6.7. Solaris Package Management

Solaris uses an enhanced version of the System V Release 4 package management system. These tools are used for installation of Sun's software and for software available from http://www.sunfreeware.com. The tools are different from those of GNU/Linux, since they do not manage automatic updating of installed packages. (pkgadd can, however, download and install packages provided with http:// URLs.)

If you need to create Solaris packages, you should read Sun's Application Packaging Developer's Guide. The Solaris 9 version of this document is currently available at http://docs.sun.com/app/docs/doc/806-7008/.

6.7.1. Solaris Package Management Command Summary

Adding and removing packages are straightforward operations: use the pkgadd and pkgrm commands. The pkginfo command provides information about installed packages. The pkgadm command provides rudimentary control over installed packages.

Creating packages is more involved, requiring the use of pkgproto to build a prototype(4) file and then pkgmk to actually create the package.

The installf and removef commands are useful when writing scripts to be run by pkgadd and pkgrm.

 /usr/sbin/installf [options] pkginst pathname                   [ftype [major minor] [mode owner group]] /usr/sbin/installf [options] pkginst - /usr/sbin/installf -f [options] pkginst

installf adds a file to the system installation database that isn't listed in the pkgmap file. It's used for files created dynamically (such as device files in /dev) during package installation. All invocations supply the package name and instance, pkginst, associated with the new file. This command should be run before any files are changed.

The first synatx supplies the file type, its major and minor device numbers if the file is a device file, and the protection mode, owner, and group on the command line.

The second syntax is similar to the first, but reads the information from standard input, one file's information per line. The third syntax is used after the files are all in place: it finalizes the information in the installation database.

Options

-c class

The class with which the objects should be associated. The default is none.

-f

Indicate that installation is complete (final).

-M

Do not use $root_path/etc/vfstab for determining a client's mount points. Rather, assume that the mount points are correct on the server.

-R root-path

Install all files under root-path. This is used on server systems when installing packages for clients.

-V vfstab-file

Use vfstab-file instead of $root_path/etc/vfstab when installing files. This is primarily useful on a server installing software for a client, where the client's /etc/vfstab file is not available or is incorrect.

ftype

The ftype value is a single character indicating the type of the file. The allowed values are:

b

A block-special device file.

c

A character-special device file.

d

A directory.

e

A file that will be edited on installation or removal.

f

A regular file (executable or data).

l

A linked file.

p

A named-pipe or FIFO.

s

A symbolic link.

v

A volatile file; one whose contents are expected to change over time.

x

An exclusive directory.

 /usr/sbin/pkgadd [options] [source-loc] [pkg-name] /usr/sbin/pkgadd -s [source-loc] [pkg-name]

Install a package. By default, pkgadd looks in /var/spool/pkg for installable package files; this can be changed with the -d option. The -s option may be used to write a package from installation media to the spool directory instead of installing it.

Options

-a adminfile

Use adminfile as the installation administration file, instead of the system default file (/var/sadm/install/admin/default). This file specifies policies for installation in terms of user interaction, how many instances of a package may be installed, and so on.

-d device

Use device as the source for the package to be installed or copied.

-G

Install the package only in the current zone. If installed in the global zone, the package is not propogated to any nonglobal zones.

-k keystore

Use keystore as the source for trusted certificate authority certificates.

-M

Do not use $root_path/etc/vfstab for determining a client's mount points. Rather, assume that the mount points are correct on the server.

-n

Do a noninteractive installation. This suppresses the output list of installed files.

-P password

Use password to decrypt the keystore provided with -k.

-r response-file

The full pathname response-file provides the output of pkgask. Use the contents to provide the responses to questions that pkgadd would otherwise ask interactively. See pkgask.

-R root-path

Install all files under root-path. This is used on server systems when installing packages for clients.

-s spooldir

Write the package to spooldir instead of installing it.

-v

Verbose: trace execution of all scripts run by pkgadd.

-V vfstab-file

Use vfstab-file instead of $root_path/etc/vfstab when installing packages. This is primarily useful on a server installing software for a client, where the client's /etc/vfstab file is not available or is incorrect.

-x host: port

Use an HTTP or HTTPS proxy on host host at port number port.

Sources

The sources parameter is either the name of a package, in which case pkgadd searches for the package in /var/spool/pkg, or a device (such as a floppy disk or CD-ROM) specified with the -d option.

Instances

The instances parameter specifies which instances of the named packages should be installed, as follows:

all

Install all packages on the given source media.

pkg-name, pkg-name.*

Install just the named package. With the suffix .*, all instances of the named package are installed.

-Y category[, category ...]

Install packages whose CATEGORY parameter in the package's pkginfo file matches one of the given categories.

 pkgadm addcert [options] certfile pkgadm removecert -n name [options] pkgadm listcert -n name [options] pkgadm dbstatus [-R rootpath] pkgadm -V | -?

The pkgadm command manages the Solaris packaging system. The first argument is a command indicating what it should do, with options controlling the behavior. The certfile is a file containing the certificate and optionally, the private key for adding to the database.

