Application Packaging Developer's Guide



See application binary interface (ABI).

abstract syntax notation 1

A way of expressing abstract objects. For example, ASN.1 defines a public key certificate, all of the objects that make up the certificate, and the order in which the objects are collected. However, ASN.1 does not specify how the objects are serialized for storage or transmission.

application binary interface

Definition of the binary system interface between compiled applications and the operating system on which they run.


See abstract syntax notation 1 (ASN.1)

base directory

The location where relocatable objects will be installed. It is defined in the pkginfo file, using the BASEDIR parameter.

build time

The time during which a package is being built with the pkgmk command.

build variable

A variable that begins with a lowercase letter and is evaluated at build time.

certificate authority

An agency, such as Verisign, that issues certificates used in the signing of packages.


A name that is used to group package objects. See also class action script.

class action script

A file that defines a set of actions to be performed on a group of package objects.

collectively relocatable object

A package object that is located relative to a common installation base. See also base directory.

common name

An alias name listed in the package keystore for signed packages.

composite package

A package that contains both relocatable and absolute path names.

compver file

A method of specifying package backward-compatibility.

control file

File that controls how, where, and if a package is to be installed. See information file and installation script.


The right to own and sell intellectual property, such as software, source code, or documentation. Ownership must be stated on the CD-ROM and insert text, whether the copyright is owned by SunSoft, or by another party. Copyright ownership is also acknowledged in SunSoft documentation.

depend file

A method of resolving basic package dependencies. See also compver file.


See distinguished encoding rules.

distinguished encoding rules

A binary representation of an ASN.1 object and defines how an ASN.1 object is serialized for storage or transmission in computing environments. Used with signed packages.

digital signature

An encoded message used to verify the integrity and security of a package.

incompatible package

A package that is incompatible with the named package. See also depend file.

individually relocatable object

A package object that is not restricted to the same directory location as a collectively relocatable object. It is defined using an install variable in the path field in the prototype file, and the installation location is determined via a request script or a checkinstall script.

information file

A file that can define package dependencies, provide a copyright message, or reserve space on a target system.

installation script

A script that enables you to provide customized installation procedures for a package.

install time

The time during which a package is being installed with the pkgadd command.

install variable

A variable that begins with an uppercase letter and is evaluated at install time.

ITU-T Recommendation X.509

A protocol that Specifies the widely-adopted X.509 public key certificate syntax.


A collection of files and directories required for a software application.

package abbreviation

A short name for a package that is defined via the PKG parameter in the pkginfo file.

package identifier

A numerical suffix added to a package abbreviation by the pkgadd command.

package instance

A variation of a package, which is determined by combining the definitions of the PKG, ARCH, and VERSION parameters in the pkginfo file for the package.

package object

Another name for an application file that is contained in a package to be installed on a target system.

package keystore

A repository of certificates and keys that can be queried by the package tools.

parametric path name

A path name that includes a variable specification.

patch list

A list of patches that affect the current package. This list of patches is recorded in the installed package in the pkginfo file.


See privacy enhanced message.


See public key cryptography standard #7.


See public key cryptography standard #12.

prerequisite package

A package that depends on the existence of another package. See also depend file.

privacy enhanced message

A way to encode a file using base 64 encoding and some optional headers. Used extensively for encoding certificates and private keys into a file that exists on a file system or in an email message.

private key

An encryption/decryption key known only to the party or parties that exchange secret messages. This private key is used in conjunction with public keys to create signed packages.

procedure script

A script that defines actions that occur at a particular point during package installation and package removal.

public key

A value generated as an encryption key that, combined with the private key derived from the public key, can be used to effectively encrypt messages and digital signatures.

public key cryptography standard #7

A stanard that describes a general syntax for data that may have cryptography applied to it, such as digital signatures and digital envelopes. A signed package contains an embedded PKCS7 signature.

public key cryptography standard #12

A standard that describes a syntax for storing cryptographic objects on disk. The package keystore is maintained in this format.


A package object defined in a prototype file with a relative path name.

relocatable object

A package object that does not need an absolute path location on a target system. Instead, its location is determined during the installation process. See also collectively relocatable object and individually relocatable object.

reverse dependency

A condition when another package depends on the existence of your package. See also depend file.


A package that does not fit on a single volume, such as a floppy disk.

signed packages

A normal stream-format package with a digital signature that verifies the following: that the package came from the entity that signed it, the entity indeed signed it, the package has not been modified since the entity signed it, and the entity that signed it is a trusted entity.


Tape archive retrieval. Solaris command for adding or extracting files from a media.

trusted certificate

A certificate that contains a single public key certificate that belongs to another entity. Trusted certficates aare used when verifying digital signatures and when initiating a connection to a secure (SSL) server.

unsigned package

A normal, ABI package without any encryption or digital signatures.

user key

A key that holds sensitive cryptographic key information. This information is stored in a protected format to prevent unauthorized use. User keys are used when a signed package is created.


See ITU-T Recommendation X.509.