svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
pkg(1)
pkg(1) User Commands pkg(1)
NAME
pkg - Image Packaging System retrieval client
SYNOPSIS
/usr/bin/pkg [options] command [cmd_options] [operands]
/usr/bin/pkg refresh [-q] [--full] [publisher ...]
/usr/bin/pkg install [-nvq] [-C n] [-g path_or_uri]...
[-r [[-z zonename]... | [-Z zonename]... ]]
[--accept] [--licenses] [--no-index] [--no-refresh]
[--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--reject pkg_fmri_pattern]...
[--sync-actuators | --sync-actuators-timeout timeout]
pkg_fmri_pattern ...
/usr/bin/pkg exact-install [-nvq] [-C n] [-g path_or_uri]...
[--accept] [--licenses] [--no-index] [--no-refresh]
[--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--reject pkg_fmri_pattern]... pkg_fmri_pattern ...
/usr/bin/pkg uninstall [-nvq] [-C n]
[-r [[-z zonename]... | [-Z zonename]... ]]
[--ignore-missing] [--no-index] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--sync-actuators | --sync-actuators-timeout timeout]
pkg_fmri_pattern ...
/usr/bin/pkg update [-fnvq] [-C n] [-g path_or_uri]...
[-r [[-z zonename]... | [-Z zonename]... ]]
[--accept] [--ignore-missing] [--licenses]
[--no-index] [--no-refresh] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--reject pkg_fmri_pattern]...
[--sync-actuators | --sync-actuators-timeout timeout]
[pkg_fmri_pattern ...]
/usr/bin/pkg list [-Hafnqsuv] [-g path_or_uri]...
[--no-refresh] [pkg_fmri_pattern ...]
/usr/bin/pkg info [-lqr] [-g path_or_uri]... [--license]
[pkg_fmri_pattern ...]
/usr/bin/pkg contents [-Hmr] [-a attribute=pattern]...
[-g path_or_uri]... [-o attribute[,attribute]...]...
[-s sort_key] [-t action_name[,action_name]...]...
[pkg_fmri_pattern ...]
/usr/bin/pkg search [-HIaflpr]
[-o attribute[,attribute]...]... [-s repo_uri] query
/usr/bin/pkg verify [-Hqv] [-p path]... [--parsable version]
[--unpackaged] [--unpackaged-only] [pkg_fmri_pattern ...]
/usr/bin/pkg fix [-Hnvq] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--accept] [--licenses] [--parsable version] [--unpackaged]
[pkg_fmri_pattern ...]
/usr/bin/pkg revert [-nv] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
(--tagged tag-name ... | path-to-file ...)
/usr/bin/pkg mediator [-aH] [-F format] [mediator ...]
/usr/bin/pkg set-mediator [-nv] [-I implementation]
[-V version] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
mediator ...
/usr/bin/pkg unset-mediator [-nvIV] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
mediator ...
/usr/bin/pkg variant [-Haiv] [-F format] [variant_pattern ...]
/usr/bin/pkg change-variant [-nvq] [-C n] [-g path_or_uri]...
[-r [[-z zonename]... | [-Z zonename]... ]]
[--accept] [--licenses] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--sync-actuators | --sync-actuators-timeout timeout]
variant_name=value ...
/usr/bin/pkg facet [-Haim] [-F format] [facet_pattern ...]
/usr/bin/pkg change-facet [-nvq] [-C n] [-g path_or_uri]...
[-r [[-z zonename]... | [-Z zonename]... ]]
[--accept] [--licenses] [--no-be-activate]
[--no-backup-be | --require-backup-be]
[--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name]
[--sync-actuators | --sync-actuators-timeout timeout]
facet_name=(True|False|None) ...
/usr/bin/pkg avoid [pkg_fmri_pattern ...]
/usr/bin/pkg unavoid [pkg_fmri_pattern ...]
/usr/bin/pkg freeze [-n] [-c reason] [pkg_fmri_pattern ...]
/usr/bin/pkg unfreeze [-n] [pkg_name_pattern ...]
/usr/bin/pkg property [-H] [propname ...]
/usr/bin/pkg set-property propname propvalue
/usr/bin/pkg add-property-value propname propvalue
/usr/bin/pkg remove-property-value propname propvalue
/usr/bin/pkg unset-property propname ...
/usr/bin/pkg publisher [-HPn] [-F format] [publisher ...]
/usr/bin/pkg set-publisher [-Ped] [-c ssl_cert] [-k ssl_key]
[-g origin_to_add | --add-origin origin_to_add]...
[-G origin_to_remove | --remove-origin origin_to_remove]...
[-m mirror_to_add | --add-mirror mirror_to_add]...
[-M mirror_to_remove | --remove-mirror mirror_to_remove]...
[--disable] [--enable] [--no-refresh] [--reset-uuid]
[--non-sticky] [--sticky] [--search-after publisher]
[--search-before publisher] [--search-first]
[--approve-ca-cert path_to_CA]
[--revoke-ca-cert hash_of_CA_to_remove]
[--unset-ca-cert hash_of_CA_to_remove]
[--set-property name_of_property=value]
[--add-property-value name_of_property=value_to_add]
[--remove-property-value name_of_property=value_to_remove]
[--unset-property name_of_property_to_delete]
[--proxy proxy_to_use] publisher
/usr/bin/pkg set-publisher -p repo_uri [-Ped]
[-c ssl_cert] [-k ssl_key] [--non-sticky] [--sticky]
[--search-after publisher] [--search-before publisher]
[--search-first] [--approve-ca-cert path_to_CA]
[--revoke-ca-cert hash_of_CA_to_remove]
[--unset-ca-cert hash_of_CA_to_remove]
[--set-property name_of_property=value]
[--add-property-value name_of_property=value_to_add]
[--remove-property-value name_of_property=value_to_remove]
[--unset-property name_of_property_to_delete]
[--proxy proxy_to_use] [publisher]
/usr/bin/pkg unset-publisher publisher ...
/usr/bin/pkg history [-HNl]
[-n number] [-o column[,column]...]...
[-t time | time-time[,time | time-time]...]...
/usr/bin/pkg purge-history
/usr/bin/pkg rebuild-index
/usr/bin/pkg update-format
/usr/bin/pkg version
/usr/bin/pkg help [-v]
/usr/bin/pkg image-create [-FPUfz] [--force]
[--full | --partial | --user] [--zone]
[-c ssl_cert] [-k ssl_key]
[-g path_or_uri | --origin path_or_uri]...
[-m uri | --mirror uri]...
[--facet facet_name=(True|False)]... [--no-refresh]
[--set-property name_of_property=value]
[--variant variant_name=value]...
[(-p | --publisher) [name=]repo_uri] dir
/usr/bin/pkg -R dir dehydrate [-nvq] [-p publisher]...
/usr/bin/pkg -R dir rehydrate [-nvq] [-p publisher]...
DESCRIPTION
pkg is the retrieval client for the Image Packaging System. With a
valid configuration, pkg can be invoked to create locations for pack‐
ages to be installed, called images, and install packages into those
images. Packages are published by publishers, who can make their pack‐
ages available at one or more repositories, or in package archives. pkg
retrieves packages from a publisher's repository or package archives
and installs the packages into an image.
Packages can only be installed into file systems that are part of a BE.
For example, on a default Oracle Solaris 11 installation, only datasets
under rpool/ROOT/BEname/ are supported for package operations.
A publisher name identifies a person, group of persons, or an organiza‐
tion as the source of one or more packages. To avoid publisher name
collisions and help identify the publisher, a best practice is to use a
domain name that represents the entity publishing the packages as a
publisher name.
A repository is a location where clients can publish and retrieve pack‐
age content (files contained within the package such as programs and
documents) and metadata (information about the package such as its name
and description). As an example, a publisher named example.org might
have their repository located at the URI http://example.org/repository.
pkg can also uninstall packages, refresh publisher metadata (such as
the list of available packages), validate package installation in an
image, and query the image for various tokens. These queries can also
be made of pkg(7) repositories.
Images can be of three types: full images, capable of providing a com‐
plete system; partial images, which are linked to a full image (parent
image), but do not provide a complete system on their own; and user
images.
OPTIONS
The following options are supported:
-?
--help
Display a usage message.
-R dir
Operate on the image rooted at dir. If no directory was specified
or determined based on environment, the default is /, the currently
active image. See also PKG_IMAGE in "Environment Variables" below.
If dir or PKG_IMAGE is not set to the currently active image, BE
options such as --require-new-be and --require-backup-be are
ignored and image policy settings about when to create a new or
backup BE (see be-policy in "Image Properties" below) are ignored.
When you operate on an image that is not the currently active
image, changes are made directly to that image; a new or backup BE
is not created.
The -R option is a global option. It can be used with any pkg sub‐
command, although for some subcommands (such as help and version)
it is ignored. The -R option is required with the dehydrate and
rehydrate subcommands.
