1pkgadd(1M)              System Administration Commands              pkgadd(1M)
2
3
4

NAME

6       pkgadd - transfer software packages to the system
7

SYNOPSIS

9       pkgadd [-nv] [-a admin] [-G] [-x proxy]
10            [ [-M] -R root_path] [-r response] [-k keystore]
11            [-P passwd] [-V fs_file]
12            [-d device | -d datastream pkginst | all]
13            [pkginst | -Y category [, category]...]
14
15
16       pkgadd -s [-d device | -d datastream pkginst | all]
17            [pkginst | -Y category [, category]...]
18
19

DESCRIPTION

21       pkgadd  transfers the contents of a software package from the distribu‐
22       tion medium or directory to install it onto the  system.  Used  without
23       the  -d  device  source  specifier,  pkgadd  looks in the default spool
24       directory (/var/spool/pkg) for the package. Used with the -s option, it
25       writes the package to a spool directory instead of installing it.
26
27
28       The  pkgadd  utility  requires an amount of temporary space the size of
29       the package that is being installed. pkgadd determines which  temporary
30       directory  to use by checking for the existance of the $TMPDIR environ‐
31       ment variable. If $TMPDIR is not defined,  pkgadd  uses  P_tmpdir  from
32       stdio.h. P_tmpdir has a default of /var/tmp/.
33
34
35       Certain  unbundled and third-party packages are no longer entirely com‐
36       patible with the latest version of pkgadd. These packages require  user
37       interaction throughout the installation and not just at the very begin‐
38       ning, or require that their request scripts be run as the root user.
39
40
41       To install these older packages (released prior to  Solaris  2.4),  set
42       the following environment variable: NONABI_SCRIPTS=TRUE
43
44
45       As  long  as  this environment variable is set, pkgadd permits keyboard
46       interaction throughout the installation and package request scripts are
47       run as root.
48
49
50       If  you  have package request scripts that require running as user root
51       (instead  of  noaccess  [the  default]  or  user  install),   use   the
52       rscript_alt  parameter  in  the  admin(4)  file  to make an appropriate
53       selection. See admin(4).
54
55
56       Note that, in Solaris 8 and Solaris 9, the default user when running  a
57       request  script  was  either root or nobody, depending on the operating
58       system's patch level. In the current release, the default user is noac‐
59       cess.
60
61
62       When  running  pkgadd in the global zone (see zones(5)), a package that
63       contains a request script (see pkgask(1M)) is added only to the  global
64       zone.  The  package  is  not  propagated  to  any current or yet-to-be-
65       installed non-global zone. This behavior mimics the effect  of  the  -G
66       option, described below.
67
68
69       Package  commands are largefile(5)-aware. They handle files larger than
70       2 GB in the same way they handle smaller files. In their current imple‐
71       mentations,  pkgadd, pkgtrans(1) and other package commands can process
72       a datastream of  up to 4 GB.
73
74
75       The -d, -Y, and pkginst arguments shown in the SYNOPSIS  are  described
76       under OPERANDS, following OPTIONS.
77

