1. Oracle Solaris Management Tools (Road Map)
2. Working With the Solaris Management Console (Tasks)
3. Working With the Oracle Java Web Console (Tasks)
4. Managing User Accounts and Groups (Overview)
5. Managing User Accounts and Groups (Tasks)
6. Managing Client-Server Support (Overview)
7. Managing Diskless Clients (Tasks)
8. Introduction to Shutting Down and Booting a System
9. Shutting Down and Booting a System (Overview)
10. Shutting Down a System (Tasks)
11. Modifying Oracle Solaris Boot Behavior (Tasks)
12. Booting an Oracle Solaris System (Tasks)
13. Managing the Oracle Solaris Boot Archives (Tasks)
14. Troubleshooting Booting an Oracle Solaris System (Tasks)
15. x86: GRUB Based Booting (Reference)
16. x86: Booting a System That Does Not Implement GRUB (Tasks)
17. Working With the Oracle Solaris Auto Registration regadm Command (Tasks)
18. Managing Services (Overview)
20. Managing Software (Overview)
21. Managing Software With Oracle Solaris System Administration Tools (Tasks)
22. Managing Software by Using Oracle Solaris Package Commands (Tasks)
Adding and Removing Signed Packages by Using the pkgadd Command (Task Map)
Adding and Removing Signed Packages by Using the pkgadd Command
How to Display Certificate Information ( pkgadm listcert)
How to Remove a Certificate (pkgadm removecert)
Managing Software Packages by Using Package Commands (Task Map)
Using Package Commands to Manage Software Packages
How to Add Software Packages (pkgadd)
Adding a Software Package to a Spool Directory
How to Add Software Packages to a Spool Directory (pkgadd)
How to List Information About All Installed Packages (pkginfo)
How to Check the Integrity of Installed Software Packages (pkgchk)
How to Check the Integrity of Installed Objects ( pkgchk -p, pkgchk -P)
The following procedures explain how to add and remove signed packages by using the pkgadd command.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# pkgadm listcert -p passarg
Example 22-1 Displaying Certificate Information
The following example shows how to display the details of a locally stored certificate.
# pkgadm listcert -P pass:test123 Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Certificate Type: Trusted Certificate Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT> MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# pkgadm removecert -n "certfile "
The removecert -n “certfile ” option specifies the alias of the user certificate/key pair or the alias of the trusted certificate.
Note - View the alias names for certificates by using the pkgadm listcert command.
Example 22-2 Removing a Certificate
The following example shows how to remove a certificate.
# pkgadm listcert Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Certificate Type: Trusted Certificate Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT> MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D # pkgadm removecert -n "/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O" Enter Keystore Password: storepass Successfully removed Certificate(s) with alias \ </C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O>
If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server by using the pkgadd command.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
For example:
# setenv http_proxy http://mycache.domain:8080
Or, specify one of the following:
# setenv HTTPPROXY mycache.domain # setenv HTTPPROXYPORT 8080
For example:
# pkgadd -x mycache.domain:8080 -d http://myserver.com/pkg SUNWpkg
For example:
# cat /tmp/admin mail= instance=unique partial=ask runlevel=ask idepend=ask rdepend=ask space=ask setuid=ask conflict=ask action=ask networktimeout=60 networkretries=3 authentication=quit keystore=/var/sadm/security basedir=default proxy=mycache.domain:8080
Then, identify the administration file by using the pkgadd -a command. For example:
# pkgadd -a /tmp/admin -d http://myserver.com/pkg SUNwpkg
This procedure assumes that you have imported Oracle's root CA certificate. For more information, go to http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/tooldocs/solaris/keytool.html.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# pkgadd -d /pathname/device-name
The -d device-name option specifies the device from which the package is installed. The device can be a directory, tape, diskette, or removable disk. The device can also be a data stream created by the pkgtrans command.
Example 22-3 Adding a Signed Package
The following example shows how to add a signed package that is stored on the system.
# # pkgadd -d /tmp/signed_pppd The following packages are available: 1 SUNWpppd Solaris PPP Device Drivers (sparc) 11.10.0,REV=2003.05.08.12.24 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: all Enter keystore password: ## Verifying signature for signer <User Cert 0> . . .
The following example shows how to install a signed package using an HTTP URL as the device name. The URL must point to a stream-formatted package.
# pkgadd -d http://install/signed-video.pkg ## Downloading... ..............25%..............50%..............75%..............100% ## Download Complete . . .