6324 Add an `ndp' tool for manipulating the neighbors table

[illumos-gate.git] / usr / src / man / man1m / pkgadd.1m

'\" te
.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved
.\" Copyright 1989 AT&T
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH PKGADD 1M "Oct 30, 2007"
.SH NAME
pkgadd \- transfer software packages to the system
.SH SYNOPSIS
.LP
.nf
\fBpkgadd\fR [\fB-nv\fR] [\fB-a\fR \fIadmin\fR] [\fB-G\fR] [\fB-x\fR \fIproxy\fR]
     [ [\fB-M\fR] \fB-R\fR \fIroot_path\fR] [\fB-r\fR \fIresponse\fR] [\fB-k\fR \fIkeystore\fR]
     [\fB-P\fR \fIpasswd\fR] [\fB-V\fR \fIfs_file\fR]
     [\fB-d\fR \fIdevice\fR | \fB-d\fR \fIdatastream\fR \fIpkginst\fR | all]
     [\fIpkginst\fR | \fB-Y\fR \fIcategory\fR [\fI, category\fR]...]
.fi

.LP
.nf
\fBpkgadd\fR \fB-s\fR [\fB-d\fR \fIdevice\fR | \fB-d\fR \fIdatastream\fR \fIpkginst\fR | all]
     [\fIpkginst\fR | \fB-Y\fR \fIcategory\fR [\fI, category\fR]...]
.fi

.SH DESCRIPTION
.sp
.LP
\fBpkgadd\fR transfers the contents of a software package from the distribution
medium or directory to install it onto the system. Used without the \fB-d\fR
\fIdevice\fR source specifier, \fBpkgadd\fR looks in the default spool
directory (\fB/var/spool/pkg\fR) for the package. Used with the \fB-s\fR
option, it writes the package to a spool directory instead of installing it.
.sp
.LP
The \fBpkgadd\fR utility requires an amount of temporary space the size of the
package that is being installed. \fBpkgadd\fR determines which temporary
directory to use by checking for the existance of the \fB$TMPDIR\fR environment
variable. If \fB$TMPDIR\fR is not defined, \fBpkgadd\fR uses \fBP_tmpdir\fR
from \fBstdio.h\fR. \fBP_tmpdir\fR has a default of \fB/var/tmp/\fR.
.sp
.LP
Certain unbundled and third-party packages are no longer entirely compatible
with the latest version of \fBpkgadd\fR. These packages require user
interaction throughout the installation and not just at the very beginning, or
require that their request scripts be run as the root user.
.sp
.LP
To install these older packages (released prior to Solaris 2.4), set the
following environment variable: \fBNONABI_SCRIPTS=TRUE\fR
.sp
.LP
As long as this environment variable is set, \fBpkgadd\fR permits keyboard
interaction throughout the installation and package request scripts are run as
\fBroot\fR.
.sp
.LP
If you have package request scripts that require running as user \fBroot\fR
(instead of \fBnoaccess\fR [the default] or user \fBinstall\fR), use the
\fBrscript_alt\fR parameter in the \fBadmin\fR(4) file to make an appropriate
selection. See \fBadmin\fR(4).
.sp
.LP
Note that, in Solaris 8 and Solaris 9, the default user when running a request
script was either \fBroot\fR or \fBnobody\fR, depending on the operating
system's patch level. In the current release, the default user is
\fBnoaccess\fR.
.sp
.LP
When running \fBpkgadd\fR in the global zone (see \fBzones\fR(5)), a package
that contains a request script (see \fBpkgask\fR(1M)) is added only to the
global zone. The package is not propagated to any current or
yet-to-be-installed non-global zone. This behavior mimics the effect of the
\fB-G\fR option, described below.
.sp
.LP
Package commands are \fBlargefile\fR(5)-aware. They handle files larger than 2
GB in the same way they handle smaller files. In their current implementations,
\fBpkgadd\fR, \fBpkgtrans\fR(1) and other package commands can process a
datastream of  up to 4 GB.
.sp
.LP
The \fB-d\fR, \fB-Y\fR, and \fIpkginst\fR arguments shown in the SYNOPSIS are
described under OPERANDS, following OPTIONS.
.SH OPTIONS
.sp
.LP
The supported options are described as follows. The \fB-d\fR \fIdevice\fR
source specifier is described under OPERANDS, below.
.sp
.ne 2
.na
\fB\fB\fR\fB-a\fR \fIadmin\fR\fR
.ad
.sp .6
.RS 4n
Define an installation administration file, \fIadmin\fR, to be used in place of
the default administration file. The token \fBnone\fR overrides the use of any
\fIadmin\fR file, and thus forces interaction with the user. Unless a full path
name is given, \fBpkgadd\fR first looks in the current working directory for
the administration file. If the specified administration file is not in the
current working directory, \fBpkgadd\fR looks in the
\fB/var/sadm/install/admin\fR directory for the administration file.
.RE