OPTIONS

79       The  supported  options  are described as follows. The -d device source
80       specifier is described under OPERANDS, below.
81
82       -a admin
83
84           Define an installation administration file, admin, to  be  used  in
85           place  of the default administration file. The token none overrides
86           the use of any admin file, and thus  forces  interaction  with  the
87           user.  Unless  a full path name is given, pkgadd first looks in the
88           current working directory for the administration file. If the spec‐
89           ified  administration file is not in the current working directory,
90           pkgadd looks  in  the  /var/sadm/install/admin  directory  for  the
91           administration file.
92
93
94       -G
95
96           Add  package(s)  in  the current zone only. When used in the global
97           zone, the package is added to the global zone only and is not prop‐
98           agated  to  any existing or yet-to-be-created non-global zone. When
99           used in a non-global zone, the package(s) are  added  to  the  non-
100           global zone only.
101
102           This  option causes package installation to fail if, in the pkginfo
103           file  for  a  package,  SUNW_PKG_ALLZONES  is  set  to  true.   See
104           pkginfo(4).
105
106
107       -k keystore
108
109           Use  keystore as the location from which to get trusted certificate
110           authority certificates when verifying digital signatures  found  in
111           packages.  If  no  keystore is specified, then the default keystore
112           locations are searched for valid trusted certificates. See KEYSTORE
113           LOCATIONS for more information.
114
115
116       -M
117
118           Instruct  pkgadd  not  to  use  the  $root_path/etc/vfstab file for
119           determining the client's mount  points.  This  option  assumes  the
120           mount  points are correct on the server and it behaves consistently
121           with Solaris 2.5 and earlier releases.
122
123
124       -n
125
126           Installation occurs in non-interactive mode. Suppress output of the
127           list of installed files. The default mode is interactive.
128
129
130       -P passwd
131
132           Password to use to decrypt keystore specified with -k, if required.
133           See PASS PHRASE ARGUMENTS for more information about the format  of
134           this option's argument.
135
136
137       -r response
138
139           Identify  a file or directory which contains output from a previous
140           pkgask(1M) session. This file supplies  the  interaction  responses
141           that  would  be  requested  by  the  package  in  interactive mode.
142           response must be a full pathname.
143
144
145       -R root_path
146
147           Define the full path name of a directory to use as  the  root_path.
148           All  files,  including  package system information files, are relo‐
149           cated to a directory tree starting in the specified root_path.  The
150           root_path  may  be  specified  when  installing  to a client from a
151           server (for example, /export/root/client1).
152
153           Note -
154
155             The root file system of any non-global zones must not  be  refer‐
156             enced with the -R option. Doing so might damage the global zone's
157             file system, might compromise the security of  the  global  zone,
158             and might damage the non-global zone's file system. See zones(5).
159
160
161       -s spool
162
163           Write  the  package  into the directory spool instead of installing
164           it.
165
166
167       -v
168
169           Trace all of the scripts that get executed by  pkgadd,  located  in
170           the  pkginst/install  directory.  This option is used for debugging
171           the procedural and non-procedural scripts.
172
173
174       -V fs_file
175
176           Specify an alternative fs_file to map the  client's  file  systems.
177           For  example,  used  in  situations where the $root_path/etc/vfstab
178           file is non-existent or unreliable.
179
180
181       -x proxy
182
183           Specify a HTTP[S] proxy to use when downloading packages The format
184           of  proxy  is  host:port, where host is the hostname of the HTTP[S]
185           proxy, and port is the port number associated with the proxy.  This
186           switch overrides all other methods of specifying a proxy. See ENVI‐
187           RONMENT VARIABLES for more  information  on  alternate  methods  of
188           specifying a default proxy.
189
190
191
192       When  executed  without options or operands, pkgadd uses /var/spool/pkg
193       (the default spool directory).
194

OPERANDS

196       The following operands are supported:
197
198   Sources
199       By default, pkgadd looks in the /var/spool/pkg directory when searching
200       for  instances of a package to install or spool. Optionally, the source
201       for the package instances to be installed or spooled can  be  specified
202       using:
203
204       -d device
205       -d datastream pkgname,... | all
206
207           Install  or  copy  a  package from device. device can be any of the
208           following:
209
210               o      A full path name to a directory or the  identifiers  for
211                      tape,  floppy  disk,  or  removable  disk  (for example,
212                      /var/tmp or /floppy/floppy_name).
213
214               o      A device alias (for example, /floppy/floppy0).
215
216               o      A datastream created by pkgtrans (see pkgtrans(1)).
217
218               o      A URL pointing to a datastream created by pkgtrans.  The
219                      supported  Universal  Resource  Identifiers  (URIs)  are
220                      http: and https:.
221           The second form of the -d specifier, above,  indicates  the  syntax
222           you use when specifying a datastream. In this case you must specify
223           either a comma-separated list of package names or the keyword all.
224
225
226   Instances
227       By default, pkgadd searches  the  specified  source,  and  presents  an
228       interactive  menu  allowing  the user to select which package instances
229       found on the source are to be installed. As an alternative, the package
230       instances to be installed can be specified using:
231
232       pkginst
233
234           The  package  instance  or  list  of instances to be installed. The
235           token all may be used to refer to all  packages  available  on  the
236           source  medium.  The  format  pkginst.* can be used to indicate all
237           instances of a package.
238
239           The asterisk character (*) is a special character  to  some  shells
240           and  may  need  to be escaped. In the C-Shell, the asterisk must be
241           surrounded by single quotes (') or preceded by a backslash (\).
242
243
244       -Y category[,category...]
245
246           Install packages based on  the  value  of  the  CATEGORY  parameter
247           stored in the package's pkginfo(4) file. All packages on the source
248           medium whose CATEGORY matches one of the specified categories  will
249           be selected for installation or spooling.
250
251

