pkgsrc logo

Portable Package Management

pkgsrc is a framework for building over 20,000 open source software packages. It is the native package manager on SmartOS, NetBSD, and Minix, and is portable across 23 different operating systems. Use one package manager across all of your systems!

Joyent provide binary packages for SmartOS/illumos, macOS, and Linux.


Choose Your Linux Package Set

Packages for Linux are currently built for Enterprise Linux (i.e. CentOS, Oracle, RedHat, Scientific) versions 6.x and 7.x. Both sets are built in 64-bit from pkgsrc trunk and are updated with the latest packages every couple of days.

#
# Copy and paste the lines below to install the 64-bit EL 7.x set.
#
BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20170127.tar.gz"
BOOTSTRAP_SHA="eb0d6911489579ca893f67f8a528ecd02137d43a"

# Download the bootstrap kit to the current directory.
curl -O https://pkgsrc.joyent.com/packages/Linux/el7/bootstrap/${BOOTSTRAP_TAR}

# Verify the SHA1 checksum.
echo "${BOOTSTRAP_SHA}  ${BOOTSTRAP_TAR}" >check-shasum
sha1sum -c check-shasum

# Verify PGP signature.  This step is optional, and requires gpg.
curl -O https://pkgsrc.joyent.com/packages/Linux/el7/bootstrap/${BOOTSTRAP_TAR}.asc
curl -sS https://pkgsrc.joyent.com/pgp/56AAACAF.asc | gpg --import
gpg --verify ${BOOTSTRAP_TAR}{.asc,}

# Install bootstrap kit to /usr/pkg
sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

# Add paths
$ PATH=/usr/pkg/sbin:/usr/pkg/bin:$PATH
$ MANPATH=/usr/pkg/man:$MANPATH

#
# Copy and paste the lines below to install the 64-bit EL 6.x set.
#
BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20170127.tar.gz"
BOOTSTRAP_SHA="dcb6128284e7e8529a8a770d55cf93d97550558c"

# Download the bootstrap kit to the current directory.
curl -O https://pkgsrc.joyent.com/packages/Linux/el6/bootstrap/${BOOTSTRAP_TAR}

# Verify the SHA1 checksum.
echo "${BOOTSTRAP_SHA}  ${BOOTSTRAP_TAR}" >check-shasum
sha1sum -c check-shasum

# Verify PGP signature.  This step is optional, and requires gpg.
curl -O https://pkgsrc.joyent.com/packages/Linux/el6/bootstrap/${BOOTSTRAP_TAR}.asc
curl -sS https://pkgsrc.joyent.com/pgp/56AAACAF.asc | gpg --import
gpg --verify ${BOOTSTRAP_TAR}{.asc,}

# Install bootstrap kit to /usr/pkg
sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

# Add paths
$ PATH=/usr/pkg/sbin:/usr/pkg/bin:$PATH
$ MANPATH=/usr/pkg/man:$MANPATH

Post-Install Steps

Now that you're ready to go, here are some common commands you may want to run.

Use pkgin to install packages

pkgin is the front-end to the binary packages, and lets you search for, install, upgrade, and remove packages. It also provides some basic functionality for querying both local and remote packages. If you have used apt-get or yum you should find it to be very familiar.

Use pkg_* tools to manage packages

The underlying packaging tools are pkg_add, pkg_admin, pkg_create, pkg_delete, and pkg_info. If pkgin is equivalent to apt-get or yum, then these are the equivalent of dpkg or rpm. Here are some useful commands to get you started.

: Refresh the pkgin database with the latest version
$ sudo pkgin -y update

: Search for a package.  Regular expressions are supported.
$ pkgin search ^ffmpeg[0-9]$
ffmpeg4-4.1.1   Decoding, encoding and streaming software (v4.x)
ffmpeg3-3.4.5   Decoding, encoding and streaming software (v3.x)
ffmpeg2-2.8.14  Decoding, encoding and streaming software (v2.x)
ffmpeg1-1.2.12  Decoding, encoding and streaming software (v1.x)

: Install a package without prompting
$ sudo pkgin -y install ffmpeg4

: List all available packages
$ pkgin avail

: Upgrade all out-of-date packages
$ sudo pkgin -y full-upgrade

: Remove a package
$ sudo pkgin -y remove ffmpeg4

: Automatically remove orphaned dependencies
$ sudo pkgin -y autoremove
: List installed packages.
$ pkg_info

: Query which package a file belongs to.
$ pkg_info -Fe /usr/pkg/bin/ffmpeg4
ffmpeg4-4.1.1

: List the contents of a package.
$ pkg_info -qL ffmpeg4
/usr/pkg/bin/ffmpeg4
/usr/pkg/bin/ffprobe4
[...]

: Perform an audit of all currently installed packages.
$ sudo pkg_admin fetch-pkg-vulnerabilities
$ pkg_admin audit
Package npm-6.9.0 has a denial-of-service vulnerability, see https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Package nodejs-8.12.0 has a denial-of-service vulnerability, see https://nvd.nist.gov/vuln/detail/CVE-2018-7651
Package nodejs-8.12.0 has a http-response-splitting vulnerability, see https://nvd.nist.gov/vuln/detail/CVE-2018-12116
Package nodejs-8.12.0 has a spoofing vulnerability, see https://nvd.nist.gov/vuln/detail/CVE-2018-12123
[...]

: Create a binary package from some metadata files and package directory.
$ pkg_create -B build-info -c comment -d description -f packlist -I /usr/pkg -p files/ -U foo-1.0.tgz