OpenBSD manual page server

Manual Page Search Parameters

PKG_CREATE(1) General Commands Manual PKG_CREATE(1)

pkg_createcreate binary software package for distribution

pkg_create [-mnQqvx] [-A arches] [-B pkg-destdir] [-D name[=value]] [-L localbase] [-M displayfile] [-P pkg-dependency] [-s signature-parameter] [-U undisplayfile] [-W wantedlib-d desc -D COMMENT=value -D PORTSDIR=value -f packinglist -p prefix pkg-name

pkg_create [-s signature-parameter] -f packinglist

The pkg_create command creates a binary package named pkg-name, for subsequent use with pkg_add(1), pkg_delete(1) and pkg_info(1). pkg-name will traditionally have a “.tgz” extension, to denote the underlying binary format. pkg-name must follow packages-specs(7).

Use of the ports(7) infrastructure instead of manual pkg_create invocation is strongly recommended.

During package creation, pkg_create replaces too long file names with smaller equivalents (see package(5)), records extra information in the packing-list, such as the existence of symlinks and hard links, computes and stores file checksums, and verifies that all special objects are properly annotated in the packing-list.

It will also check all @wantlib for reachability, by looking into all installed @depend. It may also ask the ports tree for extra dependencies, provided some other @depend refers to the same BASE_PKGPATH (see The rationale is that those libraries must already be present for the package to build correctly, and thus be reachable through the subset of @depend that are not pure RUN_DEPENDS.

The options are as follows:

Register a list of architectures for which this package should install. arches is a comma-separated list of architectures. Use ‘*’ to mean any architecture (e.g., arch-independent packages).
Set pkg-destdir as the prefix to prepend to any file to select for the package.
Define name to value (or just define it) for substitution and fragment inclusion purposes. Some specific names have extra meaning, see for details:

Set to the port's Makefile PERMIT_PACKAGE_CDROM.
Set package “one line description” (mandatory).
Set to the port's Makefile PERMIT_PACKAGE_FTP.
Strongly recommended, otherwise updates won't work.
If defined, appended to the description.
If defined, appended to the description.
Set to 1 to have groff format manpages behind the scenes during package creation.
Fetch long description for package from file desc or, if preceded by ‘-’, the argument itself.
Fetch “packing-list” for package from the file packinglist. Several packing-lists can be mentioned, in which case they will be concatenated together.
Record localbase as the localbase used in the package. By default, /usr/local. Packages built with another localbase can only be installed by using the same localbase in pkg_add(1), to prevent errors.
Display the file (using more(1)) after installing the package. Useful for things like legal notices on almost-free software, etc.
Causes pkg_create to always display the progress meter in cases it would not do so by default.
Don't actually create a package.
Specify a @depend dependency on the command line.
Set prefix as the initial directory “base” to start from in selecting files for the package, and to record as the base for installing the package.
Print out the files in the actual packing-list of the package being generated, with explicit typing (e.g. @file, @lib, ...).
Print out the actual packing-list of the package being generated (query mode). Most often used in combination with -n.
x509 -s cert -s privkey
Specify signature parameters for signed packages. For now, the only supported use involves three -s options: x509 to indicate X.509-style signatures, cert the path to the signer's certificate and privkey the path to the signer's private key. The signer's certificate and the signer's private key should be generated using standard openssl x509 commands. This assumes the existence of a certificate authority (or several), whose public information is recorded as a /etc/ssl/pkgca.pem file.
Display the file (using more(1)) when deinstalling the package. Useful for reminders about stuff to clean up.
Turn on verbose output.
Specify a @wantlib requirement on the command line.
Disable progress meter.

pkg_create can also be invoked with only the packing-list from an installed package. It will recreate the corresponding binary package in the current directory from the installation, or error out if any problem is found. For example, the following will recreate a kdelibs-3.4.3.tgz package:

pkg_create -f /var/db/pkg/kdelibs-3.4.3/+CONTENTS

The “packing-list” format (see -f) is fairly simple, being basically a list of filenames and directory names to include in the package.

