In a non-global zone, the system repository provides access to the package repositories configured in the global zone. Publisher configuration changes made to the global zone are seen immediately by all non-global zones via the system repository.
A publisher origin or mirror that is configured in a non-global zone must be accessible from the global zone even if that location is not configured in the global zone publisher list. For example, if you have the localsw publisher configured in a non-global zone but not in the global zone, all origins and mirrors for the localsw publisher still must accessible from the global zone.
The system repository can proxy http, https, and v4 file repositories and .p5p archive repositories.
The zones proxy is a service that enables pkg commands running inside a zone to communicate with the system repository, which is running in the global zone. The zones proxy has two parts. The following service runs in the global zone:
svc:/application/pkg/zones-proxyd:default
The following service runs in the non-global zone:
svc:/application/pkg/zones-proxy-client:default
See the pkg.sysrepo(1M) man page for more information about the system repository and zones proxy services.
The following example shows publishers in a global zone:
global:~$ pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris origin online F http://pkg.oracle.com/solaris/release/ solaris origin online F file:///export/IPSpkgrepos/Solaris/ devtool (disabled) origin online F http://pkg.example1.com/ isvpub origin online F http://pkg.example2.com/
The following example shows how these same publishers appear when you are logged into a non-global zone:
z1:~$ pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris (syspub) origin online T <system-repository> isvpub (syspub) origin online T <system-repository> z1:~$ pkg publisher -F tsv PUBLISHER STICKY SYSPUB ENABLED TYPE STATUS URI PROXY solaris true true true origin online http://pkg.oracle.com/solaris/release/ http: //localhost:1008 isvpub true true true origin online http://pkg.example2.com/ http: //localhost:1008
In the non-global zone, the system repository always shows as a proxy. This is the proxy the non-global zone uses to communicate with the system repository in the global zone.
You cannot reconfigure the system repository from within a non-global zone. For example, you cannot change the origins or properties of publishers or the publisher search order of publishers whose location is <system-repository>. If a publisher is added or reconfigured in the global zone, those changes are seen immediately by non-global zones. If a publisher is unset in the global zone, that publisher is unset in non-global zones unless the non-global zone has a package installed from that publisher.
If you cannot reach a publisher, you can set a proxy in the global zone, as described in Specifying a Proxy. For more information about setting proxies when you have non-global zones, including instructions for when and how to use the http_proxy and https_proxy environment variables, see Proxy Configuration on a System That Has Installed Zones in Creating and Using Oracle Solaris Zones .
For a publisher that is already configured in the global zone, the following pkg list command gives the same result in the both the global zone and non-global zones:
z1:~$ pkg list -a isvtool NAME (PUBLISHER) VERSION IFO isvtool (isvpub) 2.0 --- isvtool (isvpub) 1.0 ---
Repositories can be network or file system accessible to the non-global zone even if those repositories are not configured in the global zone. The non-global zone publisher configuration must match the global zone publisher configuration or must be a superset of the global zone publisher configuration. For example, the localsw publisher could be configured in a non-global zone with an origin of file:///export/IPSpkgrepos/localrepo because that location is accessible in the global zone even if the localsw publisher is not configured in the global zone.