System Administration Guide: Basic Administration

Chapter 20 Managing Software by Using Package Commands (Tasks)

This chapter describes how to add, verify, and remove software packages by using the package commands.

For information on the procedures associated with performing these tasks, see:

Adding and Removing Signed Packages by Using the pkgadd Command (Task Map)

The following task map describes software management tasks that you can perform with signed package commands.

Task 

Description 

For Instructions 

Import a certificate. 

You can import a trusted certificate by using the pkgadm addcert command.

How to Import a Trusted Certificate From the Java Keystore (pkgadm addcert)

Print the details of one or more certificates. 

You can print the details of a certificate by using the pkgadm listcert command.

How to Display Certificate Information (pkgadm listcert)

Remove a certificate. 

You can remove a certificate by using the pkgadm removecert command.

How to Remove a Certificate (pkgadm removecert)

Set up a proxy server. 

Use this procedures for systems that are set up behind a firewall with a proxy. 

How to Set Up a Proxy Server (pkgadd)

Add a signed package. 

After the root certificate is imported, you can add a signed package by using he pkgadd command.

How to Add a Signed Package (pkgadd)

Adding and Removing Signed Packages by Using the pkgadd Command

The following procedures explain how to add and remove signed packages by using the pkgadd command.

ProcedureHow to Import a Trusted Certificate From the Java Keystore (pkgadm addcert)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Verify that the root certificate authority (CA) certificate exists in the Java TM keystore.


    # keytool -storepass storepass -list -keystore certfile
    
    keytool

    Manages a Java keystore (database) of private keys and their associated X.509 certificate chains that authenticate the corresponding public keys. Also manages certificates from trusted entities. For more information on the keytool utility, see keytool-Key and Certificate Management Tool.

    -storepass storepass

    Specifies the password that protects the integrity of the keystore.

    -list

    By default, prints the MD5 fingerprint of a certificate.

    -keystore certfile

    Specifies the name and location of the persistent keystore file.

  3. Export the root CA certificate from the Java keystore to a temporary file.


    # keytool -export -storepass storepass -alias verisignclass2g2ca -keystore 
    /usr/java/jre/lib/security/cacerts certfile -file filename
    
    -export

    Exports the trusted certificate.

    -storepass storepass

    Specifies the password that protects the integrity of the Java keystore.

    -alias verisignclass2g2ca

    Identifies the alias of the trusted certificate.

    -keystore certfile

    Specifies the name and location of the keystore file.

    -file filename

    Identifies the file to hold the exported certificate.

  4. Import a trusted certificate to the package keystore.


    # pkgadm addcert -t -f format certfile
    
    -t

    Indicates that the certificate is a trusted CA certificate. The output includes the details of the certificate, which the user is asked to verify.

    -f format

    Specifies the format of certificates and private keys. When you import a certificate, it must be encoded using PEM or binary DER format.

    certfile

    Specifies the file that contains the certificate.

  5. Remove the temporary file.


    # rm /tmp/file-name
    

    For more information, see the pkgadm(1M) man page.


Example 20–1 Importing a Trusted Certificate From the Java Keystore

The following example shows how to import a trusted certificate. In this example, Sun's root CA certificate is imported from the Java keystore into the package keystore by using the keytool command.


# keytool -export -storepass changeit -alias verisignclass2g2ca \
-keystore /usr/java/jre/lib/security/cacerts -file /tmp/root.crt
Certificate stored in file </tmp/root.crt>

# pkgadm addcert -t -f der /tmp/root.crt
     Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
        Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
   Certificate Type: Trusted Certificate 
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
     Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug  1 23:59:59 2028 GMT>
MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
   SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D

Are you sure you want to trust this certificate? yes
Trusting certificate </C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O>
Type a Keystore protection Password. xxxxxx
Press ENTER for no protection password (not recommended):
For Verification: Type a Keystore protection Password.
Press ENTER for no protection password (not recommended):
Certificate(s) from </tmp/root.crt> are now trusted 

ProcedureHow to Display Certificate Information (pkgadm listcert)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Display the contents of the package keystore.


    # pkgadm listcert -p passarg
    

Example 20–2 Displaying Certificate Information

The following example shows how to display the details of a locally stored certificate.


# pkgadm listcert -P pass:test123
Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
        Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
   Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
 MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
   SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D 

ProcedureHow to Remove a Certificate (pkgadm removecert)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove the trusted certificate from the package keystore.


    # pkgadm removecert -n "certfile"
    

    The removecert -ncertfile” option specifies the alias of the user certificate/key pair or the alias of the trusted certificate.


