Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
PKG_INSTALL.CONF(5) File Formats Manual PKG_INSTALL.CONF(5)
NAME
pkg_install.conf - configuration file for package installation tools
DESCRIPTION
The file pkg_install.conf contains system defaults for the package
installation tools as a list of variable-value pairs. Each line has the
format VARIABLE=VALUE. If the value consists of more than one line, each
line is prefixed with VARIABLE=.
The current value of a variable can be checked by running
pkg_admin config-var VARIABLE
Some variables are overriden by environmental variables of the same name.
Those are marked by (*).
The following variables are supported:
ACCEPTABLE_LICENSES (list of license names)
Default: empty
Space-separated list of licenses considered acceptable when
CHECK_LICENSE is `yes' or `always', in addition to those listed
in DEFAULT_ACCEPTABLE_LICENSES. License names are case-
sensitive.
ACTIVE_FTP (empty or non-empty)
Default: empty
If non-empty, force the use of active FTP. Otherwise, try
passive FTP first, and fall back to active FTP if the server
reports a syntax error.
CACHE_INDEX (`yes' or `no')
Default: yes
If `yes', cache directory listings in memory. This avoids
retransfers of the large directory index for HTTP.
CERTIFICATE_ANCHOR_PKGS (empty or path)
Default: empty
Path to the file containing the certificates used for validating
binary packages. A package is trusted when a certificate chain
ends in one of the certificates contained in this file. The
certificates must be PEM-encoded.
Required when VERIFIED_INSTALLATION is anything other than
`never'.
CERTIFICATE_ANCHOR_PKGVULN (empty or path)
Default: empty
If non-empty, path to the file containing the certificates used
for validating pkg-vulnerabilities. The pkg-vulnerabilities is
trusted when a certificate chain ends in one of the certificates
contained in this file. The certificates must be PEM-encoded.
CERTIFICATE_CHAIN (empty or path)
Default: empty
If non-empty, path to a file containing additional certificates
that can be used for completing certificate chains when
validating binary packages or pkg-vulnerabilities files.
CHECK_LICENSE (`yes', `no', or `always')
Default: no
When installing a package, check whether its license, as
specified in the LICENSE build info tag, is acceptable, i.e.,
listed in ACCEPTABLE_LICENSES or DEFAULT_ACCEPTABLE_LICENSES.
Supported values are:
no Install package no matter what license it has.
yes If package has LICENSE set, require the license to be
acceptable before installing. If package is missing
LICENSE, install it anyway.
always Require LICENSE to be set, and require the license to
be acceptable, before installing.
CHECK_END_OF_LIFE (`yes' or `no')
Default: `yes'
During vulnerability checks, consider packages that have reached
end-of-life as vulnerable.
CHECK_OS_VERSION (`yes' or `no')
Default: `yes'
If `yes', pkg_add will warn if the host OS version mismatches the
OS version the package was built on.
For example, you can set this to `no' in order to install
packages built for NetBSD 9.0 on NetBSD 10.0, where they will
still generally work. Packages for which this may not work have
a more stringent version check through the osabi package; see
CHECK_OSABI.
CHECK_OSABI (`yes' or `no')
Default: `yes'
If `yes', the osabi package checks that it matches the OS
version.
Packages that are tightly bound to a specific version of an
operating system, such as kernel modules or sysutils/lsof, depend
on the osabi package to reflect this, so that even if
CHECK_OS_VERSION is `no', such packages will refuse to install
unless CHECK_OSABI is also `no'.
CHECK_VULNERABILITIES (`never', `always', or `interactive')
Default: `never'
Check for vulnerabilities when installing a package. Supported
values are:
never Install package even if it is known to be
vulnerable.
always Install package only if it is not known to be
vulnerable.
If the pkg-vulnerabilities file is missing,
assume package is vulnerable and refuse to
install it.
interactive Install package without user interaction if it
is not known to be vulnerable. Otherwise,
prompt user to confirm installation.