--no-network-cache
Request that any network servers (such as proxies) used during the
operation ignore cached data. Use this option to troubleshoot prob‐
lems that may be caused by caching proxies between the package
client and network-based package repositories.
SUB-COMMANDS
The following subcommands are supported:
pkg refresh [-q] [--full] [publisher ...]
Update the client's list of available packages and publisher meta‐
data for all publishers.
publisher
Update the client's list of available packages and publisher
metadata only for the specified publishers.
-q
Hide progress messages during the requested operation.
--full
Force a full retrieval of all publisher metadata, instead of
attempting an incremental update, and request that any proxies
used during the operation ignore cached data. This option
exists for troubleshooting purposes and should not be used on a
regular basis.
pkg install [-nvq] [-C n] [-g path_or_uri]... [-r [[-z zonename]... |
[-Z zonename]... ]] [--accept] [--licenses] [--no-index] [--no-refresh]
[--no-be-activate] [--no-backup-be | --require-backup-be] [--backup-be-
name name] [--deny-new-be | --require-new-be] [--be-name name]
[--reject pkg_fmri_pattern]... [--sync-actuators | --sync-actuators-
timeout timeout] pkg_fmri_pattern ...
Install and update the specified packages to the newest version
that match pkg_fmri_pattern allowed by the packages installed in
the image. To explicitly request the latest version of a package,
use latest for the version portion of pkg_fmri_pattern. For exam‐
ple, specify vim@latest. The pkg_fmri_pattern pattern can include
the ? and * characters as glob(3C)-style wildcards to match one or
more packages.
Versions older or newer than what is already installed can be spec‐
ified to perform in-place downgrades or upgrades of specific pack‐
ages. Updating specific packages across package rename or obsolete
boundaries is not supported.
Any preserved configuration files that are part of packages to be
downgraded and that have been changed since the original version
was installed are renamed using the extension .update. For more
information about how the package system determines which files to
preserve, and how these files are preserved during package
upgrades, see "File Actions" in the pkg(7) man page.
Packages are selected based on publisher search order and sticki‐
ness. See the pkg publisher and pkg set-publisher commands for
information about search order and stickiness. If the pkg_fmri_pat‐
tern does not specify the publisher, the first publisher that pro‐
vides a matching package is used as the installation source. If
that publisher does not provide a version of the package that can
be installed in this image, then the installation operation fails.
Use the pkg list -a command to see which publishers provide a ver‐
sion of the package that can be installed in this image.
If more than one pkg_fmri_pattern is specified, and if any of the
specified packages cannot be installed in this image, then none of
the specified packages will be installed.
Some configuration files might be renamed or replaced during the
installation process. For more information about how the package
system determines which files to preserve, and how they are pre‐
served during package operations, see "File Actions" in the pkg(7)
man page.
If a package is on the avoid list, installing it removes it from
that list.
-C n
Specify the number of child images to update in parallel. When
recursing into child images (usually installed solaris branded
non-global zones), update at most n child images in parallel.
The default number of child images to update in parallel is 1.
If n is 0 or a negative number, all child images are updated in
parallel. See also PKG_CONCURRENCY in the "Environment Vari‐
ables" section.
-g path_or_uri
Temporarily add the specified package repository or archive to
the list of sources in the image from which to retrieve package
data. Repositories that require a client SSL certificate cannot
be used with this option. This option can be specified multiple
times.
When deciding which version of a package to use, publishers
configured in the image, but not found in the specified
path_or_uri sources, take precedence. If the version of the
package to be installed is provided by a publisher configured
in the image and by a path_or_uri source, the client retrieves
the content for that package from the path_or_uri sources.
After installation or update, any packages provided by publish‐
ers not configured in the image are added to the image configu‐
ration without an origin. Use the pkg publisher command to see
which publishers are configured in the image.
-n
Perform a trial run of the operation with no package changes
made.
-q
Hide progress messages during the requested operation.
-r
Run this operation in the global zone and also in all installed
solaris branded non-global zones. The effect on the non-global
zone is similar to logging into each non-global zone and run‐
ning the command directly. Without this option, when you run
pkg commands in the global zone, non-global zones are modified
only to the extent required to keep them compatible with the
global zone. With this option, the pkg operation is applied to
all installed non-global zones except as limited by the -z and
-Z options. Zones that are excluded by the -z and -Z options
might still be modified if updates are required to keep them in
sync with the global zone.
-z zonename
Run this operation only in the specified non-global zone. The
-z option can be specified multiple times. The -z option can
only be used with the -r option. The -z option cannot be used
with the -Z option.
-Z zonename
Run this operation in all non-global zones except for the spec‐
ified zone. The -Z option can be specified multiple times. The
-Z option can only be used with the -r option. The -Z option
cannot be used with the -z option.
-v
Issue verbose progress messages during the requested operation,
and display detailed planning information (such as changing
facets, mediators, and variants). This option can be specified
multiple times to increase the amount of planning information
displayed.
--accept
Indicate that you agree to and accept the terms of the licenses
of the packages that are updated or installed. If you do not
provide this option, and any package licenses require accep‐
tance, the installation operation fails.
--licenses
Display all of the licenses for the packages that are installed
or updated as part of this operation. For updated packages,
display the license only if the license has changed.
--no-index
Do not update the search indexes after the operation has com‐
pleted successfully.
--no-refresh
Do not attempt to contact the repositories for the image's pub‐
lishers to retrieve the newest list of available packages and
other metadata.
--no-be-activate
If a boot environment is created, do not set it as the active
boot environment on the next boot. See the beadm(8) man page
for more information.
--no-backup-be
Do not create a backup boot environment.
--require-backup-be
Always create a backup boot environment if a new boot environ‐
ment will not be created. Without this option, a backup boot
environment is created based on image policy. See be-policy in
"Image Properties" below for an explanation of when backup boot
environments are created automatically.
--backup-be-name name
Name the created backup boot environment using the given argu‐
ment. Use of --backup-be-name implies --require-backup-be. See
also the beadm(8) man page.
--deny-new-be
Do not create a new boot environment. This operation is not
performed if a new boot environment is required.
--require-new-be
Always create a new boot environment. Without this option, a
boot environment is created based on image policy. See be-pol‐
icy in "Image Properties" below for an explanation of when boot
environments are created automatically. This option cannot be
combined with --require-backup-be.
--be-name name
Rename the newly created boot environment to be the argument
given. Use of --be-name implies --require-new-be. See also the
beadm(8) man page.
--reject pkg_fmri_pattern
Prevent packages with names matching the given pattern from
being installed. If matching packages are already installed,
they are removed as part of this operation. Rejected packages
that are the target of group dependencies are placed on the
avoid list. This option can be specified multiple times.
--sync-actuators
Run SMF actuators synchronously. The pkg(1) command will not
return until all SMF actuators have finished in the zone in
which pkg was invoked (the global zone or a non-global zone).
--sync-actuators-timeout timeout
Run SMF actuators synchronously. If the actuators do not finish
within the given timeout in seconds, pkg(1) will continue oper‐
ation and exit with return code 8.
pkg exact-install [-nvq] [-C n] [-g path_or_uri]... [--accept]
[--licenses] [--no-index] [--no-refresh] [--no-be-activate] [--no-
backup-be | --require-backup-be] [--backup-be-name name] [--deny-new-be
| --require-new-be] [--be-name name] [--reject pkg_fmri_pattern]...
pkg_fmri_pattern ...
Install or update the specified packages as if installing onto a
bare system. Any previously installed packages that are not speci‐
fied on the command line and are not a dependency of the specified
packages will be removed. This command ignores restrictions to not
install packages that are on the avoid list and not update packages
that are on the frozen list. Otherwise, this exact-install subcom‐
mand behaves the same way that the install subcommand behaves. To
explicitly request the latest version of a package, use latest for
the version portion of pkg_fmri_pattern. For example, specify
vim@latest.
Packages are selected based on publisher search order and sticki‐
ness. See the pkg publisher and pkg set-publisher commands for
information about search order and stickiness. If the pkg_fmri_pat‐
tern does not specify the publisher, the first publisher that pro‐
vides a matching package is used as the installation source. If
that publisher does not provide a version of the package that can
be installed in this image, then the installation operation fails.
Use the pkg list -a command to see which publishers provide a ver‐
sion of the package that can be installed in this image.
If more than one pkg_fmri_pattern is specified, and if any of the
specified packages cannot be installed in this image, then none of
the specified packages will be installed.
Some configuration files might be renamed or replaced during the
installation process. For more information about how the package
system determines which files to preserve, and how they are pre‐
served during package operations, see "File Actions" in the pkg(7)
man page.
If a package is on the avoid list, installing it removes it from
that list.
