JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11 Express Image Packaging System Guide     Oracle Solaris 11 Express 11/10
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Introduction to the Image Packaging System

2.  IPS Graphical User Interfaces

3.  Working With Packages

Package Management Tasks

Installing and Managing Packages

How to Install or Update a Package

How to Update a Package

How to View an Installation Action Without Installing

How to Verify a Package Installation

How to Fix Package Installation Errors

How to Uninstall Packages

How to Uninstall a Package From an Inactive Boot Environment

How to Search for Packages

How to Show the Contents of a Package

How to Show Information About Packages

How to List Package State Information

How to Display a Variant

How to Change a Variant

How to Display a Facet

How to Change a Facet

How to View and Delete Operation History

Managing Package Publishers

How to Display Publisher Information

How to Add, Modify, or Remove a Package Publisher

Installing Signed Packages

Image Properties for Signed Packages

Publisher Properties for Signed Packages

Configure Package Signature Properties

4.  Creating and Managing Images

A.  IPS Command Reference

Glossary

Installing Signed Packages

If you are installing signed packages, set the image properties and publisher properties described in this section to verify package signatures.

Image Properties for Signed Packages

Configure the following image properties to use signed packages.

signature-policy

The value of this property determines what checks will be performed on manifests when installing a package into this image. The final policy applied to a package depends on the combination of image policy and publisher policy. The combination will be at least as strict as the stricter of the two policies taken individually. The following values are valid for this property.

ignore

Ignore signatures for all manifests.

verify

Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.

require-signatures

Require that all newly installed packages have at least one valid signature. The pkg fix and pkg verify commands will also warn if an installed package does not have a valid signature.

require-names

Follow the same requirements as require-signatures but also require that the strings listed in the signature-required-names image property appear as a common name of the certificates used to verify the chains of trust of the signatures.

signature-required-names

The value of this property is a list of names that must be seen as common names of certificates while validating the signatures of a package.

trust-anchor-directory

The value of this property is the pathname of the directory that contains the trust anchors for the image. This path is relative to the image.

Publisher Properties for Signed Packages

Configure the following publisher properties to use signed packages from a particular publisher.

signature-policy

The function of this property is identical to the function of the signature-policy image property except that this property only applies to packages from the specified publisher.

signature-required-names

The function of this property is identical to the function of the signature-required-names image property except that this property only applies to packages from the specified publisher.

Configure Package Signature Properties

Use the set-property, add-property-value, remove-property-value, and unset-property subcommands to configure package signature properties for this image.

Use the --set-property, --add-property-value, --remove-property-value, and --unset-property options of the set-publisher subcommand to specify signature policy and required names for a particular publisher.

Example 3-33 Requiring All Signed Packages To Be Verified

Configure this image to verify all signed packages.

# pkg set-property signature-policy verify

Example 3-34 Requiring All Packages To Be Signed

Configure this image to require all packages to be signed. Also require the string “oracle.com” to be seen as a common name for one of the certificates in the chain of trust.

# pkg set-property signature-policy require-names oracle.com

Example 3-35 Requiring All Packages From a Specified Publisher To Be Signed

Configure this image to require that all packages installed from the publisher example.com must be signed.

# pkg set-publisher --set-property signature-policy=require-signatures example.com

Example 3-36 Adding a Required Signature Name

This example adds the string trustedname to the image's list of common names that must be seen in a signature's chain of trust to be considered valid.

# pkg add-property-value signature-require-names trustedname

Example 3-37 Removing a Required Signature Name

This example removes the string trustedname from the image's list of common names that must be seen in a signature's chain of trust to be considered valid.

# pkg remove-property-value signature-require-names trustedname

Example 3-38 Adding a Required Signature Name for a Specified Publisher

This example adds the string trustedname to the example.com publisher's list of common names that must be seen in a signature's chain of trust to be considered valid.

# pkg set-publisher --add-property-value signature-require-names=trustedname example.com
Copyright © 2007, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next