    Note –

    View the alias names for certificates by using the pkgadm listcert command.



Example 20–3 Removing a Certificate

The following example shows how to remove a certificate.


# pkgadm listcert
    Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
        Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
   Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
 MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
   SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D 
# pkgadm removecert -n "/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O"
Enter Keystore Password: storepass
Successfully removed Certificate(s) with alias \
</C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O>

ProcedureHow to Set Up a Proxy Server (pkgadd)

If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server by using the pkgadd command.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Select one of the following methods to specify a proxy server.

    1. Specify the proxy server by using the http_proxy, HTTPPROXY, or HTTPPROXYPORT environment variable.

      For example:


      # setenv http_proxy http://mycache.domain:8080
      

      Or, specify one of the following:


      # setenv HTTPPROXY mycache.domain
      # setenv HTTPPROXYPORT 8080
      
    2. Specify the proxy server on the pkgadd command line.

      For example:


      # pkgadd -x mycache.domain:8080 -d http://myserver.com/pkg SUNWpkg
      
    3. Create an administration file that includes proxy server information.

      For example:


      # cat /tmp/admin
      mail=
      instance=unique
      partial=ask
      runlevel=ask
      idepend=ask
      rdepend=ask
      space=ask
      setuid=ask
      conflict=ask
      action=ask
      networktimeout=60
      networkretries=3
      authentication=quit
      keystore=/var/sadm/security
      basedir=default
      proxy=mycache.domain:8080
      

      Then, identify the administration file by using the pkgadd -a command. For example:


      # pkgadd -a /tmp/admin -d http://myserver.com/pkg SUNWpkg
      

ProcedureHow to Add a Signed Package (pkgadd)

This procedure assumes that you have imported Sun's root CA certificate. For more information, see How to Import a Trusted Certificate From the Java Keystore (pkgadm addcert).

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Add a signed package.


    # pkgadd -d /pathname/device-name
    

    The -d device-name option specifies the device from which the package is installed. The device can be a directory, tape, diskette, or removable disk. The device can also be a data stream created by the pkgtrans command.


Example 20–4 Adding a Signed Package

The following example shows how to add a signed package that is stored on the system.


# # pkgadd -d /tmp/signed_pppd
The following packages are available:
  1  SUNWpppd     Solaris PPP Device Drivers
                  (sparc) 11.10.0,REV=2003.05.08.12.24

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Enter keystore password:
## Verifying signature for signer <User Cert 0>

.
.
.

The following example shows how to install a signed package using an HTTP URL as the device name. The URL must point to a stream-formatted package.


# pkgadd -d http://install/signed-video.pkg

## Downloading...
..............25%..............50%..............75%..............100%
## Download Complete
.
.
.

Managing Software Packages by Using Package Commands (Task Map)

The following task map describes the software management tasks that you can perform with the package commands for both signed and unsigned packages.

Task 

Description 

For Instructions 

Add software packages to the local system. 

You can add software packages to the local system by using the pkgadd command.

How to Add Software Packages (pkgadd)

Add software packages to a spool directory. 

You can add software packages to a spool directory without actually installing the software. 

Adding a Software Package to a Spool Directory

List information about all installed software packages. 

You can list information about installed packages by using the pkginfo command.

How to List Information About All Installed Packages (pkginfo)

Check the integrity of installed software packages. 

You can verify the integrity of installed software packages by using the pkgchk command.

How to Check the Integrity of Installed Software Packages (pkgchk)

Check the integrity of an installed object. 

You can verify the integrity of an installed object by using the pkchk command with the -p and -P options. The -p option specifies the full path name. The new -P option specifies a partial path name.

How to Check the Integrity of Installed Objects (pkgchk -p, pkgchk -P)

Remove software packages. 

You can remove unneeded software packages by using the pkgrm command.

How to Remove Software Packages (pkgrm)

Using Package Commands to Manage Software Packages

The following procedures explain how to manage software packages by using package commands.

ProcedureHow to Add Software Packages (pkgadd)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove any already installed packages with the same names as the packages you are adding.

    This step ensures that the system keeps a proper record of software that has been added and removed. Sometimes, you might want to maintain multiple versions of the same application on the system. For strategies on maintaining multiple software copies, see Guidelines for Removing Packages (pkgrm). For task information, see How to Remove Software Packages (pkgrm).

  3. Add a software package to the system.


    # pkgadd -a admin-file -d device-name pkgid ...
    -a admin-file

    (Optional) Specifies an administration file that the pkgadd command should check during the installation. For details about using an administration file, see Using an Administration File.

