1.\"	$NetBSD: pkg_install.conf.5.in,v 1.2 2015/04/28 09:48:30 prlw1 Exp $
2.\"
3.\" Copyright (c) 2008, 2009, 2012 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Thomas Klausner.
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28.\" POSSIBILITY OF SUCH DAMAGE.
29.\"
30.Dd February 22, 2012
31.Dt PKG_INSTALL.CONF 5
32.Os
33.Sh NAME
34.Nm pkg_install.conf
35.Nd configuration file for package installation tools
36.Sh DESCRIPTION
37The file
38.Nm
39contains system defaults for the package installation tools
40as a list of variable-value pairs.
41Each line has the format
42.Ev VARIABLE=VALUE .
43If the value consists of more than one line, each line is prefixed with
44.Ev VARIABLE= .
45.Pp
46The current value of a variable can be checked by running
47.Dl Ic pkg_admin config-var VARIABLE
48.Pp
49Some variables are overriden by environmental variables of the same name.
50Those are marked by (*).
51.Pp
52The following variables are supported:
53.Bl -tag -width indent
54.It Dv ACCEPTABLE_LICENSES
55Space-separated list of licenses packages are allowed to carry.
56License names are case-sensitive.
57.It Dv ACTIVE_FTP
58Force the use of active FTP.
59.It Dv CACHE_INDEX
60Cache directory listings in memory.
61This avoids retransfers of the large directory index for HTTP and is
62enabled by default.
63.It Dv CERTIFICATE_ANCHOR_PKGS
64Path to the file containing the certificates used for validating
65binary packages.
66A package is trusted when a certificate chain ends in one of the
67certificates contained in this file.
68The certificates must be PEM-encoded.
69.It Dv CERTIFICATE_ANCHOR_PKGVULN
70Analogous to
71.Dv CERTIFICATE_ANCHOR_PKGS .
72The
73.Pa pkg-vulnerabilities
74is trusted when a certificate chain ends in one of the certificates
75contained in this file.
76.It Dv CERTIFICATE_CHAIN
77Path to a file containing additional certificates that can be used
78for completing certificate chains when validating binary packages or
79pkg-vulnerabilities files.
80.It Dv CHECK_LICENSE
81Check the license conditions of packages before installing them.
82Supported values are:
83.Bl -tag -width interactiveXX
84.It Dv no
85The check is not performed.
86.It Dv yes
87The check is performed if the package has license conditions set.
88.It Dv always
89Passing the license check is required.
90Missing license conditions are considered an error.
91.El
92.It Dv CHECK_END_OF_LIFE
93During vulnerability checks, consider packages that have reached end-of-life
94as vulnerable.
95This option is enabled by default.
96.It Dv CHECK_VULNERABILITIES
97Check for vulnerabilities when installing packages.
98Supported values are:
99.Bl -tag -width interactiveXX
100.It Dv never
101No check is performed.
102.It Dv always
103Passing the vulnerability check is required.
104A missing pkg-vulnerabilities file is considered an error.
105.It Dv interactive
106The user is always asked to confirm installation of vulnerable packages.
107.El
108.It Dv CONFIG_CACHE_CONNECTIONS
109Limit the global connection cache to this value.
110For FTP, this is the number of sessions without active command.
111For HTTP, this is the number of connections open with keep-alive.
112.It Dv CONFIG_CACHE_CONNECTIONS_HOST
113Like
114.Dv CONFIG_CACHE_CONNECTIONS ,
115but limit the number of connections to the host as well.
116See
117.Xr fetch 3
118for further details
119.It Dv DEFAULT_ACCEPTABLE_LICENSES
120Space-separated list of common Free and Open Source licenses packages are
121allowed to carry.
122The default value contains all OSI approved licenses in pkgsrc on the date
123pkg_install was released.
124License names are case-sensitive.
125.It Dv GPG
126Path to
127.Xr gpg 1 ,
128which can be used to verify the signature in the
129.Pa pkg-vulnerabilities
130file when running
131.Dl Ic pkg_admin check-pkg-vulnerabilities -s
132or
133.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
134It can also be used to verify and sign binary packages.
135.It Dv GPG_KEYRING_PKGVULN
136Non-default keyring to use for verifying GPG signatures of
137.Pa pkg-vulnerabilities .
138.It Dv GPG_KEYRING_SIGN
139Non-default keyring to use for signing packages with GPG.
140.It Dv GPG_KEYRING_VERIFY
141Non-default keyring to use for verifying GPG signature of packages.
142.It Dv GPG_SIGN_AS
143User-id to use for signing packages.
144.It Dv IGNORE_PROXY
145Use direct connections and ignore
146.Ev FTP_PROXY
147and
148.Ev HTTP_PROXY .
149.It Dv IGNORE_URL
150One line per advisory which should be ignored when running
151.Dl Ic pkg_admin audit
152The URL from the
153.Pa pkg-vulnerabilities
154file should be used as value.
155.It Dv PKG_DBDIR (*)
156Location of the packages database.
157This option is always overriden by the argument of the
158.Fl K
159option.
160.It Dv PKG_PATH (*)
161Search path for packages.
162The entries are separated by semicolon.
163Each entry specifies a directory or URL to search for packages.
164.It Dv PKG_REFCOUNT_DBDIR (*)
165Location of the package reference counts database directory.
166The default value is
167.Pa ${PKG_DBDIR}.refcount .
168.It Dv PKGVULNDIR
169Directory name in which the
170.Pa pkg-vulnerabilities
171file resides.
172Default is
173.Pa ${PKG_DBDIR} .
174.It Dv PKGVULNURL
175URL which is used for updating the local
176.Pa pkg-vulnerabilities
177file when running
178.Dl Ic pkg_admin fetch-pkg-vulnerabilities
179The default location is ftp.NetBSD.org using HTTP.
180.Em Note :
181Usually, only the compression type should be changed.
182Currently supported are uncompressed files and files compressed by
183.Xr bzip2 1
184.Pq Pa .bz2
185or
186.Xr gzip 1
187.Pq Pa .gz .
188.It Dv VERBOSE_NETIO
189Log details of network IO to stderr.
190.It Dv VERIFIED_INSTALLATION
191Set trust level used when installation.
192Supported values are:
193.Bl -tag -width interactiveXX
194.It Dv never
195No signature checks are performed.
196.It Dv always
197A valid signature is required.
198If the binary package can not be verified, the installation is terminated
199.It Dv trusted
200A valid signature is required.
201If the binary package can not be verified, the user is asked interactively.
202.It Dv interactive
203The user is always asked interactively when installing a package.
204.El
205.El
206.Sh FILES
207.Bl -tag -width ".Pa @SYSCONFDIR@/pkg_install.conf"
208.It Pa @SYSCONFDIR@/pkg_install.conf
209Default location for the file described in this manual page.
210.El
211.Sh SEE ALSO
212.Xr pkg_add 1 ,
213.Xr pkg_admin 1 ,
214.Xr pkg_create 1 ,
215.Xr pkg_delete 1 ,
216.Xr pkg_info 1
217