1 .\" $NetBSD: pkg_install.conf.5.in,v 1.6 2009/04/25 21:31:14 joerg Exp $
3 .\" Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
4 .\" All rights reserved.
6 .\" This code is derived from software contributed to The NetBSD Foundation
7 .\" by Thomas Klausner.
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
18 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 .\" POSSIBILITY OF SUCH DAMAGE.
31 .Dt PKG_INSTALL.CONF 5
35 .Nd configuration file for package installation tools
39 contains system defaults for the package installation tools
40 as a list of variable-value pairs.
41 Each line has the format
43 If the value consists of more than one line, each line is prefixed with
46 The current value of a variable can be checked by running
47 .Dl Ic pkg_admin config-var VARIABLE
49 The following variables are supported:
50 .Bl -tag -width indent
51 .It Dv ACCEPTABLE_LICENSES
52 List of licenses packages are allowed to carry.
54 Force the use of active FTP.
55 .It Dv CERTIFICATE_ANCHOR_PKGS
56 Path to the file containing the certificates used for validating
58 A package is trusted when a certificate chain ends in one of the
59 certificates contained in this file.
60 The certificates must be PEM-encoded.
61 .It Dv CERTIFICATE_ANCHOR_PKGVULN
63 .Dv CERTIFICATE_ANCHOR_PKGS .
65 .Pa pkg-vulnerabilities
66 is trusted when a certificate chain ends in one of the certificates
67 contained in this file.
68 .It Dv CERTIFICATE_CHAIN
69 Path to a file containing additional certificates that can be used
70 for completing certificate chains when validating binary packages or
71 pkg-vulnerabilities files.
72 .It Dv CHECK_VULNERABILITIES
73 Check for vulnerabilities when installing packages.
75 .Bl -tag -width interactiveXX
77 No check is performed.
79 Passing the vulnerability check is required.
80 A missing pkg-vulnerabilities file is considered an error.
82 The user is always asked to confirm installation of vulnerable packages.
84 .It Dv DEFAULT_ACCEPTABLE_LICENSES
85 List of common Free and Open Source licenses packages are allowed to carry.
89 which can be used to verify the signature in the
90 .Pa pkg-vulnerabilities
92 .Dl Ic pkg_admin check-pkg-vulnerabilities -s
94 .Dl Ic pkg_admin fetch-pkg-vulnerabilities -s
95 It can also be used to verify and sign binary packages.
96 .It Dv GPG_KEYRING_PKGVULN
97 Non-default keyring to use for verifying GPG signatures of
98 .Pa pkg-vulnerabilities .
99 .It Dv GPG_KEYRING_SIGN
100 Non-default keyring to use for signing packages with GPG.
101 .It Dv GPG_KEYRING_VERIFY
102 Non-default keyring to use for verifying GPG signature of packages.
104 User-id to use for signing packages.
106 Use direct connections and ignore
111 One line per advisory which should be ignored when running
112 .Dl Ic pkg_admin audit
114 .Pa pkg-vulnerabilities
115 file should be used as value.
117 Search path as used by
119 Overridden by the environment variable
122 Directory name in which the
123 .Pa pkg-vulnerabilities
128 URL which is used for updating the local
129 .Pa pkg-vulnerabilities
131 .Dl Ic pkg_admin fetch-pkg-vulnerabilities
133 .Pa ftp://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.gz
135 Usually, only the compression type should be changed.
136 Currently supported are uncompressed files and files compressed by
143 Log details of network IO to stderr.
144 .It Dv VERIFIED_INSTALLATION
145 Set trust level used when installation.
146 Supported values are:
147 .Bl -tag -width interactiveXX
149 No signature checks are performed.
151 A valid signature is required.
152 If the binary package can not be verified, the installation is terminated
154 A valid signature is required.
155 If the binary package can not be verified, the user is asked interactively.
157 The user is always asked interactively when installing a package.
161 .Bl -tag -width ".Pa @SYSCONFDIR@/pkg_install.conf"
162 .It Pa @SYSCONFDIR@/pkg_install.conf
163 Default location for the file described in this manual page.