System Administration Guide: Basic Administration

Chapter 20 Managing Software (Overview)

Software management involves adding and removing software from stand-alone systems, servers, and their clients. This chapter describes the various tools that are available for installing and managing software.

This chapter does not describe installing the Oracle Solaris OS on a new system, nor does it describe installing or upgrading to a new version of the Oracle Solaris OS. For information about installing or upgrading the Oracle Solaris OS, see Oracle Solaris 10 9/10 Installation Guide: Basic Installations.

The following is a list of the information that in this chapter:

For step-by-step instructions on managing software, see Chapter 21, Managing Software With Oracle Solaris System Administration Tools (Tasks) and Chapter 22, Managing Software by Using Oracle Solaris Package Commands (Tasks).

For information about managing software on systems that have Oracle Solaris zones installed, see Chapter 26, Adding and Removing Packages and Patches on a Solaris System With Zones Installed (Tasks), in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.

What's New in Software Management in the Oracle Solaris Operating System?

This section describes the new software management features in this Oracle Solaris release.

For a complete listing of new features and a description of Oracle Solaris releases, see the Oracle Solaris 10 9/10 What’s New.

Oracle Solaris Auto Registration

Oracle Solaris 10 9/10: Auto Registration is a built-in mechanism that enables configuration data about your system to be gathered and automatically registered with the Oracle Product Registration System for inventory and support purposes. The regadm command can be used by a privileged system administrator to manage the Auto Registration feature and to explicitly register a system, independent of the installation or upgrade process.

For more information, see Chapter 17, Working With the Oracle Solaris Auto Registration regadm Command (Tasks).

Package and Patching Tools Enhancements to Support Oracle Solaris Zones

Oracle Solaris 10 10/09: Starting with this release, the following enhancements have been made to the package and patching tools to support systems that have multiple non-global zones installed:

For more details about these and other enhancements that support the use of package and patch tools in a zones environment, see the following documentation:

Deferred-Activation Patching

Patching tools have changed to handle larger patches. Starting with patch 119254-42 and 119255-42, the patch installation commands, patchadd and patchrm, have been modified to change the way in which certain patches that deliver new features are handled. This modification affects the installation of these patches on any Oracle Solaris OS. These deferred-activation patches are better equipped to handle the large scope of changes that are delivered in feature patches.

For more details, see

Common Agent Container Included in the Oracle Solaris OS

The Common Agent Container is a stand-alone Java program that implements a container for Java management applications. This program provides a management infrastructure that is designed for Java Management Extensions (JMX) and Java Dynamic Management Kit (Java DMK) based management functionality. The software is installed by the SUNWcacaort package and resides in the /usr/lib/cacao directory.

Typically, the container is not visible.

However, there are two instances when you might need to interact with the container daemon:

For information about how to troubleshoot these problems, see Troubleshooting Common Agent Container Problems in the Oracle Solaris OS in System Administration Guide: Advanced Administration.

Improvements to How patchadd -M Command Handles Multiple Patches

Oracle Solaris 10: Starting with this release, the functionality of the patchadd -M command is improved to more effectively and efficiently handle multiple patches and any dependencies between patches. As a result, you no longer have to specify patch IDs in numerical order when using the patchadd command.

Note that if you use the patchadd -M command without specifying a patch ID or patch IDs, all the patches in the directory are automatically installed on the system. To install a specific patch, or patches, you must specify the patch ID when using the patchadd -M command.

For more information, see the patchadd(1M) man page.

Package and Patch Tool Enhancements

Oracle Solaris 10: The package and patch tools were enhanced in Oracle Solaris 10 to provide improved performance and extended functionality.

As a part of these enhancements, the pkgchk command now provides a new option to assist you in mapping files to packages. To map files to packages, use the pkgchk -P option instead of grep pattern/var/sadm/install/contents. The -P option enables you to use a partial path. Use this option with the -l option to list the information about the files that contain the partial path. For more information see How to Check the Integrity of Installed Objects ( pkgchk -p, pkgchk -P) and the pkgchk(1M) man page.

Where to Find Software Management Tasks

Use this table to find step-by-step instructions for managing software.

Software Management Topics 

For More Information 

Installing Oracle Solaris 10 

Oracle Solaris 10 9/10 Installation Guide: Basic Installations

Adding or removing software packages after installation 

Chapter 21, Managing Software With Oracle Solaris System Administration Tools (Tasks) and Chapter 22, Managing Software by Using Oracle Solaris Package Commands (Tasks)

Adding or removing Solaris patches after installation 

Managing Patches in the Oracle Solaris Operating System

Troubleshooting software package problems 

Chapter 21, Troubleshooting Software Package Problems (Tasks), in System Administration Guide: Advanced Administration

Overview of Software Packages

Software management involves installing or removing software products. Sun and its third-party ISVs deliver software as a collection of one or more packages.

