System Administration Commands pkgadd(1M)
NAME
pkgadd - transfer software packages to the system
SYNOPSIS
pkgadd [-nv] [-a admin] [-G] [-x proxy]
[ [-M] -R root_path] [-r response] [-k keystore]
[-P passwd] [-V fs_file]
[-d device | -d datastream pkginst | all]
[pkginst | -Y category [, category]...]
pkgadd -s [-d device | -d datastream pkginst | all]
[pkginst | -Y category [, category]...]
DESCRIPTION
pkgadd transfers the contents of a software package from the
distribution medium or directory to install it onto the sys-
tem. Used without the -d device source specifier, pkgadd
looks in the default spool directory (/var/spool/pkg) forthe package. Used with the -s option, it writes the package
to a spool directory instead of installing it.The pkgadd utility requires an amount of temporary space the
size of the package that is being installed. pkgadd deter-
mines which temporary directory to use by checking for theexistance of the $TMPDIR environment variable. If $TMPDIR is
not defined, pkgadd uses P_tmpdir from stdio.h. P_tmpdir has
a default of /var/tmp/.Certain unbundled and third-party packages are no longer
entirely compatible with the latest version of pkgadd. These
packages require user interaction throughout the installa-
tion and not just at the very beginning, or require that their request scripts be run as the root user. To install these older packages (released prior to Solaris 2.4), set the following environment variable:NONABI_SCRIPTS=TRUE
As long as this environment variable is set, pkgadd permits
keyboard interaction throughout the installation and package request scripts are run as root. If you have package request scripts that require running as user root (instead of noaccess [the default] or userinstall), use the rscript_alt parameter in the admin(4) file
SunOS 5.11 Last change: 5 Oct 2010 1
System Administration Commands pkgadd(1M)
to make an appropriate selection. See admin(4). Note that, in Solaris 8 and Solaris 9, the default user whenrunning a request script was either root or nobody, depend-
ing on the operating system's patch level. In the current release, the default user is noaccess.When running pkgadd in the global zone (see zones(5)), a
package that contains a request script (see pkgask(1M)) is added only to the global zone. The package is not propagatedto any current or yet-to-be-installed non-global zone. This
behavior mimics the effect of the -G option, described
below.Package commands are largefile(5)-aware. They handle files
larger than 2 GB in the same way they handle smaller files.In their current implementations, pkgadd, pkgtrans(1) and
other package commands can process a datastream of up to 4 GB.The -d, -Y, and pkginst arguments shown in the SYNOPSIS are
described under OPERANDS, following OPTIONS. OPTIONSThe supported options are described as follows. The -d dev-
ice source specifier is described under OPERANDS, below.-a admin
Define an installation administration file, admin, to be used in place of the default administration file. The token none overrides the use of any admin file, and thus forces interaction with the user. Unless a full pathname is given, pkgadd first looks in the current working
directory for the administration file. If the specifiedadministration file is not in the current working direc-
tory, pkgadd looks in the /var/sadm/install/admin direc-
tory for the administration file.-G
Add package(s) in the current zone only. When used in the global zone, the package is added to the global zoneonly and is not propagated to any existing or yet-to-
be-created non-global zone. When used in a non-global
zone, the package(s) are added to the non-global zone
only.SunOS 5.11 Last change: 5 Oct 2010 2
System Administration Commands pkgadd(1M)
This option causes package installation to fail if, inthe pkginfo file for a package, SUNW_PKG_ALLZONES is set
to true. See pkginfo(4).-k keystore
Use keystore as the location from which to get trustedcertificate authority certificates when verifying digi-
tal signatures found in packages. If no keystore is specified, then the default keystore locations are searched for valid trusted certificates. See KEYSTORE LOCATIONS for more information.-M
Instruct pkgadd not to use the $root_path/etc/vfstab
file for determining the client's mount points. This option assumes the mount points are correct on the server and it behaves consistently with Solaris 2.5 and earlier releases.-n
Installation occurs in non-interactive mode. Suppress
output of the list of installed files. The default mode is interactive.-P passwd
Password to use to decrypt keystore specified with -k,
if required. See PASS PHRASE ARGUMENTS for more informa-
tion about the format of this option's argument.-r response
Identify a file or directory which contains output from a previous pkgask(1M) session. This file supplies the interaction responses that would be requested by the package in interactive mode. response must be a full pathname.-R root_path
Define the full path name of a directory to use as theroot_path. All files, including package system informa-
tion files, are relocated to a directory tree startingSunOS 5.11 Last change: 5 Oct 2010 3
System Administration Commands pkgadd(1M)
in the specified root_path. The root_path may be speci-
fied when installing to a client from a server (for example, /export/root/client1).Note -
The root file system of any non-global zones must not
be referenced with the -R option. Doing so might dam-
age the global zone's file system, might compromise the security of the global zone, and might damage thenon-global zone's file system. See zones(5).