For descriptions of options, see the install command above.
pkg uninstall [-nvq] [-C n] [-r [[-z zonename]... | [-Z zonename]... ]]
[--ignore-missing] [--no-index] [--no-be-activate] [--no-backup-be |
--require-backup-be] [--backup-be-name name] [--deny-new-be |
--require-new-be] [--be-name name] [--sync-actuators | --sync-actua‐
tors-timeout timeout] pkg_fmri_pattern ...
Remove installed packages that match pkg_fmri_pattern.
If a package is the subject of a group dependency, uninstalling it
places it on the avoid list. See the avoid subcommand below.
In the command output, note any messages that say a new boot envi‐
ronment has been created. If a new boot environment has been cre‐
ated and activated, that is the environment that is booted by
default on next reboot. See the beadm(8) man page for information
about managing boot environments.
--ignore-missing
Ignore packages that are not installed. Using this option pre‐
vents pkg uninstall from failing when attempting to uninstall a
package that is not currently installed.
For all other options, see the install command above.
pkg update [-fnvq] [-C n] [-g path_or_uri]... [-r [[-z zonename]... |
[-Z zonename]... ]] [--accept] [--ignore-missing] [--licenses] [--no-
index] [--no-refresh] [--no-be-activate] [--no-backup-be | --require-
backup-be] [--backup-be-name name] [--deny-new-be | --require-new-be]
[--be-name name] [--reject pkg_fmri_pattern]... [--sync-actuators |
--sync-actuators-timeout timeout] [pkg_fmri_pattern ...]
Update all packages installed in the current image to the newest
version allowed by the constraints imposed on the system by
installed packages and publisher configuration.
In the command output, note any messages that say a new boot envi‐
ronment has been created. If a new boot environment has been cre‐
ated and activated, that is the environment that is booted by
default on next reboot if you do not specify the --no-be-activate
option. See the beadm(8) man page for information about managing
boot environments.
pkg_fmri_pattern
Update only the specified packages installed in the current
image. If asterisk (*) is one of the pkg_fmri_pattern patterns
provided, update all packages installed in the current image in
the same way as when no pkg_fmri_pattern is provided.
To explicitly request the latest version of a package, use lat‐
est for the version portion of pkg_fmri_pattern. For example,
specify vim@latest.
Versions older or newer than what is already installed can be
specified to perform in-place downgrades or upgrades of spe‐
cific packages. Updating specific packages across package
rename or obsolete boundaries is not supported.
Any preserved configuration files that are part of packages to
be downgraded and that have been changed since the original
version was installed are renamed using the extension .update.
For more information about how the package system determines
which files to preserve, and how these files are preserved dur‐
ing package upgrades, see "File Actions" in the pkg(7) man
page.
If more than one pkg_fmri_pattern is specified, and if any of
the specified packages cannot be updated in this image, then
none of the specified packages will be updated.
-f
Do not execute the client up-to-date check when updating all
installed packages.
--ignore-missing
Ignore packages that are not installed. Using this option pre‐
vents pkg update from failing when attempting to update a pack‐
age that is not currently installed.
For all other options, see the install command above.
pkg list [-Hafnqsuv] [-g path_or_uri]... [--no-refresh] [pkg_fmri_pat‐
tern ...]
Display a list of all packages installed in the current image,
including information such as version and installed state. By
default, package variants for a different architecture or zone type
are excluded. The usual output is in three columns:
NAME (PUBLISHER) VERSION IFO
system/core-os 0.5.11-0.175.0.0.0.2.1 i--
x11/wm/fvwm (fvwm.org) 2.6.5 i--
The first column contains the name of the package. If the publisher
from which the package is installed (or available, if not
installed) is not the first in the publisher search order, then the
publisher name is listed in parentheses after the package name. The
second column contains the release and branch versions of the pack‐
age. See the pkg(7) man page for information about release and
branch versions and about variants.
The last column contains a set of flags that show the status of the
package:
o An i in the I column shows that the package is
installed.
o An f in the F column shows that the package is frozen.
o An o in the O column shows that the package is obsolete.
An r in the O column shows that the package has been
renamed (a form of obsoletion).
An l in the O column shows that the package is legacy,
meaning that it will be removed in the future.
pkg_fmri_pattern
List only the specified packages.
-H
Omit the headers from the listing.
-a
List installed packages and list the newest version of packages
that are not installed but could be installed in this image.
Packages can be installed if they are allowed by the installed
incorporations and by the image's variants. If one or more pat‐
terns are specified, then the newest version matching the spec‐
ified pattern and allowed by any installed incorporations and
the image's variants is listed. Without -a, list only installed
packages.
-af
List all versions of all packages for all variants regardless
of incorporation constraints or installed state. To explicitly
list the latest version of a package when using these options,
use latest for the version portion of pkg_fmri_pattern. For
example, specify vim@latest.
-g path_or_uri
Use the specified package repository or archive as the source
of package data for the operation. Repositories that require a
client SSL certificate cannot be used with this option. This
option can be specified multiple times. Use of -g implies -a if
-n is not specified.
-n
Display the newest versions of all known packages, regardless
of installed state.
-q
Do not list any packages, but return failure if a fatal error
occurs.
-s
Display a one-line short-form giving the package name and sum‐
mary. This option can be used with -a, -n, or -u.
-u
List installed packages that have newer versions available.
This option cannot be used with -g.
-v
Show full package FMRIs, including publisher and complete ver‐
sion, all in the first column (the VERSION column disappears).
This option can be used with -a, -n, or -u.
--no-refresh
Do not attempt to contact the repositories for the image's pub‐
lishers to retrieve the newest list of available packages.
pkg info [-lqr] [-g path_or_uri]... [--license] [pkg_fmri_pattern ...]
Display information about all packages installed in the current
image in a human-readable form.
pkg_fmri_pattern
Display information for only the specified packages.
-g path_or_uri
Use the specified package repository or archive as the source
of package data for the operation. Repositories that require a
client SSL certificate cannot be used with this option. This
option can be specified multiple times. Use of -g implies -r.
-l
Only display information for installed packages. This is the
default.
-q
Do not display any package information, but return failure if a
fatal error occurs.
-r
Match packages based on the newest available versions, retriev‐
ing information for packages not currently installed (if neces‐
sary) from the repositories of the image's configured publish‐
ers. At least one package must be specified when using this
option. Without -r, only installed packages are displayed by
default.
--license
Display the license texts for the packages. This option can be
combined with -l, -q, or -r. Return success if all
pkg_fmri_pattern patterns match known packages and have
licenses. Return failure if one or more patterns are unmatched
or match packages that do not have licenses.
pkg contents [-Hmr] [-a attribute=pattern]... [-g path_or_uri]... [-o
attribute[,attribute]...]... [-s sort_key] [-t
action_name[,action_name]...]... [pkg_fmri_pattern ...]
Display the contents (action attributes) of all packages installed
in the image. With no options, display the value of the path
attribute for actions installed in the current image, sorted alpha‐
betically by attribute value. If the -o option is not specified,
the key attributes, as described in pkg(7), of the related action
name will be displayed instead. In addition, 'depend' actions will
also include the 'type' attribute, and 'set' actions will include
the 'value' attribute.
When more than one action name is specified, the default attributes
are the set of all attributes, as described above, of all the spec‐
ified actions. For information about actions and their attributes,
see "Actions" in the pkg(7) man page. See also the list of pseudo
attribute names below.
pkg_fmri_pattern
Display contents of only the specified packages.
-H
Omit the headers from the output.
-a attribute=pattern
Limit the output to those actions that have an attribute named
in the option argument with a value that matches the (glob)
pattern in the option argument. This option can be specified
multiple times. If multiple -a options are given, then actions
that match any of them are displayed.
-g path_or_uri
Display information for packages that could be installed in
this image from the specified package repository or archive.
Repositories that require a client SSL certificate cannot be
used with this option. Packages that could be installed include
packages that are currently installed and other packages that
satisfy criteria for installation in this image, such as vari‐
ant and facet restrictions. This option can be specified multi‐
ple times. Use of -g implies -r.
-m
Display all attributes of all actions in the specified pack‐
ages, including actions that could not be installed in this
image.
-o attribute
Display the specified attributes, sorted according to the val‐
ues of the first attribute listed. The -o option can be speci‐
fied multiple times, or multiple attributes can be specified as
the argument to one -o option by separating the attribute names
with commas. Only actions that have the requested attributes
are displayed.
-r
Display information for the newest available versions of pack‐
ages that could be installed in this image from the reposito‐
ries of the publishers configured in this image. Packages that
could be installed include packages that are currently
installed and other packages that satisfy criteria for instal‐
lation in this image, such as variant and facet restrictions.
At least one package must be specified when using this option.
-s sort_key
Sort actions by the specified action attribute. If not pro‐
vided, the default is to sort by path or by the first attribute
specified by the -o option. The -s option can be specified mul‐
tiple times.
