pkgsrc logo

Portable Package Management

pkgsrc is a framework for building over 17,000 open source software packages. It is the native package manager on SmartOS, NetBSD, and Minix, and is portable across 23 different operating systems. Use one package manager across all of your systems!

Joyent provide binary packages for SmartOS/illumos, Mac OS X, and Linux.


Choose Your Linux Package Set

Packages for Linux are currently built for Enterprise Linux (i.e. CentOS, Oracle, RedHat, Scientific) versions 6.x and 7.x. Both sets are built in 64-bit from pkgsrc trunk and are updated with the latest packages every couple of days.

#
# Copy and paste the lines below to install the 64-bit EL 7.x set.
#
BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20170127.tar.gz"
BOOTSTRAP_SHA="eb0d6911489579ca893f67f8a528ecd02137d43a"

# Download the bootstrap kit to the current directory.
curl -O https://pkgsrc.joyent.com/packages/Linux/el7/bootstrap/${BOOTSTRAP_TAR}

# Verify the SHA1 checksum.
echo "${BOOTSTRAP_SHA}  ${BOOTSTRAP_TAR}" >check-shasum
sha1sum -c check-shasum

# Verify PGP signature.  This step is optional, and requires gpg.
curl -O https://pkgsrc.joyent.com/packages/Linux/el7/bootstrap/${BOOTSTRAP_TAR}.asc
gpg --recv-keys 0x56AAACAF
gpg --verify ${BOOTSTRAP_TAR}{.asc,}

# Install bootstrap kit to /usr/pkg
sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

# Add paths
$ PATH=/usr/pkg/sbin:/usr/pkg/bin:$PATH
$ MANPATH=/usr/pkg/man:$MANPATH

#
# Copy and paste the lines below to install the 64-bit EL 6.x set.
#
BOOTSTRAP_TAR="bootstrap-trunk-x86_64-20170127.tar.gz"
BOOTSTRAP_SHA="dcb6128284e7e8529a8a770d55cf93d97550558c"

# Download the bootstrap kit to the current directory.
curl -O https://pkgsrc.joyent.com/packages/Linux/el6/bootstrap/${BOOTSTRAP_TAR}

# Verify the SHA1 checksum.
echo "${BOOTSTRAP_SHA}  ${BOOTSTRAP_TAR}" >check-shasum
sha1sum -c check-shasum

# Verify PGP signature.  This step is optional, and requires gpg.
curl -O https://pkgsrc.joyent.com/packages/Linux/el6/bootstrap/${BOOTSTRAP_TAR}.asc
gpg --recv-keys 0x56AAACAF
gpg --verify ${BOOTSTRAP_TAR}{.asc,}

# Install bootstrap kit to /usr/pkg
sudo tar -zxpf ${BOOTSTRAP_TAR} -C /

# Add paths
$ PATH=/usr/pkg/sbin:/usr/pkg/bin:$PATH
$ MANPATH=/usr/pkg/man:$MANPATH

Post-Install Steps

Now that you're ready to go, here are some common commands you may want to run.

Use pkgin to install packages

pkgin is the front-end to the binary packages, and lets you search for, install, upgrade, and remove packages. It also provides some basic functionality for querying both local and remote packages. If you have used apt-get or yum you should find it to be very familiar.

Use pkg_* tools to manage packages

The underlying packaging tools are pkg_add, pkg_admin, pkg_create, pkg_delete, and pkg_info. If pkgin is equivalent to apt-get or yum, then these are the equivalent of dpkg or rpm. Here are some useful commands to get you started.

: Refresh the pkgin database with the latest version
$ sudo pkgin -y update

: Search for a package.  Regular expressions are supported.
$ pkgin search "^ffmpeg[0-9]$"
ffmpeg3-3.0.1   Decoding, encoding and streaming software (v3.x)
ffmpeg2-2.8.6   Decoding, encoding and streaming software (v2.x)
ffmpeg1-1.2.12  Decoding, encoding and streaming software (v1.x)

: Install a package without prompting
$ sudo pkgin -y install ffmpeg3

: List all available packages
$ pkgin avail

: Upgrade all out-of-date packages
$ sudo pkgin -y full-upgrade

: Remove a package
$ sudo pkgin -y remove ffmpeg2

: Automatically remove orphaned dependencies
$ sudo pkgin -y autoremove
: See what packages are installed.
$ pkg_info

: See what package a file belongs to.
$ pkg_info -Fe /usr/pkg/bin/node
nodejs-4.4.3

: List the contents of a package.
$ pkg_info -qL nodejs
/usr/pkg/bin/node
/usr/pkg/bin/npm
[...]

: Perform an audit of all currently installed packages.
$ sudo pkg_admin fetch-pkg-vulnerabilities
$ pkg_admin audit
Package jasper-1.900.1nb11 has a integer-overflow vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
Package samba-3.6.25nb3 has a privilege-escalation vulnerability, see https://www.samba.org/samba/security/CVE-2015-5299.html
Package tiff-4.0.6 has a arbitrary-memory-access vulnerability, see http://www.securityfocus.com/archive/1/537205
[...]

: Create a binary package from some metadata files and package directory.
$ pkg_create -B build-info -c comment -d description -f packlist -I /usr/pkg -p files/ -U foo-1.0.tgz