1.\" $NetBSD: pkg_install.conf.5.in,v 1.5 2021/04/10 19:49:59 nia Exp $ 2.\" 3.\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Thomas Klausner. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.Dd October 28, 2014 31.Dt PKG_INSTALL.CONF 5 32.Os 33.Sh NAME 34.Nm pkg_install.conf 35.Nd configuration file for package installation tools 36.Sh DESCRIPTION 37The file 38.Nm 39contains system defaults for the package installation tools 40as a list of variable-value pairs. 41Each line has the format 42.Ev VARIABLE=VALUE . 43If the value consists of more than one line, each line is prefixed with 44.Ev VARIABLE= . 45.Pp 46The current value of a variable can be checked by running 47.Dl Ic pkg_admin config-var VARIABLE 48.Pp 49Some variables are overriden by environmental variables of the same name. 50Those are marked by (*). 51.Pp 52The following variables are supported: 53.Bl -tag -width indent 54.It Dv ACCEPTABLE_LICENSES 55Space-separated list of licenses packages are allowed to carry. 56License names are case-sensitive. 57.It Dv ACTIVE_FTP 58Force the use of active FTP. 59.It Dv CACHE_INDEX 60Cache directory listings in memory. 61This avoids retransfers of the large directory index for HTTP and is 62enabled by default. 63.It Dv CERTIFICATE_ANCHOR_PKGS 64Path to the file containing the certificates used for validating 65binary packages. 66A package is trusted when a certificate chain ends in one of the 67certificates contained in this file. 68The certificates must be PEM-encoded. 69.It Dv CERTIFICATE_ANCHOR_PKGVULN 70Analogous to 71.Dv CERTIFICATE_ANCHOR_PKGS . 72The 73.Pa pkg-vulnerabilities 74is trusted when a certificate chain ends in one of the certificates 75contained in this file. 76.It Dv CERTIFICATE_CHAIN 77Path to a file containing additional certificates that can be used 78for completing certificate chains when validating binary packages or 79pkg-vulnerabilities files. 80.It Dv CHECK_LICENSE 81Check the license conditions of packages before installing them. 82Supported values are: 83.Bl -tag -width interactiveXX 84.It Dv no 85The check is not performed. 86.It Dv yes 87The check is performed if the package has license conditions set. 88.It Dv always 89Passing the license check is required. 90Missing license conditions are considered an error. 91.El 92.It Dv CHECK_END_OF_LIFE 93During vulnerability checks, consider packages that have reached end-of-life 94as vulnerable. 95This option is enabled by default. 96.It Dv CHECK_OS_VERSION 97If "no", pkg_add will not warn if the host OS version does not exactly match 98the OS version the package was built on. 99The default is "yes". 100.It Dv CHECK_OSABI 101If "no", osabi package does not check OS version. 102The default is "yes". 103.It Dv CHECK_VULNERABILITIES 104Check for vulnerabilities when installing packages. 105Supported values are: 106.Bl -tag -width interactiveXX 107.It Dv never 108No check is performed. 109.It Dv always 110Passing the vulnerability check is required. 111A missing pkg-vulnerabilities file is considered an error. 112.It Dv interactive 113The user is always asked to confirm installation of vulnerable packages. 114.El 115.It Dv CONFIG_CACHE_CONNECTIONS 116Limit the global connection cache to this value. 117For FTP, this is the number of sessions without active command. 118For HTTP, this is the number of connections open with keep-alive. 119.It Dv CONFIG_CACHE_CONNECTIONS_HOST 120Like 121.Dv CONFIG_CACHE_CONNECTIONS , 122but limit the number of connections to the host as well. 123See 124.Xr fetch 3 125for further details 126.It Dv DEFAULT_ACCEPTABLE_LICENSES 127Space-separated list of common Free and Open Source licenses packages are 128allowed to carry. 129The default value contains all OSI approved licenses in pkgsrc on the date 130pkg_install was released. 131License names are case-sensitive. 132.It Dv GPG 133Path to 134.Xr gpg 1 , 135which can be used to verify the signature in the 136.Pa pkg-vulnerabilities 137file when running 138.Dl Ic pkg_admin check-pkg-vulnerabilities -s 139or 140.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s 141It can also be used to verify and sign binary packages. 142.It Dv GPG_KEYRING_PKGVULN 143Non-default keyring to use for verifying GPG signatures of 144.Pa pkg-vulnerabilities . 145.It Dv GPG_KEYRING_SIGN 146Non-default keyring to use for signing packages with GPG. 147.It Dv GPG_KEYRING_VERIFY 148Non-default keyring to use for verifying GPG signature of packages. 149.It Dv GPG_SIGN_AS 150User-id to use for signing packages. 151.It Dv IGNORE_PROXY 152Use direct connections and ignore 153.Ev FTP_PROXY 154and 155.Ev HTTP_PROXY . 156.It Dv IGNORE_URL 157One line per advisory which should be ignored when running 158.Dl Ic pkg_admin audit 159The URL from the 160.Pa pkg-vulnerabilities 161file should be used as value. 162.It Dv PKG_DBDIR (*) 163Location of the packages database. 164This option is always overriden by the argument of the 165.Fl K 166option. 167.It Dv PKG_PATH (*) 168Search path for packages. 169The entries are separated by semicolon. 170Each entry specifies a directory or URL to search for packages. 171.It Dv PKG_REFCOUNT_DBDIR (*) 172Location of the package reference counts database directory. 173The default value is 174.Pa ${PKG_DBDIR}.refcount . 175.It Dv PKGVULNDIR 176Directory name in which the 177.Pa pkg-vulnerabilities 178file resides. 179Default is 180.Pa ${PKG_DBDIR} . 181.It Dv PKGVULNURL 182URL which is used for updating the local 183.Pa pkg-vulnerabilities 184file when running 185.Dl Ic pkg_admin fetch-pkg-vulnerabilities 186The default location is ftp.NetBSD.org using HTTP. 187.Em Note : 188Usually, only the compression type should be changed. 189Currently supported are uncompressed files and files compressed by 190.Xr bzip2 1 191.Pq Pa .bz2 192or 193.Xr gzip 1 194.Pq Pa .gz . 195.It Dv VERBOSE_NETIO 196Log details of network IO to stderr. 197.It Dv VERIFIED_INSTALLATION 198Set trust level used when installation. 199Supported values are: 200.Bl -tag -width interactiveXX 201.It Dv never 202No signature checks are performed. 203.It Dv always 204A valid signature is required. 205If the binary package can not be verified, the installation is terminated 206.It Dv trusted 207A valid signature is required. 208If the binary package can not be verified, the user is asked interactively. 209.It Dv interactive 210The user is always asked interactively when installing a package. 211.El 212.El 213.Sh FILES 214.Bl -tag -width ".Pa @SYSCONFDIR@/pkg_install.conf" 215.It Pa @SYSCONFDIR@/pkg_install.conf 216Default location for the file described in this manual page. 217.El 218.Sh SEE ALSO 219.Xr pkg_add 1 , 220.Xr pkg_admin 1 , 221.Xr pkg_create 1 , 222.Xr pkg_delete 1 , 223.Xr pkg_info 1 224