OpenBSD-4.6/usr.sbin/pkg_add/pkg_add.1

Compare this file to the similar file:
Show the results in this format: 

.\"	$OpenBSD: pkg_add.1,v 1.78 2009/05/09 13:30:09 jmc Exp $
.\"
.\" Documentation and design originally from FreeBSD. All the code has
.\" been rewritten since. We keep the documentation's notice:
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" Jordan K. Hubbard
.\"
.\"
.Dd $Mdocdate: May 9 2009 $
.Dt PKG_ADD 1
.Os
.Sh NAME
.Nm pkg_add
.Nd install software package distributions
.Sh SYNOPSIS
.Nm pkg_add
.Bk -words
.Op Fl acIinqruvx
.Op Fl A Ar arch
.Op Fl B Ar pkg-destdir
.Op Fl F Ar keywords
.Op Fl L Ar localbase
.Op Fl P Ar type
.Op Fl Q Ar quick-destdir
.Ar pkg-name Op Ar ...
.Ek
.Sh DESCRIPTION
The
.Nm
command is used to install packages created
with the
.Xr pkg_create 1
command.
Selected packages containing pre-compiled applications from the
.Pa /usr/ports
tree can be found on the
.Ox
FTP site or on the official
.Ox
CD.
.Bd -filled -offset indent
.Em Note :
System distribution files, e.g., base28.tgz, comp28.tgz, are
.Em not
packages and may not be installed using
.Nm .
.Ed
.Pp
.Nm
can be used to install new packages, to replace existing packages with other
flavors
.Po
option
.Fl r
.Pc
or to update packages to newer versions
.Po
option
.Fl u
.Pc .
.Pp
Details of packing-list internals are documented in
.Xr pkg_create 1 .
.Pp
If a package is digitally signed:
.Bl -bullet
.It
.Nm
checks that its packing-list is not corrupted and matches the cryptographic
signature stored within.
.It
.Nm
verifies that the signature was emitted by a valid user certificate, signed
by one of the authorities in
.Pa /etc/ssl/pkgca.pem
.It
.Nm
verifies that each file matches its sha256 checksum right after extraction,
before doing anything with it.
.It
.Nm
verifies that any dangerous mode or owner is registered in the packing-list.
.El
.Pp
In normal mode,
the package names given on the command lines are names of new packages that
.Nm
should install, without ever deinstalling existing packages.
.Pp
In replacement mode,
the package names given on the command lines are names of new packages that
.Nm
should install, possibly replacing existing installed packages.
.Pp
In update mode,
the package names given on the command lines are names of installed
packages, and
.Nm
should figure out newer package names for these, then replace the old
packages with the new.
.Pp
Each package name may be specified as a filename (which normally consists of the
package name itself plus the
.Dq .tgz
suffix) or a URL referring to FTP, HTTP, HTTPS, or SCP locations.
The following examples are valid:
.Pp
.Li pkg_add -v ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/i386/m4-1.4.tgz
.Li pkg_add -v scp://login@host/usr/ports/packages/sparc/all/tcl-8.4.7.tgz
.Pp
If the given package names are not found in the current working directory,
.Nm
will search for them in each directory named by the
.Ev PKG_PATH
environment variable.
Specifying
.Ql -
as a package name causes
.Nm
to read from the standard input.
.Pp
.Nm
also understands
.Sq stems ,
that is, package names without any version specification.
For instance, with
.Li pkg_add kdelibs ,
.Nm
will look in the current directory (or the PKG_PATH) for a kdelibs package.
.Pp
In case of ambiguities, for instance:
.Li pkg_add screen
(matches screen-4.02  and screen-4.02-static),
.Nm
will error out, unless it is invoked in interactive mode
.Po
option
.Fl i
.Pc .
.Pp
If the environment variable
.Ev PKG_CACHE
is set, every package retrieved from a distant location will also be
copied here.
.Pp
Some packages may depend on other packages.
When resolving dependencies
.Nm
will first look at already installed packages, then match
dependencies with the list of packages left to install, then ask the
user's opinion in interactive mode,
then install default packages that satisfy the dependencies.
.Pp
Alternatively, it is possible to add packages interactively from within the
.Xr ftp 1
client,
in which case setting
.Ev PKG_PATH
correctly will be necessary for any dependency to be found out and retrieved
the same way.
