Setting up pkgsrc


Warning: it seems not only the MAJOR release version matters, but ALSO THE MINOR. For example mail/alpine did not run on NetBSD 7.1.2 here, although it was built for 7.0 ( not found). And it fits with uname -r|cut -f '1 2' -d..

If you want binary you may have to check online whether there are builds for your architecture and the latest release.

uname -rpm

In any case even for a branch or current, choose the latest repository link available e.g. amd64

cp -pi /etc/shrc /etc/shrc.dist
vi /etc/shrc

#export PASSIVE_FTP=yes
#export PKG_PATH=""
export PKG_PATH=""


for a router/gateway

echo $PKG_PATH
pkg_add \
    alpine \
    curl \
    iftop \
    iperf3 \
    mozilla-rootcerts \
    netcat \
    nmap \
    screen \
    trafshow \

    #tmux \
    #dsniff-nox11 \

as of today Apr 2019 glib2 dep is missing for dsniff, add it manually

cp -i /usr/share/examples/openssl/openssl.cnf /etc/openssl
ll /etc/openssl/certs/
mozilla-rootcerts install
ll /etc/openssl/certs/ca-certificates.crt
curl -I

and for a rather full-featured server environment, add

pkg_add \
    e2fsprogs \
    git \
    lftp \
    lynx \
    mc \

    #vim \

Daily audits

ll /usr/pkg/etc/audit-packages.conf #does not exist
mkdir -p /usr/pkg/etc/
cat > /usr/pkg/etc/audit-packages.conf <<-EOF

/usr/sbin/pkg_admin fetch-pkg-vulnerabilities
/usr/sbin/pkg_admin check-pkg-vulnerabilities /var/db/pkg/pkg-vulnerabilities
/usr/sbin/pkg_admin audit
#/usr/pkg/sbin/pkg_admin #gnu/linux

grep run_security /etc/defaults/daily.conf
grep vulnerabilities /etc/daily.conf
cat >> /etc/daily.conf <<-EOF

there is no need for this as we have enabled it in daily.conf already

#0 3 * * * /usr/sbin/pkg_admin fetch-pkg-vulnerabilities && /usr/sbin/pkg_admin audit

From source

setup your build env

ls -lF /usr/pkgsrc/mk/defaults/mk.conf
vi /etc/mk.conf


grab the latest tarball

cd /usr/
ls -lhF | grep pkgsrc

ftp -a
nice progress -zf pkgsrc.tar.gz tar xf -

#nice tar xzf pkgsrc.tar.gz

In case you are on gnu/linux or the pkgsrc-current tree is too recent compared to your NetBSD release

unset PKG_PATH
cd /usr/pkgsrc/bootstrap/

Fix a package’s deps by rebuilding it and look at your options

unset PKG_PATH
cd /usr/pkgsrc/mail/alpine/
cd /usr/pkgsrc/net/wget/
make show-depends
make show-options
make clean clean-depends
/usr/bin/make help topic=make_jobs

vi /etc/mk.conf #bootstrapped
vi /usr/pkg/etc/mk.conf #natural


make package
#make install


clean up the tree

find /usr/pkgsrc -name work -maxdepth 3 | xargs rm -rf

get rid of recently installed packages

ls -ltr /var/db/pkg/
ls -1tr /var/db/pkg/ | sed -rn '/py27-expat-2.7.16/,$p' | sed '$d'
pkg_delete `ls -1tr /var/db/pkg/ | sed -rn '/py27-expat-2.7.16/,$p' | sed '$d'`
ls -ltr /var/db/pkg/

start from scratch the soft way

echo `pkg_info | awk '{print $1}'`
pkg_delete `pkg_info | awk '{print $1}'`
find /usr/pkg/
find /var/db/pkg/

the brutal way

rm -rf /usr/pkg/
rm -rf /var/db/pkg/*


===> Building for gmake-4.2.1nb1
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /usr/pkgsrc/devel/gmake/work/make-4.2.1/config/missing aclocal-1.15 -I config
/usr/pkgsrc/devel/gmake/work/make-4.2.1/config/missing: aclocal-1.15: not found
WARNING: 'aclocal-1.15' is missing on your system.
         You should only need it if you modified 'acinclude.m4' or
         '' or m4 files included by ''.
         The 'aclocal' program is part of the GNU Automake package:
         It also requires GNU Autoconf, GNU m4 and Perl in order to run:

==> use binaries for automake autoconf gmake and build alpine and wget

and then for alpine one gets

undefined reference to `tputs'



daily audits

Security and NetBSD

5.1.5. Checking for security vulnerabilities in installed packages

from source

4.2. Bootstrapping pkgsrc

5.2. Building packages from source

mk.conf – make configuration file

Have pkgsrc building make use of SMP?