From NetBSD Wiki

This is a draft for designing a pkgsrc configuration file. The main intention was to free the pkgsrc user from the requirement of setting environment variables like PKG_PATH to configure pkgsrc.

Contents 1 Header 2 Sources for binary packages 3 Cache for downloaded binary packages 4 Accepted licenses 5 Behavior of pkg_add

Header

# $NetBSD$
#
# This is an example configuration file for pkgsrc.
#

Sources for binary packages

# These are the places where pkg_add looks for binary packages.
#
#packages /cdrom/packages/NetBSD/i386/3.1_i386/All
packages ftp://ftp.NetBSD.org/pub/pkgsrc/@OPSYS@/@MACHINE_ARCH@/@OS_VERSION@/All
#packages ftp://ftp.NetBSD.org/pub/pkgsrc/@OPSYS@/@MACHINE_ARCH@/@OS_VERSION@/vulnerable

Specifying the location of binary packages in an environment variable is ugly. Therefore, this configuration file was invented.

Cache for downloaded binary packages

# The cache for the pkg_summary files and the downloaded binary packages.
cache /var/cache/packages
#clear_cache_after 7 days
#clear_cache_after installation

Binary packages that are downloaded via HTTP or FTP are saved in this directory before they are installed. It would be a waste of bandwidth to download a large package only to realize that its license is not yet accepted or that some dependency cannot be resolved. Another benefit is that the cache directory can be shared via NFS, so that the packages can be installed on multiple machines without having to download them each time.

Accepted licenses

# Only packages that have the following licenses may be installed.
#
license @DEFAULT_ACCEPTABLE_LICENSES@

Currently, pkg_add ignores the licenses of binary packages completely. You can just say pkg_add * and have all kinds of packages installed, no matter whether you wanted to accept the license or not. When installing packages from source, there is already ACCEPTABLE_LICENSES. There needs to be a similar mechanism for binary packages, too.

Behavior of pkg_add

# Select which of the pkg_add actions may be executed and which may not.
# Possible reactions are: ok, fail, skip, ask. The default is ask.
# For more information about the actions, run (FIXME:) pkg_admin --show-actions
#
action shell ask
action info ok
action setugid ask
action configfile ok
action exec ask

pkg_add is going to allow the pkgsrc user to control the commands that are executed during package installation. This makes the installation of untrusted packages a bit more secure. The intention is that only code that comes from pkgsrc itself is run during the installation, unless the pkgsrc user allows it explicitly.