pkgadd - transfer software packages to the system


     pkgadd  [-nvi]  [-a admin]  [-d device]  [-x proxy]  [  [-M]
     -R root_path]  [-r response]  [-k keystore]  [-P passwd]  [-
     V fs_file] [source] [instances]

     pkgadd -s [source] [instances]


     pkgadd transfers the contents of a software package from the
     distribution medium or directory to install it onto the sys-
     tem. Used without the -d option, pkgadd looks in the default
     spool  directory  for the package (var/spool/pkg). Used with
     the -s option, it writes the package to  a  spool  directory
     instead of installing it.

     The pkgadd utility requires an amount of temporary space the
     size  of  the package that is being installed. pkgadd deter-
     mines which temporary directory to use by checking  for  the
     existance of the $TMPDIR environment variable. If $TMPDIR is
     not defined, pkgadd uses P_tmpdir from stdio.h. P_tmpdir has
     a default of /var/tmp/.

     Certain unbundled and third-party  packages  are  no  longer
     entirely compatible with the latest version of pkgadd. These
     packages require user interaction throughout  the  installa-
     tion and not just at the very beginning.

     To install these older packages (released prior  to  Solaris
     2.4),    set    the    following    environment    variable:

     pkgadd permits keyboard interaction throughout the installa-
     tion as long as this environment variable is set.


     The following options are supported:

     -a admin
           Define an installation administration file, admin,  to
           be  used  in place of the default administration file.
           The token none overrides the use of  any  admin  file,
           and  thus  forces  interaction with the user. Unless a
           full path name is given, pkgadd  first  looks  in  the
           current working directory for the administration file.
           If the specified administration file  is  not  in  the
           current   working   directory,  pkgadd  looks  in  the
           /var/sadm/install/admin directory for the  administra-
           tion file.

     -d device
           Install or copy a package from device. device can be a
           full  path  name to a directory or the identifiers for
           tape, floppy disk, or  removable  disk  (for  example,
           /var/tmp  or  /floppy/floppy_name  ). It can also be a
           device  alias  (for  example,  /floppy/floppy0)  or  a
           datastream created by pkgtrans (see pkgtrans(1)).

     -k keystore
           Use keystore as the location from which to get trusted
           certificate   authority  certificates  when  verifying
           digital signatures found in packages. If  no  keystore
           is  specified, then the default keystore locations are
           searched for valid trusted certificates. See  KEYSTORE
           LOCATIONS for more information.

     -M    Instruct pkgadd not to use  the  $root_path/etc/vfstab
           file  for  determining the client's mount points. This
           option assumes the mount points  are  correct  on  the
           server  and  it  behaves consistently with Solaris 2.5
           and earlier releases.

     -n    Installation occurs in non-interactive mode.  Suppress
           output  of  the  list  of installed files. The default
           mode is interactive.

     -P passwd
           Password to use to decrypt keystore specified with -k,
           if required. See PASS PHRASE ARGUMENTS for more infor-
           mation about the format of this option's argument.

     -r response
           Identify a file or  directory  which  contains  output
           from a previous pkgask(1M) session. This file supplies
           the interaction responses that would be  requested  by
           the  package  in  interactive mode. response must be a
           full pathname.

     -R root_path
           Define the full path name of a directory to use as the
           root_path.  All files, including package system infor-
           mation files, are relocated to a directory tree start-
           ing  in  the specified root_path. The root_path may be
           specified when installing to a client  from  a  server
           (for example, /export/root/client1).

     -s spool
           Write the package into the directory spool instead  of
           installing it.

     -v    Trace all of the scripts that get executed by  pkgadd,
           located  in the pkginst/install directory. This option
           is  used  for  debugging  the  procedural   and   non-
           procedural scripts.

     -V fs_file
           Specify an alternative fs_file  to  map  the  client's
           file  systems.  For  example, used in situations where
           the  $root_path/etc/vfstab  file  is  non-existent  or

     -x proxy
           Specify a HTTP[S] proxy to use when downloading  pack-
           ages  The  format of proxy is host:port, where host is
           the hostname of the HTTP[S] proxy,  and  port  is  the
           port  number  associated  with  the proxy. This switch
           overrides all other methods of specifying a proxy. See
           ENVIRONMENT  VARIABLES  for more information on alter-
           nate methods of specifying a default proxy.

     When executed  without  options  or  operands,  pkgadd  uses
     /var/spool/pkg (the default spool directory).


     The following operands are supported:

     By default, pkgadd looks  in  the  /var/spool/pkg  directory
     when  searching  for  instances  of  a package to install or
     spool. Optionally, the source for the package  instances  to
     be installed or spooled can be specified using:

     -d device
           Install or copy a package from device. device can be a
           full  path  name to a directory or the identifiers for
           tape, floppy disk, or  removable  disk  (for  example,
           /var/tmp  or  /floppy/floppy_name).  It  can also be a
           device  alias  (for  example,  /floppy/floppy0)  or  a
           datastream created by pkgtrans (see pkgtrans(1)). dev-
           ice can also be a URL pointing to a datastream created
           by pkgtrans.

     By  default,  pkgadd  searches  the  specified  source,  and
     presents  an  interactive  menu  allowing the user to select
     which package instances  found  on  the  source  are  to  be
     installed.  As  an  alternative, the package instances to be
     installed can be specified using:

           The package  instance  or  list  of  instances  to  be
           installed.  The  token all may be used to refer to all
           packages available on the source  medium.  The  format
           pkginst.*  can  be used to indicate all instances of a

           The asterisk character (*) is a special  character  to
           some  shells  and  may  need  to be escaped. In the C-
           Shell, the  asterisk  must  be  surrounded  by  single
           quotes (') or preceded by a backslash (\).