Substitution of variables and inclusion of fragments is documented in the next section.

Directory names are denoted by a trailing slash.

There are a few annotations that can be inserted for better control. All these commands start with an ‘@’. Here is a list:

pkgspec message
Mechanism to prevent unwanted updates. If the new package is installed as part of an update matching pkgspec, the message will be displayed to the user. In non-interactive mode, the update will abort. Otherwise, the user will have a chance to proceed. Automated updates can be done by using -D update_stem, with stem the stem of the pkgspec. Classical use case for postgresql:
@ask-update postgresql-server-<8 Make sure your existing database is backed up

Use very sparingly. Most cases that seem to require manual updates just require a bit more thought.

List of architectures for which this package is intended.

Describe the file as an OpenBSD binary executable (not a script).

Place a comment in the packing-list. Useful in trying to document some particularly hairy sequence that may trip someone up later. Can also be used to comment out elements that update-plist (see will insist in inserting in a packing-list.

The special comment @comment no checksum can be used to tag the next file as special: even though its characteristics will be recorded in the package, it can be altered after installation, and pkg_delete(1) will still delete it.

Declare a conflict with packages matching pkgspec (see packages-specs(7)). The pkgname package can not be installed if a package matching pkgspec has been installed because they install the same files and thus conflict.

Set the package current directory. All subsequent filenames will be assumed relative to pathname.

Declare a dependency on a package matching pkgspec (see packages-specs(7)). An appropriate package must be installed before this package may be installed, and that package must be deinstalled before this package is deinstalled. The dependency also contains a pkgpath (see pkgpath(7)) and a default package name, in case there is no listing of available packages.

Create directory directoryname at pkg_add(1) time, taking @mode, @group, and @owner into account, and remove it during pkg_delete(1). Directories to remove can be shared between packages. If name does not begin with an @, same as

Declare name as the file to be displayed at install time (see -M above).

Mark end of packing-list for pkg_add(1) -Q option.

Execute command during pkg_add(1). Note that @exec commands are executed relative to their location in the packing-list, so they can rely on any data that have already been extracted, but not on anything that is listed after them. Some special elements, such as new users and new groups, are always created first, so that @exec can rely on them. If command contains any of the following sequences somewhere in it, they will be expanded inline. For the following examples, assume that @cwd is set to /usr/local and the last extracted file was bin/emacs.
Expands to the “basename” of the fully qualified filename, that is the current directory prefix, plus the last filespec, minus the trailing filename. In the example case, that would be /usr/local/bin.
Expands to the current directory prefix, as set with @cwd; in the example case /usr/local.
Expands to the last filename extracted (as specified); in the example case, bin/emacs.
Expands to the “filename” part of the fully qualified name, or the converse of %B; in the example case, emacs.

Synonym of @exec.

Similar to @exec, except it only gets executed during new installations, and not during updates.

Similar to @exec, except it only gets executed during updates, and not during new installations.

Declare extra file filename to be deleted at deinstall time, if user sets the -c option. Those files are extra configuration files that are normally not deleted. filename can be an absolute path. If filename ends with a slash, it is a directory.

Extra command to execute when removing extra files.

Default annotation, to use if filename begins with @. filename is always a relative path, relative to the current @cwd.

Specialized version of @dir, to handle font directories: create font.alias from font.alias-* fragments, execute mkfontdir(1), mkfontscale(1) and fc-cache(1) when needed. Delete extra files at pkg_delete(1) time.

Set default group ownership for all subsequently extracted files to group. Use without an arg to set back to default (extraction) group ownership.

Was used internally to tell extraction to ignore the next file. No longer needed.

Specialized version of @file, to handle GNU info files. Automatically grab filename-* chapter files, run install-info(1) as needed.

Specialized version of @file, to handle shared libraries. Satisfy LIB_DEPENDS and WANTLIB, run ldconfig(8) as needed. See ‘VARIABLE SUBSTITUTION AND FRAGMENT INCLUSION’ for some details.

