This chapter describes how to add, verify, and remove software packages by using the Oracle Solaris package commands.
For information on the procedures associated with performing these tasks, see the following task maps:
Adding and Removing Signed Packages by Using the pkgadd Command (Task Map)
Managing Software Packages by Using Package Commands (Task Map)
The following task map describes software management tasks that you can perform with signed package commands.
The process of adding and removing signed packages by using the pkgadd command includes obtaining and applying a trusted certificate by using the keytool utility. Procedures that associated with using the keytool utility in this Oracle Solaris release are not described in detail in this chapter. For complete instructions on using the keytool utility to import and export trusted certificates, go to http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/tooldocs/solaris/keytool.html.
Task |
Description |
For Instructions |
---|---|---|
Print the details of one or more certificates. |
You can print the details of a certificate by using the pkgadm listcert command. | |
Remove a certificate. |
You can remove a certificate by using the pkgadm removecert command. | |
Set up a proxy server. |
Use this procedures for systems that are set up behind a firewall with a proxy. | |
Add a signed package. |
After the root certificate is imported, you can add a signed package by using he pkgadd command. |
The following procedures explain how to add and remove signed packages by using the pkgadd command.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Display the contents of the package keystore.
# pkgadm listcert -p passarg |
The following example shows how to display the details of a locally stored certificate.
# pkgadm listcert -P pass:test123 Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Certificate Type: Trusted Certificate Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT> MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Remove the trusted certificate from the package keystore.
# pkgadm removecert -n "certfile " |
The removecert -n “certfile ” option specifies the alias of the user certificate/key pair or the alias of the trusted certificate.
View the alias names for certificates by using the pkgadm listcert command.
The following example shows how to remove a certificate.
# pkgadm listcert Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Certificate Type: Trusted Certificate Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT> MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D # pkgadm removecert -n "/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O" Enter Keystore Password: storepass Successfully removed Certificate(s) with alias \ </C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O> |
If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server by using the pkgadd command.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Select one of the following methods to specify a proxy server.
Specify the proxy server by using the http_proxy, HTTPPROXY, or HTTPPROXYPORT environment variable.
For example:
# setenv http_proxy http://mycache.domain:8080 |
Or, specify one of the following:
# setenv HTTPPROXY mycache.domain # setenv HTTPPROXYPORT 8080 |
Specify the proxy server on the pkgadd command line.
For example:
# pkgadd -x mycache.domain:8080 -d http://myserver.com/pkg SUNWpkg |
Create an administration file that includes proxy server information.
For example:
# cat /tmp/admin mail= instance=unique partial=ask runlevel=ask idepend=ask rdepend=ask space=ask setuid=ask conflict=ask action=ask networktimeout=60 networkretries=3 authentication=quit keystore=/var/sadm/security basedir=default proxy=mycache.domain:8080 |
Then, identify the administration file by using the pkgadd -a command. For example:
# pkgadd -a /tmp/admin -d http://myserver.com/pkg SUNwpkg |
This procedure assumes that you have imported Oracle's root CA certificate. For more information, go to http://download.oracle.com/docs/cd/E17476_01/javase/1.4.2/docs/tooldocs/solaris/keytool.html.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Add a signed package.
# pkgadd -d /pathname/device-name |
The -d device-name option specifies the device from which the package is installed. The device can be a directory, tape, diskette, or removable disk. The device can also be a data stream created by the pkgtrans command.
The following example shows how to add a signed package that is stored on the system.
# # pkgadd -d /tmp/signed_pppd The following packages are available: 1 SUNWpppd Solaris PPP Device Drivers (sparc) 11.10.0,REV=2003.05.08.12.24 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: all Enter keystore password: ## Verifying signature for signer <User Cert 0> . . . |
The following example shows how to install a signed package using an HTTP URL as the device name. The URL must point to a stream-formatted package.
# pkgadd -d http://install/signed-video.pkg ## Downloading... ..............25%..............50%..............75%..............100% ## Download Complete . . . |
The following task map describes the software management tasks that you can perform with the package commands for both signed and unsigned packages.
