PDF로 이 문서 다운로드 (5578 KB)

pkgadd(1M)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | KEYSTORE LOCATIONS | KEYSTORE AND CERTIFICATE FORMATS | PASS PHRASE ARGUMENTS | EXAMPLES | EXIT STATUS | ENVIRONMENT VARIABLES | ATTRIBUTES | SEE ALSO | NOTES

NAME

pkgadd– transfer software packages to the system

SYNOPSIS

pkgadd [-nvi] [-a admin] [-d device] [-x proxy] [[-M]-R root_path] [-r response] [-k keystore] [-P passwd] [-V fs_file] [source] [instances]
pkgadd -s [source] [instances]

DESCRIPTION

pkgadd transfers the contents of a software package from the distribution medium or directory to install it onto the system. Used without the -d option, pkgadd looks in the default spool directory for the package (var/spool/pkg). Used with the -s option, it writes the package to a spool directory instead of installing it.

The pkgadd utility requires an amount of temporary space the size of the package that is being installed. pkgadd determines which temporary directory to use by checking for the existance of the $TMPDIR environment variable. If $TMPDIR is not defined, pkgadd uses P_tmpdir from stdio.h. P_tmpdir has a default of /var/tmp/.

Certain unbundled and third-party packages are no longer entirely compatible with the latest version of pkgadd. These packages require user interaction throughout the installation and not just at the very beginning.

To install these older packages (released prior to Solaris 2.4), set the following environment variable: NONABI_SCRIPTS=TRUE

pkgadd permits keyboard interaction throughout the installation as long as this environment variable is set.

OPTIONS

The following options are supported:

-a admin

Define an installation administration file, admin, to be used in place of the default administration file. The token none overrides the use of any admin file, and thus forces interaction with the user. Unless a full path name is given, pkgadd first looks in the current working directory for the administration file. If the specified administration file is not in the current working directory, pkgadd looks in the /var/sadm/install/admin directory for the administration file.

-d device

Install or copy a package from device. device can be a full path name to a directory or the identifiers for tape, floppy disk, or removable disk (for example, /var/tmp or /floppy/floppy_name ). It can also be a device alias (for example, /floppy/floppy0) or a datastream created by pkgtrans (see pkgtrans(1)).

-k keystore

Use keystore as the location from which to get trusted certificate authority certificates when verifying digital signatures found in packages. If no keystore is specified, then the default keystore locations are searched for valid trusted certificates. See KEYSTORE LOCATIONS for more information.

-M

Instruct pkgadd not to use the $root_path/etc/vfstab file for determining the client's mount points. This option assumes the mount points are correct on the server and it behaves consistently with Solaris 2.5 and earlier releases.

-n

Installation occurs in non-interactive mode. Suppress output of the list of installed files. The default mode is interactive.

-P passwd

Password to use to decrypt keystore specified with -k, if required. See PASS PHRASE ARGUMENTS for more information about the format of this option's argument.

-r response

Identify a file or directory which contains output from a previous pkgask(1M) session. This file supplies the interaction responses that would be requested by the package in interactive mode. response must be a full pathname.

-R root_path

Define the full path name of a directory to use as the root_path. All files, including package system information files, are relocated to a directory tree starting in the specified root_path. The root_path may be specified when installing to a client from a server (for example, /export/root/client1).

-s spool

Write the package into the directory spool instead of installing it.

-v

Trace all of the scripts that get executed by pkgadd, located in the pkginst/install directory. This option is used for debugging the procedural and non-procedural scripts.

-V fs_file

Specify an alternative fs_file to map the client's file systems. For example, used in situations where the $root_path/etc/vfstab file is non-existent or unreliable.

-x proxy

Specify a HTTP[S] proxy to use when downloading packages The format of proxy is host:port, where host is the hostname of the HTTP[S] proxy, and port is the port number associated with the proxy. This switch overrides all other methods of specifying a proxy. See ENVIRONMENT VARIABLES for more information on alternate methods of specifying a default proxy.

When executed without options or operands, pkgadd uses /var/spool/pkg (the default spool directory).

OPERANDS

The following operands are supported:

Sources

By default, pkgadd looks in the /var/spool/pkg directory when searching for instances of a package to install or spool. Optionally, the source for the package instances to be installed or spooled can be specified using:

-d device

Install or copy a package from device. device can be a full path name to a directory or the identifiers for tape, floppy disk, or removable disk (for example, /var/tmp or /floppy/floppy_name). It can also be a device alias (for example, /floppy/floppy0) or a datastream created by pkgtrans (see pkgtrans(1)). device can also be a URL pointing to a datastream created by pkgtrans.

Instances

By default, pkgadd searches the specified source, and presents an interactive menu allowing the user to select which package instances found on the source are to be installed. As an alternative, the package instances to be installed can be specified using:

pkginst

The package instance or list of instances to be installed. The token all may be used to refer to all packages available on the source medium. The format pkginst.* can be used to indicate all instances of a package.

The asterisk character (*) is a special character to some shells and may need to be escaped. In the C-Shell, the asterisk must be surrounded by single quotes (') or preceded by a backslash (\).