The term packaging generically refers to the method for distributing and installing software products to systems where the products will be used. A package is a collection of files and directories in a defined format. This format conforms to the application binary interface (ABI), which is a supplement to the System V Interface Definition. The Solaris OS provides a set of utilities that interpret this format and provide the means to install a package, to remove a package, or to verify a package installation.

A patch is an accumulation of fixes for a known or potential problem within the Solaris OS or other supported software. A patch can also provide a new feature or an enhancement to a particular software release. A patch consists of files and directories that replace or update existing files and directories. Most Solaris patches are delivered as a set of sparse packages.

A sparse package contains only those objects that have been altered since the packages were first delivered as part of the Solaris distribution. Sparse packages accommodate patches that are smaller than if they were redistributed as complete packages to provide software updates. Delivering sparse packages also minimizes the changes that are made to the customer's environment. For more information about patches, see Managing Patches in the Oracle Solaris Operating System.

Signed Packages, Patches, and Software Updates

Packages can include a digital signature. A package with a valid digital signature ensures that the package has not been modified since the signature was applied to the package. Using signed packages is a secure method of downloading or adding packages because the digital signature can be verified before the package is added to your system.

The same holds true for signed patches. A patch with a valid digital signature ensures that the patch has not been modified since the signature was applied to the patch. Using signed patches is a secure method of downloading or applying patches because the digital signature can be verified before the patch is applied to your system.

For more information about applying signed patches to your system, see Managing Patches by Using the patchadd Command (Task Map).

For information about creating signed packages, see Application Packaging Developer’s Guide.

A signed package is identical to an unsigned package, except for the digital signature. The package can be installed, queried, or removed with existing Solaris packaging tools. A signed package is also binary-compatible with an unsigned package.

Before you can use pkgadd and patchadd to add a package or patch with a digital signature to your system, you must set up a package keystore with trusted certificates. These certificates are used to identify that the digital signature on the package or patch is valid.

Access to a package keystore is protected by a special password that you specify when you import the Oracle certificates into your system's package keystore.

For instructions on using certificates to verify signed packages and patches, go to

The following describes the general terms associated with signed packages and patches.


A repository of certificates and keys that is queried when needed.

  • Java keystore – A repository of certificates that is installed by default with the Solaris release. The Java keystore is usually stored in the /usr/j2se/jre/lib/security directory.

  • Package keystore – A repository of certificates that you import when adding signed packages and patches to your system.

    The package keystore is stored in the /var/sadm/security directory by default.

Trusted certificate

A certificate that holds a public key that belongs to another entity. The trusted certificate is named as such because the keystore owner trusts that the public key in the certificate indeed belongs to the identity identified by the subject or owner of the certificate. The issuer of the certificate vouches for this trust by signing the certificate.

Trusted certificates are used when verifying signatures, and when initiating a connection to a secure (SSL) server.

User key

Holds sensitive cryptographic key information. This information is stored in a protected format to prevent unauthorized access. A user key consists of both the user's private key and the public key certificate that corresponds to the private key.

    The process of using the pkgadd or patchadd command to add a signed package or patch to your system involves three basic steps:

  1. Adding the certificates to your system's package keystore by using the pkgadm command.

  2. (Optional) Listing the certificates by using the pkgadm command.

  3. Adding the package with the pkgadd command or applying the patch by using the patchadd command.

For step-by-step instructions on applying signed patches to your system with the patchadd command, see Managing Patches by Using the patchadd Command (Task Map).

Tools for Managing Software Packages

The following table describes the tools for adding and removing software packages from a system after Oracle Solaris is installed on a system.

Table 20–1 Tools or Commands for Managing Software Packages

Tool or Command  


Man Page 


Launches an installer, such as the Oracle Solaris installation GUI, to add software from the Oracle Solaris installation media. The installer must be available either locally or remotely. 


prodreg (GUI)

Launches an installer to add, remove, or display software product information. Use Oracle Solaris Product Registry to remove or display information about software products that were originally installed by using the Oracle Solaris installation GUI or the pkgadd command.


Oracle Solaris Product Registry prodreg Viewer (CLI)

Use the prodreg command to remove or display information about software products that were originally installed by using the Oracle Solaris installation GUI or the pkgadd command.




Installs software package. 



Checks the installation of a software package. 



Lists software package information. 




Displays software package parameter values. 



Removes a software package. 



Translates an installable package from one format to another format. The -g option instructs the pkgtrans command to generate and store a signature in the resulting data stream.