For example, the following works:
.Bd -literal -offset indent
$ ftp ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/i386/
250 CWD command successful
ftp> ls m*
227 Entering Passive Mode (129,128,5,191,164,73)
150 Opening ASCII mode data connection for m*.
m4-1.4.tgz
metamail-2.7.tgz
mh-6.8.4.tgz
mm-1.0.12.tgz
mpeg_lib-1.2.1.tgz
mpeg_play-2.4.tgz
mpg123-0.59q.tgz
mutt-0.95.7i.tgz
226 Transfer complete.
ftp> get m4-1.4.tgz "|pkg_add -v -"
.Ed
.Pp
.Sy Warning:
Since the
.Nm
command may execute scripts or programs contained within a package file,
your system may be susceptible to
.Dq trojan horses
or other subtle attacks from miscreants who create dangerous packages.
Be sure the specified package(s) are from trusted sources.
.Pp
The options are as follows:
.Bl -tag -width keyword
.It Fl A Ar arch
Assume
.Ar arch
as current machine architecture for any package tests.
.It Fl a
Automated package installation; do not record packages as installed manually.
.It Fl B Ar pkg-destdir
Set
.Ar pkg-destdir
as the prefix to prepend to any object extracted from the package.
.It Fl c
While replacing packages, delete extra configuration file in the old package,
mentioned as
.Dl @extra file
in the packing-list.
.It Fl F Ar keywords
Force installation of the package.
.Ar keywords
is a comma-separated list of keywords that state what failsafes
should be waived.
These include:
.Pp
.Bl -tag -width "updatedependsXX" -compact
.It Ar allversions
do not trim older p* variants of packages for updates.
.It Ar alwaysupdate
proceed with an update even if
.Nm
can't find new packages for all installed packages.
.It Ar arch
architecture recorded in package may not match.
.It Ar conflicts
force installation of package in the presence of conflicts.
.It Ar installed
in update mode, reinstall an existing package with the same signature.
.It Ar kitchensink
will install everything and the kitchen sink: randomly reorder the list
of packages to install, and proceed after weeding out conflicts.
.It Ar libdepends
library specifications may not be fulfilled.
.It Ar noclosure
do not compute the closure of dependencies to figure out which packages to
update when using
.Fl u .
.It Ar nonroot
install even if not running as root.
.It Ar nosig
do not check digital signatures.
Still displays a very prominent message if a signature is found.
.It Ar pkgpath
with
.Fl u ,
do not check the pkgpath matches if only one candidate is found.
.It Ar repair
attempt to repair installed packages with missing registration data.
.It Ar scripts
external scripts may fail.
.It Ar update
unsafe update: old packing-list will run scripts that may fail.
.It Ar updatedepends
force update even if forward dependencies no longer match.
.El
.It Fl I
If scripts exist for a given package, do not execute them.
.It Fl i
Switch on interactive mode.
.Nm
may ask questions to the user if faced with difficult decisions.
.It Fl L Ar localbase
Install a package under
.Ar localbase .
By default,
.Ar localbase
equals
.Pa /usr/local ,
and specifying it is not necessary.
However, packages can be created using a different
.Ar localbase
.Po
see
.Xr pkg_create 1
.Pc ,
and those packages can only be installed by using the same
.Ar localbase .
See
.Xr bsd.port.mk 5
for a description of
.Ev LOCALBASE .
.It Fl n
Don't actually install a package, just report the steps that
would be taken if it was.
.It Fl P Ar type
Check permissions for distribution, where
.Ar type
can be
.Sq cdrom
or
.Sq ftp .
.It Fl Q Ar quick-destdir
Quick and dirty installation under
.Ar quick-destdir .
Contrary to
.Fl B
.Ar pkg-destdir ,
symbolic links are resolved, and package installation stops at
.Cm @endfake
marker.
.It Fl q
Replace package quickly; do not bother with checksums before removing normal
files.
If used twice,
it will not bother with checksums for configuration files either.
.It Fl r
Replace existing packages.
.Nm
will try to take every precaution to make sure the replacement can
proceed before removing the old package and adding the new one, and it
should also handle shared libraries correctly.
Among other things,
.Nm
will refuse to replace packages as soon as it needs to run scripts that
might fail
.Po
use
.Fl F Ar update
to force the replacement
.Pc ;
.Nm
will also refuse to replace packages when the dependencies don't quite
match
.Po
use
.Fl F Ar updatedepends
to force the replacement
.Pc .