-Y category[,category...]

Install packages based on the value of the CATEGORY parameter stored in the package's pkginfo(4) file. All packages on the source medium whose CATEGORY matches one of the specified categories will be selected for installation or spooling.

KEYSTORE LOCATIONS

Package and patch tools such as pkgadd or patchadd use a set of trusted certificates to perform signature validation on any signatures found within the packages or patches. If there are no signatures included in the packages or patches then signature validation is skipped. The certificates can come from a variety of locations. If -k keystore is specified, and keystore is a directory, then keystore is assumed to be the base directory of the certificates to be used. If keystore is a file, then the file itself is assumed to have all required keys and certificates. When -k is not specified, then /var/sadm/security is used as the base directory.

Within the specified base directory, the store locations to be searched are different based on the application doing the searching and the type of store being searched for. The following directories are searched in the specified order:

1. <store_dir>/<app_name>/<store_type>

2. <store_dir>/<store_type>

Where <store_dir> is the directory specified by -k, <app_name> is the name of the application doing the searching, and <store_type> is one of keystore (for private keys), certstore (for untrusted public key certificates), or truststore (for trusted certificate authority certificates).

For example, when pkgadd is run with -k /export/certs, then the following locations are successively searched to find the trust store:

1. /export/certs/pkgadd/truststore

2. /export/certs/truststore

This searching order enables administrators to have a single location for most applications, and special certificate locations for certain applications.

KEYSTORE AND CERTIFICATE FORMATS

The packaging and patching utilities, such as pkgtrans and patchadd, require access to a set of keys and certificates in order to sign, and optionally verify, packages and patches.

The keystore files found by following the search pattern specified in KEYSTORE LOCATIONS must each be a self-contained PKCS#12-format file.

When signing a package with pkgtrans, if a certstore has more than one public key certificate, then each public key must have a friendlyName attribute in order to be identifiable and selectable with the -a option when signing packages or patches. In addition, the public key certificate selected with -a and found in the certstore must have an associated private key in the keystore.

Several browsers and utilities can be used to export and import certificates and keys into a PKCS#12 keystore. For example, a trusted certificate can be exported from Netscape, and then imported into a PKCS#12 keystore for use with pkgadd with the OpenSSL Toolkit.

PASS PHRASE ARGUMENTS

pkgtrans and pkgadd accept password arguments, typically using -p to specify the password. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.

pass:password

The actual password is password. Because the password is visible to utilities such as ps this form should only be used where security is not important.

env:var

Obtain the password from the environment variable var. Because the environment of other processes is visible on certain platforms this option should be used with caution.

file:pathname

The first line contained within pathname is the password. pathname need not refer to a regular file: it could, for example, refer to a device or named pipe. For example, to read the password from standard input, use file:/dev/stdin.

console

Read the password from /dev/tty.

EXAMPLES

---

Example 1 Installing a Package from a Solaris CD-ROM




The following example installs a package from a Solaris CD-ROM. You are prompted for the name of the package you want to install.

example% pkgadd -d /cdrom/cdrom0/s0/Solaris_2.6

---

EXIT STATUS

0

Successful completion

1

Fatal error.

2

Warning.

3

Interruption.

4

Administration.

5

Administration. Interaction is required. Do not use pkgadd -n.

10

Reboot after installation of all packages.

20

Reboot after installation of this package.

ENVIRONMENT VARIABLES

HTTPPROXY

Specifies an HTTP proxy host. Overrides administration file setting, and http_proxy environment variable.

HTTPPROXYPORT

Specifies the port to use when contacting the host specified by HTTPPROXY. Ignored if HTTPPROXY is not set.

http_proxy

URL format for specifying proxy host and port. Overrides administration file setting.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWpkgcmdsu
Interface Stability	Evolving

SEE ALSO

pkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1), installf(1M), pkgadm(1M), pkgask(1M), pkgrm(1M), removef(1M), admin(4), pkginfo(4), attributes(5)

Application Packaging Developer's Guide

http://www.openssl.org

NOTES

When transferring a package to a spool directory, the -r, -n, and -a options cannot be used.

The -r option can be used to indicate a directory name as well as a filename. The directory can contain numerous response files, each sharing the name of the package with which it should be associated. This would be used, for example, when adding multiple interactive packages with one invocation of pkgadd. In this situation, each package would need a response file. If you create response files with the same name as the package (for example, pkinst1 and pkinst2), then name the directory in which these files reside after the -r.

The -n option causes the installation to halt if any interaction is needed to complete it.

If the default admin file is too restrictive, the administration file may need to be modified to allow for total non-interaction during a package installation. See admin(4) for details.

If a package stream is specified with -d, and a digital signature is found in that stream, the default behavior is to attempt to validate the certificate and signature found. This behavior can be overridden with admin file settings. See admin(4) for more information.

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | KEYSTORE LOCATIONS | KEYSTORE AND CERTIFICATE FORMATS | PASS PHRASE ARGUMENTS | EXAMPLES | EXIT STATUS | ENVIRONMENT VARIABLES | ATTRIBUTES | SEE ALSO | NOTES