Added after a file entry by pkg_create to record that the entry is actually a hard link.

Used internally to record the settings of -L option.

Specialized version of @file, to handle manual pages.

Specialized version of @dir, to handle manual directories: instruct user to add/remove the directory to man.conf(5), remove apropos(1) database when needed.

Added after a file entry by pkg_create to record the files's cryptographic checksum. Replaced by @sha since OpenBSD 4.5.

Set default permission for all subsequently extracted files to mode. Format is the same as that used by the chmod(1) command. Use without an arg to set back to default (extraction) permissions.

Set the name of the package. This name is potentially different than the name of the file it came in, and is used when keeping track of the package for later deinstallation. Note that pkg_create will derive this field from the package name and add it automatically if none is given.

During pkg_add(1), create a new group, using groupadd(8). Happens before file and user creations. gid can be prefixed with a ‘!’ to ensure group has the correct GID. During pkg_delete(1), groups will be deleted if extra clean-up has been requested, and if other installed packages don't list the same group.

During pkg_add(1), create a new user. Happens before any file creation. All fields correspond to useradd(8) parameters. Some fields are optional and can be left empty. If the user already exists, no action is taken. Individual fields can be prefixed by a ‘!’ to make sure an existing user matches. For instance, the directive @newuser foo:!42 will make sure user foo has UID 42. During pkg_delete(1), users will be deleted if extra clean-up has been requested, and if other installed packages don't list the same user.

Effects vary depending on name. Some options are not documented yet.
By default, pkg_add(1) uses some simplified information to decide whether an installed package needs updating. With this option, the package is updated whenever anything changes. To be used sparingly, as this is more expensive.
packages tagged with this option, either in the installed version or in an update candidate, won't be considered during a global update. User has to explicitly ask to update them. Typical use is for firmware packages, whose updates are usually tied to kernel changes.
By default, a package conflicts with other versions of the same package. With this option, the older package version will still be noticed, but the installation will proceed anyway.

Set default ownership for all subsequently extracted files to user. Use without an arg to set back to default (extraction) ownership.

Declare a conflict to the pkgcflname package. The pkgcflname package must not be installed if pkgname package gets installed because they install the same files and thus conflict. pkgcflname may use fnmatch(3) wildcards. Deprecated, use @conflict instead.

Declare a secondary pkgpath for the package. This is used for updates: pkg_add -u normally checks that the pkgpath embedded in the package corresponds to the old package, to solve ambiguities when packages with similar names are involved. When ports get renamed, or flavors change, extra @pkgpath annotations can help pkg_add get a sense of continuity. Note that these pkgpath can take extra optional components, to allow the matching of several flavors at once, and are order independent. For instance,
@pkgpath some/dir,f1,f2


@pkgpath some/dir,f2,f2,f1

are equivalent.

@pkgpath some/dir,f1[,f2,f3][,f4]

will match all pkgpaths to some/dir with flavor f1, and optionally f4, and optionally both f2 and f3, e.g., some/dir,f1,f4, some/dir,f1,f2,f3, some/dir,f1,f2,f3,f4, some/dir,f1 would match, but some/dir,f1,f5, some/dir,f2,f3, some/dir,f1,f2,f4 would not.

Each binary package contains a set of pkgpaths: the primary pkgpath that was used to build the package, recorded as @comment pkgpath=some/path, and secondary pkgpaths as recorded through @pkgpath.

In order for two packages to match, their primary pkgpaths must match, or a secondary pkgpath must match the other package's primary pkgpath.

Script for the /etc/rc.d framework. Contrary to @file, absolute paths are okay, e.g.,
@rcscript ${RCDIR}/ballsd

In this case, performs an implicit @cwd to ${RCDIR}.

Last preceding @file item is a sample configuration file, to be copied to filename at pkg_add(1) time and to be removed at pkg_delete(1) time. During installation, existing configuration files are untouched. During deinstallation, configuration files are only removed if unchanged. filename can be an absolute path. If filename ends with a slash, it refers to a configuration directory instead.

