pkgadd(1M)
NAME
pkgadd - transfer software packages to the system
SYNOPSIS
pkgadd [-nvi] [-a admin] [-d device] [-x proxy] [ [-M]
-R root_path] [-r response] [-k keystore] [-P passwd] [-
V fs_file] [source] [instances]
pkgadd -s [source] [instances]
DESCRIPTION
pkgadd transfers the contents of a software package from the
distribution medium or directory to install it onto the sys-
tem. Used without the -d option, pkgadd looks in the default
spool directory for the package (var/spool/pkg). Used with
the -s option, it writes the package to a spool directory
instead of installing it.
The pkgadd utility requires an amount of temporary space the
size of the package that is being installed. pkgadd deter-
mines which temporary directory to use by checking for the
existance of the $TMPDIR environment variable. If $TMPDIR is
not defined, pkgadd uses P_tmpdir from stdio.h. P_tmpdir has
a default of /var/tmp/.
Certain unbundled and third-party packages are no longer
entirely compatible with the latest version of pkgadd. These
packages require user interaction throughout the installa-
tion and not just at the very beginning.
To install these older packages (released prior to Solaris
2.4), set the following environment variable:
NONABI_SCRIPTS=TRUE
pkgadd permits keyboard interaction throughout the installa-
tion as long as this environment variable is set.
OPTIONS
The following options are supported:
-a admin
Define an installation administration file, admin, to
be used in place of the default administration file.
The token none overrides the use of any admin file,
and thus forces interaction with the user. Unless a
full path name is given, pkgadd first looks in the
current working directory for the administration file.
If the specified administration file is not in the
current working directory, pkgadd looks in the
/var/sadm/install/admin directory for the administra-
tion file.
-d device
Install or copy a package from device. device can be a
full path name to a directory or the identifiers for
tape, floppy disk, or removable disk (for example,
/var/tmp or /floppy/floppy_name ). It can also be a
device alias (for example, /floppy/floppy0) or a
datastream created by pkgtrans (see pkgtrans(1)).
-k keystore
Use keystore as the location from which to get trusted
certificate authority certificates when verifying
digital signatures found in packages. If no keystore
is specified, then the default keystore locations are
searched for valid trusted certificates. See KEYSTORE
LOCATIONS for more information.
-M Instruct pkgadd not to use the $root_path/etc/vfstab
file for determining the client's mount points. This
option assumes the mount points are correct on the
server and it behaves consistently with Solaris 2.5
and earlier releases.
-n Installation occurs in non-interactive mode. Suppress
output of the list of installed files. The default
mode is interactive.
-P passwd
Password to use to decrypt keystore specified with -k,
if required. See PASS PHRASE ARGUMENTS for more infor-
mation about the format of this option's argument.
-r response
Identify a file or directory which contains output
from a previous pkgask(1M) session. This file supplies
the interaction responses that would be requested by
the package in interactive mode. response must be a
full pathname.
-R root_path
Define the full path name of a directory to use as the
root_path. All files, including package system infor-
mation files, are relocated to a directory tree start-
ing in the specified root_path. The root_path may be
specified when installing to a client from a server
(for example, /export/root/client1).
-s spool
Write the package into the directory spool instead of
installing it.
-v Trace all of the scripts that get executed by pkgadd,
located in the pkginst/install directory. This option
is used for debugging the procedural and non-
procedural scripts.
-V fs_file
Specify an alternative fs_file to map the client's
file systems. For example, used in situations where
the $root_path/etc/vfstab file is non-existent or
unreliable.
-x proxy
Specify a HTTP[S] proxy to use when downloading pack-
ages The format of proxy is host:port, where host is
the hostname of the HTTP[S] proxy, and port is the
port number associated with the proxy. This switch
overrides all other methods of specifying a proxy. See
ENVIRONMENT VARIABLES for more information on alter-
nate methods of specifying a default proxy.
When executed without options or operands, pkgadd uses
/var/spool/pkg (the default spool directory).
OPERANDS
The following operands are supported:
Sources
By default, pkgadd looks in the /var/spool/pkg directory
when searching for instances of a package to install or
spool. Optionally, the source for the package instances to
be installed or spooled can be specified using:
-d device
Install or copy a package from device. device can be a
full path name to a directory or the identifiers for
tape, floppy disk, or removable disk (for example,
/var/tmp or /floppy/floppy_name). It can also be a
device alias (for example, /floppy/floppy0) or a
datastream created by pkgtrans (see pkgtrans(1)). dev-
ice can also be a URL pointing to a datastream created
by pkgtrans.
Instances
By default, pkgadd searches the specified source, and
presents an interactive menu allowing the user to select
which package instances found on the source are to be
installed. As an alternative, the package instances to be
installed can be specified using:
pkginst
The package instance or list of instances to be
installed. The token all may be used to refer to all
packages available on the source medium. The format
pkginst.* can be used to indicate all instances of a
package.
The asterisk character (*) is a special character to
some shells and may need to be escaped. In the C-
Shell, the asterisk must be surrounded by single
quotes (') or preceded by a backslash (\).
-Y category[,category...]