.sp
.ne 2
.na
\fB\fB-G\fR\fR
.ad
.sp .6
.RS 4n
Add package(s) in the current zone only. When used in the global zone, the
package is added to the global zone only and is not propagated to any existing
or yet-to-be-created non-global zone. When used in a non-global zone, the
package(s) are added to the non-global zone only.
.sp
This option causes package installation to fail if, in the \fBpkginfo\fR file
for a package, \fBSUNW_PKG_ALLZONES\fR is set to true. See \fBpkginfo\fR(4).
.RE

.sp
.ne 2
.na
\fB\fB-k\fR \fIkeystore\fR\fR
.ad
.sp .6
.RS 4n
Use \fIkeystore\fR as the location from which to get trusted certificate
authority certificates when verifying digital signatures found in packages. If
no keystore is specified, then the default keystore locations are searched for
valid trusted certificates. See \fBKEYSTORE LOCATIONS\fR for more information.
.RE

.sp
.ne 2
.na
\fB\fB-M\fR\fR
.ad
.sp .6
.RS 4n
Instruct \fBpkgadd\fR not to use the \fB$\fR\fIroot_path\fR\fB/etc/vfstab\fR
file for determining the client's mount points. This option assumes the mount
points are correct on the server and it behaves consistently with Solaris 2.5
and earlier releases.
.RE

.sp
.ne 2
.na
\fB\fB-n\fR\fR
.ad
.sp .6
.RS 4n
Installation occurs in non-interactive mode. Suppress output of the list of
installed files. The default mode is interactive.
.RE

.sp
.ne 2
.na
\fB\fB-P\fR \fIpasswd\fR\fR
.ad
.sp .6
.RS 4n
Password to use to decrypt keystore specified with \fB-k\fR, if required. See
\fBPASS PHRASE ARGUMENTS\fR for more information about the format of this
option's argument.
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-r\fR \fIresponse\fR\fR
.ad
.sp .6
.RS 4n
Identify a file or directory which contains output from a previous
\fBpkgask\fR(1M) session. This file supplies the interaction responses that
would be requested by the package in interactive mode. \fIresponse\fR must be a
full pathname.
.RE

.sp
.ne 2
.na
\fB\fB-R\fR \fIroot_path\fR\fR
.ad
.sp .6
.RS 4n
Define the full path name of a directory to use as the \fIroot_path\fR. All
files, including package system information files, are relocated to a directory
tree starting in the specified \fIroot_path\fR. The \fIroot_path\fR may be
specified when installing to a client from a server (for example,
\fB/export/root/client1\fR).
.LP
Note -
.sp
.RS 2
The root file system of any non-global zones must not be referenced with the
\fB-R\fR option. Doing so might damage the global zone's file system, might
compromise the security of the global zone, and might damage the non-global
zone's file system. See \fBzones\fR(5).
.RE
.RE

.sp
.ne 2
.na
\fB\fB\fR\fB-s\fR \fIspool\fR\fR
.ad
.sp .6
.RS 4n
Write the package into the directory \fIspool\fR instead of installing it.
.RE

.sp
.ne 2
.na
\fB\fB-v\fR\fR
.ad
.sp .6
.RS 4n
Trace all of the scripts that get executed by \fBpkgadd\fR, located in the
\fIpkginst\fR\fB/install\fR directory. This option is used for debugging the
procedural and non-procedural scripts.
.RE

.sp
.ne 2
.na
\fB\fB-V\fR \fIfs_file\fR\fR
.ad
.sp .6
.RS 4n
Specify an alternative \fIfs_file\fR to map the client's file systems. For
example, used in situations where the \fB$\fR\fIroot_path\fR\fB/etc/vfstab\fR
file is non-existent or unreliable.
.RE

