NAME
pkg_install.conf
- configuration file for package installation tools
DESCRIPTION
The file
pkg_install.conf
contains system defaults for the package installation tools
as a list of variable-value pairs.
Each line has the format
VARIABLE=VALUE
.
If the value consists of more than one line, each line is prefixed with
VARIABLE=
.
The current value of a variable can be checked by running
pkg_admin config-var VARIABLE
The following variables are supported:
ACCEPTABLE_LICENSES
-
List of licenses packages are allowed to carry.
License names are case-sensitive.
ACTIVE_FTP
-
Force the use of active FTP.
CERTIFICATE_ANCHOR_PKGS
-
Path to the file containing the certificates used for validating
binary packages.
A package is trusted when a certificate chain ends in one of the
certificates contained in this file.
The certificates must be PEM-encoded.
CERTIFICATE_ANCHOR_PKGVULN
-
Analogous to
CERTIFICATE_ANCHOR_PKGS
.
The
pkg-vulnerabilities
is trusted when a certificate chain ends in one of the certificates
contained in this file.
CERTIFICATE_CHAIN
-
Path to a file containing additional certificates that can be used
for completing certificate chains when validating binary packages or
pkg-vulnerabilities files.
CHECK_LICENSE
-
Check the license conditions of packages before installing them.
Supported values are:
no
-
The check is not performed.
yes
-
The check is performed if the package has license conditions set.
always
-
Passing the license check is required.
Missing license conditions are considered an error.
CHECK_VULNERABILITIES
-
Check for vulnerabilities when installing packages.
Supported values are:
never
-
No check is performed.
always
-
Passing the vulnerability check is required.
A missing pkg-vulnerabilities file is considered an error.
interactive
-
The user is always asked to confirm installation of vulnerable packages.
DEFAULT_ACCEPTABLE_LICENSES
-
List of common Free and Open Source licenses packages are allowed to carry.
The default value contains all OSI approved licenses in pkgsrc on the date
pkg_install was released.
License names are case-sensitive.
GPG
-
Path to
gpg(1),
which can be used to verify the signature in the
pkg-vulnerabilities
file when running
pkg_admin check-pkg-vulnerabilities -s
or
pkg_admin fetch-pkg-vulnerabilities -s
It can also be used to verify and sign binary packages.
GPG_KEYRING_PKGVULN
-
Non-default keyring to use for verifying GPG signatures of
pkg-vulnerabilities
.
GPG_KEYRING_SIGN
-
Non-default keyring to use for signing packages with GPG.
GPG_KEYRING_VERIFY
-
Non-default keyring to use for verifying GPG signature of packages.
GPG_SIGN_AS
-
User-id to use for signing packages.
IGNORE_PROXY
-
Use direct connections and ignore
FTP_PROXY
and
HTTP_PROXY
.
IGNORE_URL
-
One line per advisory which should be ignored when running
pkg_admin audit
The URL from the
pkg-vulnerabilities
file should be used as value.
PKG_PATH
-
Search path as used by
pkg_add.
Overridden by the environment variable
PKG_PATH
.
PKGVULNDIR
-
Directory name in which the
pkg-vulnerabilities
file resides.
Default is
${PKG_DBDIR}
.
PKGVULNURL
-
URL which is used for updating the local
pkg-vulnerabilities
file when running
pkg_admin fetch-pkg-vulnerabilities
The default is
http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz
Note:
Usually, only the compression type should be changed.
Currently supported are uncompressed files and files compressed by
bzip2(1)
(
.bz2
)
or
gzip(1)
(
.gz
).
VERBOSE_NETIO
-
Log details of network IO to stderr.
VERIFIED_INSTALLATION
-
Set trust level used when installation.
Supported values are:
never
-
No signature checks are performed.
always
-
A valid signature is required.
If the binary package can not be verified, the installation is terminated
trusted
-
A valid signature is required.
If the binary package can not be verified, the user is asked interactively.
interactive
-
The user is always asked interactively when installing a package.
FILES
/etc/pkg_install.conf
-
Default location for the file described in this manual page.
SEE ALSO
pkg_add(1),
pkg_admin(1)