pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/pkgtools/pkg_install/files/lib
Module Name: pkgsrc
Committed By: riastradh
Date: Sat Feb 3 17:36:01 UTC 2024
Modified Files:
pkgsrc/pkgtools/pkg_install/files/lib: pkg_install.conf.cat.in
Log Message:
pkg_install: regen pkg_install.conf.cat.in
mandoc -Tascii -I os=pkgsrc <pkg_install.conf.5.in >pkg_install.conf.cat.in
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 \
pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in
diff -u pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in:1.7 pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in:1.8
--- pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in:1.7 Fri Dec 11 10:06:53 2020
+++ pkgsrc/pkgtools/pkg_install/files/lib/pkg_install.conf.cat.in Sat Feb 3 17:36:01 2024
@@ -17,135 +17,202 @@ D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
The following variables are supported:
- ACCEPTABLE_LICENSES
- Space-separated list of licenses packages are allowed to carry.
- License names are case-sensitive.
-
- ACTIVE_FTP
- Force the use of active FTP.
-
- CACHE_INDEX
- Cache directory listings in memory. This avoids retransfers of
- the large directory index for HTTP and is enabled by default.
+ ACCEPTABLE_LICENSES (list of license names)
+ Default: empty
+
+ Space-separated list of licenses considered acceptable when
+ CHECK_LICENSE is `yes' or `always', in addition to those listed
+ in DEFAULT_ACCEPTABLE_LICENSES. License names are case-
+ sensitive.
+
+ ACTIVE_FTP (empty or non-empty)
+ Default: empty
+
+ If non-empty, force the use of active FTP.
+
+ CACHE_INDEX (`yes' or `no')
+ Default: yes
+
+ If `yes', cache directory listings in memory. This avoids
+ retransfers of the large directory index for HTTP.
+
+ CERTIFICATE_ANCHOR_PKGS (empty or path)
+ Default: empty
- CERTIFICATE_ANCHOR_PKGS
Path to the file containing the certificates used for validating
binary packages. A package is trusted when a certificate chain
ends in one of the certificates contained in this file. The
certificates must be PEM-encoded.
- CERTIFICATE_ANCHOR_PKGVULN
- Analogous to CERTIFICATE_ANCHOR_PKGS. The _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s is
+ Required when VERIFIED_INSTALLATION is anything other than
+ `never'.
+
+ CERTIFICATE_ANCHOR_PKGVULN (empty or path)
+ Default: empty
+
+ If non-empty, path to the file containing the certificates used
+ for validating _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s. The _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s is
trusted when a certificate chain ends in one of the certificates
- contained in this file.
+ contained in this file. The certificates must be PEM-encoded.
+
+ CERTIFICATE_CHAIN (empty or path)
+ Default: empty
- CERTIFICATE_CHAIN
- Path to a file containing additional certificates that can be
- used for completing certificate chains when validating binary
- packages or pkg-vulnerabilities files.
+ If non-empty, path to a file containing additional certificates
+ that can be used for completing certificate chains when
+ validating binary packages or pkg-vulnerabilities files.
+
+ CHECK_LICENSE (`yes', `no', `always')
+ Default: no
+
+ When installing a package, check whether its license, as
+ specified in the LICENSE build info tag, is acceptable, i.e.,
+ listed in ACCEPTABLE_LICENSES or DEFAULT_ACCEPTABLE_LICENSES.
- CHECK_LICENSE
- Check the license conditions of packages before installing them.
Supported values are:
- no The check is not performed.
+ no Install package no matter what license it has.
- yes The check is performed if the package has license
- conditions set.
+ yes If package has LICENSE set, require the license to be
+ acceptable before installing. If package is missing
+ LICENSE, install it anyway.
- always Passing the license check is required. Missing
- license conditions are considered an error.
+ always Require LICENSE to be set, and require the license to
+ be acceptable, before installing.
+
+ CHECK_END_OF_LIFE (`yes' or `no')
+ Default: `yes'
- CHECK_END_OF_LIFE
During vulnerability checks, consider packages that have reached
- end-of-life as vulnerable. This option is enabled by default.
+ end-of-life as vulnerable.
+
+ CHECK_OS_VERSION (`yes' or `no')
+ Default: `yes'
+
+ If `yes', pkg_add will warn if the host OS version mismatches the
+ OS version the package was built on.
+
+ For example, you can set this to `no' in order to install
+ packages built for NetBSD 9.0 on NetBSD 10.0, where they will
+ still generally work. Packages for which this may not work have
+ a more stringent version check through the osabi package; see
+ CHECK_OSABI.
+
+ CHECK_OSABI (`yes' or `no')
+ Default: `yes'
+
+ If `yes', the osabi package checks that it matches the OS
+ version.