Commands

addcert

Import a certificate into the database. Optionally, specify the trust of the certificate.

dbstatus

Print the type of internal database used for managing packages. The current version always prints text, but this could change in future Solaris releases.

listcert

Print the details of one or more certificates in the keystore.

removecert

Remove either a certificate/private key pair, or a trusted certificate authority certificate from the keystore. Once removed, they cannot be used.

Options

-a application

Use the keystore for application instead of the global keystore.

-e keyfile

Obtain the private key for a non-trusted certificate/key combination from keyfile instead of from the file containing the certificate.

-f format

Use format for reading or printing keys. Allowed values for input and output are pem for PEM encoding and der for DER encoding. Output also allows text format for human-readable output.

-k keystore

Use keystore as the keystore instead of the system default keystore.

-n name

Specify the name of the entity in the keystore on which the operation is being performed (key removed, deleted, etc.). When printing, if this option isn't supplied, all keystore entities are printed.

-o file

Send output to file instead of to standard output. Used when printing certificates.

-p method

Use the password retrieval method method for decrypting the certificate or private key. The method is one of those listed in pkgadd(1); the default is console.

-P method

Like -p but for decrypting the keystore.

-R rootpath

Use rootpath/var/sadm/security to store keys and certificates instead of the default $HOME/.pkg. You must have sufficient permissions to access this directory.

-t

The certificate being imported is a trusted CA certificate. pkgadm asks you to verify the details in the certificate; this step can be skipped with -y.

-V

Print version information for the package management programs.

-y

Do not bother verifying the details in a certificate being imported as a trusted certificate with -t.

-?

Print a help message.

 /usr/sbin/pkgask [-d device] [-R root-path] -r response pkginst ...

This command creates response files for use with pkgadd. By producing "canned" responses for otherwise interactive installations, it's possible to install packages without requiring any interaction.

Options

-d device

Use device as the source for the package to be installed or copied.

-r response-file

The full pathname response-file for the output of pkgask. The argument may be a directory, in which case the response files for multiple packages are placed there, each one named according to the corresponding package.

-R root-path

Install all files under root-path. This is used on server systems when installing packages for clients.

 /usr/sbin/pkgchk [-d device] [options] pkginst

pkgchk checks the integrity of installed packages by comparing the information in the package file to what is actually on the system. With the -d option, it checks the packages on a particular device but cannot check the file attributes of the packages therein. The pkginst is a package name, possibly followed by .* to indicate all instances of the package.

Options

-a

Check file attributes only, do not check file contents.

-c

Check file contents only, do not check file attributes.

-d device

Use device as the source for the package to be checked.

-e file

Resolve parameters in the given package map file using information in the environment file file.

-f

Correct file attributes. With -x, remove hidden files.

-i file

Read pathnames from file and compare the list against the installation database or against the given package map file.

-l

List information on the files that make up a package. May not be used with -a, -c, -f, -g, or -v.

-m pkg-map-file

Check the package against pkg-map-file which is a package map file (see pkgmap(4)).

-M

Do not use $root_path/etc/vfstab for determining a client's mount points. Rather, assume that the mount points are correct on the server.

-n

Do not check files that are editable or are likely to change during normal operation. Intended for post-installation checking.

-p path

Check only the path listed. You can check multiple paths by separating pathnames with a comma, or quoting the list and separating them with spaces.

-P partial-path

Like -p, but checks the partial-path (a portion of a path, such as a file or directory name) instead of requiring a full path. It matches any pathname containing the partial-path.

-q

Quiet mode. Do not print messages about missing files.

-R root-path

Check all files under root-path. This is used on server systems when checking packages for clients.

-v

Verbose: list files as they are processed.

-V vfstab-file

Use vfstab-file instead of $root_path/etc/vfstab when checking packages. This is primarily useful on a server checking software for a client, where the client's /etc/vfstab file is not available or is incorrect.

-x

Search exclusive directories, looking for files which exist but are not in the database of installed packages or in the package map file.

-Y category[, category ...]

Check packages whose CATEGORY parameter in the package's pkginfo file matches one of the given categories.

 pkginfo [options] [pkginst ...]

With no options, display the primary category, package instance and names of all installed packages. With -d, provide information about the packages on the given device. With one or more pkginsts, print information about the named packages.

The pkginst may be a package name, optionally followed by a period and a version number to restrict it to a particular instance. Use .* to specify all instances.

Options

Options -l, -q and -x are mutually exclusive, and -p and -i have no meaning if used with -d.

-a arch

Use arch for the package's architecture.

-c category[, category ...]

Provide information about packages whose CATEGORY parameter in the package's pkginfo file matches one of the given categories.

-d device

Use device as the source for the package(s) to be described.

-i

Display information only about fully installed packages.

-l

Use long format output, which prints all available information.

-p

Display information only about partially installed packages.

-q

Quiet mode: do not display any information. Useful for scripts which need to check if a package has been installed.

-r

Print the installation base for relocatable packages.