-t action_name
Only list the specified actions. The -t option can be specified
multiple times, or multiple actions can be specified as the
argument to one -t option by separating the action names with
commas. The value of action_name is one of the actions listed
in "Actions" in the pkg(7) man page, such as file, directory,
driver, depend, set.
Several special pseudo attribute names are available for conve‐
nience:
action.hash
The value of the action's hash, if the action carries a pay‐
load.
action.key
The value of the action's key attribute. For example, for a
file action, the key attribute is the path to the file. Some
actions do not have a key attribute.
action.name
The name of the action. For example, for a file action, this is
file.
action.raw
All attributes of matching actions.
pkg.fmri
The full FMRI of the package containing the action, such as
pkg://solaris/group/fea‐
ture/amp@0.5.11,5.11-0.175.0.0.0.2.1:20120705T153434Z.
pkg.name
The name of the package containing the action, such as web/amp.
pkg.publisher
The publisher of the package containing the action, such as
solaris.
pkg.shortfmri
The short form FMRI of the package containing the action, such
as pkg://solaris/group/feature/amp@0.5.11,5.11-0.175
The contents and search subcommands are related: Both query the
system for the contents of packages. The contents subcommand dis‐
plays actions in one or more installed or installable packages,
filtering the output based on the specified options. The search
subcommand approaches the query from the other direction, display‐
ing the names of all packages that contain a user-supplied token.
Each subcommand is capable of formulating some queries of which the
other is capable. Care should be taken in choosing the subcommand,
as a given query can be more naturally formulated in one than in
the other.
pkg search [-HIaflpr] [-o attribute[,attribute]...]... [-s repo_uri]
query
Search for actions that match query, and display the matching
search index, action name, action value, and package name. See the
description of query below. Some searches might yield duplicate
results.
-H
Omit the headers from the output.
-I
Use a case-sensitive search.
-a
Perform the search and display information about the matching
actions. This is the default.
-f
Show all results, regardless of package version. By default,
search prunes results from packages older than the currently
installed version and from package versions excluded by current
incorporations.
-l
Search the image's installed packages.
Both -l and -r (or -s) can be specified together, in which case
both local and remote searches are performed.
-o attribute
Specify the columns to include in the output. The -o option can
be specified multiple times, or multiple attributes can be
specified as the argument to one -o option by separating the
attribute names with commas. In addition to the pseudo
attributes outlined above, the following attributes are defined
for search results. These attributes help show why a particular
result was a match:
search.match
The string that matched the search query.
search.match_type
The attribute that contained the string that matched the
search query.
-p
Display packages that have some actions that match each query
term. Using this option is equivalent to putting angle brackets
(<>) around each term in the query. See query below for more
description of the <> operator.
-r
Search the repositories corresponding to the image's publish‐
ers. This is the default.
Both -l and -r (or -s) can be specified together, in which case
both local and remote searches are performed.
-s repo_uri
Search the pkg(7) repository located at the given URI. This can
be specified multiple times. Package archives are not sup‐
ported.
query
By default, query is interpreted as a series of terms to be
matched exactly and multiple terms are ANDed.
AND and OR are supported.
The ? and * characters can be used as glob(3C)‐style wildcards,
allowing more flexible query matches.
In addition to simple token matching and wildcard search, a
more complicated query language is supported. Phrases can be
searched for by using single or double quotation marks (' or
"). Be sure to take your shell into account so that pkg actu‐
ally sees the ' or ".
Which tokens are indexed is action-dependent, but can include
content hashes and path names. For information about actions
and their attributes, see "Actions" in the pkg(7) man page. See
also the list of pseudo attribute names in pkg contents and -o
above.
Structured queries are supported with the following syntax:
pkg_name:action_name:index:token
The value of action_name is one of the actions listed in
"Actions" in the pkg(7) man page. The index is an attribute of
the action. The value of index must match token.
Not all action attributes are searchable. For example, mode is
an attribute of the file action, but mode is not a valid value
for index.
Some values for index are not action attributes but are values
derived from other attributes. For example, index can be base‐
name, which is not an attribute of any action but is derived
from the path attribute of the file or dir action by taking the
last component of the path.
Different action types have different valid values for index.
This documentation does not list all possible values. Some of
the more useful index values are basename and path for file
system actions, the dependency type (for example, require,
optional, group) for depend actions, and driver_name and alias
for driver actions.
One special value for index is the value of a name attribute
for a set action. In this case, token is matched against the
value of the value attribute that corresponds to the specified
name attribute. For example, the following search finds pack‐
ages that are classified as either Development/Databases or
System/Databases. In the "Examples" section, see the example of
finding SMF services.
$ pkg search info.classification:databases
Missing fields in a structured query are implicitly wildcarded.
A search for basename:pkg matches all actions in all packages
that have an index of basename and that match the token pkg,
as shown in the following partial output:
$ pkg search basename:pkg
INDEX ACTION VALUE PACKAGE
basename dir usr/share/pkg pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1
basename dir var/sadm/pkg pkg:/package/svr4@0.5.11-0.175.0.0.0.2.1
basename dir var/spool/pkg pkg:/package/svr4@0.5.11-0.175.0.0.0.2.1
basename file usr/bin/pkg pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1
Adding another field narrows the search, as shown in the fol‐
lowing complete output:
$ pkg search file:basename:pkg
INDEX ACTION VALUE PACKAGE
basename file usr/bin/pkg pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1
Explicit wildcards are supported in the pkg_name and token
fields. The action_name and index must match exactly.
See the "Examples" section for examples of searching for files
and dependencies.
To convert actions to the packages that contain those actions,
use <>, as shown in the following partial output:
$ pkg search \<pkg\>
PACKAGE PUBLISHER
pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 solaris
pkg:/package/svr4@0.5.11-0.175.0.0.0.2.1 solaris
With the -a option (and by default), searching for token
results in information about the actions that match token,
while searching for <token> results in a list of packages that
contain actions that match token.
pkg verify [-Hqv] [-p path]... [--parsable version] [--unpackaged]
[--unpackaged-only] [pkg_fmri_pattern ...]
Validate the installation of all packages installed in the current
image. If current signature policy for related publishers is not
ignore, the signatures of each package are validated based on pol‐
icy. See signature-policy in "Image Properties" below for an expla‐
nation of how signature policies are applied.
pkg_fmri_pattern
Validate the installation of only the specified packages
installed in the current image. When used with -p, only the
matching actions from the specified packages will be verified.
-H
Omit the headers from the verification output.
-v
Include informational messages regarding packages. See also the
description of the -v option for the install command above.
-p path
Validate individual files, links or directories by specifying
the paths. Paths specified are assumed to be relative to the /
of the image on which the verify is performed. If a directory
or a link is specified, only the matching action for the direc‐
tory or the link will be verified.
If no pkg_fmri_patterns are provided when specifying paths, all
matching actions from packages installed in the image will be
verified. This option cannot be combined with --unpackaged or
--unpackaged-only.
--parsable version
Parsable output. The supported version is 0. Use of this option
implies -q.
--unpackaged
Report unpackaged contents in addition to general verification
output. Current unpackaged contents includes unpackaged files
and unpackaged directories. This option can be combined with
--parsable.
--unpackaged-only
Report only unpackaged contents. This option excludes general
verification output and only reports the unpackaged files and
directories. This option can be combined with --parsable.
For all other options, see the install command above.
pkg fix [-HnvqP] [--no-be-activate] [--no-backup-be | --require-backup-
be] [--backup-be-name name] [--deny-new-be | --require-new-be] [--be-
name name] [--accept] [--licenses] [--parsable version] [--unpackaged]
[pkg_fmri_pattern ...]
Fix any errors reported by pkg verify. Verification of installed
package content is based on a custom content analysis that might
return different results than those of other programs.
pkg_fmri_pattern
Fix errors reported by pkg verify for only the specified pack‐
ages installed in the current image.
-H
Omit the headers from the verification output.
-v
Include informational messages regarding packages. See also the
description of the -v option for the install command above.
--accept
Indicate that you agree to and accept the terms of the licenses
of the packages that are updated or installed. If you do not
provide this option, and any package licenses require accep‐
tance, the operation fails.
--licenses
Display all of the licenses for the packages that are installed
or updated as part of this operation. For updated packages,
display the license only if the license has changed.
--parsable version
Parsable output. The supported version is 0. Use of this option
implies -q.
--unpackaged
report unpackaged contents in addition to general output.
For all other options, see the install command above.
pkg revert [-nv] [--no-be-activate] [--no-backup-be | --require-backup-
be] [--backup-be-name name] [--deny-new-be | --require-new-be] [--be-
name name] (--tagged tag-name ... | path-to-file ...)
Revert files delivered by pkg(7) packages to their as-delivered
condition. File ownership and protections are also restored.
Caution -
Reverting some editable files to their default values can make
the system unbootable, or cause other malfunctions.