If the pkg-vulnerabilities file is missing,
ignore it and install package anyway.
DEFAULT_ACCEPTABLE_LICENSES
Space separated list of licenses considered acceptable when
CHECK_LICENSE is `yes' or `always', in addition to those listed
in ACCEPTABLE_LICENSES. License names are case-sensitive.
The default value of DEFAULT_ACCEPTABLE_LICENSES (list of license
names) lists all licenses recorded in pkgsrc which have been
either:
- approved as open source by the Open Source Initiative:
https://opensource.org/,
- approved as free software by the Free Software Foundation:
https://www.fsf.org/, or
- considered free software under the Debian Free Software
Guidelines by the Debian Project: https://www.debian.org/,
and are not `network copyleft' licenses such as the GNU Affero
GPLv3.
GPG (empty or path)
Default: empty
Path to gpg(1), required for pkg_admin gpg-sign-package. (All
other GPG/OpenPGP operations are done internally with
libnetpgpverify(3).)
GPG_KEYRING_PKGVULN (empty or path)
Default: empty
If non-empty, keyring to use for verifying OpenPGP signatures on
pkg-vulnerabilities, overriding the default keyring.
GPG_KEYRING_SIGN (empty or path)
Default: empty
If non-empty, keyring to use for signing packages with pkg_admin
gpg-sign-package, overriding the default keyring.
GPG_KEYRING_VERIFY (empty or path)
Default: empty
If non-empty, keyring to use for verifying package signatures on
installation, overriding the default keyring.
GPG_SIGN_AS (empty or OpenPGP user-id)
Default: empty
If non-empty, OpenPGP user-id to use for signing packages with
pkg_admin gpg-sign-package, passed as the argument of
`--local-user' (-u) to gpg(1).
IGNORE_PROXY (empty or non-empty)
Default: empty
If non-empty, use direct connections and ignore FTP_PROXY and
HTTP_PROXY.
IGNORE_URL (URL, may be specified multiple times)
Default: none
URL of a security advisory from the pkg-vulnerabilities that
should be ignored when running:
pkg_admin audit
May be specified multiple times to ignore multiple advisories.
PKG_DBDIR (*) (path)
Default: @PKG_DBDIR@
Location of the packages database. This option is overriden by
the argument of the -K option.
PKG_PATH (*) (semicolon-separated list of paths or URLs)
Default: empty
Search path for packages. The entries are separated by
semicolon. Each entry specifies a directory or URL to search for
packages.
PKG_REFCOUNT_DBDIR (*) (path)
Default: ${PKG_DBDIR}.refcount
Location of the package reference counts database directory.
PKGVULNDIR (path)
Default: ${PKG_DBDIR}
Directory name in which the pkg-vulnerabilities file resides.
PKGVULNURL (URL)
Default:
http://cdn.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerablities.gz
URL which is used for updating the local pkg-vulnerabilities file
when running:
pkg_admin fetch-pkg-vulnerabilities
Note: Usually, only the compression type should be changed.
Currently supported are uncompressed files and files compressed
by bzip2(1) (.bz2) or gzip(1) (.gz).
VERBOSE_NETIO (empty or non-empty)
Default: empty
If non-empty, log details of network IO to stderr.
VERIFIED_INSTALLATION (`never', `always', `trusted', or `interactive')
Default: `never'
Verification requirement for installing a package. Supported
values are:
never Install package unconditionally.
always Install package only if it has a valid X.509 or
OpenPGP signature.
trusted Install package without user interaction if it
has a valid X.509 or OpenPGP signature.
Otherwise, prompt user to confirm installation.
interactive Always prompt the user to confirm installation
when installing a package. WARNING: This does
not tell the user whether the package had a
valid signature or not.
FILES
/etc/pkg_install.conf Default location for the file described in
this manual page.
SEE ALSO
pkg_add(1), pkg_admin(1), pkg_create(1), pkg_delete(1), pkg_info(1)
NetBSD 11.99 October 28, 2014 NetBSD 11.99