Adding and Removing Signed Packages by Using the pkgadd Command
The following procedures explain how to add and remove signed packages by using the pkgadd command.
How to Display Certificate Information ( pkgadm listcert)
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Display the contents of the package keystore.
# pkgadm listcert -p passarg
Example 22–1 Displaying Certificate Information
The following example shows how to display the details of a locally stored certificate.
# pkgadm listcert -P pass:test123
Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
|
How to Remove a Certificate (pkgadm
removecert)
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Remove the trusted certificate from the package keystore.
# pkgadm removecert -n "certfile "
The removecert -n “certfile ” option specifies the alias of the user certificate/key pair or the alias of the trusted certificate.
Note –View the alias names for certificates by using the pkgadm listcert command.
Example 22–2 Removing a Certificate
The following example shows how to remove a certificate.
# pkgadm listcert
Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
# pkgadm removecert -n "/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O"
Enter Keystore Password: storepass
Successfully removed Certificate(s) with alias \
</C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O>
|
How to Set Up a Proxy Server (pkgadd)
If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server by using the pkgadd command.
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Select one of the following methods to specify a proxy server.
-
Specify the proxy server by using the http_proxy, HTTPPROXY, or HTTPPROXYPORT environment variable.
For example:
# setenv http_proxy http://mycache.domain:8080
Or, specify one of the following:
# setenv HTTPPROXY mycache.domain # setenv HTTPPROXYPORT 8080
-
Specify the proxy server on the pkgadd command line.
For example:
# pkgadd -x mycache.domain:8080 -d http://myserver.com/pkg SUNWpkg
-
Create an administration file that includes proxy server information.
For example:
# cat /tmp/admin mail= instance=unique partial=ask runlevel=ask idepend=ask rdepend=ask space=ask setuid=ask conflict=ask action=ask networktimeout=60 networkretries=3 authentication=quit keystore=/var/sadm/security basedir=default proxy=mycache.domain:8080
Then, identify the administration file by using the pkgadd -a command. For example:
# pkgadd -a /tmp/admin -d http://myserver.com/pkg SUNwpkg
-
How to Add a Signed Package (pkgadd)
This procedure assumes that you have imported Oracle's root CA certificate. For more information, go to http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/tooldocs/solaris/keytool.html.
-
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
-
Add a signed package.
# pkgadd -d /pathname/device-name
The -d device-name option specifies the device from which the package is installed. The device can be a directory, tape, diskette, or removable disk. The device can also be a data stream created by the pkgtrans command.
Example 22–3 Adding a Signed Package
The following example shows how to add a signed package that is stored on the system.
# # pkgadd -d /tmp/signed_pppd
The following packages are available:
1 SUNWpppd Solaris PPP Device Drivers
(sparc) 11.10.0,REV=2003.05.08.12.24
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: all
Enter keystore password:
## Verifying signature for signer <User Cert 0>
.
.
.
|
The following example shows how to install a signed package using an HTTP URL as the device name. The URL must point to a stream-formatted package.
# pkgadd -d http://install/signed-video.pkg ## Downloading... ..............25%..............50%..............75%..............100% ## Download Complete . . . |
- © 2010, Oracle Corporation and/or its affiliates