.sp
.ne 2
.na
\fB\fB-x\fR \fIproxy\fR\fR
.ad
.sp .6
.RS 4n
Specify a HTTP[S] proxy to use when downloading packages The format of proxy is
\fIhost\fR:\fIport\fR, where \fIhost\fR is the hostname of the HTTP[S] proxy,
and \fIport\fR is the port number associated with the proxy. This switch
overrides all other methods of specifying a proxy. See ENVIRONMENT VARIABLES
for more information on alternate methods of specifying a default proxy.
.RE

.sp
.LP
When executed without options or operands, \fBpkgadd\fR uses
\fB/var/spool/pkg\fR (the default spool directory).
.SH OPERANDS
.sp
.LP
The following operands are supported:
.SS "Sources"
.sp
.LP
By default, pkgadd looks in the \fB/var/spool/pkg\fR directory when searching
for instances of a package to install or spool. Optionally, the source for the
package instances to be installed or spooled can be specified using:
.sp
.ne 2
.na
\fB\fB-d\fR \fIdevice\fR\fR
.ad
.br
.na
\fB\fB-d\fR \fIdatastream\fR \fIpkgname\fR,... | \fBall\fR\fR
.ad
.sp .6
.RS 4n
Install or copy a package from \fIdevice\fR. \fIdevice\fR can be any of the
following:
.RS +4
.TP
.ie t \(bu
.el o
A full path name to a directory or the identifiers for tape, floppy disk, or
removable disk (for example, \fB/var/tmp\fR or
\fB/floppy/\fIfloppy_name\fR\fR).
.RE
.RS +4
.TP
.ie t \(bu
.el o
A device alias (for example, \fB/floppy/floppy0\fR).
.RE
.RS +4
.TP
.ie t \(bu
.el o
A datastream created by \fBpkgtrans\fR (see \fBpkgtrans\fR(1)).
.RE
.RS +4
.TP
.ie t \(bu
.el o
A URL pointing to a datastream created by \fBpkgtrans\fR. The supported
Universal Resource Identifiers (URIs) are \fBhttp:\fR and \fBhttps:\fR.
.RE
The second form of the \fB-d\fR specifier, above, indicates the syntax you use
when specifying a datastream. In this case you must specify either a
comma-separated list of package names or the keyword \fBall\fR.
.RE

.SS "Instances"
.sp
.LP
By default, \fBpkgadd\fR searches the specified source, and presents an
interactive menu allowing the user to select which package instances found on
the source are to be installed. As an alternative, the package instances to be
installed can be specified using:
.sp
.ne 2
.na
\fB\fIpkginst\fR\fR
.ad
.sp .6
.RS 4n
The package instance or list of instances to be installed. The token \fBall\fR
may be used to refer to all packages available on the source medium. The format
\fIpkginst\fR\fB\&.*\fR can be used to indicate all instances of a package.
.sp
The asterisk character (\fB*\fR) is a special character to some shells and may
need to be escaped. In the C-Shell, the asterisk must be surrounded by single
quotes (\fB\&'\fR) or preceded by a backslash (\fB\e\fR).
.RE

.sp
.ne 2
.na
\fB\fB-Y\fR \fIcategory\fR[,\fIcategory\fR...]\fR
.ad
.sp .6
.RS 4n
Install packages based on the value of the \fBCATEGORY\fR parameter stored in
the package's \fBpkginfo\fR(4) file. All packages on the source medium whose
\fBCATEGORY\fR matches one of the specified categories will be selected for
installation or spooling.
.RE