.It Fl u
Update the given
.Ar pkgname(s) ,
and anything it depends upon.
If no
.Ar pkgname
is given,
.Nm
will update all installed packages.
This relies on
.Ev PKG_PATH
to figure out the new package names.
.It Fl v
Turn on verbose output.
Several
.Fl v
turn on more verbose output.
.It Fl x
Disable progress-meter.
.El
.Pp
By default, when adding packages via FTP, the
.Xr ftp 1
program operates in
.Dq passive
mode.
If you wish to use active mode instead, set the
.Ev FTPMODE
environment variable to
.Dq active .
If
.Nm
consistently fails to fetch a package from a site known to work,
it may be because the site does not support
passive mode FTP correctly.
This is very rare since
.Nm
will try active mode FTP if the server refuses a passive mode
connection.
.Ss Technical details
.Nm
extracts each package's
.Dq packing information
(the packing list, description, and installation/deinstallation scripts)
into a special staging directory in
.Pa /var/tmp
(or
.Ev PKG_TMPDIR
if set \- see
.Sx CAVEATS ,
below)
and then runs through the following sequence to fully extract the contents
of the package:
.Bl -enum
.It
A check is made to determine if the package is already recorded as installed.
If it is,
installation is terminated.
.It
A check is made to determine if the package conflicts (from
.Cm @conflict
directives; see
.Xr pkg_create 1 )
with a package already recorded as installed.
If it is, installation is terminated.
.It
For packages tagged with architecture constraints,
.Nm
verifies that the current machine architecture agrees with the constraints.
.It
All package dependencies (from
.Cm @depend
and
.Cm @wantlib
directives; see
.Xr pkg_create 1 )
are read from the packing list.
If any of these dependencies are not currently fulfilled,
an attempt is made to find a package that meets them and install it,
looking first in the list of packages to install passed to
.Nm ;
if no adequate package can be found and installed,
the installation is terminated.
.It
.Nm
checks for collisions with installed file names, read-only file systems,
and enough space to store files.
.It
If the package contains an
.Ar install
script, it is executed with the following arguments:
.Bl -tag -width indentindent
.It Ar pkg-name
The name of the package being installed.
.It Cm PRE-INSTALL
Keyword denoting that the script is to perform any actions needed before
the package is installed.
.El
.Pp
If the
.Ar install
script exits with a non-zero status code, the installation is terminated.
.It
The packing list is used as a guide for extracting
files from the package into their final locations.
.It
If an
.Ar install
script exists for the package, it is executed with the following arguments:
.Bl -tag -width indentindent
.It Ar pkg_name
The name of the package being installed.
.It Cm POST-INSTALL
Keyword denoting that the script is to perform any actions needed
after the package has been installed.
.El
.It
After installation is complete, a copy of all package files
such as the packing-list, the
.Ar install
and
.Ar deinstall
scripts, the description file is made into
.Pa /var/db/pkg/<pkg-name>
for subsequent possible use by
.Xr pkg_delete 1
and
.Xr pkg_info 1 .
Any package dependencies are recorded in the other packages'
.Pa /var/db/pkg/<other-pkg>/+REQUIRED_BY
file
(if the environment variable
.Ev PKG_DBDIR
is set, this overrides the
.Pa /var/db/pkg/
path shown above).
.It
Finally, the staging area is deleted and the program terminates.
.El
.Pp
Note that it is safe to interrupt
.Nm pkg_add
through
.Dv SIGINT ,
.Dv SIGHUP ,
and other signals, as it will safely record an interrupted install as
.Pa partial-<pkgname>[.n] .
.Pp
When replacing packages, the procedure is slightly different.
.Bl -enum
.It
A check is made to determine if a similar package is already installed.
If its signature is identical to that of the new package, no replacement
is performed (unless -F installed is specified).
.It
A check is made to determine what old package the new package should replace,
using conflicts.
.It
A check is made to determine whether the old package will be deleted without
issue, and whether the new package will install correctly.
This includes refusing to run any code (unless -F update), and verifying
that the new package still matches dependencies (unless -F updatedepends).