Task |
Description |
For Instructions |
---|---|---|
Add software packages to the local system. |
You can add software packages to the local system by using the pkgadd command. | |
Add software packages to a spool directory. |
You can add software packages to a spool directory without actually installing the software. | |
List information about all installed software packages. |
You can list information about installed packages by using the pkginfo command. |
How to List Information About All Installed Packages (pkginfo) |
Check the integrity of installed software packages. |
You can verify the integrity of installed software packages by using the pkgchk command. |
How to Check the Integrity of Installed Software Packages (pkgchk) |
Check the integrity of an installed object. |
You can verify the integrity of an installed object by using the pkchk command with the -p and -P options. The -p option specifies the full path name. The new -P option specifies a partial path name. |
How to Check the Integrity of Installed Objects ( pkgchk -p, pkgchk -P) |
Remove software packages. |
You can remove unneeded software packages by using the pkgrm command. |
The following procedures explain how to manage software packages by using package commands.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Remove any already installed packages with the same names as the packages you are adding.
This step ensures that the system keeps a proper record of software that has been added and removed. Sometimes, you might want to maintain multiple versions of the same application on the system. For strategies on maintaining multiple software copies, see Guidelines for Removing Packages (pkgrm). For task information, see How to Remove Software Packages (pkgrm ).
Add a software package to the system.
# pkgadd -a admin-file -d device-name pkgid ... |
(Optional) Specifies an administration file that the pkgadd command should check during the installation. For details about using an administration file, see Using an Administration File.
Specifies the absolute path to the software packages. device-name can be the path to a device, a directory, or a spool directory. If you do not specify the path where the package resides, the pkgadd command checks the default spool directory (/var/spool/pkg ). If the package is not there, the package installation fails.
(Optional) Is the name of one or more packages, separated by spaces, to be installed. If omitted, the pkgadd command installs all available packages from the specified device, directory, or spool directory.
If the pkgadd command encounters a problem during installation of the package, it displays a message related to the problem, followed by this prompt:
Do you want to continue with this installation? |
Respond with yes, no, or quit. If more than one package has been specified, type no to stop the installation of the package being installed. The pkgadd command continues to install the other packages. Type quit to stop the installation.
Verify that the package has been installed successfully.
# pkgchk -v pkgid |
If no errors occur, a list of installed files is returned. Otherwise, the pkgchk command reports the error.
The following example shows how install the SUNWpl5u package from a mounted Oracle Solaris 10 CD. The example also shows how to verify that the package files were installed properly.
# pkgadd -d /cdrom/cdrom0/Solaris_10/Product SUNWpl5u . . . Installation of <SUNWpl5u> was successful. # pkgchk -v SUNWpl5u /usr /usr/bin /usr/bin/perl /usr/perl5 /usr/perl5/5.8.4 . . . |
This example shows the path to use if you are not running at least the Solaris 10 10/08 release.
# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product SUNWpl5u . . . Installation of <SUNWpl5u> was successful. # pkgchk -v SUNWpl5u /usr /usr/bin /usr/bin/perl /usr/perl5 /usr/perl5/5.8.4 . . . |
If the packages you want to install are available from a remote system, you can manually mount the directory that contains the packages (in package format) and install packages on the local system.
The following example shows how to install software packages from a remote system. In this example, assume that the remote system named package-server has software packages in the /latest-packages directory. The mount command mounts the packages locally on /mnt. The pkgadd command installs the SUNWpl5u package.
# mount -F nfs -o ro package-server:/latest-packages /mnt # pkgadd -d /mnt SUNWpl5u . . . Installation of <SUNWpl5u> was successful. |
If the automounter is running at your site, you do not need to mount the remote package server manually. Instead, use the automounter path, in this case, /net/package-server/latest-packages, as the argument to the -d option.
# pkgadd -d /net/package-server/latest-packages SUNWpl5u . . . Installation of <SUNWpl5u> was successful. |
This example is similar to the previous example, except that it uses the -a option and specifies an administration file named noask-pkgadd, which is illustrated in Avoiding User Interaction When Adding Packages (pkgadd). In this example, assume that the noask-pkgadd administration file is in the default location, /var/sadm/install/admin.
# pkgadd -a noask-pkgadd -d /net/package-server/latest-packages SUNWpl5u . . . Installation of <SUNWpl5u> was successful. |
The following example shows how to install a package using an HTTP URL as the device name. The URL must point to a stream-formatted package.