.SH KEYSTORE LOCATIONS
.sp
.LP
Package and tools such as \fBpkgadd\fR use a set of trusted certificates to
perform signature validation on any signatures found within the packages. If
there are no signatures included in the packages then signature validation is
skipped. The certificates can come from a variety of locations. If \fB-k\fR
\fIkeystore\fR is specified, and \fIkeystore\fR is a directory, then
\fIkeystore\fR is assumed to be the base directory of the certificates to be
used. If \fIkeystore\fR is a file, then the file itself is assumed to have all
required keys and certificates. When \fB-k\fR is not specified, then
\fB/var/sadm/security\fR is used as the base directory.
.sp
.LP
Within the specified base directory, the store locations to be searched are
different based on the application doing the searching and the type of store
being searched for. The following directories are searched in the specified
order:
.RS +4
.TP
1.
\fI<store_dir>\fR/\fI<app_name>\fR/\fI<store_type>\fR
.RE
.RS +4
.TP
2.
\fI<store_dir>\fR/\fI<store_type>\fR
.RE
.sp
.LP
Where \fI<store_dir>\fR is the directory specified by \fB-k\fR,
\fI<app_name>\fR is the name of the application doing the searching, and
\fI<store_type>\fR is one of \fBkeystore\fR (for private keys), \fBcertstore\fR
(for untrusted public key certificates), or \fBtruststore\fR (for trusted
certificate authority certificates).
.sp
.LP
For example, when \fBpkgadd\fR is run with \fB-k\fR \fB/export/certs\fR, then
the following locations are successively searched to find the trust store:
.RS +4
.TP
1.
/export/certs/pkgadd/truststore
.RE
.RS +4
.TP
2.
/export/certs/truststore
.RE
.sp
.LP
This searching order enables administrators to have a single location for most
applications, and special certificate locations for certain applications.
.SH KEYSTORE AND CERTIFICATE FORMATS
.sp
.LP
The packaging utilities, such as \fBpkgtrans\fR, require access to a set of
keys and certificates in order to sign, and optionally verify, packages.
.sp
.LP
The keystore files found by following the search pattern specified in
\fBKEYSTORE LOCATIONS\fR must each be a self-contained PKCS#12-format file.
.sp
.LP
When signing a package with \fBpkgtrans\fR, if a \fBcertstore\fR has more than
one public key certificate, then each public key must have a \fBfriendlyName\fR
attribute in order to be identifiable and selectable with the \fB-a\fR option
when signing packages. In addition, the public key certificate selected with
\fB-a\fR and found in the \fBcertstore\fR must have an associated private key
in the keystore.
.sp
.LP
Several browsers and utilities can be used to export and import certificates
and keys into a PKCS#12 keystore. For example, a trusted certificate can be
exported from Mozilla, and then imported into a PKCS#12 keystore for use with
\fBpkgadd\fR with the OpenSSL Toolkit.
.SH PASS PHRASE ARGUMENTS
.sp
.LP
\fBpkgtrans\fR and \fBpkgadd\fR accept password arguments, typically using
\fB-p\fR to specify the password. These allow the password to be obtained from
a variety of sources. Both of these options take a single argument whose format
is described below. If no password argument is given and a password is required
then the user is prompted to enter one: this will typically be read from the
current terminal with echoing turned off.
.sp
.ne 2
.na
\fB\fBpass:\fIpassword\fR\fR\fR
.ad
.sp .6
.RS 4n
The actual password is \fIpassword\fR. Because the password is visible to
utilities such as \fBps\fR this form should only be used where security is not
important.
.RE

.sp
.ne 2
.na
\fB\fBenv:\fIvar\fR\fR\fR
.ad
.sp .6
.RS 4n
Obtain the password from the environment variable \fIvar\fR. Because the
environment of other processes is visible on certain platforms this option
should be used with caution.
.RE

.sp
.ne 2
.na
\fB\fBfile:\fIpathname\fR\fR\fR
.ad
.sp .6
.RS 4n
The first line contained within \fIpathname\fR is the password. \fIpathname\fR
need not refer to a regular file: it could, for example, refer to a device or
named pipe. For example, to read the password from standard input, use
\fBfile:/dev/stdin\fR.
.RE

.sp
.ne 2
.na
\fB\fBconsole\fR\fR
.ad
.sp .6
.RS 4n
Read the password from \fB/dev/tty\fR.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRInstalling a Package from a Solaris DVD
.sp
.LP
The following example installs a package from a Solaris DVD. You are prompted
for the name of the package you want to install.

.sp
.in +2
.nf
example# \fBpkgadd -d /cdrom/cdrom0/s0/Solaris_10/Product\fR
.fi
.in -2
.sp

.LP
\fBExample 2 \fRInstalling a Set of Packages from a Datastream
.sp
.LP
The example command shown below installs all of the packages in the datastream
specified by the \fB-d\fR source specifier. Prior to this command, this
datastream must have been created with the \fBpkgtrans\fR(1) command.