     -Y category[,category...]
           Install packages based on the value  of  the  CATEGORY
           parameter stored in the package's pkginfo(4) file. All
           packages on the source medium whose  CATEGORY  matches
           one  of  the specified categories will be selected for
           installation or spooling.


     Package and patch tools such as pkgadd or patchadd use a set
     of  trusted  certificates to perform signature validation on
     any signatures found within  the  packages  or  patches.  If
     there  are no signatures included in the packages or patches
     then signature validation is skipped. The  certificates  can
     come  from  a variety of locations. If -k keystore is speci-
     fied, and keystore is a directory, then keystore is  assumed
     to be the base directory of the certificates to be used.  If
     keystore is a file, then the file itself is assumed to  have
     all  required  keys  and certificates. When -k is not speci-
     fied, then /var/sadm/security is used as the base directory.

     Within the specified base directory, the store locations  to
     be searched are different based on the application doing the
     searching and the type of store being searched for. The fol-
     lowing directories are searched in the specified order:

     1. <store_dir>/<app_name>/<store_type>

     2. <store_dir>/<store_type>

     Where  <store_dir>  is  the  directory  specified   by   -k,
     <app_name>  is the name of the application doing the search-
     ing, and <store_type> is one of keystore (for private keys),
     certstore (for untrusted public key certificates), or trust-
     store (for trusted certificate authority certificates).

     For example, when pkgadd is run with -k /export/certs,  then
     the  following  locations  are successively searched to find
     the trust store:

     1. /export/certs/pkgadd/truststore

     2. /export/certs/truststore

     This searching order enables administrators to have a single
     location  for  most  applications,  and  special certificate
     locations for certain applications.


     The packaging and patching utilities, such as  pkgtrans  and
     patchadd,  require  access to a set of keys and certificates
     in order  to  sign,  and  optionally  verify,  packages  and

     The keystore files found by  following  the  search  pattern
     specified  in  KEYSTORE  LOCATIONS  must  each  be  a  self-
     contained PKCS#12-format file.

     When signing a package with pkgtrans,  if  a  certstore  has
     more  than  one public key certificate, then each public key
     must have a friendlyName attribute in order to be  identifi-
     able and selectable with the -a option when signing packages
     or patches. In addition, the public key certificate selected
     with  -a  and found in the certstore must have an associated
     private key in the keystore.

     Several browsers and utilities can be  used  to  export  and
     import  certificates  and  keys into a PKCS#12 keystore. For
     example,  a  trusted  certificate  can  be   exported   from
     Netscape,  and then imported into a PKCS#12 keystore for use
     with pkgadd with the OpenSSL Toolkit.


     pkgtrans and pkgadd  accept  password  arguments,  typically
     using  -p  to specify the password. These allow the password
     to be obtained from a variety  of  sources.  Both  of  these
     options  take  a  single  argument whose format is described
     below. If no password argument is given and  a  password  is
     required  then  the user is prompted to enter one: this will
     typically be read from the  current  terminal  with  echoing
     turned off.

           The actual password is password. Because the  password
           is  visible  to  utilities such as ps this form should
           only be used where security is not important.

           Obtain the password from the environment variable var.
           Because  the environment of other processes is visible
           on certain platforms this option should be  used  with

           The first line contained within pathname is the  pass-
           word.  pathname  need  not refer to a regular file: it
           could, for example, refer to a device or  named  pipe.
           For example, to read the password from standard input,
           use file:/dev/stdin.

           Read the password from /dev/tty.


     Example 1: Installing a Package from a Solaris CD-ROM

     The following example installs a package from a Solaris  CD-
     ROM.  You  are prompted for the name of the package you want
     to install.

     example% pkgadd -d /cdrom/cdrom0/s0/Solaris_2.6


     0     Successful completion

     1     Fatal error.

     2     Warning.

     3     Interruption.

     4     Administration.

     5     Administration. Interaction is required.  Do  not  use
           pkgadd -n.

     10    Reboot after installation of all packages.

     20    Reboot after installation of this package.


           Specifies an HTTP proxy host. Overrides administration
           file setting, and http_proxy environment variable.

           Specifies the port to use  when  contacting  the  host
           specified  by  HTTPPROXY.  Ignored if HTTPPROXY is not

           URL format for specifying proxy host and  port.  Over-
           rides administration file setting.


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWpkgcmdsu                |
    | Interface Stability         | Evolving                    |


     pkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1),
     installf(1M),     pkgadm(1M),     pkgask(1M),     pkgrm(1M),
     removef(1M), admin(4), pkginfo(4), attributes(5)

     Application Packaging Developer's Guide


     When transferring a package to a spool  directory,  the  -r,
     -n, and -a options cannot be used.

     The -r option can be used to indicate a  directory  name  as
     well  as  a  filename.  The  directory  can contain numerous
     response files, each sharing the name of  the  package  with
     which it should be associated. This would be used, for exam-
     ple, when adding  multiple  interactive  packages  with  one
     invocation  of pkgadd. In this situation, each package would
     need a response file. If you create response files with  the
     same name as the package (for example, pkinst1 and pkinst2),
     then name the directory in which these  files  reside  after
     the -r.

     The -n  option  causes  the  installation  to  halt  if  any
     interaction is needed to complete it.

     If the default admin file is too restrictive,  the  adminis-
     tration  file  may  need  to  be modified to allow for total
     non-interaction during a package installation. See  admin(4)
     for details.

     If a package stream is specified with -d, and a digital sig-
     nature  is  found in that stream, the default behavior is to
     attempt to validate the  certificate  and  signature  found.
     This  behavior  can  be overridden with admin file settings.
     See admin(4) for more information.

Man(1) output converted with man2html