEFAULT_ACCEPTABLE_LICENSES. License names are case- sensitive. ACTIVE_FTP (empty or non-empty) Default: empty If non-empty, force the use of active FTP. Otherwise, try passive FTP first, and fall back to active FTP if the server reports a syntax error. CACHE_INDEX (`yes' or `no') Default: yes If `yes', cache directory listings in memory. This avoids retransfers of the large directory index for HTTP. CERTIFICATE_ANCHOR_PKGS (empty or path) Default: empty Path to the file containing the certificates used for validating binary packages. A package is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. Required when VERIFIED_INSTALLATION is anything other than `never'. CERTIFICATE_ANCHOR_PKGVULN (empty or path) Default: empty If non-empty, path to the file containing the certificates used for validating _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s. The _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s is trusted when a certificate chain ends in one of the certificates contained in this file. The certificates must be PEM-encoded. CERTIFICATE_CHAIN (empty or path) Default: empty If non-empty, path to a file containing additional certificates that can be used for completing certificate chains when validating binary packages or pkg-vulnerabilities files. CHECK_LICENSE (`yes', `no', or `always') Default: no When installing a package, check whether its license, as specified in the LICENSE build info tag, is acceptable, i.e., listed in ACCEPTABLE_LICENSES or DEFAULT_ACCEPTABLE_LICENSES. Supported values are: no Install package no matter what license it has. yes If package has LICENSE set, require the license to be acceptable before installing. If package is missing LICENSE, install it anyway. always Require LICENSE to be set, and require the license to be acceptable, before installing. CHECK_END_OF_LIFE (`yes' or `no') Default: `yes' During vulnerability checks, consider packages that have reached end-of-life as vulnerable. CHECK_OS_VERSION (`yes' or `no') Default: `yes' If `yes', pkg_add will warn if the host OS version mismatches the OS version the package was built on. For example, you can set this to `no' in order to install packages built for NetBSD 9.0 on NetBSD 10.0, where they will still generally work. Packages for which this may not work have a more stringent version check through the osabi package; see CHECK_OSABI. CHECK_OSABI (`yes' or `no') Default: `yes' If `yes', the osabi package checks that it matches the OS version. Packages that are tightly bound to a specific version of an operating system, such as kernel modules or sysutils/lsof, depend on the osabi package to reflect this, so that even if CHECK_OS_VERSION is `no', such packages will refuse to install unless CHECK_OSABI is also `no'. CHECK_VULNERABILITIES (`never', `always', or `interactive') Default: `never' Check for vulnerabilities when installing a package. Supported values are: never Install package even if it is known to be vulnerable. always Install package only if it is not known to be vulnerable. If the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file is missing, assume package is vulnerable and refuse to install it. interactive Install package without user interaction if it is not known to be vulnerable. Otherwise, prompt user to confirm installation. If the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file is missing, ignore it and install package anyway. DEFAULT_ACCEPTABLE_LICENSES Space separated list of licenses considered acceptable when CHECK_LICENSE is `yes' or `always', in addition to those listed in ACCEPTABLE_LICENSES. License names are case-sensitive. The default value of DEFAULT_ACCEPTABLE_LICENSES (list of license names) lists all licenses recorded in pkgsrc which have been either: -- approved as open source by the _O_p_e_n _S_o_u_r_c_e _I_n_i_t_i_a_t_i_v_e: hhttttppss::////ooppeennssoouurrccee..oorrgg//, -- approved as free software by the _F_r_e_e _S_o_f_t_w_a_r_e _F_o_u_n_d_a_t_i_o_n: hhttttppss::////wwwwww..ffssff..oorrgg//, or -- considered free software under the Debian Free Software Guidelines by the _D_e_b_i_a_n _P_r_o_j_e_c_t: hhttttppss::////wwwwww..ddeebbiiaann..oorrgg//, and are not `network copyleft' licenses such as the GNU Affero GPLv3. GPG (empty or path) Default: empty Path to gpg(1), required for ppkkgg__aaddmmiinn ggppgg--ssiiggnn--ppaacckkaaggee. (All other GPG/OpenPGP operations are done internally with libnetpgpverify(3).) GPG_KEYRING_PKGVULN (empty or path) Default: empty If non-empty, keyring to use for verifying OpenPGP signatures on _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s, overriding the default keyring. GPG_KEYRING_SIGN (empty or path) Default: empty If non-empty, keyring to use for signing packages with ppkkgg__aaddmmiinn ggppgg--ssiiggnn--ppaacckkaaggee, overriding the default keyring. GPG_KEYRING_VERIFY (empty or path) Default: empty If non-empty, keyring to use for verifying package signatures on installation, overriding the default keyring. GPG_SIGN_AS (empty or OpenPGP user-id) Default: empty If non-empty, OpenPGP user-id to use for signing packages with ppkkgg__aaddmmiinn ggppgg--ssiiggnn--ppaacckkaaggee, passed as the argument of `--local-user' (--uu) to gpg(1). IGNORE_PROXY (empty or non-empty) Default: empty If non-empty, use direct connections and ignore FTP_PROXY and HTTP_PROXY. IGNORE_URL (URL, may be specified multiple times) Default: none URL of a security advisory from the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s that should be ignored when running: ppkkgg__aaddmmiinn aauuddiitt May be specified multiple times to ignore multiple advisories. PKG_DBDIR (*) (path) Default: _@_P_K_G___D_B_D_I_R_@ Location of the packages database. This option is overriden by the argument of the --KK option. PKG_PATH (*) (semicolon-separated list of paths or URLs) Default: empty Search path for packages. The entries are separated by semicolon. Each entry specifies a directory or URL to search for packages. PKG_REFCOUNT_DBDIR (*) (path) Default: ${PKG_DBDIR}_._r_e_f_c_o_u_n_t Location of the package reference counts database directory. PKGVULNDIR (path) Default: ${PKG_DBDIR} Directory name in which the _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file resides. PKGVULNURL (URL) Default: hhttttpp::////ccddnn..NNeettBBSSDD..oorrgg//ppuubb//NNeettBBSSDD//ppaacckkaaggeess//vvuullnnss//ppkkgg--vvuullnneerraabblliittiieess..ggzz URL which is used for updating the local _p_k_g_-_v_u_l_n_e_r_a_b_i_l_i_t_i_e_s file when running: ppkkgg__aaddmmiinn ffeettcchh--ppkkgg--vvuullnneerraabbiilliittiieess _N_o_t_e: Usually, only the compression type should be changed. Currently supported are uncompressed files and files compressed by bzip2(1) (_._b_z_2) or gzip(1) (_._g_z). VERBOSE_NETIO (empty or non-empty) Default: empty If non-empty, log details of network IO to stderr. VERIFIED_INSTALLATION (`never', `always', `trusted', or `interactive') Default: `never' Verification requirement for installing a package. Supported values are: never Install package unconditionally. always Install package only if it has a valid X.509 or OpenPGP signature. trusted Install package without user interaction if it has a valid X.509 or OpenPGP signature. Otherwise, prompt user to confirm installation. interactive Always prompt the user to confirm installation when installing a package. WWAARRNNIINNGG: This does not tell the user whether the package had a valid signature or not. FFIILLEESS _@_S_Y_S_C_O_N_F_D_I_R_@_/_p_k_g___i_n_s_t_a_l_l_._c_o_n_f Default location for the file described in this manual page. SSEEEE AALLSSOO pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1) pkgsrc October 28, 2014 pkgsrc