--tagged tag-name
Revert all files tagged with tag-name, and remove any unpack‐
aged files or directories that are under directories with this
tag and that match pattern. See the description of the revert-
tag attribute in "File Actions" and "Directory Actions" in the
pkg(7) man page for more information about tag-name and pat‐
tern.
path-to-file
Revert the specified files.
For all other options, see the install command above.
pkg mediator [-aH] [-F format] [mediator ...]
Display the current selected version and/or implementation of all
mediators.
mediator
Display the current selected version and/or implementation of
only the specified mediators.
-F format
Specify an alternative output format. The value of format can
be tsv (Tab Separated Values), json (JavaScript Object Notation
as a single line), or json-formatted (JavaScript Object Nota‐
tion, formatted for readability).
-H
Omit the headers from the listing.
-a
List the mediations that can be set for currently installed
packages.
pkg set-mediator [-nv] [-I implementation] [-V version] [--no-be-acti‐
vate] [--no-backup-be | --require-backup-be] [--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name] mediator ...
Set the version and/or implementation for the specified mediators
in the current image.
-I implementation
Set the implementation of the mediated interface to use. By
default, if no version is specified, all implementation ver‐
sions are allowed. To specify an implementation with no ver‐
sion, append an at sign (@).
-V version
Set the version of the mediated interface to use.
If the specified mediator version and/or implementation is not cur‐
rently available, any links using the specified mediators are
removed.
For all other options, see the install command above.
pkg unset-mediator [-nvIV] [--no-be-activate] [--no-backup-be |
--require-backup-be] [--backup-be-name name] [--deny-new-be |
--require-new-be] [--be-name name] mediator ...
Revert the version and/or implementation of the specified mediators
to the system default.
-I
Revert only the implementation of the mediated interface.
-V
Revert only the version of the mediated interface.
For all other options, see the install command above.
pkg variant [-Haiv] [-F format] [variant_pattern ...]
Display the current values of all variants set in this image. See
"Facets and Variants" in the pkg(7) man page for more information
about variants.
variant_pattern
Display the current values of only the specified variants set
in this image.
-F format
Specify an alternative output format. For a description, see
the pkg mediator command.
-H
Omit the headers from the listing.
-a
Display all variants explicitly set in the image and all vari‐
ants that are listed in installed packages. The -a option can‐
not be combined with the -i option.
-i
Display all variants that are listed in installed packages. The
-i option cannot be combined with the -a option.
-v
Display the possible variant values that can be set for
installed packages. The -v option can be combined with the -a
or -i option.
pkg change-variant [-nvq] [-C n] [-g path_or_uri]... [-r [[-z zone‐
name]... | [-Z zonename]... ]] [--accept] [--licenses] [--no-be-acti‐
vate] [--no-backup-be | --require-backup-be] [--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name] [--sync-actuators |
--sync-actuators-timeout timeout] variant_name=value ...
Change the values of the specified variants set in the current
image.
Changing the value of a variant can cause package content to be
removed, updated, or installed. Changing a variant value can also
cause entire packages to be installed, updated, or removed to sat‐
isfy the new image configuration. See "Facets and Variants" in the
pkg(7) man page for more information about variants.
For descriptions of options, see the install command above.
pkg facet [-Haim] [-F format] [facet_pattern ...]
Display the current values and source of all facets that either
have been set locally in this image by using the pkg change-facet
command or have been inherited from a parent image (such as a non-
global zone inheriting the facet setting from the global zone). See
"Facets and Variants" in the pkg(7) man page for more information
about facets.
facet_pattern
Display the current values of only the specified facets set in
this image.
-F format
Specify an alternative output format. For a description, see
the pkg mediator command.
-H
Omit the headers from the listing.
-a
Display all facets explicitly set in the image and all facets
that are listed in installed packages. The -a option cannot be
combined with the -i option.
-i
Display all facets that are listed in installed packages. The
-i option cannot be combined with the -a option.
-m
Include masked facets in the output. Display a column that
indicates which, if any, facets are masked. Masked facets are
facets set locally in an image (by using the pkg change-facet
command) that are hidden by an inherited facet with the same
name.
pkg change-facet [-nvq] [-C n] [-g path_or_uri]... [-r [[-z zone‐
name]... | [-Z zonename]... ]] [--accept] [--licenses] [--no-be-acti‐
vate] [--no-backup-be | --require-backup-be] [--backup-be-name name]
[--deny-new-be | --require-new-be] [--be-name name] [--sync-actuators |
--sync-actuators-timeout timeout] facet_name=(True|False|None) ...
Change the values of the specified facets set in the current image.
The changes also appear in any images that inherit these facets,
such as non-global zones.
Facets can be set to True or False. Setting a facet to None applies
the default value of True to that facet; thus, any actions subject
to the facet will be installed. See "Actions" in the pkg(7) man
page for information about actions.
Changing the value of a facet can cause package content to be
removed, updated, or installed. Changing a facet value can also
cause entire packages to be installed, updated, or removed to sat‐
isfy the new image configuration. See "Facets and Variants" in the
pkg(7) man page for more information about facets.
For descriptions of options, see the install command above.
pkg avoid [pkg_fmri_pattern ...]
Display each avoided package along with any packages that have a
group dependency on that package.
Packages that are on the avoid list are installed if needed to sat‐
isfy a required dependency. If that dependency is removed, the
package is uninstalled.
pkg_fmri_pattern
Avoid the specified packages if they are the target of a group
dependency by placing the package names that currently match
the specified patterns on the avoid list. Only packages that
are not currently installed can be avoided. If a package is
currently the target of a group dependency, uninstalling the
package places it on the avoid list.
pkg unavoid [pkg_fmri_pattern ...]
Display the list of avoided packages.
pkg_fmri_pattern
Remove the specified packages from the avoid list. Packages on
the avoid list that match an installed package's group depen‐
dency cannot be removed using this subcommand. To remove a
package from the avoid list that matches a group dependency,
install the package.
pkg freeze [-n] [-c reason] [pkg_fmri_pattern ...]
Display information about currently frozen packages: package names,
versions, when the package was frozen, and any associated reasons
for freezing the packages.
Freezing a package does not prevent removal of the package. No
warning is displayed if the package is removed.
pkg_fmri_pattern
Freeze the specified packages to the specified versions. If no
version is given, the package must be installed and is frozen
at that installed version. Freezing a package that is already
frozen replaces the freeze version with the newly specified
version.
When a package that is frozen is installed or updated, it must
end up at a version that matches the version at which it was
frozen. For example, if a package was frozen at 1.2, then it
could be updated to 1.2.1, 1.2.9, 1.2.0.0.1, and so on. That
package could not end up at 1.3, or 1.1. A publisher presented
in the pkg_fmri_pattern is used to find matching packages. How‐
ever, publisher information is not recorded as part of the
freeze. A package is frozen with respect to its version only,
not its publisher.
-c reason
Record the reason with the packages that are frozen. The reason
is shown if a freeze prevents an installation or update from
succeeding.
-n
Perform a trial run of the freeze operation, displaying the
list of packages that would be frozen without freezing any
packages.
pkg unfreeze [-n] [pkg_name_pattern ...]
Display information about currently frozen packages: package names,
versions, when the package was frozen, and any associated reasons
for freezing the packages.
pkg_fmri_pattern
Remove the constraints that freezing imposes from the specified
packages. Any versions provided are ignored.
-n
Perform a trial run of the unfreeze operation, displaying the
list of packages that would be unfrozen without unfreezing any
packages.
pkg property [-H] [propname ...]
Display the names and values of all image properties. See "Image
Properties" below for descriptions of image properties.
propname
Display the names and values for only the specified properties.
-H
Omit the headers from the listing.
pkg set-property propname propvalue
Update an existing image property or add a new image property.
pkg add-property-value propname propvalue
Add a value to an existing image property or add a new image prop‐
erty.
pkg remove-property-value propname propvalue
Remove a value from an existing image property.
pkg unset-property propname ...
Remove an existing image property or properties.
pkg publisher [-HPn] [-F format] [publisher ...]
Display the list of all publishers in order of search preference.
The following information is displayed for each publisher: name,
attributes such as non-sticky and disabled, type (origin or mir‐
ror), status, proxy, and location URI. Proxy information is shown
only as T (true) or F (false) under the column labeled P. To show
the proxy value for a publisher with T in the P column, use the -F
tsv option or specify the publisher name argument. Proxies shown by
the pkg publisher command were set by using the --proxy option of
the pkg set-publisher command. Proxies set by using an http_proxy
environment variable are not shown by the pkg publisher command.
publisher
Display detailed configuration for only the specified publish‐
ers. Additional information displayed includes the proxy URI,
key, and certificate for each origin or mirror URI, the client
UUID, and the time the catalog was last updated.
-F format
Specify an alternative output format. The value of format can
only be tsv (Tab Separated Values).
-H
Omit the headers from the listing.