# pkgadd -d http://install/xf86-4.3.0-video.pkg ## Downloading... ..............25%..............50%..............75%..............100% ## Download Complete The following packages are available: 1 SUNWxf86r XFree86 Driver Porting Kit (Root) (i386) 4.3.0,REV=0.2003.02.28 2 SUNWxf86u XFree86 Driver Porting Kit (User) (i386) 4.3.0,REV=0.2003.02.28 . . . |
For convenience, you can copy frequently installed packages to a spool directory. If you copy packages to the default spool directory, /var/spool/pkg, you do not need to specify the source location of the package (-d device-name argument) when you use the pkgadd command. The pkgadd command, by default, checks the /var/spool/pkg directory for any packages that are specified on the command line. Note that copying packages to a spool directory is not the same as installing the packages on a system.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Remove any already spooled packages with the same names as the packages you are adding.
For information on removing spooled packages, see Example 22–19.
Add a software package to a spool directory.
# pkgadd -d device-name -s spooldir pkgid ... |
Specifies the absolute path to the software packages. device-name can be the path to a device, a directory, or a spool directory.
Specifies the name of the spool directory where the package will be spooled. You must specify a spooldir.
(Optional) Is the name of one or more packages, separated by spaces, to be added to the spool directory. If omitted, the pkgadd command copies all available packages.
Verify that the package has been copied successfully to the spool directory.
$ pkginfo -d spooldir | grep pkgid |
If pkgid was copied correctly, the pkginfo command returns a line of information about the pkgid. Otherwise, the pkginfo command returns the system prompt.
The following example shows how to transfer the SUNWman package from a mounted SPARC based Oracle Solaris 10 CD to the default spool directory (/var/spool/pkg).
# pkgadd -d /cdrom/cdrom0/Solaris_10/Product -s /var/spool/pkg SUNWman Transferring <SUNWman> package instance |
If packages you want to copy are available from a remote system, you can manually mount the directory that contains the packages, in package format, and copy them to a local spool directory.
The following example shows the commands for this scenario. In this example, assume that the remote system named package-server has software packages in the /latest-packages directory. The mount command mounts the package directory locally on /mnt. The pkgadd command copies the SUNWpl5p package from /mnt to the default spool directory (/var/spool/pkg).
# mount -F nfs -o ro package-server:/latest-packages /mnt # pkgadd -d /mnt -s /var/spool/pkg SUNWpl5p Transferring <SUNWpl5p> package instance |
If the automounter is running at your site, you do not have to mount the remote package server manually. Instead, use the automounter path, in this case, /net/package-server/latest-packages, as the argument to the -d option.
# pkgadd -d /net/package-server/latest-packages -s /var/spool/pkg SUNWpl5p Transferring <SUNWpl5p> package instance |
The following example shows how to install the SUNWpl5p package from the default spool directory. When no options are used, the pkgadd command searches the /var/spool/pkg directory for the named packages.
# pkgadd SUNWpl5p . . . Installation of <SUNWpl5p> was successful. |
This example shows how to list all packages installed on a local system, whether that system is a stand-alone system or a server. The output shows the primary category, package name, and the description of the package.
$ pkginfo system SUNWaccr System Accounting, (Root) system SUNWaccu System Accounting, (Usr) system SUNWadmap System administration applications system SUNWadmc System administration core libraries . . . |
This example shows how to list all packages installed on a system by specifying the long format, which includes all available information about the designated packages.
$ pkginfo -l SUNWcar PKGINST: SUNWcar NAME: Core Architecture, (Root) CATEGORY: system ARCH: sparc.sun4u VERSION: 11.9.0,REV=2002.04.06.15.27 BASEDIR: / VENDOR: Sun Microsystems, Inc. DESC: core software for a specific hardware platform group PSTAMP: leo20031003183400 INSTDATE: Feb 20 2004 16:57 HOTLINE: Please contact your local service provider STATUS: completely installed FILES: 114 installed pathnames 36 shared pathnames 40 directories 57 executables 21469 blocks used (approx) |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Check the status of an installed package.
To check the file attributes and contents, type the following:
# pkgchk -a| -c -v pkid ... |
To specify the absolute path of the spool directory, type the following:
# pkgchk -d spooldir pkgid ... |
Specifies to audit only the file attributes (the permissions), rather than the file attributes and the contents, which is the default.
Specifies to audit only the file contents, rather than the file contents and attributes, which is the default.
Specifies verbose mode, which displays file names as they are processed.
Specifies the absolute path of the spool directory.
(Optional) Is the name of one or more packages, separated by spaces. If you do not specify a pkgid, all the software packages installed on the system are checked.