.It
Shared libraries deserve special treatment: each shared library from the old
package that does no longer exist in the new package, but that is required
from a wantlib of another package is kept along in a stub package named
.Pa \&.libs-<pkgname> .
.It
The new package is extracted to the filesystem, using temporary filenames
of the form
.Pa pkg.XXXXXXX
since the old package is still there.
The packing-list is amended to record these names as @temp annotations,
in cases the installation fails.
.It
The old package is deleted as usual, except that some packages may still depend
on it.
Note also that
.Cm @unexec-delete
commands are not executed.
.It
The new package is installed as usual, except that the files are already present
and only need to be renamed.
Note also that
.Cm @exec-add
commands are not executed.
.It
Dependencies from the old package are adjusted to point to the new package.
.El
.Pp
To update packages in -u mode,
.Nm
performs the following steps.
.Bl -enum
.It
Packages to update are checked for dependencies, and their dependencies are
marked for update as well, unless -F noclosure.
.It
Each package name is reduced to its stem, and every package name with matching
stem available through
.Ev PKG_PATH
is considered as an update candidate.
.It
Some minimal version matching occurs: out of all p* variations of a given
package, only the most recent package is kept (unless -F allversions
is given).
Note that
.Nm pkg_add
does not try to compare versions in a smarter way, thus
.Ev PKG_PATH
should point to a snapshot of packages for a given version of
.Ox ,
similar to the organization on the FTP sites.
.It
Candidates are then matched according to their source paths (the subdirectory of
the ports dir, plus flavors and multi-packages modifiers), in order to weed
out similar packages with distinct options.
.It
The signature of the candidate is compared to the signature of the already
installed package: identical signatures mean no update needed.
.It
If several candidates are left,
.Nm
will ask the user in interactive mode, and not perform the update in
non-interactive mode.
.It
Once a suitable update candidate has been found for every package,
.Nm
proceeds to print out the list of new packages, and then performs the update.
.It
If some updates can't be solved,
.Nm
stops before the update, unless -F alwaysupdate.
.El
.Sh ENVIRONMENT
.Bl -tag -width PKG_DESTDIR
.It Ev FTPMODE
Specifies whether
.Xr ftp 1
should operate in
.Dq active
or
.Dq passive
mode.
The default is
.Dq passive .
.It Ev FETCH_CMD
Override use of
.Xr ftp 1 .
Must point to a command that understands
.Li ${FETCH_CMD} -o - url .
.It Ev FTP_KEEPALIVE
Have
.Xr ftp 1
send a byte after every
.Ev FTP_KEEPALIVE
seconds,
so that incorrectly configured network equipment won't aggressively drop it.
See
.Dq ftp -k
for more information.
.It Ev PKG_DBDIR
Where to register packages instead of
.Pa /var/db/pkg .
.It Ev PKG_DESTDIR
Value for
.Ar pkg-destdir ,
if no
.Fl B
option is specified;
value passed to any
.Cm INSTALL
or
.Cm REQUIRE
script invoked from the package.
.It Ev PKG_CACHE
If set, any package retrieved from a distant location will be copied to
that directory as well.
.It Ev PKG_PATH
If a given package name cannot be found,
the directories named by
.Ev PKG_PATH
are searched.
It should contain a series of entries separated by colons.
Each entry consists of a directory name.
URL schemes such as FTP, HTTP, HTTPS, or SCP are also appropriate.
The current directory may be indicated
implicitly by an empty directory name, or explicitly by a single
period
.Pq Ql \&./ .
.It Ev PKG_TMPDIR
Temporary area where package information files will be extracted, instead of
.Pa /var/tmp .
.El
.Sh SEE ALSO
.Xr ftp 1 ,
.Xr pkg_create 1 ,
.Xr pkg_delete 1 ,
.Xr pkg_info 1 ,
.Xr OpenBSD::Intro 3p ,
.Xr bsd.port.mk 5 ,
.Xr package 5
.Sh AUTHORS
.Bl -tag -width indent -compact
.It "Jordan Hubbard"
Initial design.
.It "Marc Espie"
Complete rewrite.
.El
.Sh CAVEATS
Package extraction does need a temporary area that
can hold executable scripts.
.Pp
If
.Pa /var/tmp
is mounted noexec, you must currently set
.Ev PKG_TMPDIR
to a suitable area, as
.Nm
will refuse to install any package that contains executable scripts.