pkgadd(1M) System Administration Commands pkgadd(1M)NAMEpkgadd - transfer software packages to the system
SYNOPSISpkgadd [-nv] [-a admin] [-G] [-x proxy]
[ [-M] -R root_path] [-r response] [-k keystore]
[-P passwd] [-V fs_file]
[-d device | -d datastream pkginst | all]
[pkginst | -Y category [, category]...]
pkgadd-s [-d device | -d datastream pkginst | all]
[pkginst | -Y category [, category]...]
DESCRIPTIONpkgadd transfers the contents of a software package from the distribu‐
tion medium or directory to install it onto the system. Used without
the -d device source specifier, pkgadd looks in the default spool
directory (/var/spool/pkg) for the package. Used with the -s option, it
writes the package to a spool directory instead of installing it.
The pkgadd utility requires an amount of temporary space the size of
the package that is being installed. pkgadd determines which temporary
directory to use by checking for the existance of the $TMPDIR environ‐
ment variable. If $TMPDIR is not defined, pkgadd uses P_tmpdir from
stdio.h. P_tmpdir has a default of /var/tmp/.
Certain unbundled and third-party packages are no longer entirely com‐
patible with the latest version of pkgadd. These packages require user
interaction throughout the installation and not just at the very begin‐
ning, or require that their request scripts be run as the root user.
To install these older packages (released prior to Solaris 2.4), set
the following environment variable: NONABI_SCRIPTS=TRUE
As long as this environment variable is set, pkgadd permits keyboard
interaction throughout the installation and package request scripts are
run as root.
If you have package request scripts that require running as user root
(instead of noaccess [the default] or user install), use the
rscript_alt parameter in the admin(4) file to make an appropriate
selection. See admin(4).
Note that, in Solaris 8 and Solaris 9, the default user when running a
request script was either root or nobody, depending on the operating
system's patch level. In the current release, the default user is noac‐
cess.
When running pkgadd in the global zone (see zones(5)), a package that
contains a request script (see pkgask(1M)) is added only to the global
zone. The package is not propagated to any current or yet-to-be-
installed non-global zone. This behavior mimics the effect of the -G
option, described below.
Package commands are largefile(5)-aware. They handle files larger than
2 GB in the same way they handle smaller files. In their current imple‐
mentations, pkgadd, pkgtrans(1) and other package commands can process
a datastream of up to 4 GB.
The -d, -Y, and pkginst arguments shown in the SYNOPSIS are described
under OPERANDS, following OPTIONS.
OPTIONS
The supported options are described as follows. The -d device source
specifier is described under OPERANDS, below.
-a admin
Define an installation administration file, admin, to be used in
place of the default administration file. The token none overrides
the use of any admin file, and thus forces interaction with the
user. Unless a full path name is given, pkgadd first looks in the
current working directory for the administration file. If the spec‐
ified administration file is not in the current working directory,
pkgadd looks in the /var/sadm/install/admin directory for the
administration file.
-G
Add package(s) in the current zone only. When used in the global
zone, the package is added to the global zone only and is not prop‐
agated to any existing or yet-to-be-created non-global zone. When
used in a non-global zone, the package(s) are added to the non-
global zone only.
This option causes package installation to fail if, in the pkginfo
file for a package, SUNW_PKG_ALLZONES is set to true. See
pkginfo(4).
-k keystore
Use keystore as the location from which to get trusted certificate
authority certificates when verifying digital signatures found in
packages. If no keystore is specified, then the default keystore
locations are searched for valid trusted certificates. See KEYSTORE
LOCATIONS for more information.
-M
Instruct pkgadd not to use the $root_path/etc/vfstab file for
determining the client's mount points. This option assumes the
mount points are correct on the server and it behaves consistently
with Solaris 2.5 and earlier releases.
-n
Installation occurs in non-interactive mode. Suppress output of the
list of installed files. The default mode is interactive.
-P passwd
Password to use to decrypt keystore specified with -k, if required.
See PASS PHRASE ARGUMENTS for more information about the format of
this option's argument.
-r response
Identify a file or directory which contains output from a previous
pkgask(1M) session. This file supplies the interaction responses
that would be requested by the package in interactive mode.
response must be a full pathname.