    -d device-name

    Specifies the absolute path to the software packages. device-name can be the path to a device, a directory, or a spool directory. If you do not specify the path where the package resides, the pkgadd command checks the default spool directory (/var/spool/pkg). If the package is not there, the package installation fails.

    pkgid

    (Optional) Is the name of one or more packages, separated by spaces, to be installed. If omitted, the pkgadd command installs all available packages from the specified device, directory, or spool directory.

    If the pkgadd command encounters a problem during installation of the package, it displays a message related to the problem, followed by this prompt:


    Do you want to continue with this installation?

    Respond with yes, no, or quit. If more than one package has been specified, type no to stop the installation of the package being installed. The pkgadd command continues to install the other packages. Type quit to stop the installation.

  4. Verify that the package has been installed successfully.


    # pkgchk -v pkgid
    

    If no errors occur, a list of installed files is returned. Otherwise, the pkgchk command reports the error.


Example 20–5 Adding Software Packages From a Mounted CD

The following example shows how install the SUNWpl5u package from a mounted Solaris 10 CD. The example also shows how to verify that the package files were installed properly.


# pkgadd -d /media/Solaris_11/Product SUNWpl5u
	.
	.
	.
Installation of <SUNWpl5u> was successful.
# pkgchk -v SUNWpl5u
/usr
/usr/bin
/usr/bin/perl
/usr/perl5
/usr/perl5/5.8.4
.
.
.


Example 20–6 Installing Software Packages From a Remote Package Server

If the packages you want to install are available from a remote system, you can manually mount the directory that contains the packages (in package format) and install packages on the local system.

The following example shows how to install software packages from a remote system. In this example, assume that the remote system named package-server has software packages in the /latest-packages directory. The mount command mounts the packages locally on /mnt. The pkgadd command installs the SUNWpl5u package.


# mount -F nfs -o ro package-server:/latest-packages /mnt
# pkgadd -d /mnt SUNWpl5u
	.
	.
	.
Installation of <SUNWpl5u> was successful.

If the automounter is running at your site, you do not need to mount the remote package server manually. Instead, use the automounter path, in this case, /net/package-server/latest-packages, as the argument to the -d option.


# pkgadd -d /net/package-server/latest-packages SUNWpl5u
	.
	.
	.
Installation of <SUNWpl5u> was successful.


Example 20–7 Installing Software Packages From a Remote Package Server by Specifying an Administration File

This example is similar to the previous example, except that it uses the -a option and specifies an administration file named noask-pkgadd, which is illustrated in Avoiding User Interaction When Adding Packages (pkgadd). In this example, assume that the noask-pkgadd administration file is in the default location, /var/sadm/install/admin.


# pkgadd -a noask-pkgadd -d /net/package-server/latest-packages SUNWpl5u
	.
	.
	.
Installation of <SUNWpl5u> was successful.


Example 20–8 Installing Software Packages From an HTTP URL

The following example shows how to install a package using an HTTP URL as the device name. The URL must point to a stream-formatted package.


# pkgadd -d http://install/xf86-4.3.0-video.pkg

## Downloading...
..............25%..............50%..............75%..............100%
## Download Complete


The following packages are available:
  1  SUNWxf86r     XFree86 Driver Porting Kit (Root)
                   (i386) 4.3.0,REV=0.2003.02.28
  2  SUNWxf86u     XFree86 Driver Porting Kit (User)
                   (i386) 4.3.0,REV=0.2003.02.28

.
.
.

Adding a Software Package to a Spool Directory

For convenience, you can copy frequently installed packages to a spool directory. If you copy packages to the default spool directory, /var/spool/pkg, you do not need to specify the source location of the package (-d device-name argument) when you use the pkgadd command. The pkgadd command, by default, checks the /var/spool/pkg directory for any packages that are specified on the command line. Note that copying packages to a spool directory is not the same as installing the packages on a system.

ProcedureHow to Add Software Packages to a Spool Directory (pkgadd)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove any already spooled packages with the same names as the packages you are adding.

    For information on removing spooled packages, see Example 20–20.

  3. Add a software package to a spool directory.


    # pkgadd -d device-name -s spooldir pkgid ...
    -d device-name

    Specifies the absolute path to the software packages. device-name can be the path to a device, a directory, or a spool directory.

    -s spooldir

    Specifies the name of the spool directory where the package will be spooled. You must specify a spooldir.

    pkgid

    (Optional) Is the name of one or more packages, separated by spaces, to be added to the spool directory. If omitted, the pkgadd command copies all available packages.