KEYSTORE LOCATIONS

253       Package and patch tools such as pkgadd or patchadd use a set of trusted
254       certificates to perform signature validation on  any  signatures  found
255       within  the packages or patches. If there are no signatures included in
256       the packages or patches then signature validation is skipped. The  cer‐
257       tificates can come from a variety of locations. If -k keystore is spec‐
258       ified, and keystore is a directory, then keystore is assumed to be  the
259       base  directory  of the certificates to be used. If keystore is a file,
260       then the file itself is assumed to have all required keys and  certifi‐
261       cates. When -k is not specified, then /var/sadm/security is used as the
262       base directory.
263
264
265       Within the specified base directory, the store locations to be searched
266       are different based on the application doing the searching and the type
267       of store being searched for. The following directories are searched  in
268       the specified order:
269
270           1.     <store_dir>/<app_name>/<store_type>
271
272           2.     <store_dir>/<store_type>
273
274
275       Where  <store_dir>  is the directory specified by -k, <app_name> is the
276       name of the application doing the searching, and <store_type> is one of
277       keystore  (for  private keys), certstore (for untrusted public key cer‐
278       tificates), or truststore (for trusted certificate  authority  certifi‐
279       cates).
280
281
282       For example, when pkgadd is run with -k /export/certs, then the follow‐
283       ing locations are successively searched to find the trust store:
284
285           1.     /export/certs/pkgadd/truststore
286
287           2.     /export/certs/truststore
288
289
290       This searching order enables administrators to have a  single  location
291       for  most  applications,  and special certificate locations for certain
292       applications.
293

KEYSTORE AND CERTIFICATE FORMATS

295       The packaging and patching utilities, such as  pkgtrans  and  patchadd,
296       require  access to a set of keys and certificates in order to sign, and
297       optionally verify, packages and patches.
298
299
300       The keystore files found by following the search pattern  specified  in
301       KEYSTORE LOCATIONS must each be a self-contained PKCS#12-format file.
302
303
304       When  signing a package with pkgtrans, if a certstore has more than one
305       public key certificate, then each public key must have  a  friendlyName
306       attribute in order to be identifiable and selectable with the -a option
307       when signing packages or patches. In addition, the public key  certifi‐
308       cate  selected  with -a and found in the certstore must have an associ‐
309       ated private key in the keystore.
310
311
312       Several browsers and utilities can be used to export  and  import  cer‐
313       tificates and keys into a PKCS#12 keystore. For example, a trusted cer‐
314       tificate can be exported from Mozilla, and then imported into a PKCS#12
315       keystore for use with pkgadd with the OpenSSL Toolkit.
316

PASS PHRASE ARGUMENTS

318       pkgtrans  and  pkgadd  accept password arguments, typically using -p to
319       specify the password. These allow the password to be  obtained  from  a
320       variety  of sources. Both of these options take a single argument whose
321       format is described below. If no password argument is given and a pass‐
322       word is required then the user is prompted to enter one: this will typ‐
323       ically be read from the current terminal with echoing turned off.
324
325       pass:password
326
327           The actual password is password. Because the password is visible to
328           utilities  such  as ps this form should only be used where security
329           is not important.
330
331
332       env:var
333
334           Obtain the password from the environment variable var. Because  the
335           environment of other processes is visible on certain platforms this
336           option should be used with caution.
337
338
339       file:pathname
340
341           The first line contained within pathname is the password.  pathname
342           need not refer to a regular file: it could, for example, refer to a
343           device or named pipe. For example, to read the password from  stan‐
344           dard input, use file:/dev/stdin.
345
346
347       console
348
349           Read the password from /dev/tty.
350
351