-R root_path
Define the full path name of a directory to use as the root_path.
All files, including package system information files, are relo‐
cated to a directory tree starting in the specified root_path. The
root_path may be specified when installing to a client from a
server (for example, /export/root/client1).
Note -
The root file system of any non-global zones must not be refer‐
enced with the -R option. Doing so might damage the global zone's
file system, might compromise the security of the global zone,
and might damage the non-global zone's file system. See zones(5).
-s spool
Write the package into the directory spool instead of installing
it.
-v
Trace all of the scripts that get executed by pkgadd, located in
the pkginst/install directory. This option is used for debugging
the procedural and non-procedural scripts.
-V fs_file
Specify an alternative fs_file to map the client's file systems.
For example, used in situations where the $root_path/etc/vfstab
file is non-existent or unreliable.
-x proxy
Specify a HTTP[S] proxy to use when downloading packages The format
of proxy is host:port, where host is the hostname of the HTTP[S]
proxy, and port is the port number associated with the proxy. This
switch overrides all other methods of specifying a proxy. See ENVI‐
RONMENT VARIABLES for more information on alternate methods of
specifying a default proxy.
When executed without options or operands, pkgadd uses /var/spool/pkg
(the default spool directory).
OPERANDS
The following operands are supported:
Sources
By default, pkgadd looks in the /var/spool/pkg directory when searching
for instances of a package to install or spool. Optionally, the source
for the package instances to be installed or spooled can be specified
using:
-d device
-d datastream pkgname,... | all
Install or copy a package from device. device can be any of the
following:
o A full path name to a directory or the identifiers for
tape, floppy disk, or removable disk (for example,
/var/tmp or /floppy/floppy_name).
o A device alias (for example, /floppy/floppy0).
o A datastream created by pkgtrans (see pkgtrans(1)).
o A URL pointing to a datastream created by pkgtrans. The
supported Universal Resource Identifiers (URIs) are
http: and https:.
The second form of the -d specifier, above, indicates the syntax
you use when specifying a datastream. In this case you must specify
either a comma-separated list of package names or the keyword all.
Instances
By default, pkgadd searches the specified source, and presents an
interactive menu allowing the user to select which package instances
found on the source are to be installed. As an alternative, the package
instances to be installed can be specified using:
pkginst
The package instance or list of instances to be installed. The
token all may be used to refer to all packages available on the
source medium. The format pkginst.* can be used to indicate all
instances of a package.
The asterisk character (*) is a special character to some shells
and may need to be escaped. In the C-Shell, the asterisk must be
surrounded by single quotes (') or preceded by a backslash (\).
-Y category[,category...]
Install packages based on the value of the CATEGORY parameter
stored in the package's pkginfo(4) file. All packages on the source
medium whose CATEGORY matches one of the specified categories will
be selected for installation or spooling.
KEYSTORE LOCATIONS
Package and patch tools such as pkgadd or patchadd use a set of trusted
certificates to perform signature validation on any signatures found
within the packages or patches. If there are no signatures included in
the packages or patches then signature validation is skipped. The cer‐
tificates can come from a variety of locations. If -k keystore is spec‐
ified, and keystore is a directory, then keystore is assumed to be the
base directory of the certificates to be used. If keystore is a file,
then the file itself is assumed to have all required keys and certifi‐
cates. When -k is not specified, then /var/sadm/security is used as the
base directory.
Within the specified base directory, the store locations to be searched
are different based on the application doing the searching and the type
of store being searched for. The following directories are searched in
the specified order:
1. <store_dir>/<app_name>/<store_type>
2. <store_dir>/<store_type>
Where <store_dir> is the directory specified by -k, <app_name> is the
name of the application doing the searching, and <store_type> is one of
keystore (for private keys), certstore (for untrusted public key cer‐
tificates), or truststore (for trusted certificate authority certifi‐
cates).
For example, when pkgadd is run with -k /export/certs, then the follow‐
ing locations are successively searched to find the trust store:
1. /export/certs/pkgadd/truststore
2. /export/certs/truststore
This searching order enables administrators to have a single location
for most applications, and special certificate locations for certain
applications.