  4. Verify that the package has been copied successfully to the spool directory.


    $ pkginfo -d spooldir| grep pkgid
    

    If pkgid was copied correctly, the pkginfo command returns a line of information about the pkgid. Otherwise, the pkginfo command returns the system prompt.


Example 20–9 Setting Up a Spool Directory From a Mounted CD

The following example shows how to transfer the SUNWman package from a mounted SPARC based Solaris 10 CD to the default spool directory (/var/spool/pkg).


# pkgadd -d /media/Solaris_11/Product -s /var/spool/pkg SUNWman
Transferring <SUNWman> package instance


Example 20–10 Setting Up a Spool Directory From a Remote Software Package Server

If packages you want to copy are available from a remote system, you can manually mount the directory that contains the packages, in package format, and copy them to a local spool directory.

The following example shows the commands for this scenario. In this example, assume that the remote system named package-server has software packages in the /latest-packages directory. The mount command mounts the package directory locally on /mnt. The pkgadd command copies the SUNWpl5p package from /mnt to the default spool directory (/var/spool/pkg).


# mount -F nfs -o ro package-server:/latest-packages /mnt
# pkgadd -d /mnt -s /var/spool/pkg SUNWpl5p
Transferring <SUNWpl5p> package instance

If the automounter is running at your site, you do not have to mount the remote package server manually. Instead, use the automounter path, in this case, /net/package-server/latest-packages, as the argument to the -d option.


# pkgadd -d /net/package-server/latest-packages -s /var/spool/pkg SUNWpl5p
Transferring <SUNWpl5p> package instance


Example 20–11 Installing Software Packages From the Default Spool Directory

The following example shows how to install the SUNWpl5p package from the default spool directory. When no options are used, the pkgadd command searches the /var/spool/pkg directory for the named packages.


# pkgadd SUNWpl5p
	.
	.
	.
Installation of <SUNWpl5p> was successful.

ProcedureHow to List Information About All Installed Packages (pkginfo)

  1. List information about installed packages by using the pkginfo command.


    $ pkginfo
    

Example 20–12 Listing Installed Packages

This example shows how to list all packages installed on a local system, whether that system is a stand-alone system or a server. The output shows the primary category, package name, and the description of the package.


$ pkginfo
system      SUNWaccr       System Accounting, (Root)
system      SUNWaccu       System Accounting, (Usr)
system      SUNWadmap      System administration applications
system      SUNWadmc       System administration core libraries
.
.
.


Example 20–13 Displaying Detailed Information About Software Packages

This example shows how to list all packages installed on a system by specifying the long format, which includes all available information about the designated packages.


$ pkginfo -l SUNWcar
   PKGINST:  SUNWcar
      NAME:  Core Architecture, (Root)
  CATEGORY:  system
      ARCH:  sparc.sun4u
   VERSION:  11.9.0,REV=2002.04.06.15.27
   BASEDIR:  /
    VENDOR:  Sun Microsystems, Inc.
      DESC:  core software for a specific hardware platform group
    PSTAMP:  leo20031003183400
  INSTDATE:  Feb 20 2004 16:57
   HOTLINE:  Please contact your local service provider
    STATUS:  completely installed
     FILES:      114 installed pathnames
                  36 shared pathnames
                  40 directories
                  57 executables
               21469 blocks used (approx)

ProcedureHow to Check the Integrity of Installed Software Packages (pkgchk)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Check the status of an installed package.

    • To check the file attributes and contents, type the following:


      # pkgchk -a| -c -v pkgid ...
    • To specify the absolute path of the spool directory, type the following:


      # pkgchk -d spooldir pkgid ...
    -a

    Specifies to audit only the file attributes (the permissions), rather than the file attributes and the contents, which is the default.

    -c

    Specifies to audit only the file contents, rather than the file contents and attributes, which is the default.

    -v

    Specifies verbose mode, which displays file names as they are processed.

    -d spooldir

    Specifies the absolute path of the spool directory.

    pkgid

    (Optional) Is the name of one or more packages, separated by spaces. If you do not specify a pkgid, all the software packages installed on the system are checked.


Example 20–14 Checking the Contents of Installed Software Packages

The following example shows how to check the contents of a package.


# pkgchk -c SUNWbash

If no errors occur, the system prompt is returned. Otherwise, the pkgck command reports the error.



Example 20–15 Checking the File Attributes of Installed Software Packages

The following example shows how to check the file attributes of a package.


# pkgchk -a SUNWbash

If no errors occur, the system prompt is returned. Otherwise, the pkgck command reports the error.



Example 20–16 Checking Software Packages Installed in a Spool Directory

The following example shows how to check a software package that was copied to a spool directory (/export/install/packages).