-R root-path

Print information about all files under root-path. This is used on server systems when working with packages for clients.

-v version

Use version as the package version (corresponding to the VERSION parameter in the pkginfo file). All compatible versions can be requested by prefixing version with a ~ character.

-x

Print an "extracted" listing, giving the package abbreviation, the name, the architecture (if available), and the version (if available).

 pkgmk [options] [variable=value ...] [package-name]

pkgmk reads a package prototype file (see prototype(4)) and creates a package installable with pkgadd. It also creates the corresponding package map file (see pkgmap(4)). Prototype files are most easily created with pkgproto (see pkgproto).

variable=value places variable in the packaging environment with the given value. See prototype(4) for more information.

The package-name is a package name, optionally followed by a period and a version number to restrict it to a particular instance. Use .* to specify all instances.

pkgmk uses an elaborate algorithm for finding files to put in the package: see the pkgmk(1) manpage for the details.

Options

-a arch

Use arch as the architecture, overriding what's provided in the pkginfo file.

-b base-dir

Search under base-dir for objects named in the prototype file.

-d device

Use device as the destination for the package being built.

-f file

Use file as the prototype file. The default is to use a file named Prototype or prototype.

-l max

Use max as the maximum size of the output device. The value is in units of 512-byte blocks. Normally pkgmk uses df to determine if enough space is available.

-o

Overwrite the same instance of the package if it already exists.

-p stamp

Use stamp instead of the stamp definition in the pkginfo file.

-r root-path

Find files to be included in the package under root-path.

-v version

Use version as the version instead of what's in the pkginfo file.

 pkgparam [options] pkginst [param ...] pkgparam -f filename[-v] [param ...]

pkgparam prints the values of the given parameters for the named packages. With no parameters, it prints the values of all parameters. By default it looks in the pkginfo file for the package, but the -f option restricts pkgparam to looking in the named file. pkginst is the package for which information should be printed.

Options

-d device

Use device as the source for the package to be processed.

-f file

Read parameter values from file instead of from the pkginfo file.

-R root-path

Process all files under root-path. This is used on server systems when working with packages for clients.

-v

Verbose mode. Display the parameter name and value, instead of just the value.

 pkgproto [-i] [-c class] [path1[=path2] ...]

pkgproto builds the prototype file for use with pkgmk. With no directories on the command line, it reads a list of pathnames from standard input to process. Otherwise, it processes the directories named on the command line. path1 is where objects are located on the system building the package. path2 indicates where the file should be placed on systems where the package is installed, if that location is different.

Options

-c class

Map the class of all objects to class.

-i

Follow symbolic links, recording them as regular files (ftype=f), instead of as links (ftype=s).

 /usr/sbin/pkgrm [options] [instances] /usr/sbin/pkgrm -s spool [instances]

pkgrm removes installed packages. If some other package depends upon a package being removed, the action taken will be what's defined in the admin file.

Options

-a adminfile

Use adminfile as the removal administration file, instead of the system default file (/var/sadm/install/admin/default). This file specifies policies for installation and removal in terms of user interaction, how many instances of a package may be installed, and so on.

-A

Absolutely remove the package's files from the client's filesystem. However, if the file is shared with other packages, the default is not to remove it.

-M

Do not use $root_path/etc/vfstab for determining a client's mount points. Rather, assume that the mount points are correct on the server.

-n

Do a non-interactive removal. If a need for interaction arises, pkgrm exits.

-R root-path

Remove files from under root-path. This is used on server systems when removing packages for clients.

-s spooldir

Remove the package from spooldir instead of from the system.

-v

Verbose: trace execution of all scripts run by pkgrm.

-V vfstab-file

Use vfstab-file instead of $root_path/etc/vfstab when removing packages. This is primarily useful on a server removing software for a client, where the client's /etc/vfstab file is not available or is incorrect.

Instances

The instances parameter specifies which instances of the named packages should be installed.

pkg-name, pkg-name.*

Remove just the named package. With the suffix .*, all instances of the named package are removed.

-Y category[, category ...]

Remove packages whose CATEGORY parameter in the packages pkginfo file matches one of the given categories.

 /usr/sbin/removef [options] pkginst path ... /usr/sbin/removef [options] -f pkginst

removef updates the installation database with a list of pathnames that are about to be removed. The resulting output is a list of files that may be safely removed (i.e., for which there are no dependencies from other packages). This command is useful in scripts that are run when packages are removed; for example, removing device files created upon package installation.

Like installf, this command should be invoked twice; the first time before removing any files, and the second time, with the -f option, to indicate that the removal has indeed taken place. See also installf.

Options

-f

Indicate that removal is complete (final).

-M

Do not use $root_path/etc/vfstab for determining a client's mount points. Rather, assume that the mount points are correct on the server.

-R root-path

Remove files from under root-path. This is used on server systems when installing packages for clients.

-V vfstab-file

Use vfstab-file instead of $root_path/etc/vfstab when installing files. This is primarily useful on a server removing software for a client, where the client's /etc/vfstab file is not available or is incorrect.