EXAMPLES

353       Example 1 Installing a Package from a Solaris DVD
354
355
356       The  following  example  installs a package from a Solaris DVD. You are
357       prompted for the name of the package you want to install.
358
359
360         example# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product
361
362
363
364       Example 2 Installing a Set of Packages from a Datastream
365
366
367       The example command shown below installs all of  the  packages  in  the
368       datastream specified by the -d source specifier. Prior to this command,
369       this datastream must have been created with the pkgtrans(1) command.
370
371
372         example# pkgadd -d /var/tmp/datastream all
373
374
375
376
377       The keyword all specifies that all of the packages found in the  desig‐
378       nated datastream will be installed.
379
380

EXIT STATUS

382       0
383
384           Successful completion
385
386
387       1
388
389           Fatal error.
390
391
392       2
393
394           Warning.
395
396
397       3
398
399           Interruption.
400
401
402       4
403
404           Administration.
405
406
407       5
408
409           Administration. Interaction is required. Do not use pkgadd -n.
410
411
412       10
413
414           Reboot after installation of all packages.
415
416
417       20
418
419           Reboot after installation of this package.
420
421

ENVIRONMENT VARIABLES

423       HTTPPROXY
424
425           Specifies  an  HTTP  proxy host. Overrides administration file set‐
426           ting, and http_proxy environment variable.
427
428
429       HTTPPROXYPORT
430
431           Specifies the port to use when contacting  the  host  specified  by
432           HTTPPROXY. Ignored if HTTPPROXY is not set.
433
434
435       http_proxy
436
437           URL  format  for specifying proxy host and port. Overrides adminis‐
438           tration file setting.
439
440

FILES

442       /var/sadm/install/logs/
443
444           Location where pkgadd logs an instance of software installation.
445
446

ATTRIBUTES

448       See attributes(5) for descriptions of the following attributes:
449
450
451
452
453       ┌─────────────────────────────┬─────────────────────────────┐
454       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
455       ├─────────────────────────────┼─────────────────────────────┤
456       │Availability                 │SUNWpkgcmdsu                 │
457       ├─────────────────────────────┼─────────────────────────────┤
458       │Interface Stability          │Evolving                     │
459       └─────────────────────────────┴─────────────────────────────┘
460

SEE ALSO

462       pkginfo(1),   pkgmk(1),    pkgparam(1),    pkgproto(1),    pkgtrans(1),
463       installf(1M),    pkgadm(1M),    pkgask(1M),    pkgchk(1M),   pkgrm(1M),
464       removef(1M),   admin(4),   pkginfo(4),   attributes(5),   largefile(5),
465       zones(5)
466
467
468
469
470
471       http://www.openssl.org
472

NOTES

474       When  transferring  a  package to a spool directory, the -r, -n, and -a
475       options cannot be used.
476
477
478       The -r option can be used to indicate a directory name  as  well  as  a
479       filename. The directory can contain numerous response files, each shar‐
480       ing the name of the package with which it should  be  associated.  This
481       would  be  used, for example, when adding multiple interactive packages
482       with one invocation of pkgadd. In this situation,  each  package  would
483       need  a  response file. If you create response files with the same name
484       as the package (for example, pkinst1 and pkinst2), then name the direc‐
485       tory in which these files reside after the -r.
486
487
488       The  -n  option  causes  the installation to halt if any interaction is
489       needed to complete it.
490
491
492       If the default admin file is too restrictive, the  administration  file
493       may  need  to  be  modified to allow for total non-interaction during a
494       package installation. See admin(4) for details.
495
496
497       If a package stream is specified with -d, and a  digital  signature  is
498       found  in  that  stream, the default behavior is to attempt to validate
499       the certificate and signature found. This behavior  can  be  overridden
500       with admin file settings. See admin(4) for more information.
501
502
503
504SunOS 5.11                        30 Oct 2007                       pkgadd(1M)
Impressum