[BACK]Return to MESSAGE CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install

File: [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install / MESSAGE (download)

Revision 1.5, Mon Feb 2 12:34:59 2009 UTC (5 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, HEAD
Changes since 1.4: +14 -19 lines

Merge pkg_install-20090201 from pkg_install-renovation branch.

- DB support is always included from libnbcompat if needed
- pkg_view and linkfarm are not installed any more; they are not moved
into the attic yet, so they can easily be installed as separte package
- common configuration file to customise the behavior of various
components; this supersedes the old audit-packages.conf
- support for PKSC7 signatures (using X509 certs) and GPG signatures for
packages in a secure way. See pkg_admin(8) for how to create them and
pkg_install.conf(5) for the options to use them
- audit-packages and download-vulnerability-list are wrapper scripts
  around pkg_admin. They try to mimic the classic options if used sanely.
  "pkg_admin audit" is now an order of magnitude faster than before
- pkg_add uses libarchive and libfetch instead of external ftp and tar:
  - progress bar is currently missing for downloads
  - "pkg_add -" is no longer supported
  - no adhoc check for conficts between dependencies and already
    installed packages
  - "pkg_add -s" has been replaced with an option in pkg_install.conf,
    verification of plain detached GPG signatures is no longer supported
  - optional check for vulnerabilities before adding a package
  - if /var and /usr/pkg are on different fileystems it is twice as fast
    now
  - conflicts due to overlapping plists are checked before installation
  - pkg_add no longer plays with the process limits
- pkg_add and pkg_delete have a new destdir option; scripts have to
  either be modified to use PKG_DESTDIR or should be disabled
- pkg_add -u for now can't be used to update to the exact same version
- internal "rm -rf" and "mkdir_p" code
- all memory allocation failures are not explicitly fatal
- if a file is not removed due to a failed checksum, still remove the
  entry from pkgdb

===========================================================================
$NetBSD: MESSAGE,v 1.5 2009/02/02 12:34:59 joerg Exp $

You may wish to have the vulnerabilities file downloaded daily so that
it remains current.  This may be done by adding an appropriate entry
to a user's crontab(5) entry.  For example the entry

# download vulnerabilities file
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1

will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.

In addition, you may wish to run the package audit from the daily
security script.  This may be accomplished by adding the following
lines to /etc/security.local

if [ -x ${PREFIX}/sbin/pkg_admin ]; then
        ${PREFIX}/sbin/pkg_admin audit
fi

Alternatively this can also be acomplished by adding an entry to a user's
crontab(5) file. e.g.:

# run audit-packages
0 3 * * * ${PREFIX}/sbin/pkg_admin audit

Both pkg_admin subcommands can be run as as an unprivileged user,
as long as the user chosen has permission to read the pkgdb and to write
the pkg-vulnerabilites to ${PKGVULNDIR}.

The behavior of pkg_admin and pkg_add can be customised with
pkg_install.conf.  Please see pkg_install.conf(5) for details.

If you want to use GPG signature verification you will need to install
GnuPG and set the path for GPG appropriately in your pkg_install.conf.
===========================================================================