The following example shows how to check the contents of a package.
# pkgchk -c SUNWbash |
If no errors occur, the system prompt is returned. Otherwise, the pkgck command reports the error.
The following example shows how to check the file attributes of a package.
# pkgchk -a SUNWbash |
If no errors occur, the system prompt is returned. Otherwise, the pkgck command reports the error.
The following example shows how to check a software package that was copied to a spool directory (/export/install/packages).
# pkgchk -d /export/install/packages ## checking spooled package <SUNWadmap> ## checking spooled package <SUNWadmfw> ## checking spooled package <SUNWadmc> ## checking spooled package <SUNWsadml> |
The checks made on a spooled package are limited because not all information can be audited until a package is installed.
This procedure explains how to use the pkgchk command to check the integrity of installed objects. The new -P option enables you to specify a partial path. This option has been added to assist you in mapping files to packages. Use this option with the -l option to list the information about the files that contain the partial path. Use the -p option to check the integrity of installed objects by specifying the full path. For more information, see the pkgchk(1M) man page.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Check the integrity of an installed object.
To verify the integrity of an installed object for a full path name or path names, type the following:
# pkgchk -lp path-name |
To verify the integrity of an installed object for a partial-path name or path names, type the following:
# pkgchk -lP partial-path-name |
Checks the accuracy only of the path name or path names that are listed. Path can be one or more path names separated by commas. Specifies to audit only the file attributes (the permissions), rather than the file attributes and the contents, which is the default.
Checks the accuracy of only the partial path name or path names that are listed. The partial-path can be one or more partial path names separated by commas. Matches any path name that contains the string contained in the partial path. Specifies to audit only the file contents, rather than the file contents and attributes, which is the default.
Lists information about the selected files that make up a package. This option is not compatible with the -a, -c, -f, -g, and -v options. Specifies verbose mode, which displays file names as they are processed.
This example shows you how to use the pkgchk -lp command to check the contents/attributes of an object on a file system by a specifying the full path name. The -l option lists information on the selected files that make up a package.
# pkgchk -lp /usr/sbin/pkgadd Pathname: /usr/sbin/pkgadd Type: regular file Expected mode: 0555 Expected owner: root Expected group: sys Expected file size (bytes): 867152 Expected sum(1) of contents: 45580 Expected last modification: Jul 02 02:20:34 2004 Referenced by the following packages: SUNWpkgcmdsu Current status: installed |
This example shows you how to use the pkgchk -lP command to check the contents/attributes of an object on a file system by a specifying a partial path name, such as a file or directory name. The -l option lists information on the selected files that make up a package.
# pkgchk -lP /sbin/pkgadd Pathname: /usr/sbin/pkgadd Type: regular file Expected mode: 0555 Expected owner: root Expected group: sys Expected file size (bytes): 867152 Expected sum(1) of contents: 45580 Expected last modification: Jul 02 02:20:34 2004 Referenced by the following packages: SUNWpkgcmdsu Current status: installed Pathname: /usr/sbin/pkgask Type: linked file Source of link: ../../usr/sbin/pkgadd Referenced by the following packages: SUNWpkgcmdsu Current status: installed |
To remove or uninstall a software package, use the associated tool that you used to add or install a software package. For example, if you used the Oracle Solaris installation GUI to install software, use the Oracle Solaris installation GUI to uninstall software.
Do no use the rm command to remove software packages. Doing so will result in inaccuracies in the database that keeps track of all installed packages on the system.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Remove an installed package.
# pkgrm pkgid ... |
pkgid identifies the name of one or more packages, separated by spaces, to be removed. If omitted, the pkgrmcommand removes all available packages.
This example shows how to remove a package.
# pkgrm SUNWctu The following package is currently installed: SUNWctu Netra ct usr/platform links (64-bit) (sparc.sun4u) 11.9.0,REV=2001.07.24.15.53 Do you want to remove this package? y ## Removing installed package instance <SUNWctu> ## Verifying package dependencies. ## Processing package information. ## Removing pathnames in class <none> . . . |
This example shows how to remove a spooled package.
# pkgrm -s /export/pkg SUNWaudh The following package is currently spooled: SUNWaudh Audio Header Files (sparc) 11.10.0,REV=2003.08.08.00.03 Do you want to remove this package? y Removing spooled package instance <SUNWaudh> |