Install packages based on the value of the CATEGORY
parameter stored in the package's pkginfo(4) file. All
packages on the source medium whose CATEGORY matches
one of the specified categories will be selected for
installation or spooling.
KEYSTORE LOCATIONS
Package and patch tools such as pkgadd or patchadd use a set
of trusted certificates to perform signature validation on
any signatures found within the packages or patches. If
there are no signatures included in the packages or patches
then signature validation is skipped. The certificates can
come from a variety of locations. If -k keystore is speci-
fied, and keystore is a directory, then keystore is assumed
to be the base directory of the certificates to be used. If
keystore is a file, then the file itself is assumed to have
all required keys and certificates. When -k is not speci-
fied, then /var/sadm/security is used as the base directory.
Within the specified base directory, the store locations to
be searched are different based on the application doing the
searching and the type of store being searched for. The fol-
lowing directories are searched in the specified order:
1. <store_dir>/<app_name>/<store_type>
2. <store_dir>/<store_type>
Where <store_dir> is the directory specified by -k,
<app_name> is the name of the application doing the search-
ing, and <store_type> is one of keystore (for private keys),
certstore (for untrusted public key certificates), or trust-
store (for trusted certificate authority certificates).
For example, when pkgadd is run with -k /export/certs, then
the following locations are successively searched to find
the trust store:
1. /export/certs/pkgadd/truststore
2. /export/certs/truststore
This searching order enables administrators to have a single
location for most applications, and special certificate
locations for certain applications.
KEYSTORE AND CERTIFICATE FORMATS
The packaging and patching utilities, such as pkgtrans and
patchadd, require access to a set of keys and certificates
in order to sign, and optionally verify, packages and
patches.
The keystore files found by following the search pattern
specified in KEYSTORE LOCATIONS must each be a self-
contained PKCS#12-format file.
When signing a package with pkgtrans, if a certstore has
more than one public key certificate, then each public key
must have a friendlyName attribute in order to be identifi-
able and selectable with the -a option when signing packages
or patches. In addition, the public key certificate selected
with -a and found in the certstore must have an associated
private key in the keystore.
Several browsers and utilities can be used to export and
import certificates and keys into a PKCS#12 keystore. For
example, a trusted certificate can be exported from
Netscape, and then imported into a PKCS#12 keystore for use
with pkgadd with the OpenSSL Toolkit.
PASS PHRASE ARGUMENTS
pkgtrans and pkgadd accept password arguments, typically
using -p to specify the password. These allow the password
to be obtained from a variety of sources. Both of these
options take a single argument whose format is described
below. If no password argument is given and a password is
required then the user is prompted to enter one: this will
typically be read from the current terminal with echoing
turned off.
pass:password
The actual password is password. Because the password
is visible to utilities such as ps this form should
only be used where security is not important.
env:var
Obtain the password from the environment variable var.
Because the environment of other processes is visible
on certain platforms this option should be used with
caution.
file:pathname
The first line contained within pathname is the pass-
word. pathname need not refer to a regular file: it
could, for example, refer to a device or named pipe.
For example, to read the password from standard input,
use file:/dev/stdin.
console
Read the password from /dev/tty.
EXAMPLES
Example 1: Installing a Package from a Solaris CD-ROM
The following example installs a package from a Solaris CD-
ROM. You are prompted for the name of the package you want
to install.
example% pkgadd -d /cdrom/cdrom0/s0/Solaris_2.6
EXIT STATUS
0 Successful completion
1 Fatal error.
2 Warning.
3 Interruption.
4 Administration.
5 Administration. Interaction is required. Do not use
pkgadd -n.
10 Reboot after installation of all packages.
20 Reboot after installation of this package.
ENVIRONMENT VARIABLES
HTTPPROXY
Specifies an HTTP proxy host. Overrides administration
file setting, and http_proxy environment variable.
HTTPPROXYPORT
Specifies the port to use when contacting the host
specified by HTTPPROXY. Ignored if HTTPPROXY is not
set.
http_proxy
URL format for specifying proxy host and port. Over-
rides administration file setting.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWpkgcmdsu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
pkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1),
installf(1M), pkgadm(1M), pkgask(1M), pkgrm(1M),
removef(1M), admin(4), pkginfo(4), attributes(5)
Application Packaging Developer's Guide
http://www.openssl.org
NOTES
When transferring a package to a spool directory, the -r,
-n, and -a options cannot be used.
The -r option can be used to indicate a directory name as
well as a filename. The directory can contain numerous
response files, each sharing the name of the package with
which it should be associated. This would be used, for exam-
ple, when adding multiple interactive packages with one
invocation of pkgadd. In this situation, each package would
need a response file. If you create response files with the
same name as the package (for example, pkinst1 and pkinst2),
then name the directory in which these files reside after
the -r.
The -n option causes the installation to halt if any
interaction is needed to complete it.
If the default admin file is too restrictive, the adminis-
tration file may need to be modified to allow for total
non-interaction during a package installation. See admin(4)
for details.
If a package stream is specified with -d, and a digital sig-
nature is found in that stream, the default behavior is to
attempt to validate the certificate and signature found.
This behavior can be overridden with admin file settings.
See admin(4) for more information.
Man(1) output converted with
man2html