-s spool
Write the package into the directory spool instead of installing it.-v
Trace all of the scripts that get executed by pkgadd,
located in the pkginst/install directory. This option isused for debugging the procedural and non-procedural
scripts.-V fs_file
Specify an alternative fs_file to map the client's file
systems. For example, used in situations where the$root_path/etc/vfstab file is non-existent or unreli-
able.-x proxy
Specify a HTTP[S] proxy to use when downloading packages The format of proxy is host:port, where host is the hostname of the HTTP[S] proxy, and port is the port number associated with the proxy. This switch overrides all other methods of specifying a proxy. See ENVIRONMENT VARIABLES for more information on alternate methods of specifying a default proxy.When executed without options or operands, pkgadd uses
/var/spool/pkg (the default spool directory). OPERANDSSunOS 5.11 Last change: 5 Oct 2010 4
System Administration Commands pkgadd(1M)
The following operands are supported: SourcesBy default, pkgadd looks in the /var/spool/pkg directory
when searching for instances of a package to install or spool. Optionally, the source for the package instances to be installed or spooled can be specified using:-d device
-d datastream pkgname,... | all
Install or copy a package from device. device can be any of the following:o A full path name to a directory or the identif-
iers for tape, floppy disk, or removable disk(for example, /var/tmp or /floppy/floppy_name).
o A device alias (for example, /floppy/floppy0). o A datastream created by pkgtrans (see pkgtrans(1)). o A URL pointing to a datastream created by pkgtrans. The supported Universal Resource Identifiers (URIs) are http: and https:.The second form of the -d specifier, above, indicates
the syntax you use when specifying a datastream. In thiscase you must specify either a comma-separated list of
package names or the keyword all. InstancesBy default, pkgadd searches the specified source, and
presents an interactive menu allowing the user to select which package instances found on the source are to be installed. As an alternative, the package instances to be installed can be specified using: pkginst The package instance or list of instances to be installed. The token all may be used to refer to all packages available on the source medium. The format pkginst.* can be used to indicate all instances of a package. The asterisk character (*) is a special character tosome shells and may need to be escaped. In the C-Shell,
the asterisk must be surrounded by single quotes (') or preceded by a backslash (\).SunOS 5.11 Last change: 5 Oct 2010 5
System Administration Commands pkgadd(1M)
-Y category[,category...]
Install packages based on the value of the CATEGORY parameter stored in the package's pkginfo(4) file. All packages on the source medium whose CATEGORY matches oneof the specified categories will be selected for instal-
lation or spooling. KEYSTORE LOCATIONSPackage such as pkgadd use a set of trusted certificates to
perform signature validation on any signatures found within the packages. If there are no signatures included in thepackages then signature validation is skipped. The certifi-
cates can come from a variety of locations. If -k keystore
is specified, and keystore is a directory, then keystore is assumed to be the base directory of the certificates to be used. If keystore is a file, then the file itself is assumedto have all required keys and certificates. When -k is not
specified, then /var/sadm/security is used as the base directory. Within the specified base directory, the store locations to be searched are different based on the application doing thesearching and the type of store being searched for. The fol-
lowing directories are searched in the specified order:1.
/ / 2.
/ Where
is the directory specified by -k,
is the name of the application doing the search- ing, and
is one of keystore (for private keys), certstore (for untrusted public key certificates), or trust-
store (for trusted certificate authority certificates).For example, when pkgadd is run with -k /export/certs, then
the following locations are successively searched to find the trust store:1. /export/certs/pkgadd/truststore
2. /export/certs/truststore This searching order enables administrators to have a single location for most applications, and special certificate locations for certain applications.SunOS 5.11 Last change: 5 Oct 2010 6
System Administration Commands pkgadd(1M)
KEYSTORE AND CERTIFICATE FORMATS The packaging utilities, such as pkgtrans, require access toa set of keys and certificates in order to sign, and option-
ally verify, packages. The keystore files found by following the search patternspecified in KEYSTORE LOCATIONS must each be a self-
contained PKCS#12-format file.