-P
Display only the first publisher in the publisher search order.
-n
Display only enabled publishers.
pkg set-publisher [-Ped] [-c ssl_cert] [-k ssl_key] [-g origin_to_add |
--add-origin origin_to_add]... [-G origin_to_remove | --remove-origin
origin_to_remove]... [-m mirror_to_add | --add-mirror mirror_to_add]...
[-M mirror_to_remove | --remove-mirror mirror_to_remove]... [--disable]
[--enable] [--no-refresh] [--reset-uuid] [--non-sticky] [--sticky]
[--search-after publisher] [--search-before publisher] [--search-first]
[--approve-ca-cert path_to_CA] [--revoke-ca-cert hash_of_CA_to_remove]
[--unset-ca-cert hash_of_CA_to_remove] [--set-property name_of_prop‐
erty=value] [--add-property-value name_of_property=value_to_add]
[--remove-property-value name_of_property=value_to_remove] [--unset-
property name_of_property_to_delete] [--proxy proxy_to_use] publisher
Update an existing publisher or add a publisher. If no options
affecting search order are specified, new publishers are appended
to the search order and are thus searched last.
-G origin_to_remove
--remove-origin origin_to_remove
Remove the URI or path from the list of origins for the given
publisher. The special value * can be used to remove all ori‐
gins.
-M mirror_to_remove
--remove-mirror mirror_to_remove
Remove the URI from the list of mirrors for the given pub‐
lisher. The special value * can be used to remove all mirrors.
-P
--search-first
Set the specified publisher first in the search order. When
installing new packages, this publisher is searched first.
Updates to already installed packages come from the same pub‐
lisher that originally provided the package as long as that
publisher remains sticky.
-c ssl_cert
Specify the client SSL certificate.
-d
--disable
Disable the publisher. A disabled publisher is not used when
populating the package list or in certain package operations
(install, uninstall, and update). However, the properties for a
disabled publisher can still be set and viewed. If only one
publisher exists, it cannot be disabled.
-e
--enable
Enable the publisher.
-g origin_to_add
--add-origin origin_to_add
Add the specified URI or path as an origin for the given pub‐
lisher. This should be the location of a package repository or
archive. If combined with --enable or --disable, the origins
will be enabled or disabled as specified. In this case, * can
be used to enable or disable all origins.
-k ssl_key
Specify the client SSL key.
-m mirror_to_add
--add-mirror mirror_to_add
Add the URI as a mirror for the given publisher.
--add-property-value name_of_property=value_to_add
Add a value to an existing publisher property or add a new pub‐
lisher property.
--approve-ca-cert path_to_CA
For verifying signed packages, add the specified certificate as
a CA certificate that is trusted. The hashes of the PEM repre‐
sentation of the user-approved CA certificates are listed in
the detailed output of the pkg publisher command.
--no-refresh
Do not attempt to contact the repositories for the image's pub‐
lishers to retrieve the newest list of available packages and
other metadata.
--non-sticky
Higher ranked publishers than this one can provide updates to
packages originally installed from this publisher. All non-
sticky publishers adjacent to this one or siblings, regardless
of rank, can provide updates and satisfy dependencies of pack‐
ages offered by this publisher.
--proxy proxy_to_use
Use the specified proxy URI to retrieve content for the speci‐
fied origin (-g) or mirror (-m). The proxy value is stored as
part of the publisher configuration, which means the system
repository used by child images is automatically updated. This
option cannot be used to set an authenticated proxy. The
proxy_to_use value cannot have the form protocol://user:pass‐
word@host.
At run time, http_proxy or related environment variables over‐
ride this proxy setting. See the "Environment" section of the
curl(1) man page for the list of accepted environment variable
names. If you use an environment variable to set the proxy URI,
you must also set the appropriate proxy property of the
svc:/application/pkg/system-repository SMF service to the same
value. See "Specifying a Proxy" in Updating Systems and Adding
Software in Oracle Solaris 11.4
--remove-property-value name_of_property=value_to_remove
Remove a value from an existing publisher property.
--reset-uuid
Choose a new unique identifier that identifies this image to
its publisher.
--revoke-ca-cert hash_of_CA_to_remove
For verifying signed packages, treat the certificate with the
given hash of its PEM representation as revoked. The hashes of
the user-revoked CA certificates are listed in the detailed
output of the pkg publisher command.
--search-after publisher
Alter the publisher search order so that the publisher being
added or modified is searched after the publisher specified in
this option.
--search-before publisher
Alter the publisher search order so that the publisher being
added or modified is searched before the publisher specified in
this option.
--set-property name_of_property=value
Update an existing publisher property or add a new publisher
property.
--sticky
Updates to packages that were installed from this publisher
must also come from this publisher. This is the default behav‐
ior.
--unset-ca-cert hash_of_CA_to_remove
For verifying signed packages, remove the certificate with the
given hash from the list of approved certificates and the list
of revoked certificates.
--unset-property name_of_property_to_delete
Remove an existing publisher property.
pkg set-publisher -p repo_uri [-Ped] [-c ssl_cert] [-k ssl_key] [--non-
sticky] [--sticky] [--search-after publisher] [--search-before pub‐
lisher] [--search-first] [--approve-ca-cert path_to_CA] [--revoke-ca-
cert hash_of_CA_to_remove] [--unset-ca-cert hash_of_CA_to_remove]
[--set-property name_of_property=value] [--add-property-value
name_of_property=value_to_add] [--remove-property-value name_of_prop‐
erty=value_to_remove] [--unset-property name_of_property_to_delete]
[--proxy proxy_to_use] [publisher]
Retrieve publisher configuration information from the repo_uri
repository URI.
If a publisher operand is specified to this set-publisher subcom‐
mand, then only that publisher is added or updated. If no publisher
is specified, all publishers in repo_uri are added or updated as
appropriate.
For descriptions of options, see the set-publisher command above.
When used with -p, the -P, --search-first, --search-before, and
--search-after options only apply to added publishers, not to
updated publishers.
The -p option cannot be combined with the -g, --add-origin, -G,
--remove-origin, -m, --add-mirror, -M, --remove-mirror, --disable,
--enable, --no-refresh, or --reset-uuid options.
pkg unset-publisher publisher ...
Remove the configuration associated with the specified publisher or
publishers.
pkg history [-HNl] [-n number] [-o column[,column]...]... [-t time |
time-time[,time | time-time]...]...
Display the command history of the applicable image. Display the
start time of the operation, the name of the operation (for exam‐
ple, install), the client (for example, pkg), and the outcome of
the operation (Succeeded or Failed).
-H
Omit the headers from the listing.
-l
Display the long form of the command history of the image.
Additional information displayed includes the version of the
client, the name of the user who performed the operation,
whether a new boot environment was created, the time the opera‐
tion completed and total time taken, the complete command that
was issued, and any errors that were encountered while execut‐
ing the command. For operations such as update, complete FMRIs
of changed packages are shown.
-N
Display the release note text.
-n number
Display only the specified number of most recent entries.
-o column
Display output using the specified column names. The -o option
can be specified multiple times, or multiple column names can
be specified as the argument to one -o option by separating the
column names with commas. Valid column names are:
be
The name of the boot environment this operation was started
on.
be_uuid
The uuid of the boot environment this operation was started
on.
client
The name of the client.
client_ver
The version of the client.
command
The command line used for this operation.
finish
The time that this operation finished.
id
The user id that started this operation.
new_be
The new boot environment created by this operation.
new_be_uuid
The uuid of the new boot environment created by this opera‐
tion.
operation
The name of the operation.
outcome
A summary of the outcome of this operation.
reason
Additional information on the outcome of this operation.
release_note
Indicates whether this operation generated release notes.
snapshot
The snapshot taken during this operation. This is only
recorded if the snapshot was not automatically removed
after successful operation completion.
start
The time that this operation started.
time
The total time taken to perform this operation. For opera‐
tions that take less than one second, 0:00:00 is shown.
user
The username that started this operation.
If the command or reason columns are specified, they must be
the last item in the -o list, in order to preserve output field
separation. These two columns cannot be shown in the same his‐
tory command.
An asterisk (*) is shown after the values for be or new_be if
the boot environment is no longer present on the system.
The values for be and new_be are obtained by looking up the
current boot environment name, using the be_uuid or new_be_uuid
fields. If a boot environment was subsequently renamed, and
later deleted, the values displayed for be and new_be are the
values recorded at the time of the pkg operation.
