Import pkg_install-20090425:

[netbsd-mini2440.git] / external / bsd / pkg_install / dist / lib / pkg_install.conf.5.in

.\"     $NetBSD: pkg_install.conf.5.in,v 1.6 2009/04/25 21:31:14 joerg Exp $
.\"
.\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Thomas Klausner.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd April 25, 2009
.Dt PKG_INSTALL.CONF 5
.Os
.Sh NAME
.Nm pkg_install.conf
.Nd configuration file for package installation tools
.Sh DESCRIPTION
The file
.Nm
contains system defaults for the package installation tools
as a list of variable-value pairs.
Each line has the format
.Ev VARIABLE=VALUE .
If the value consists of more than one line, each line is prefixed with
.Ev VARIABLE= .
.Pp
The current value of a variable can be checked by running
.Dl Ic pkg_admin config-var VARIABLE
.Pp
The following variables are supported:
.Bl -tag -width indent
.It Dv ACCEPTABLE_LICENSES
List of licenses packages are allowed to carry.
.It Dv ACTIVE_FTP
Force the use of active FTP.
.It Dv CERTIFICATE_ANCHOR_PKGS
Path to the file containing the certificates used for validating
binary packages.
A package is trusted when a certificate chain ends in one of the
certificates contained in this file.
The certificates must be PEM-encoded.
.It Dv CERTIFICATE_ANCHOR_PKGVULN
Analogous to
.Dv CERTIFICATE_ANCHOR_PKGS .
The
.Pa pkg-vulnerabilities
is trusted when a certificate chain ends in one of the certificates
contained in this file.
.It Dv CERTIFICATE_CHAIN
Path to a file containing additional certificates that can be used
for completing certificate chains when validating binary packages or
pkg-vulnerabilities files.
.It Dv CHECK_VULNERABILITIES
Check for vulnerabilities when installing packages.
Supported values are:
.Bl -tag -width interactiveXX
.It Dv never
No check is performed.
.It Dv always
Passing the vulnerability check is required.
A missing pkg-vulnerabilities file is considered an error.
.It Dv interactive
The user is always asked to confirm installation of vulnerable packages.
.El
.It Dv DEFAULT_ACCEPTABLE_LICENSES
List of common Free and Open Source licenses packages are allowed to carry.
.It Dv GPG
Path to
.Xr gpg 1 ,
which can be used to verify the signature in the
.Pa pkg-vulnerabilities
file when running
.Dl Ic pkg_admin check-pkg-vulnerabilities -s
or
.Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
It can also be used to verify and sign binary packages.
.It Dv GPG_KEYRING_PKGVULN
Non-default keyring to use for verifying GPG signatures of
.Pa pkg-vulnerabilities .
.It Dv GPG_KEYRING_SIGN
Non-default keyring to use for signing packages with GPG.
.It Dv GPG_KEYRING_VERIFY
Non-default keyring to use for verifying GPG signature of packages.
.It Dv GPG_SIGN_AS
User-id to use for signing packages.
.It Dv IGNORE_PROXY
Use direct connections and ignore
.Ev FTP_PROXY
and
.Ev HTTP_PROXY .
.It Dv IGNORE_URL
One line per advisory which should be ignored when running
.Dl Ic pkg_admin audit
The URL from the
.Pa pkg-vulnerabilities
file should be used as value.
.It Dv PKG_PATH
Search path as used by
.Nm pkg_add .
Overridden by the environment variable
.Ev PKG_PATH .
.It Dv PKGVULNDIR
Directory name in which the
.Pa pkg-vulnerabilities
file resides.
Default is
.Pa ${PKG_DBDIR} .
.It Dv PKGVULNURL
URL which is used for updating the local
.Pa pkg-vulnerabilities
file when running
.Dl Ic pkg_admin fetch-pkg-vulnerabilities
The default is
.Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz
.Em Note :
Usually, only the compression type should be changed.
Currently supported are uncompressed files and files compressed by
.Xr bzip2 1
.Pq Pa .bz2
or
.Xr gzip 1
.Pq Pa .gz .
.It Dv VERBOSE_NETIO
Log details of network IO to stderr.
.It Dv VERIFIED_INSTALLATION
Set trust level used when installation.
Supported values are:
.Bl -tag -width interactiveXX
.It Dv never
No signature checks are performed.
.It Dv always
A valid signature is required.
If the binary package can not be verified, the installation is terminated
.It Dv trusted
A valid signature is required.
If the binary package can not be verified, the user is asked interactively.
.It Dv interactive
The user is always asked interactively when installing a package.
.El
.El
.Sh FILES
.Bl -tag -width ".Pa @SYSCONFDIR@/pkg_install.conf"
.It Pa @SYSCONFDIR@/pkg_install.conf
Default location for the file described in this manual page.
.El
.Sh SEE ALSO
.Xr pkg_add 1 ,
.Xr pkg_admin 1