NAME

pkg_admin - perform various administrative tasks to the pkg system

SYNOPSIS

pkg_admin [-bqSVv] [-C config] [-d lsdir] [-K pkg_dbdir] [-s sfx_pattern] command[ args ...]

DESCRIPTION

This command performs various administrative tasks around the NetBSD Packages System.

OPTIONS

The following command-line options are supported:

-b
Print only the base names when matching package names for lsall and lsbest.

-C config
Read the configuration file from config instead of the system default.

-d lsdir
Set lsdir as the path to the directory in which to find matching package names for lsall and lsbest.

-K pkg_dbdir
Set pkg_dbdir as the package database directory. If this option isn't specified, then the package database directory is taken from the value of the environment variable PKG_DBDIR if it's set, otherwise it defaults to /var/db/pkg.

-q
Perform checks in a quiet manner. In normal operation, pkg_admin prints a `.' to standard output to indicate progress. This option suppresses this progress indicator.

-S
Set the shell glob pattern for package suffixes when matching package names for lsall and lsbest to be the null suffix.

-s sfx_pattern
Set the shell glob pattern for package suffixes when matching package names for lsall and lsbest. The default pattern is ".t[bg]z".

-V
Print version number and exit.

-v
Be more verbose.

The following commands are supported:

add pkg ...
For each listed package, write the absolute pathnames of the files listed in its +CONTENTS file together with the package they belong to into the package database. This should be used only by pkg_view(1).

audit -es[.blm Pp -t type[.blm Pp pkg[.blm Pp ...
]]] Check the listed installed packages for vulnerabilities. If no package is given, check all installed packages. If -e is given, also include end-of-life information. If -s is given, check the signature of the pkg-vulnerabilities file before using it. -t restricts the reported vulnerabilities to type type.

audit-pkg -es[.blm Pp -t type[.blm Pp pkg[.blm Pp ...
]]] Like audit, but check only the given package names or patterns.

audit-batch -es[.blm Pp -t type[.blm Pp pkg-list[.blm Pp ...
]]] Like audit-pkg, but read the package names or patterns one per line from the given files.

audit-history -s[.blm Pp -t type[.blm Pp pkgbase[.blm Pp ...
]]] Print all vulnerabilities for the given base package names.

check[ pkg ...]
Use this command to check the files belonging to some or all of the packages installed on the local machine against the checksum which was recorded in the +CONTENTS files at package installation time. Symbolic links also have their integrity checked against the recorded value at package installation time. If no additional argument is given, the files of all installed packages are checked, else only the named packages will be checked (wildcards can be used here, see pkg_info(1)).

The packages' +CONTENTS files will be parsed and the checksum will be checked for every file found. A warning message is printed if the expected checksum differs from the checksum of the file on disk. Symbolic links are also checked, ensuring that the targets on disk are the same as the contents recorded at package installation time.

check-license condition
Check if condition can be fulfilled with the currently set of accepted licenses. Prints either yes or no to stdout if the condition can be parsed, otherwise it exits with error.

check-pkg-vulnerabilities -s[.blm Pp file
] Check format and hashes in the pkg-vulnerabilities file file. If -s is given, also check the embedded signature.

check-signature file ...
Reports if file is a correctly signed package.

check-single-license license
Check if license is a valid license name and if it is in the set of acceptable licenses. Prints either yes or no to stdout if the condition can be parsed, otherwise it exits with error.

config-var variable
Print the current value of variable as used after parsing the configuration file.

delete pkg ...
For each listed package, remove all file entries in the package database that belong to the package. This should be used only by pkg_view(1).

dump
Dump the contents of the package database, similar to pkg_info -F. Columns are printed for the key field used in the pkgdb - the filename -, and the data field - the package the file belongs to.

fetch-pkg-vulnerabilities -su[.blm Pp
] Fetch a new pkg-vulnerabilities file, check the format and if -s is given the signature. If all checks are passed, write it to pkgdb. If -u is given, the fetch is conditional and the file transfer is only done if the remote version is newer than the one in pkgdb.

findbest pattern ...
Search the entries of PKG_PATH for packages matching pattern. Print the URL of the best matching package to stdout for each pattern. If a pattern is not matched, it is skipped and the command will return a failure.

lsall /dir/pkgpattern

lsbest /dir/pkgpattern
List all/best package matching pattern in the given directory /dir. If the -d flag is given, then that directory path overrides /dir. Can be used to work around limitations of /bin/sh and other filename globbing mechanisms. This option implements matching of pkg-wildcards against arbitrary files and directories, useful mainly in the build system itself. See pkg_info(1) for a description of the pattern.

Example:

yui# cd /usr/pkgsrc/packages/i386ELF/All/
yui# ls unzip*
unzip-5.40.tgz  unzip-5.41.tgz
yui# pkg_admin lsall 'unzip*'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.40.tgz
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall 'unzip5.41'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsbest 'unzip5.40'
/usr/pkgsrc/packages/i386ELF/All/unzip-5.41.tgz
yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'
/usr/pkgsrc/packages/i386ELF/All/mit-pthreads-1.60b6.tgz
/usr/pkgsrc/packages/i386ELF/All/unproven-pthreads-0.15.tgz

pmatch pattern pkg
Returns true if pkg matches pattern, otherwise returns false.

rebuild
Rebuild the package database mapping from scratch, scanning subdirectories in /var/db/pkg for +CONTENTS files, parsing them and writing the resulting absolute pathnames together with the package they belong to into the package database.

This option is intended to be used for upgrading from non-pkgdb-pkg_* tools to pkgdb-pkg_* tools, further manipulation of the pkgdb will be done by pkg_add(1), pkg_delete(1), and pkg_create(1).

Needs to be run as root.

rebuild-tree
Rebuild the +REQUIRED_BY files from scratch by reresolving all dependencies.

This option is intended to be used for fixing inconsistencies between the records of depending and depended-on packages, such as can arise by the use of pkg_delete -f.

set variable=value pkg ...
Set variable with information about the installed package. Use unset to remove a variable.

Packages that are not installed directly by the user but pulled in as dependencies are marked by setting ``automatic=YES''.

gpg-sign-package pkg spkg
Sign the binary package pkg using GPG and write the result to spkg.

x509-sign-package pkg spkg key cert
Sign the binary package pkg using the key key and the certificate cert, using spkg as output file.

unset variable pkg ...
Remove an installation variable.

ENVIRONMENT

PKG_DBDIR
If the -K flag isn't given, then PKG_DBDIR is the location of the package database directory. The default package database directory is /var/db/pkg.

CONFIGURATION VARIABLES

The following variables change the behavior of pkg_admin and are described in pkg_install.conf(5):

CERTIFICATE_ANCHOR_PKGS

CERTIFICATE_ANCHOR_PKGVULN

CERTIFICATE_CHAIN

GPG

PKGVULNDIR

PKGVULNURL

IGNORE_URL

FILES

/var/db/pkg/pkgdb.byfile.db
/var/db/pkg/<pkg>/+CONTENTS

SEE ALSO

pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1), pkg_view(1), pkg_install.conf(5), pkgsrc(7)

HISTORY

The pkg_admin command first appeared in NetBSD1.4.

AUTHORS

The pkg_admin command was written by Hubert Feyrer.