216 lines
7.1 KiB
Groff
216 lines
7.1 KiB
Groff
|
.\" $NetBSD: pkg_install.conf.5.in,v 1.14 2010/06/16 23:02:49 joerg Exp $
|
||
|
.\"
|
||
|
.\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
|
||
|
.\" All rights reserved.
|
||
|
.\"
|
||
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
||
|
.\" by Thomas Klausner.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||
|
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||
|
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||
|
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
||
|
.\"
|
||
|
.Dd June 16, 2010
|
||
|
.Dt PKG_INSTALL.CONF 5
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm pkg_install.conf
|
||
|
.Nd configuration file for package installation tools
|
||
|
.Sh DESCRIPTION
|
||
|
The file
|
||
|
.Nm
|
||
|
contains system defaults for the package installation tools
|
||
|
as a list of variable-value pairs.
|
||
|
Each line has the format
|
||
|
.Ev VARIABLE=VALUE .
|
||
|
If the value consists of more than one line, each line is prefixed with
|
||
|
.Ev VARIABLE= .
|
||
|
.Pp
|
||
|
The current value of a variable can be checked by running
|
||
|
.Dl Ic pkg_admin config-var VARIABLE
|
||
|
.Pp
|
||
|
Some variables are overriden by environmental variables of the same name.
|
||
|
Those are marked by (*).
|
||
|
.Pp
|
||
|
The following variables are supported:
|
||
|
.Bl -tag -width indent
|
||
|
.It Dv ACCEPTABLE_LICENSES
|
||
|
List of licenses packages are allowed to carry.
|
||
|
License names are case-sensitive.
|
||
|
.It Dv ACTIVE_FTP
|
||
|
Force the use of active FTP.
|
||
|
.It Dv CACHE_INDEX
|
||
|
Cache directory listenings in memory.
|
||
|
This avoids retransfers of the large directory index for HTTP and is
|
||
|
enabled by default.
|
||
|
.It Dv CERTIFICATE_ANCHOR_PKGS
|
||
|
Path to the file containing the certificates used for validating
|
||
|
binary packages.
|
||
|
A package is trusted when a certificate chain ends in one of the
|
||
|
certificates contained in this file.
|
||
|
The certificates must be PEM-encoded.
|
||
|
.It Dv CERTIFICATE_ANCHOR_PKGVULN
|
||
|
Analogous to
|
||
|
.Dv CERTIFICATE_ANCHOR_PKGS .
|
||
|
The
|
||
|
.Pa pkg-vulnerabilities
|
||
|
is trusted when a certificate chain ends in one of the certificates
|
||
|
contained in this file.
|
||
|
.It Dv CERTIFICATE_CHAIN
|
||
|
Path to a file containing additional certificates that can be used
|
||
|
for completing certificate chains when validating binary packages or
|
||
|
pkg-vulnerabilities files.
|
||
|
.It Dv CHECK_LICENSE
|
||
|
Check the license conditions of packages before installing them.
|
||
|
Supported values are:
|
||
|
.Bl -tag -width interactiveXX
|
||
|
.It Dv no
|
||
|
The check is not performed.
|
||
|
.It Dv yes
|
||
|
The check is performed if the package has license conditions set.
|
||
|
.It Dv always
|
||
|
Passing the license check is required.
|
||
|
Missing license conditions are considered an error.
|
||
|
.El
|
||
|
.It Dv CHECK_END_OF_FILE
|
||
|
During vulnerability checks, consider packages that have reached end-of-life
|
||
|
as vulnerable.
|
||
|
This option is enabled by default.
|
||
|
.It Dv CHECK_VULNERABILITIES
|
||
|
Check for vulnerabilities when installing packages.
|
||
|
Supported values are:
|
||
|
.Bl -tag -width interactiveXX
|
||
|
.It Dv never
|
||
|
No check is performed.
|
||
|
.It Dv always
|
||
|
Passing the vulnerability check is required.
|
||
|
A missing pkg-vulnerabilities file is considered an error.
|
||
|
.It Dv interactive
|
||
|
The user is always asked to confirm installation of vulnerable packages.
|
||
|
.El
|
||
|
.It Dv CONFIG_CACHE_CONNECTIONS
|
||
|
Limit the global connection cache to this value.
|
||
|
For FTP this is the number of sessions without active command.
|
||
|
For HTTP this is the number of connections open with keep-alive.
|
||
|
.It Dv CONFIG_CACHE_CONNECTIONS_HOST
|
||
|
Like
|
||
|
.Dv CONFIG_CACHE_CONNECTIONS ,
|
||
|
but limit the number of connections to the host as well.