.sp
.in +2
.nf
example# \fBpkgadd -d /var/tmp/datastream all\fR
.fi
.in -2
.sp

.sp
.LP
The keyword \fBall\fR specifies that all of the packages found in the
designated datastream will be installed.

.SH EXIT STATUS
.sp
.ne 2
.na
\fB\fB0\fR\fR
.ad
.sp .6
.RS 4n
Successful completion
.RE

.sp
.ne 2
.na
\fB\fB1\fR\fR
.ad
.sp .6
.RS 4n
Fatal error.
.RE

.sp
.ne 2
.na
\fB\fB2\fR\fR
.ad
.sp .6
.RS 4n
Warning.
.RE

.sp
.ne 2
.na
\fB\fB3\fR\fR
.ad
.sp .6
.RS 4n
Interruption.
.RE

.sp
.ne 2
.na
\fB\fB4\fR\fR
.ad
.sp .6
.RS 4n
Administration.
.RE

.sp
.ne 2
.na
\fB\fB5\fR\fR
.ad
.sp .6
.RS 4n
Administration. Interaction is required. Do not use \fBpkgadd\fR \fB-n\fR.
.RE

.sp
.ne 2
.na
\fB\fB10\fR\fR
.ad
.sp .6
.RS 4n
Reboot after installation of all packages.
.RE

.sp
.ne 2
.na
\fB\fB20\fR\fR
.ad
.sp .6
.RS 4n
Reboot after installation of this package.
.RE

.SH ENVIRONMENT VARIABLES
.sp
.ne 2
.na
\fB\fBHTTPPROXY\fR\fR
.ad
.sp .6
.RS 4n
Specifies an HTTP proxy host. Overrides administration file setting, and
\fBhttp_proxy\fR environment variable.
.RE

.sp
.ne 2
.na
\fB\fBHTTPPROXYPORT\fR\fR
.ad
.sp .6
.RS 4n
Specifies the port to use when contacting the host specified by
\fBHTTPPROXY\fR. Ignored if \fBHTTPPROXY\fR is not set.
.RE

.sp
.ne 2
.na
\fB\fBhttp_proxy\fR\fR
.ad
.sp .6
.RS 4n
URL format for specifying proxy host and port. Overrides administration file
setting.
.RE

.SH FILES
.sp
.ne 2
.na
\fB\fB/var/sadm/install/logs/\fR\fR
.ad
.sp .6
.RS 4n
Location where \fBpkgadd\fR logs an instance of software installation.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE  ATTRIBUTE VALUE
_
Interface Stability     Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBpkginfo\fR(1), \fBpkgmk\fR(1), \fBpkgparam\fR(1), \fBpkgproto\fR(1),
\fBpkgtrans\fR(1), \fBinstallf\fR(1M), \fBpkgadm\fR(1M), \fBpkgask\fR(1M),
\fBpkgchk\fR(1M), \fBpkgrm\fR(1M), \fBremovef\fR(1M), \fBadmin\fR(4),
\fBpkginfo\fR(4), \fBattributes\fR(5), \fBlargefile\fR(5), \fBzones\fR(5)
.sp
.LP
\fI\fR
.sp
.LP
\fBhttp://www.openssl.org\fR
.SH NOTES
.sp
.LP
When transferring a package to a spool directory, the \fB-r\fR, \fB-n\fR, and
\fB-a\fR options cannot be used.
.sp
.LP
The \fB-r\fR option can be used to indicate a directory name as well as a
filename. The directory can contain numerous response files, each sharing the
name of the package with which it should be associated. This would be used, for
example, when adding multiple interactive packages with one invocation of
\fBpkgadd\fR. In this situation, each package would need a response file. If
you create response files with the same name as the package (for example,
\fBpkinst1\fR and \fBpkinst2\fR), then name the directory in which these files
reside after the \fB-r\fR.
.sp
.LP
The \fB-n\fR option causes the installation to halt if any interaction is
needed to complete it.
.sp
.LP
If the default \fIadmin\fR file is too restrictive, the administration file may
need to be modified to allow for total non-interaction during a package
installation. See \fBadmin\fR(4) for details.
.sp
.LP
If a package stream is specified with \fB-d\fR, and a digital signature is
found in that stream, the default behavior is to attempt to validate the
certificate and signature found. This behavior can be overridden with
\fBadmin\fR file settings. See \fBadmin\fR(4) for more information.