KEYSTORE AND CERTIFICATE FORMATS
The packaging and patching utilities, such as pkgtrans and patchadd,
require access to a set of keys and certificates in order to sign, and
optionally verify, packages and patches.
The keystore files found by following the search pattern specified in
KEYSTORE LOCATIONS must each be a self-contained PKCS#12-format file.
When signing a package with pkgtrans, if a certstore has more than one
public key certificate, then each public key must have a friendlyName
attribute in order to be identifiable and selectable with the -a option
when signing packages or patches. In addition, the public key certifi‐
cate selected with -a and found in the certstore must have an associ‐
ated private key in the keystore.
Several browsers and utilities can be used to export and import cer‐
tificates and keys into a PKCS#12 keystore. For example, a trusted cer‐
tificate can be exported from Mozilla, and then imported into a PKCS#12
keystore for use with pkgadd with the OpenSSL Toolkit.
PASS PHRASE ARGUMENTS
pkgtrans and pkgadd accept password arguments, typically using -p to
specify the password. These allow the password to be obtained from a
variety of sources. Both of these options take a single argument whose
format is described below. If no password argument is given and a pass‐
word is required then the user is prompted to enter one: this will typ‐
ically be read from the current terminal with echoing turned off.
pass:password
The actual password is password. Because the password is visible to
utilities such as ps this form should only be used where security
is not important.
env:var
Obtain the password from the environment variable var. Because the
environment of other processes is visible on certain platforms this
option should be used with caution.
file:pathname
The first line contained within pathname is the password. pathname
need not refer to a regular file: it could, for example, refer to a
device or named pipe. For example, to read the password from stan‐
dard input, use file:/dev/stdin.
console
Read the password from /dev/tty.
EXAMPLES
Example 1 Installing a Package from a Solaris DVD
The following example installs a package from a Solaris DVD. You are
prompted for the name of the package you want to install.
example# pkgadd-d /cdrom/cdrom0/s0/Solaris_10/Product
Example 2 Installing a Set of Packages from a Datastream
The example command shown below installs all of the packages in the
datastream specified by the -d source specifier. Prior to this command,
this datastream must have been created with the pkgtrans(1) command.
example# pkgadd-d /var/tmp/datastream all
The keyword all specifies that all of the packages found in the desig‐
nated datastream will be installed.
EXIT STATUS
0
Successful completion
1
Fatal error.
2
Warning.
3
Interruption.
4
Administration.
5
Administration. Interaction is required. Do not use pkgadd-n.
10
Reboot after installation of all packages.
20
Reboot after installation of this package.
ENVIRONMENT VARIABLES
HTTPPROXY
Specifies an HTTP proxy host. Overrides administration file set‐
ting, and http_proxy environment variable.
HTTPPROXYPORT
Specifies the port to use when contacting the host specified by
HTTPPROXY. Ignored if HTTPPROXY is not set.
http_proxy
URL format for specifying proxy host and port. Overrides adminis‐
tration file setting.
FILES
/var/sadm/install/logs/
Location where pkgadd logs an instance of software installation.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWpkgcmdsu │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOpkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1),
installf(1M), pkgadm(1M), pkgask(1M), pkgchk(1M), pkgrm(1M),
removef(1M), admin(4), pkginfo(4), attributes(5), largefile(5),
zones(5)
http://www.openssl.org
NOTES
When transferring a package to a spool directory, the -r, -n, and -a
options cannot be used.
The -r option can be used to indicate a directory name as well as a
filename. The directory can contain numerous response files, each shar‐
ing the name of the package with which it should be associated. This
would be used, for example, when adding multiple interactive packages
with one invocation of pkgadd. In this situation, each package would
need a response file. If you create response files with the same name
as the package (for example, pkinst1 and pkinst2), then name the direc‐
tory in which these files reside after the -r.
The -n option causes the installation to halt if any interaction is
needed to complete it.
If the default admin file is too restrictive, the administration file
may need to be modified to allow for total non-interaction during a
package installation. See admin(4) for details.
If a package stream is specified with -d, and a digital signature is
found in that stream, the default behavior is to attempt to validate
the certificate and signature found. This behavior can be overridden
with admin file settings. See admin(4) for more information.
SunOS 5.10 30 Oct 2007 pkgadd(1M)