# pkgchk -d /export/install/packages
## checking spooled package <SUNWadmap>
## checking spooled package <SUNWadmfw>
## checking spooled package <SUNWadmc>
## checking spooled package <SUNWsadml>

The checks made on a spooled package are limited because not all information can be audited until a package is installed.


ProcedureHow to Check the Integrity of Installed Objects (pkgchk -p, pkgchk -P)

This procedure explains how to use the pkgchk command to check the integrity of installed objects. The new -P option enables you to specify a partial path. This option has been added to assist you in mapping files to packages. Use this option with the -l option to list the information about the files that contain the partial path. Use the -p option to check the integrity of installed objects by specifying the full path. For more information, see the pkgchk(1M) man page.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Check the integrity of an installed object.

    • To verify the integrity of an installed object for a full path name or path names, type the following:


      # pkgchk -lp path-name
      
    • To verify the integrity of an installed object for a partial-path name or path names, type the following:


      # pkgchk -lP  partial-path-name
      
    -p path

    Checks the accuracy only of the path name or path names that are listed. Path can be one or more path names separated by commas. Specifies to audit only the file attributes (the permissions), rather than the file attributes and the contents, which is the default.

    -P partial-path

    Checks the accuracy of only the partial path name or path names that are listed. The partial-path can be one or more partial path names separated by commas. Matches any path name that contains the string contained in the partial path. Specifies to audit only the file contents, rather than the file contents and attributes, which is the default.

    -l

    Lists information about the selected files that make up a package. This option is not compatible with the -a, -c, -f, -g, and -v options. Specifies verbose mode, which displays file names as they are processed.


Example 20–17 Checking the Integrity of an Installed Object by Specifying a Full Path Name

This example shows you how to use the pkgchk -lp command to check the contents/attributes of an object on a file system by a specifying the full path name. The -l option lists information on the selected files that make up a package.


# pkgchk -lp /usr/sbin/pkgadd
Pathname: /usr/sbin/pkgadd
Type: regular file
Expected mode: 0555
Expected owner: root
Expected group: sys
Expected file size (bytes): 867152
Expected sum(1) of contents: 45580
Expected last modification: Jul 02 02:20:34 2004
Referenced by the following packages:
        SUNWpkgcmdsu   
Current status: installed


Example 20–18 Checking the Integrity of an Installed Object by Specifying a Partial Path Name

This example shows you how to use the pkgchk -lP command to check the contents/attributes of an object on a file system by a specifying a partial path name, such as a file or directory name. The -l option lists information on the selected files that make up a package.


# pkgchk -lP /sbin/pkgadd
Pathname: /usr/sbin/pkgadd
Type: regular file
Expected mode: 0555
Expected owner: root
Expected group: sys
Expected file size (bytes): 867152
Expected sum(1) of contents: 45580
Expected last modification: Jul 02 02:20:34 2004
Referenced by the following packages:
        SUNWpkgcmdsu   
Current status: installed

Pathname: /usr/sbin/pkgask
Type: linked file
Source of link: ../../usr/sbin/pkgadd
Referenced by the following packages:
        SUNWpkgcmdsu   
Current status: installed

Removing Software Packages

To remove or uninstall a software package, use the associated tool that you used to add or install a software package. For example, if you used the Solaris installation GUI to install software, use the Solaris installation GUI to uninstall software.


Caution – Caution –

Do no use the rm command to remove software packages. Doing so will result in inaccuracies in the database that keeps track of all installed packages on the system.


ProcedureHow to Remove Software Packages (pkgrm)

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Remove an installed package.


    # pkgrm pkgid ...

    pkgid identifies the name of one or more packages, separated by spaces, to be removed. If omitted, the pkgrmcommand removes all available packages.


Example 20–19 Removing Software Packages

This example shows how to remove a package.


# pkgrm SUNWctu

The following package is currently installed:
   SUNWctu         Netra ct usr/platform links (64-bit)
                   (sparc.sun4u) 11.9.0,REV=2001.07.24.15.53

Do you want to remove this package? y

## Removing installed package instance <SUNWctu>
## Verifying package dependencies.
## Processing package information.
## Removing pathnames in class <none>
.
.
.


Example 20–20 Removing a Spooled Software Package

This example shows how to remove a spooled package.


# pkgrm -s /export/pkg SUNWaudh
The following package is currently spooled:
   SUNWaudh        Audio Header Files
                   (sparc) 11.10.0,REV=2003.08.08.00.03
Do you want to remove this package? y
Removing spooled package instance <SUNWaudh>