When signing a package with pkgtrans, if a certstore has more than one public key certificate, then each public keymust have a friendlyName attribute in order to be identifi-
able and selectable with the -a option when signing pack-
ages. In addition, the public key certificate selected with-a and found in the certstore must have an associated
private key in the keystore. Several browsers and utilities can be used to export andimport certificates and keys into a PKCS#12 keystore. For
example, a trusted certificate can be exported from Mozilla,and then imported into a PKCS#12 keystore for use with
pkgadd with the OpenSSL Toolkit.
PASS PHRASE ARGUMENTSpkgtrans and pkgadd accept password arguments, typically
using -p to specify the password. These allow the password
to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off. pass:password The actual password is password. Because the password is visible to utilities such as ps this form should only be used where security is not important. env:var Obtain the password from the environment variable var. Because the environment of other processes is visible oncertain platforms this option should be used with cau-
tion.SunOS 5.11 Last change: 5 Oct 2010 7
System Administration Commands pkgadd(1M)
file:pathnameThe first line contained within pathname is the pass-
word. pathname need not refer to a regular file: it could, for example, refer to a device or named pipe. For example, to read the password from standard input, use file:/dev/stdin. console Read the password from /dev/tty.EXAMPLES
Example 1 Installing a Package from a Solaris DVD The following example installs a package from a Solaris DVD. You are prompted for the name of the package you want to install.example# pkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product
Example 2 Installing a Set of Packages from a Datastream The example command shown below installs all of the packagesin the datastream specified by the -d source specifier.
Prior to this command, this datastream must have been created with the pkgtrans(1) command.example# pkgadd -d /var/tmp/datastream all
The keyword all specifies that all of the packages found in the designated datastream will be installed. EXIT STATUS 0 Successful completionSunOS 5.11 Last change: 5 Oct 2010 8
System Administration Commands pkgadd(1M)
1 Fatal error. 2 Warning. 3 Interruption. 4 Administration. 5 Administration. Interaction is required. Do not usepkgadd -n.
10 Reboot after installation of all packages. 20 Reboot after installation of this package. ENVIRONMENT VARIABLES HTTPPROXY Specifies an HTTP proxy host. Overrides administrationfile setting, and http_proxy environment variable.
HTTPPROXYPORT Specifies the port to use when contacting the host specified by HTTPPROXY. Ignored if HTTPPROXY is not set.http_proxy
URL format for specifying proxy host and port. OverridesSunOS 5.11 Last change: 5 Oct 2010 9
System Administration Commands pkgadd(1M)
administration file setting. FILES /var/sadm/install/logs/Location where pkgadd logs an instance of software ins-
tallation.ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | package/svr4 ||_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
SEE ALSO
pkginfo(1), pkgmk(1), pkgparam(1), pkgproto(1), pkgtrans(1), installf(1M), pkgadm(1M), pkgask(1M), pkgchk(1M), pkgrm(1M),removef(1M), admin(4), pkginfo(4), attributes(5), large-
file(5), zones(5) http://www.openssl.org NOTESWhen transferring a package to a spool directory, the -r,
-n, and -a options cannot be used.
The -r option can be used to indicate a directory name as
well as a filename. The directory can contain numerous response files, each sharing the name of the package withwhich it should be associated. This would be used, for exam-
ple, when adding multiple interactive packages with oneinvocation of pkgadd. In this situation, each package would
need a response file. If you create response files with the same name as the package (for example, pkinst1 and pkinst2), then name the directory in which these files reside afterthe -r.
SunOS 5.11 Last change: 5 Oct 2010 10
System Administration Commands pkgadd(1M)
The -n option causes the installation to halt if any
interaction is needed to complete it.If the default admin file is too restrictive, the adminis-
tration file may need to be modified to allow for totalnon-interaction during a package installation. See admin(4)
for details.If a package stream is specified with -d, and a digital sig-
nature is found in that stream, the default behavior is to attempt to validate the certificate and signature found. This behavior can be overridden with admin file settings. See admin(4) for more information.SunOS 5.11 Last change: 5 Oct 2010 11