-t time
-t time-time
Display log records for a comma-separated list of timestamps,
formatted with %Y-%m-%dT%H:%M:%S (see the strftime(3C) man
page). To specify a range of times, use a hyphen (-) between a
start and finish timestamp. The keyword now can be used as an
alias for the current time. This option can be specified multi‐
ple times. If the timestamps specified contain duplicate time‐
stamps or overlapping ranges, duplicate history events are not
displayed. Only a single instance of each history event is dis‐
played.
pkg purge-history
Delete all existing history information.
pkg rebuild-index
Rebuild the index used by pkg search. This is a recovery operation
not intended for general use.
pkg update-format
Update the format of the image to the current version. Once this
operation has completed, the image can no longer be used with older
versions of the pkg(7) system.
pkg version
Display a unique string identifying the version of pkg. This string
is not guaranteed to be comparable in any fashion between versions.
pkg help [-v]
Display a full list of subcommands.
-v
Display a verbose usage message of subcommands.
pkg image-create [-FPUfz] [--force] [--full | --partial | --user]
[--zone] [-c ssl_cert] [-k ssl_key] [-g path_or_uri | --origin
path_or_uri]... [-m uri | --mirror uri]... [--facet
facet_name=(True|False)]... [--no-refresh] [--set-property
name_of_property=value] [--variant variant_name=value]... [(-p | --pub‐
lisher) [name=]repo_uri] dir
At the location given by dir, create an image suitable for package
operations. Images created by using the image-create subcommand are
not bootable. Most users should use the --be-name or --require-new-
be options with pkg commands, or use the beadm or zoneadm commands
to create images. The pkg image-create command is used for tasks
such as maintaining packages and operating system distributions.
The default image type is user, which can be specified by using the
-U or --user option. Alternatively, the image type can be set to a
full image (--F or --full) or to a partial image (-P or --partial)
linked to the full image enclosing the given dir path.
Additional origins can be specified using -g or --origin. Addi‐
tional mirrors can be specified using -m or --mirror.
A package repository URI must be provided using the -p or --pub‐
lisher option. If a publisher name is also provided, then only that
publisher is added when the image is created. If a publisher name
is not provided, then all publishers known by the specified reposi‐
tory are added to the image. An attempt to retrieve the catalog
associated with this publisher is made following the initial cre‐
ation operations.
For publishers using client SSL authentication, a client key and
client certificate can be registered via the -c and -k options.
This key and certificate are used for all publishers added during
image creation.
If the image is to be run within non-global zone context, use the
-z (--zone) option to set an appropriate variant.
-f
--force
Force the creation of an image over an existing image. This
option should be used with care.
--facet facet_name=(True|False)
Set the specified facet to the indicated value. See "Facets and
Variants" in the pkg(7) man page for more information about
facets.
--no-refresh
Do not attempt to contact the repositories for the image's pub‐
lishers to retrieve the newest list of available packages and
other metadata.
--set-property name_of_property=value
Set the specified image property to the indicated value. See
"Image Properties" below for descriptions of image properties.
--variant variant_name=value
Set the specified variant to the indicated value. See "Facets
and Variants" in the pkg(7) man page for more information about
variants.
pkg -R dir dehydrate [-nvq] [-p publisher]...
Remove all non-editable packaged files and packaged hardlinks from
the image specified by the -R option to create a fully dehydrated
image. Packaged files and packaged hardlinks are files and
hardlinks that are delivered by the currently installed version of
a package. A non-editable file cannot have any preserve or overlay
attribute and cannot have a dehydrate attribute with a value of
false.
The pkg dehydrate command only operates on an alternate root. Use
the -R option to specify the alternate root. If the alternate root
belongs to a boot environment, dehydration will render it
unbootable.
If the pkg dehydrate command succeeds, a property named dehydrated
is set on the dir image specified by the -R option. The value of
the dehydrated property is a list of all publishers set in the dir
image that have a configured package repository.
Package installation operations on packages from a dehydrated pub‐
lisher are automatically dehydrated. If you install a package in a
dehydrated image, the package content is installed and then dehy‐
drated. Package installation operations can include operations such
as update and change-facet as well as install.
-p publisher
Remove only non-editable files and hardlinks delivered by the
specified publishers to create a partially dehydrated image. If
all configured publishers of the image are specified, a fully
dehydrated image is created as described above.
If one or more publishers is specified, and if any of the pub‐
lishers is not configured in the image, then nothing is removed
from the image.
If the pkg dehydrate command succeeds, a property named dehy‐
drated is set on the dir image specified by the -R option. The
value of the dehydrated property is a list of all publishers
specified by -p options.
For all other options, see the install command above.
pkg -R dir rehydrate [-nvq] [-p publisher]...
Reinstall all files and hardlinks removed by the pkg dehydrate com‐
mand.
The pkg rehydrate command only operates on an alternate root. Use
the -R option to specify the alternate root.
If the pkg rehydrate command succeeds, the value of the dehydrated
property of the image is empty.
-p publisher
Reinstall all files and hardlinks removed by the pkg dehydrate
command for the specified publishers.
If one or more publishers is specified, and if any of the pub‐
lishers is not configured in the image, then nothing is
installed.
If the pkg rehydrate command succeeds, the specified publisher
names are removed from the value of the dehydrated property set
on the image. Publishers not specified in the rehydrate command
remain listed in the dehydrated property, and content installed
from those publishers will still be dehydrated.
For all other options, see the install command above.
IMAGE PROPERTIES
Daemons or other programs that need to know the time an image was last
modified can consult the time stamp on the file /var/pkg/modified. The
time stamp on /var/pkg/modified is updated every time an operation
occurs that modifies the image. Use the pkg history command to display
information about the change at that time.
The following properties define characteristics of the image. These
properties store information about the purpose, content, and behavior
of the image. To view the current values of these properties in the
image, use the pkg property command. To modify the values of these
properties, use the pkg set-property and pkg unset-property commands.
be-policy
(string) Specify when a boot environment is created during packag‐
ing operations. The following values are allowed:
default
Apply the default boot environment creation policy, create-
backup.
always-new
Requires a reboot for all package operations by performing them
in a new boot environment set as active on the next boot. A
backup boot environment is not created unless explicitly
requested.
This policy is the safest, but is more strict than most sites
need since no packages can be added without a reboot.
create-backup
For package operations that require a reboot, a new boot envi‐
ronment is created and set as active on the next boot. If pack‐
ages are modified or content that could affect the kernel is
installed and the operation affects the live boot environment,
a backup boot environment is created but not set as active. A
backup boot environment can also be explicitly requested.
This policy is potentially risky only if newly installed soft‐
ware causes system instability, which is possible but rela‐
tively rare.
when-required
For package operations that require a reboot, a new boot envi‐
ronment is created and set as active on the next boot. A backup
boot environment is not created unless explicitly requested.
This policy carries the greatest risk since if a packaging
change to the live boot environment makes further changes
impossible, there might be no recent boot environment to which
one can fallback.
ca-path
(string) A path name that points to a directory where CA certifi‐
cates are kept for SSL operations. The format of this directory is
specific to the underlying SSL implementation. To use an alternate
location for trusted CA certificates, change this value to point to
a different directory. See the CApath portions of SSL_CTX_load_ver‐
ify_locations(3openssl) for requirements for the CA directory.
Default value: /etc/openssl/certs
check-certificate-revocation
(boolean) If this is set to True, the package client attempts to
contact any CRL distribution points in the certificates used for
signature verification to determine whether the certificate has
been revoked since being issued.
Default value: False
content-update-policy
(string) Specify when the package system will update non-editable
files during packaging operations. The following values are
allowed:
default
Always apply the default content update policy.
always
Always download and update non-editable files that have
changed.
when-required
Download and update non-editable files that have changed only
if the package system has determined that an update is
required.
Default value: always
flush-content-cache-on-success
(boolean) If this is set to True, the package client removes the
files in its content-cache when image-modifying operations complete
successfully. For operations that create a boot environment, the
content will be removed from both the source and destination boot
environment.
This property can be used to keep the content-cache small on sys‐
tems with limited disk space. This property can cause operations to
take longer to complete.
Default value: True
mirror-discovery
(boolean) This property tells the client to discover link-local
content mirrors using mDNS and DNS-SD. If this property is set to
True, the client attempts to download package content from mirrors
it dynamically discovers. To run a mirror that advertises its con‐
tent via mDNS, see the pkg.depotd(8) man page.
Default value: False
send-uuid
(boolean) Send the image's Universally Unique Identifier (UUID)
when performing network operations. Although users can disable this
option, some network repositories might refuse to talk to clients
that do not supply a UUID.
Default value: True
be-use-suggested-name
(boolean) Use the suggested Boot Environment name from
pkg:/release/name when updates where a new BE is created and --be-
name has not been supplied.