Added after a file entry by pkg_create to record the files's cryptographic checksum, as a sha256 digest encoded in base64.

Specialized version of @file, to handle shells. See shells(5).

Added after a file entry by pkg_create to record a file size.

Added after a file entry by pkg_create to record that the entry is actually a symbolic link.

During pkg_add(1), check that sysctl(8) variable var is set to exactly/at least a given value val. Adjust it otherwise.

Execute command during pkg_delete(1). Expansion of special % sequences is the same as for @exec. Note that @unexec commands are executed relative to their location in the packing-list, so they cannot rely on any data that has already been deleted, thus they should occur before the files they need to function. Some special elements, such as new users and new groups, are always deleted last, so that @unexec can rely on them.

Synonym of @unexec.

Similar to @unexec, except it only gets executed during true deletions and not while removing an old package during updates.

Similar to @unexec, except it only gets executed while removing an old package during updates, and not during true deletions.

Original location of the package, automatically recorded in installed packages by pkg_add(1).

Package needs a shared library to work. libspec is ‘name.major.minor’ or ‘path/name.major.minor’. The package won't be installed unless a library with the same name, the exact same major number and at least the same minor number can be located. A library without path is searched through dependent packages under the same localbase, then in the system libraries under /usr/lib and /usr/X11R6/lib. A library with a path is only searched through dependent packages, that path being relative to localbase.

In packing-lists, installation, deinstallation and requirement scripts, description and message files, constructs like ${VAR} will be replaced with the variable value, according to -D name=value options.

In particular, shared library versions should never be mentioned explicitly in a packing-list. Shared library ‘foo’ will take its version number from LIBfoo_VERSION. The ports framework normally takes care of all details, see SHARED_LIBS in, not to be confused with SHARED_LIBS later in this document.

Constructs like %%VAR%% and !%%VAR%% trigger fragment inclusion. If such a line is encountered in a packing-list, the corresponding variable must be defined to 0 or 1. If the variable's value is 1, %%VAR%% will be replaced by the corresponding positive fragment, and !%%VAR%% will be ignored. If the variable's value is 0, %%VAR%% will be ignored, and !%%VAR%% will be replaced by the corresponding positive fragment.

A fragment is an auxiliary packing-list file, whose name is derived from the current packing-list, and the variable name VAR triggering the inclusion: pkg/PLIST yields a positive fragment pkg/PFRAG.VAR and a negative fragment pkg/, pkg/PLIST-FOO yields a positive fragment pkg/PFRAG.VAR-foo and a negative fragment pkg/

Fragments can be included inside fragments, so that %%VAR2%% inside pkg/PFRAG.VAR triggers the inclusion of pkg/PFRAG.VAR2-VAR and !%%VAR2%% triggers the inclusion of pkg/

If a positive or a negative fragment file does not exist, the corresponding inclusion will be ignored. However, if both the positive and negative fragment files do not exist, pkg_create will error out, to make it easier to spot fragment names errors.

Shared libraries no longer require any fragments, but can be included directly in the final packing-list: on an architecture without shared libraries, @lib lib/${LIBfoo_VERSION} will automatically devolve into lib/libfoo.a, if needed (e.g., for a port that builds both a shared library and a normal library on a shared libraries architecture, @lib lib/${LIBfoo_VERSION} will simply vanish on non-shared architectures). Extra copies living in other directories will be ignored (See the description of SHARED_ONLY and NO_SHARED_LIBS in

As a special historical exception, the variable SHARED_LIBS still control the inclusion of fragments PFRAG.shared and through the lines %%SHARED%% and !%%SHARED%%.

Default value for pkg-destdir, if no -B option is specified.

openssl(1), pkg_add(1), pkg_delete(1), pkg_info(1), tar(1),, package(5), pkg.conf(5), packages-specs(7), pkgpath(7), ports(7)

The pkg_create command first appeared in FreeBSD.

Jordan Hubbard
initial design
Marc Espie
complete rewrite.
June 8, 2012 OpenBSD-5.3