- CHECK_OS_VERSION
- If "no", pkg_add will not warn if the host OS version does not
- exactly match the OS version the package was built on. The
- default is "yes".
-
- CHECK_OSABI
- If "no", osabi package does not check OS version. The default is
- "yes".
+ Packages that are tightly bound to a specific version of an
+ operating system, such as kernel modules or sysutils/lsof, depend
+ on the osabi package to reflect this, so that even if
+ CHECK_OS_VERSION is `no', such packages will refuse to install
+ unless CHECK_OSABI is also `no'.
- CHECK_VULNERABILITIES
- Check for vulnerabilities when installing packages. Supported
+ CHECK_VULNERABILITIES (`never', `always', `interactive')
+ Default: `never'
+
+ Check for vulnerabilities when installing a package. Supported
values are:
- never No check is performed.
+ never Install package even if it is known to be
+ vulnerable.
+
+ always Install package only if it is not known to be
+ vulnerable.
- always Passing the vulnerability check is required. A
- missing pkg-vulnerabilities file is considered an
- error.
-
- interactive The user is always asked to confirm installation
- of vulnerable packages.
-
- CONFIG_CACHE_CONNECTIONS
- Limit the global connection cache to this value. For FTP, this
- is the number of sessions without active command. For HTTP, this
- is the number of connections open with keep-alive.
-
- CONFIG_CACHE_CONNECTIONS_HOST
- Like CONFIG_CACHE_CONNECTIONS, but limit the number of
- connections to the host as well. See fetch(3) for further
- details
+ If the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file is missing,
+ assume package is vulnerable and refuse to
+ install it.
+
+ interactive Install package without user interaction if it
+ is not known to be vulnerable. Otherwise,
+ prompt user to confirm installation.
+
+ If the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file is missing,
+ ignore it and install package anyway.
DEFAULT_ACCEPTABLE_LICENSES
- Space-separated list of common Free and Open Source licenses
- packages are allowed to carry. The default value contains all
- OSI approved licenses in pkgsrc on the date pkg_install was
- released. License names are case-sensitive.
-
- GPG Path to gpg(1), which can be used to verify the signature in the
- _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file when running
- p�pk�kg�g_�_a�ad�dm�mi�in�n c�ch�he�ec�ck�k-�-p�pk�kg�g-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ti�ie�es�s -�-s�s
- or
- p�pk�kg�g_�_a�ad�dm�mi�in�n f�fe�et�tc�ch�h-�-p�pk�kg�g-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ti�ie�es�s -�-s�s
- It can also be used to verify and sign binary packages.
-
- GPG_KEYRING_PKGVULN
- Non-default keyring to use for verifying GPG signatures of
- _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s.
+ Space separated list of licenses considered acceptable when
+ CHECK_LICENSE is `yes' or `always', in addition to those listed
+ in ACCEPTABLE_LICENSES. License names are case-sensitive.
- GPG_KEYRING_SIGN
- Non-default keyring to use for signing packages with GPG.
+ The default value of DEFAULT_ACCEPTABLE_LICENSES (list of license
+ names) lists all licenses recorded in pkgsrc which have been
+ either:
- GPG_KEYRING_VERIFY
- Non-default keyring to use for verifying GPG signature of
- packages.
+ -�- approved as open source by the _�O_�p_�e_�n _�S_�o_�u_�r_�c_�e _�I_�n_�i_�t_�i_�a_�t_�i_�v_�e:
+ h�ht�tt�tp�ps�s:�:/�//�/o�op�pe�en�ns�so�ou�ur�rc�ce�e.�.o�or�rg�g/�/,
+
+ -�- approved as free software by the _�F_�r_�e_�e _�S_�o_�f_�t_�w_�a_�r_�e _�F_�o_�u_�n_�d_�a_�t_�i_�o_�n:
+ h�ht�tt�tp�ps�s:�:/�//�/w�ww�ww�w.�.f�fs�sf�f.�.o�or�rg�g/�/, or
+
+ -�- considered free software under the Debian Free Software
+ Guidelines by the _�D_�e_�b_�i_�a_�n _�P_�r_�o_�j_�e_�c_�t: h�ht�tt�tp�ps�s:�:/�//�/w�ww�ww�w.�.d�de�eb�bi�ia�an�n.�.o�or�rg�g/�/,
+ and are not `network copyleft' licenses such as the GNU Affero
+ GPLv3.
+
+ GPG (empty or path)
+ Default: empty
+
+ Path to gpg(1), required for p�pk�kg�g_�_a�ad�dm�mi�in�n g�gp�pg�g-�-s�si�ig�gn�n-�-p�pa�ac�ck�ka�ag�ge�e. (All
+ other GPG/OpenPGP operations are done internally with
+ libnetpgpverify(3).)
