Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

PKG_ADMIN(1)                General Commands Manual               PKG_ADMIN(1)

     pkg_admin - perform various administrative tasks to the pkg system

     pkg_admin [-bqSVv] [-C config] [-d lsdir] [-K pkg_dbdir] [-s sfx_pattern]
               command [args ...]

     This command performs various administrative tasks around the NetBSD
     Packages System.

     The following command-line options are supported:

     -b      Print only the base names when matching package names for lsall
             and lsbest.

     -C config
             Read the configuration file from config instead of the system

     -d lsdir
             Set lsdir as the path to the directory in which to find matching
             package names for lsall and lsbest.

     -K pkg_dbdir
             Override the value of the PKG_DBDIR configuration option with the
             value pkg_dbdir.

     -q      Perform checks in a quiet manner.  In normal operation, pkg_admin
             prints a `.' to standard output to indicate progress.  This
             option suppresses this progress indicator.

     -S      Set the shell glob pattern for package suffixes when matching
             package names for lsall and lsbest to be the null suffix.

     -s sfx_pattern
             Set the shell glob pattern for package suffixes when matching
             package names for lsall and lsbest.  The default pattern is

     -V      Print version number and exit.

     -v      Be more verbose.

     The following commands are supported:

     audit [-eis] [-t type] [pkg] ...
             Check the listed installed packages for vulnerabilities.  If no
             package is given, check all installed packages.  If -e is given,
             override the CHECK_END_OF_LIFE option from pkg_install.conf(5)
             with "yes".  If -i is given, any advisory ignored by IGNORE_URL
             in pkg_install.conf(5) is included but flagged as "ignored".  If
             -s is given, check the signature of the pkg-vulnerabilities file
             before using it.  -t restricts the reported vulnerabilities to
             type type.

     audit-pkg [-eis] [-t type] [pkg] ...
             Like audit, but check only the given package names or patterns.

     audit-batch [-eis] [-t type] [pkg-list] ...
             Like audit-pkg, but read the package names or patterns one per
             line from the given files.

     audit-history [-s] [-t type] [pkgbase] ...
             Print all vulnerabilities for the given base package names.

     check [pkg ...]
             Use this command to check the files belonging to some or all of
             the packages installed on the local machine against the checksum
             which was recorded in the +CONTENTS files at package installation
             time.  Symbolic links also have their integrity checked against
             the recorded value at package installation time.  If no
             additional argument is given, the files of all installed packages
             are checked, else only the named packages will be checked
             (wildcards can be used here, see pkg_info(1)).

             The packages' +CONTENTS files will be parsed and the checksum
             will be checked for every file found.  A warning message is
             printed if the expected checksum differs from the checksum of the
             file on disk.  Symbolic links are also checked, ensuring that the
             targets on disk are the same as the contents recorded at package
             installation time.

     check-license condition
             Check if condition can be fulfilled with the currently set of
             accepted licenses.  Prints either yes or no to stdout if the
             condition can be parsed, otherwise it exits with error.

     check-pkg-vulnerabilities [-s] file
             Check format and hashes in the pkg-vulnerabilities file file.  If
             -s is given, also check the embedded signature.

     check-signature file ...
             Reports if file is a correctly signed package.

     check-single-license license
             Check if license is a valid license name and if it is in the set
             of acceptable licenses.  Prints either yes or no to stdout if the
             condition can be parsed, otherwise it exits with error.

     config-var variable
             Print the current value of variable as used after parsing the
             configuration file.

     digest file ...
             Compute a SHA256 message digest of file.

     dump    Dump the contents of the package database, similar to pkg_info
             -F.  Columns are printed for the key field used in the pkgdb -
             the filename -, and the data field - the package the file belongs

     fetch-pkg-vulnerabilities [-su]
             Fetch a new pkg-vulnerabilities file, check the format and if -s
             is given the signature.  If all checks are passed, write it to
             pkgdb.  If -u is given, the fetch is conditional and the file
             transfer is only done if the remote version is newer than the one
             in pkgdb.

     findbest pattern ...
             Search the entries of PKG_PATH for packages matching pattern.
             Print the URL of the best matching package to stdout for each
             pattern.  If a pattern is not matched, it is skipped and the
             command will return a failure.

     gpg-sign-package pkg spkg
             Sign the binary package pkg using GPG and write the result to

     lsall /dir/pkgpattern

     lsbest /dir/pkgpattern
             List all/best package matching pattern in the given directory
             /dir.  If the -d flag is given, then that directory path
             overrides /dir.  Can be used to work around limitations of
             /bin/sh and other filename globbing mechanisms.  This option
             implements matching of pkg-wildcards against arbitrary files and
             directories, useful mainly in the build system itself.  See
             pkg_info(1) for a description of the pattern.


             yui# cd /usr/pkgsrc/packages/i386ELF/All/
             yui# ls unzip*
             unzip-5.40.tgz  unzip-5.41.tgz
             yui# pkg_admin lsall 'unzip*'
             yui# pkg_admin lsall 'unzip>=5.40'
             yui# pkg_admin lsall 'unzip>=5.41'
             yui# pkg_admin lsbest 'unzip>=5.40'
             yui# pkg_admin lsall /usr/pkgsrc/packages/i386ELF/All/'{mit,unproven}-pthread*'

     pmatch pattern pkg
             Returns true if pkg matches pattern, otherwise returns false.

             Rebuild the package database mapping from scratch, using the
             +CONTENTS files of the installed packages.  This option is only
             intended for recovery after system crashes during package
             installation and removal.

             Rebuild the +REQUIRED_BY files from scratch by reresolving all

             This option is intended to be used for fixing inconsistencies
             between the records of depending and depended-on packages, such
             as can arise by the use of pkg_delete -f.

     set variable=value pkg ...
             Set variable with information about the installed package.  Use
             unset to remove a variable.

             Packages that are not installed directly by the user but pulled
             in as dependencies are marked by setting "automatic=YES".

     x509-sign-package pkg spkg key cert
             Sign the binary package pkg using the key key and the certificate
             cert, using spkg as output file.

     unset variable pkg ...
             Remove an installation variable.

     See pkg_install.conf(5) for options, that can also be specified using the


     pkg_add(1), pkg_create(1), pkg_delete(1), pkg_info(1),
     pkg_install.conf(5), pkgsrc(7)

     The pkg_admin command first appeared in NetBSD 1.4.

     The pkg_admin command was written by Hubert Feyrer.

NetBSD 10.99                    August 22, 2020                   NetBSD 10.99