Martin Husemann <martin%duskware.de@localhost> writes: > On Tue, Aug 10, 2021 at 11:52:00AM +0000, nia wrote: >> > It still seems needed to me. My view is more or less (and I think this >> > is all #if NetBSD): >> >> > - a system with /var/db/pkg that is not explicitly configured to use >> > it (mk.conf and pkg_install.conf both) is misconfigured >> >> This means NetBSD is misconfigured by default :/ > > Hey, I have an idea ... > > couldn't each repo of binary pkgs (for NetBSD) come with a x509 > certificate chain and some config files to drop into the empty system > (or merge if reasonable) that configure pkgs for the PREFIX used and > set up proper PKGDB config? > > And then make the bin pkgs signed (with a certificate in that chain > and the other end of the chain being a master NetBSD bin pkg > certificate, pre-installed with the NetBSD distribution). > > We just need to agree on a name and contents for that info and then have > a script that gets things going before the first binary pkg is added. I am not sure if you are serious. As I see it pkgsrc decided to change the standard location for pkgdb. So while it's possible now, as it was before, for any individual person to change all manner of deafult settings, it's nonstandard to have the db in /var/db/pkg. We have always had the view that bulk builds for distribution should be built with default options, for NetBSD at least. Concrete improvement steps (some of these may be done already; I don't install that often) If pkg_add is ok with starting from no database, change 8/9/current to not install any pkgdb directories. If pkg_add is not really ok with no database, or maybe anyway, change 8/9/current to install /usr/pkg/pkgdb. In installer for upgrade, warn and point to pkgdb-change if /var/db/pkg exists. Configure all TNF builders to have databases in /usr/pkg/pkgdb and no /var/db/pkg. Maybe, adjust checks for /var/db/pkg to be more of "/var/db/pkg exists and this is a bug" flavor. Continue to tell poeple that PKG_DBDIR should be set in mk.conf and install.conf. So far I think people doing that are not having trouble.
Description: PGP signature