- GPG_SIGN_AS
- User-id to use for signing packages.
+ GPG_KEYRING_PKGVULN (empty or path)
+ Default: empty
- IGNORE_PROXY
- Use direct connections and ignore FTP_PROXY and HTTP_PROXY.
+ If non-empty, keyring to use for verifying GPG signatures on
+ _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s, overriding the default keyring.
- IGNORE_URL
- One line per advisory which should be ignored when running
+ GPG_KEYRING_SIGN (empty or path)
+ Default: empty
+
+ If non-empty, keyring to use for signing packages with p�pk�kg�g_�_a�ad�dm�mi�in�n
+ g�gp�pg�g-�-s�si�ig�gn�n-�-p�pa�ac�ck�ka�ag�ge�e, overriding the default keyring.
+
+ GPG_KEYRING_VERIFY (empty or path)
+ Default: empty
+
+ If non-empty, keyring to use for verifying package signatures on
+ installation, overriding the default keyring.
+
+ GPG_SIGN_AS (empty or OpenPGP user-id)
+ OpenpGP user-id to use for signing packages with p�pk�kg�g_�_a�ad�dm�mi�in�n
+ g�gp�pg�g-�-s�si�ig�gn�n-�-p�pa�ac�ck�ka�ag�ge�e, passed as the argument of `--local-user' (-�-u�u)
+ to gpg(1).
+
+ IGNORE_PROXY (empty or non-empty)
+ Default: empty
+
+ If non-empty, use direct connections and ignore FTP_PROXY and
+ HTTP_PROXY.
+
+ IGNORE_URL (URL, maybe specified multiple times)
+ One URL per advisory which should be ignored when running
p�pk�kg�g_�_a�ad�dm�mi�in�n a�au�ud�di�it�t
The URL from the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file should be used as
value.
- PKG_DBDIR (*)
- Location of the packages database. This option is always
- overriden by the argument of the -�-K�K option.
+ PKG_DBDIR (*; path)
+ Location of the packages database. This option is overriden by
+ the argument of the -�-K�K option.
- PKG_PATH (*)
+ PKG_PATH (*; colon-separated list of paths or URLs)
Search path for packages. The entries are separated by
semicolon. Each entry specifies a directory or URL to search for
packages.
- PKG_REFCOUNT_DBDIR (*)
+ PKG_REFCOUNT_DBDIR (*; path)
Location of the package reference counts database directory. The
default value is _�$_�{_�P_�K_�G_�__�D_�B_�D_�I_�R_�}_�._�r_�e_�f_�c_�o_�u_�n_�t.
- PKGVULNDIR
+ PKGVULNDIR (path)
Directory name in which the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file resides.
Default is _�$_�{_�P_�K_�G_�__�D_�B_�D_�I_�R_�}.
- PKGVULNURL
+ PKGVULNURL (URL)
URL which is used for updating the local _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file
when running
p�pk�kg�g_�_a�ad�dm�mi�in�n f�fe�et�tc�ch�h-�-p�pk�kg�g-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ti�ie�es�s
@@ -154,24 +221,28 @@ D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
supported are uncompressed files and files compressed by bzip2(1)
(_�._�b_�z_�2) or gzip(1) (_�._�g_�z).
- VERBOSE_NETIO
- Log details of network IO to stderr.
+ VERBOSE_NETIO (empty or non-empty)
+ If non-empty, log details of network IO to stderr.
- VERIFIED_INSTALLATION
- Set trust level used when installation. Supported values are:
+ VERIFIED_INSTALLATION (`never', `always', `trusted', `interactive')
+ Default: `never'
- never No signature checks are performed.
+ Verification requirement for installing a package. Supported
+ values are:
- always A valid signature is required. If the binary
- package can not be verified, the installation is
- terminated
+ never Install package unconditionally.
- trusted A valid signature is required. If the binary
- package can not be verified, the user is asked
- interactively.
+ always Install package only if it has a valid X.509 or
+ OpenPGP signature.
- interactive The user is always asked interactively when
- installing a package.
+ trusted Install package without user interaction if it has a
+ valid X.509 or OpenPGP signature. Otherwise, prompt
+ user to confirm installation.
+
+ interactive Always prompt the user to confirm installation when
+ installing a package. W�WA�AR�RN�NI�IN�NG�G: This does not tell
+ the user whether the package had a valid signature
+ or not.
F�FI�IL�LE�ES�S
_�@_�S_�Y_�S_�C_�O_�N_�F_�D_�I_�R_�@_�/_�p_�k_�g_�__�i_�n_�s_�t_�a_�l_�l_�._�c_�o_�n_�f Default location for the file
Home |
Main Index |
Thread Index |
Old Index