For more information about these commands, see Chapter 21, Managing Software With Oracle Solaris System Administration Tools (Tasks) and Chapter 22, Managing Software by Using Oracle Solaris Package Commands (Tasks).

Adding or Removing a Software Package (pkgadd)

All the software management tools that are listed in Table 20–1 are used to add, remove, or query information about installed software. The Solaris Product Registry prodreg viewer and the Solaris installation GUI both access install data that is stored in the Solaris Product Registry. The package tools, such as the pkgadd and pkgrm commands, also access or modify install data.

When you add a package, the pkgadd command uncompresses and copies files from the installation media to a local system's disk. When you remove a package, the pkgrm command deletes all files associated with that package, unless those files are also shared with other packages.

Package files are delivered in package format and are unusable as they are delivered. The pkgadd command interprets the software package's control files, and then uncompresses and installs the product files onto the system's local disk.

Although the pkgadd and pkgrm commands do not log their output to a standard location, they do keep track of the package that is installed or removed. The pkgadd and pkgrm commands store information about a package that has been installed or removed in a software product database.

By updating this database, the pkgadd and pkgrm commands keep a record of all software products installed on the system.

Key Points for Adding Software Packages (pkgadd)

Keep the following key points in mind before you install or remove packages on your system:

Guidelines for Removing Packages (pkgrm)

Even though you might be tempted to use the rm command to remove a package, you should use one of the tools that is listed in Table 20–1 instead. For example, you could use the rm command to remove a binary executable file. However, doing so is not the same as using the pkgrm command to remove the software package that includes that binary executable. Using the rm command to remove a package's files will corrupt the software products database. If you really only want to remove one file, you can use the removef command. This command will update the software product database correctly so that the file is no longer a part of the package. For more information, see the removef(1M) man page.

If you intend to keep multiple versions of a package, install new versions into a different directory than the already installed package by using the pkgadd command. For example, if you intended to keep multiple versions of a document processing application. The directory where a package is installed is referred to as the base directory. You can manipulate the base directory by setting the basedir keyword in a special file called an administration file. For more information on using an administration file and on setting the base directory, see Avoiding User Interaction When Adding Packages (pkgadd) and the admin(4) man page.

Note –

If you use the upgrade option when installing Solaris software, the Solaris installation software checks the software product database to determine the products that are already installed on the system.

Restrictions on Adding and Removing Software Packages and Patches for Solaris Releases That Are Not Zones Aware

On systems that are running an Oracle Solaris release that is not zones aware, using any command that accepts the -R option to specify an alternate root path for a global zone that has non-global zones installed, does not work.

These commands include:

See the pkgadd(1M), pkgrm(1M), patchadd(1M), and patchrm(1M) man pages.

For additional information, see Restrictions on Using patchadd -R to Create an Alternate root Path.

Avoiding User Interaction When Adding Packages (pkgadd)

This section provides information about avoiding user interaction when adding packages with the pkgadd command.

Using an Administration File

When you use the pkgadd -a command, the command consults a special administration file for information about how the installation should proceed. Normally, the pkgadd command performs several checks and prompts the user for confirmation before it actually adds the specified package. You can, however, create an administration file that indicates to the pkgadd command that it should bypass these checks and install the package without user confirmation.

The pkgadd command, by default, checks the current working directory for an administration file. If the pkgadd command doesn't find an administration file in the current working directory, it checks the /var/sadm/install/admin directory for the specified administration file. The pkgadd command also accepts an absolute path to the administration file.

Note –

Use administration files judiciously. You should know where a package's files are installed and how a package's installation scripts run before using an administration file to avoid the checks and prompts that the pkgadd command normally provides.

The following example shows an administration file that prevents the pkgadd command from prompting the user for confirmation before installing the package.


Besides using administration files to avoid user interaction when you add packages, you can use them in several other ways. For example, you can use an administration file to quit a package installation (without user interaction) if there's an error or to avoid interaction when you remove packages by using the pkgrm command.

You can also assign a special installation directory for a package, which you might do if you wanted to maintain multiple versions of a package on a system. To do so, set an alternate base directory in the administration file by using the basedir keyword. The keyword specifies where the package will be installed. For more information, see the admin(4) man page.

Using a Response File (pkgadd)

A response file contains your answers to specific questions that are asked by an interactive package. An interactive package includes a request script that asks you questions prior to package installation, such as whether optional pieces of the package should be installed.

If you know prior to installation that the package is an interactive package, and you want to store your answers to prevent user interaction during future installations, use the pkgask command to save your response. For more information on this command, see pkgask(1M).

Once you have stored your responses to the questions asked by the request script, you can use the pkgadd -r command to install the package without user interaction.