1. Updating Systems and Adding Software in Oracle Solaris 11.4
  2. Installing and Updating Software Packages
  3. Working with Non-Global Zones
  4. The System Repository and Proxy Services

The System Repository and Proxy Services

In a non-global zone, the system repository provides access to the package repositories configured in the global zone. Publisher configuration changes made to the global zone are seen immediately by all non-global zones via the system repository.

A publisher origin or mirror that is configured in a non-global zone must be accessible from the global zone even if that location is not configured in the global zone publisher list. For example, if you have the localsw publisher configured in a non-global zone but not in the global zone, all origins and mirrors for the localsw publisher still must be accessible from the global zone.

The system repository can proxy http, https, file, and .p5p archive repositories. Only version 4 file system repositories are supported, which is the default format for the pkgrepo create command. See the pkgrepo(1) man page for more information about repository versions.

The zones proxy is a service that enables pkg commands running inside a zone to communicate with the system repository, which is running in the global zone. The zones proxy has two parts. The following service runs in the global zone: 

svc:/application/pkg/zones-proxyd:default

The following service runs in the non-global zone:

svc:/application/pkg/zones-proxy-client:default

See the pkg.sysrepo(8) man page for more information about the system repository and zones proxy services.

The following example shows publishers in a global zone:

global:~$ pkg publisher
PUBLISHER             TYPE     STATUS P LOCATION
solaris               origin   online F http://pkg.oracle.com/solaris/release/
solaris               origin   online F file:///var/share/pkgrepos/solaris/
devtool  (disabled)   origin   online F http://pkg.example1.com/
isvpub                origin   online F http://pkg.example2.com/

The following example shows how these same publishers appear when you are logged into a non-global zone:

z1:~$ pkg publisher
PUBLISHER             TYPE     STATUS P LOCATION
solaris  (syspub)     origin   online T <system-repository>
solaris  (syspub)     origin   online F <system-repository>
isvpub   (syspub)     origin   online T <system-repository>

Notice that the disabled repository is not available in the non-global zone.

Use the -F option to display the URI and proxy values for system-repository locations: 

z1:~$ pkg publisher -F tsv
PUBLISHER  STICKY  SYSPUB  ENABLED  TYPE    STATUS  URI                                     PROXY
solaris    true    true    true     origin  online  http://pkg.oracle.com/solaris/release/  http://localhost:1008
solaris    true    true    true     origin  online  http://localhost:1008/solaris/35024e7d1859bedee9af156d22a591c433adc0ee/ -
isvpub     true    true    true     origin  online  http://pkg.example2.com/                http://localhost:1008

Notice that the file:// repository in the global zone has been assigned an http:// location in the non-global zone.

In the non-global zone, the system repository always shows as a proxy. This is the proxy the non-global zone uses to communicate with the system repository in the global zone.

You cannot reconfigure the system repository from within a non-global zone. For example, you cannot change the origins or properties of publishers or the publisher search order of publishers whose location is <system-repository>. If a publisher is added or reconfigured in the global zone, those changes are seen immediately by non-global zones. If a publisher is unset in the global zone, that publisher is unset in non-global zones unless the non-global zone has a package installed from that publisher.

Tip:

Before you unset a publisher in the global zone, uninstall packages from that publisher in non-global zones.

If you cannot reach a publisher, you can set a proxy in the global zone, as described in Specifying a Proxy. For more information about setting proxies when you have non-global zones, including instructions for when and how to use the http_proxy and https_proxy environment variables, see Configuring Proxies to the Package Repository for Non-Global Zones in Creating and Using Oracle Solaris Zones.

For a publisher that is already configured in the global zone, the following pkg list command gives the same result in the both the global zone and non-global zones: 

z1:~$ pkg list -a isvtool
NAME (PUBLISHER)    VERSION    IFO
isvtool (isvpub)    2.0        ---
isvtool (isvpub)    1.0        ---

Repositories can be network or file system accessible to the non-global zone even if those repositories are not configured in the global zone. The non-global zone publisher configuration must match the global zone publisher configuration or must be a superset of the global zone publisher configuration. For example, the localsw publisher could be configured in a non-global zone with an origin of file:///var/share/pkgrepos/localrepo because that location is accessible in the global zone even if the localsw publisher is not configured in the global zone.