|
||
|
See
|
||
|
.Xr fetch 3
|
||
|
for further details
|
||
|
.It Dv DEFAULT_ACCEPTABLE_LICENSES
|
||
|
List of common Free and Open Source licenses packages are allowed to carry.
|
||
|
The default value contains all OSI approved licenses in pkgsrc on the date
|
||
|
pkg_install was released.
|
||
|
License names are case-sensitive.
|
||
|
.It Dv GPG
|
||
|
Path to
|
||
|
.Xr gpg 1 ,
|
||
|
which can be used to verify the signature in the
|
||
|
.Pa pkg-vulnerabilities
|
||
|
file when running
|
||
|
.Dl Ic pkg_admin check-pkg-vulnerabilities -s
|
||
|
or
|
||
|
.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
|
||
|
It can also be used to verify and sign binary packages.
|
||
|
.It Dv GPG_KEYRING_PKGVULN
|
||
|
Non-default keyring to use for verifying GPG signatures of
|
||
|
.Pa pkg-vulnerabilities .
|
||
|
.It Dv GPG_KEYRING_SIGN
|
||
|
Non-default keyring to use for signing packages with GPG.
|
||
|
.It Dv GPG_KEYRING_VERIFY
|
||
|
Non-default keyring to use for verifying GPG signature of packages.
|
||
|
.It Dv GPG_SIGN_AS
|
||
|
User-id to use for signing packages.
|
||
|
.It Dv IGNORE_PROXY
|
||
|
Use direct connections and ignore
|
||
|
.Ev FTP_PROXY
|
||
|
and
|
||
|
.Ev HTTP_PROXY .
|
||
|
.It Dv IGNORE_URL
|
||
|
One line per advisory which should be ignored when running
|
||
|
.Dl Ic pkg_admin audit
|
||
|
The URL from the
|
||
|
.Pa pkg-vulnerabilities
|
||
|
file should be used as value.
|
||
|
.It Dv PKG_DBDIR (*)
|
||
|
Location of the packages database.
|
||
|
This option is always overriden by the argument of the
|
||
|
.Fl K
|
||
|
option.
|
||
|
.It Dv PKG_PATH (*)
|
||
|
Search path for packages.
|
||
|
The entries are separated by semicolon.
|
||
|
Each entry specifies a directory or URL to search for packages.
|
||
|
.It Dv PKG_REFCOUNT_DBDIR (*)
|
||
|
Location of the package reference counts database directory.
|
||
|
The default value is
|
||
|
.Pa ${PKG_DBDIR}.refcount .
|
||
|
.It Dv PKGVULNDIR
|
||
|
Directory name in which the
|
||
|
.Pa pkg-vulnerabilities
|
||
|
file resides.
|
||
|
Default is
|
||
|
.Pa ${PKG_DBDIR} .
|
||
|
.It Dv PKGVULNURL
|
||
|
URL which is used for updating the local
|
||
|
.Pa pkg-vulnerabilities
|
||
|
file when running
|
||
|
.Dl Ic pkg_admin fetch-pkg-vulnerabilities
|
||
|
The default location is ftp.NetBSD.org using HTTP.
|
||
|
.Em Note :
|
||
|
Usually, only the compression type should be changed.
|
||
|
Currently supported are uncompressed files and files compressed by
|
||
|
.Xr bzip2 1
|
||
|
.Pq Pa .bz2
|
||
|
or
|
||
|
.Xr gzip 1
|
||
|
.Pq Pa .gz .
|
||
|
.It Dv VERBOSE_NETIO
|
||
|
Log details of network IO to stderr.
|
||
|
.It Dv VERIFIED_INSTALLATION
|
||
|
Set trust level used when installation.
|
||
|
Supported values are:
|
||
|
.Bl -tag -width interactiveXX
|
||
|
.It Dv never
|
||
|
No signature checks are performed.
|
||
|
.It Dv always
|
||
|
A valid signature is required.
|
||
|
If the binary package can not be verified, the installation is terminated
|
||
|
.It Dv trusted
|
||
|
A valid signature is required.
|
||
|
If the binary package can not be verified, the user is asked interactively.
|
||
|
.It Dv interactive
|
||
|
The user is always asked interactively when installing a package.
|
||
|
.El
|
||
|
.El
|
||
|
.Sh FILES
|
||
|
.Bl -tag -width ".Pa /etc/pkg_install.conf"
|
||
|
.It Pa /etc/pkg_install.conf
|
||
|
Default location for the file described in this manual page.
|
||
|
.El
|
||
|
.Sh SEE ALSO
|
||
|
.Xr pkg_add 1 ,
|
||
|
.Xr pkg_admin 1
|
||
|
.Xr pkg_create 1 ,
|
||
|
.Xr pkg_delete 1 ,
|
||
|
.Xr pkg_info 1
|