Signed Packages and Patches
This feature is new in the Software Express pilot program and in the Solaris 9 12/03 release. This feature is included in the Solaris 10 3/05 release.
The Solaris software enables you to securely download Solaris packages and patches that include a digital signature by using the updated pkgadd and patchadd commands. A package or a patch with a valid digital signature ensures that the package or patch has not been modified after the signature was applied to the package or patch.
In previous Solaris releases, you could only add signed patches to your system if you used the Solaris patch management tools with PatchPro 2.1.
Additional software management features in this Solaris release include the following:
-
You can add a digital signature to a package with the updated pkgtrans command. For information about creating a signed package, see the Application Packaging Developer’s Guide.
-
You can download a package or patch from an HTTP or HTTPS server.
A signed package is identical to an unsigned package except for the signature. The package can be installed, queried, or removed with existing Solaris packaging tools. A signed package is also binary-compatible with an unsigned package.
Before you can add a package or patch with digital signatures to your system, you must set up a keystore with trusted certificates that are used to identify that the digital signature on the package or patch is valid.
For information about setting up the package keystore and adding signed packages or patches to your system, see the System Administration Guide: Basic Administration.
For information about booting and retrieving Solaris installation images from an HTTP or HTTPS server, see WAN Boot Installation Method.
- © 2010, Oracle Corporation and/or its affiliates