Signed Packages and Patches

This feature is new in the Solaris 9 12/03 release.

This Solaris release enables you to securely download Solaris packages and patches that include a digital signature by using the updated pkgadd and patchadd commands. A package or a patch with a valid digital signature ensures that the package or patch has not been modified after the signature was applied to the package or patch.

In previous Solaris releases, you could only add signed patches to your system if you used the Solaris patch management tools with PatchPro 2.1.

Additional software management features in this Solaris release include the following:

• You can add a digital signature to a package with the updated pkgtrans command. For information about creating a signed package, see the Application Packaging Developer’s Guide.

• You can download a package or patch from an HTTP or an HTTPS server.

A signed package is identical to an unsigned package except for the signature. The package can be installed, queried, or removed with existing Solaris packaging tools. A signed package is also binary-compatible with an unsigned package.

Before you can add a package or patch with digital signatures to your system, you must set up a keystore with trusted certificates that are used to identify that the digital signature on the package or patch is valid.

For information about setting up the package keystore and adding signed packages or patches to your system, see the Adding and Removing Signed Packages (Task Map) in System Administration Guide: Basic Administration.

For information about booting and retrieving Solaris installation images from an HTTP or an HTTPS server, see WAN Boot Installation Method.