pkg_install.conf —
configuration file for package installation tools
The file pkg_install.conf contains system defaults for
  the package installation tools as a list of variable-value pairs. Each line
  has the format VARIABLE=VALUE. If the value consists
  of more than one line, each line is prefixed with
  VARIABLE=.
The current value of a variable can be checked by running
pkg_admin config-var
  VARIABLE
Some variables are overriden by environmental variables of the
    same name. Those are marked by (*).
The following variables are supported:
  - ACCEPTABLE_LICENSES
- Space-separated list of licenses packages are allowed to carry. License
      names are case-sensitive.
- ACTIVE_FTP
- Force the use of active FTP.
- CACHE_INDEX
- Cache directory listings in memory. This avoids retransfers of the large
      directory index for HTTP and is enabled by default.
- CERTIFICATE_ANCHOR_PKGS
- Path to the file containing the certificates used for validating binary
      packages. A package is trusted when a certificate chain ends in one of the
      certificates contained in this file. The certificates must be
    PEM-encoded.
- CERTIFICATE_ANCHOR_PKGVULN
- Analogous to CERTIFICATE_ANCHOR_PKGS. The
      pkg-vulnerabilities is trusted when a certificate
      chain ends in one of the certificates contained in this file.
- CERTIFICATE_CHAIN
- Path to a file containing additional certificates that can be used for
      completing certificate chains when validating binary packages or
      pkg-vulnerabilities files.
- CHECK_LICENSE
- Check the license conditions of packages before installing them. Supported
      values are:
    
      - no
- The check is not performed.
- yes
- The check is performed if the package has license conditions set.
- always
- Passing the license check is required. Missing license conditions are
          considered an error.
 
- CHECK_END_OF_LIFE
- During vulnerability checks, consider packages that have reached
      end-of-life as vulnerable. This option is enabled by default.
- CHECK_OS_VERSION
- If "no", pkg_add will not warn if the host OS version does not
      exactly match the OS version the package was built on. The default is
      "yes".
- CHECK_OSABI
- If "no", osabi package does not check OS version. The default is
      "yes".
- CHECK_VULNERABILITIES
- Check for vulnerabilities when installing packages. Supported values are:
    
      - never
- No check is performed.
- always
- Passing the vulnerability check is required. A missing
          pkg-vulnerabilities file is considered an error.
- interactive
- The user is always asked to confirm installation of vulnerable
          packages.
 
- CONFIG_CACHE_CONNECTIONS
- Limit the global connection cache to this value. For FTP, this is the
      number of sessions without active command. For HTTP, this is the number of
      connections open with keep-alive.
- CONFIG_CACHE_CONNECTIONS_HOST
- Like CONFIG_CACHE_CONNECTIONS, but limit the
      number of connections to the host as well. See
      fetch(3) for further
    details
- DEFAULT_ACCEPTABLE_LICENSES
- Space-separated list of common Free and Open Source licenses packages are
      allowed to carry. The default value contains all OSI approved licenses in
      pkgsrc on the date pkg_install was released. License names are
      case-sensitive.
- GPG
- Path to gpg(1), which can be
      used to verify the signature in the
      pkg-vulnerabilities file when running
    pkg_admin
      check-pkg-vulnerabilities -s
 orpkg_admin
      fetch-pkg-vulnerabilities -s
 It can also be used to verify and sign binary packages.
- GPG_KEYRING_PKGVULN
- Non-default keyring to use for verifying GPG signatures of
      pkg-vulnerabilities.
- GPG_KEYRING_SIGN
- Non-default keyring to use for signing packages with GPG.
- GPG_KEYRING_VERIFY
- Non-default keyring to use for verifying GPG signature of packages.
- GPG_SIGN_AS
- User-id to use for signing packages.
- IGNORE_PROXY
- Use direct connections and ignore FTP_PROXYandHTTP_PROXY.
- IGNORE_URL
- One line per advisory which should be ignored when running
    pkg_admin
      audit
 The URL from the pkg-vulnerabilities file should be
      used as value.
- PKG_DBDIR
    (*)
- Location of the packages database. This option is always overriden by the
      argument of the -Koption.
- PKG_PATH
    (*)
- Search path for packages. The entries are separated by semicolon. Each
      entry specifies a directory or URL to search for packages.
- PKG_REFCOUNT_DBDIR
    (*)
- Location of the package reference counts database directory. The default
      value is ${PKG_DBDIR}.refcount.
- PKGVULNDIR
- Directory name in which the pkg-vulnerabilities
      file resides. Default is ${PKG_DBDIR}.
- PKGVULNURL
- URL which is used for updating the local
      pkg-vulnerabilities file when running
    pkg_admin
      fetch-pkg-vulnerabilities
 The default location is ftp.NetBSD.org using HTTP. Note:
      Usually, only the compression type should be changed. Currently supported
      are uncompressed files and files compressed by
      bzip2(1)
      (.bz2) or
      gzip(1)
      (.gz).
- VERBOSE_NETIO
- Log details of network IO to stderr.
- VERIFIED_INSTALLATION
- Set trust level used when installation. Supported values are:
    
      - never
- No signature checks are performed.
- always
- A valid signature is required. If the binary package can not be
          verified, the installation is terminated
- trusted
- A valid signature is required. If the binary package can not be
          verified, the user is asked interactively.
- interactive
- The user is always asked interactively when installing a package.
 
  - /etc/pkg_install.conf
- Default location for the file described in this manual page.