Default value: True
signature-policy
(string) Determine what checks will be performed on manifests when
installing, updating, modifying, or verifying packages in the
image. The final policy applied to a package depends on the combi‐
nation of image policy and publisher policy. The combination will
be at least as strict as the stricter of the two policies taken
individually. By default, the package client does not check whether
certificates have been revoked. To enable those checks, which might
require the client to contact external Internet sites, set the
check-certificate-revocation image property to True. The following
values are allowed:
ignore
Ignore signatures for all manifests.
verify
Verify that all manifests with signatures are validly signed,
but do not require all installed packages to be signed. This is
the default value.
require-signatures
Require that all newly installed packages have at least one
valid signature. The pkg fix and pkg verify commands also warn
if an installed package does not have a valid signature.
require-names
Follow the same requirements as require-signatures but also
require that the strings listed in the signature-required-names
property appear as a common name of the certificates used to
verify the chains of trust of the signatures.
signature-required-names
(list of strings) A list of names that must be seen as common names
of certificates while validating the signatures of a package.
trust-anchor-directory
(string) The path name of the directory that contains the trust
anchors for the image. This path is relative to the image. The
default value is ignore.
use-system-repo
(boolean) This property indicates whether the image should use the
system repository as a source for image and publisher configuration
and as a proxy for communicating with the publishers provided. The
default value is False. See the pkg.sysrepo(8) man page for infor‐
mation about system repositories.
PUBLISHER PROPERTIES
The following properties define signature policy for a particular pub‐
lisher. The image properties of the same name define signature policy
for the image. To view the current values of these properties for a
particular publisher, use the pkg publisher publisher_name command. To
modify the values of these publisher signature policy properties, use
the --set-property and --unset-property options of the pkg set-pub‐
lisher command.
signature-policy
(string) This property functions identically to the image property
of the same name except that it only applies to packages from the
particular publisher.
signature-required-names
(list of strings) This property functions identically to the image
property of the same name except that it only applies to packages
from the particular publisher.
PERIODIC PACKAGE UPDATE SERVICE
The SMF service svc:/system/auto-update:default provides a mechanism to
automatically update and reboot the system on an administrator defined
schedule. This is particularly useful when the system is deployed with
an immutable root filesystem profile.
config/auto-reboot
Automatically reboot if updates are performed, defaults to true.
config/shutdown-grace-period
Time in seconds to wait before shutdown(8) is used to automatically
reboot the system.
config/reboot-check-hook
Path to an optional executable script/program that returns 0 when
it safe to perform the reboot.
The program may block until such time as it is safe to reboot, or
may choose to return at any time with a non-zero exit code if the
reboot should not be performed. If the reboot is not performed the
service will enter the degraded state; any output from the command
is used as the reason for the degraded state.
config/activate-new-be
Automatically activate the new boot environment, defaults to true.
config/require-new-be
Create a new BE for any updates rather than using the live BE. The
BE is automatically named by pkg(1), where possible, using metadata
stored in pkg:/release/name.
config/packages
List of packages to explicitly update or install.
Defaults to empty, which instructs pkg to update the currently
installed packages to the newest version allowed by the constraints
imposed on the system by installed packages and publisher configu‐
ration.
Any packages in the list that are not currently present on the sys‐
tem will be installed, if the image constraints allow.
config/pkg_extra_args
List of extra CLI arguments to pass to the pkg command. For example
to record verbose output (-vvv) or to operate on all zones (-r).
scheduled/*
The default configuration is to attempt the update and reboot
weekly at midnight on a Sunday. An alternative schedule can be con‐
figured by setting the appropriate properties in the scheduled
property group, see svc.periodicd(8).
The SMF service svc:/system/auto-update:cleanup manages the boot envi‐
ronments created by the automatic update service. To opt an auto-update
boot environment out of automatic removal and allow it to be preserved
and managed manually use 'beadm set-policy -nstatic bename'.
config/keep The maximum number of boot environments created by the
auto update service to keep.
EXAMPLES
Example 1 Create an Image With Publisher Configured
Create a new, full image, with publisher example.com, stored at
/aux0/example_root.
$ pkg image-create -F -p example.com=http://pkg.example.com:10000 \
/aux0/example_root
Example 2 Create an Image, Specifying Additional Origins and Mirror
Create a new, full image, with publisher example.com, that also has an
additional mirror, two additional origins, and is stored at /aux0/exam‐
ple_root.
$ pkg image-create -F -p example.com=http://pkg.example.com:10000 \
-g http://alternate1.example.com:10000/ \
-g http://alternate2.example.com:10000/ \
-m http://mirror.example.com:10000/ \
/aux0/example_root
Example 3 Create an Image With No Publisher Configured
Create a new, full image with no publishers configured at /aux0/exam‐
ple_root.
$ pkg image-create -F /aux0/example_root
Example 4 Install a Package
Install the latest version of the widget package in the current image.
$ pkg install application/widget
Example 5 List Specified Contents of a Package
List the contents of the system/file-system/zfs package. Display the
action name, the mode of the file (if defined), the size (if defined),
the path, and the target (if a link). Limit the action to types dir,
file, link, and hardlink, since specifying the action.name attribute,
which is available for all actions, displays a line for all actions,
which is not desired here.
$ pkg contents -t dir,file,link,hardlink \
-o action.name,mode,pkg.size,path,target system/file-system/zfs
ACTION.NAME MODE PKG.SIZE PATH TARGET
dir 0755 etc
dir 0755 etc/fs
dir 0755 etc/fs/zfs
link etc/fs/zfs/mount ../../../usr/sbin/zfs
link etc/fs/zfs/umount ../../../usr/sbin/zfs
dir 0755 etc/zfs
dir 0755 kernel
dir 0755 kernel/drv
dir 0755 kernel/drv/amd64
file 0755 1706744 kernel/drv/amd64/zfs
file 0644 980 kernel/drv/zfs.conf
dir 0755 kernel/fs
dir 0755 kernel/fs/amd64
hardlink kernel/fs/amd64/zfs ../../../kernel/drv/amd64/zfs
...
Example 6 List Specified Contents of Two Packages
List the contents of web/browser/firefox and mail/thunderbird, limiting
the display to just the package name and path attributes of actions
whose path attribute ends in .desktop or .png.
$ pkg contents -o pkg.name,path -a path=\*.desktop \
-a path=\*.png web/browser/firefox mail/thunderbird
PKG.NAME PATH
web/browser/firefox usr/share/applications/firefox.desktop
mail/thunderbird usr/share/applications/thunderbird.desktop
web/browser/firefox usr/share/pixmaps/firefox-icon.png
mail/thunderbird usr/share/pixmaps/thunderbird-icon.png
...
Example 7 Search for a Package
Search the package database for the token bge.
$ pkg search bge
INDEX ACTION VALUE PACKAGE
driver_name driver bge pkg:/driver/network/ethernet/bge@0.5.11-0.175.0.0.0.2.1
basename file kernel/drv/sparcv9/bge pkg:/driver/network/ethernet/bge@0.5.11-0.175.0.0.0.2.1
basename file kernel/drv/amd64/bge pkg:/driver/network/ethernet/bge@0.5.11-0.175.0.0.0.2.1
basename file platform/sun4v/kernel/drv/sparcv9/bge pkg:/system/kernel/platform@0.5.11-0.175.0.0.0.2.1
pkg.fmri set solaris/driver/network/bge pkg:/driver/network/bge@0.5.11-0.173.0.0.0.1.0
pkg.fmri set solaris/driver/network/ethernet/bge pkg:/driver/network/ethernet/bge@0.5.11-0.175.0.0.0.2.1
The token is in the package driver/network/bge both as the basename for
the file action representing /kernel/drv/arch/bge and as a driver name.
Example 8 Search for a File
Search for the package that delivers a file by specifying the full path
name of the file, including the leading slash character.
$ pkg search -o path,pkg.name -l /usr/bin/vim
PATH PKG.NAME
usr/bin/vim editor/vim/vim-core
Search for a file and the package that delivers that file by specifying
file for the action_name, path or basename for the index, and the full
or partial file name for the token.
$ pkg search -o path,pkg.name -l file:basename:vim
PATH PKG.NAME
usr/bin/vim editor/vim/vim-core
Example 9 Search for Files and Directories
Search for files and directories and the packages that deliver them by
specifying path or basename for the index and the full or partial file
name for the token. Depending on your shell, you might need to escape
wildcards.
$ pkg search -o path,pkg.name -l path:*/vim
PATH PKG.NAME
usr/bin/vim editor/vim/vim-core
usr/share/vim editor/vim
usr/share/vim editor/vim/vim-core
$ pkg search -o path,pkg.name -l basename:vim
PATH PKG.NAME
usr/share/vim editor/vim
usr/share/vim editor/vim/vim-core
usr/bin/vim editor/vim/vim-core
Example 10 Show Which Packages Provide Which SMF Services
Show which packages provide a particular SMF service by specifying the
value org.opensolaris.smf.fmri for the index in a structured search and
the name of the service you want to find for the token. The value
org.opensolaris.smf.fmri is the name of an attribute of a set action.
Remember to escape the : in the name of the service.
For example, show which HTTP servers are available by specifying the
value svc:/network/http for the token.
$ pkg search 'org.opensolaris.smf.fmri:svc\:/network/http*'
INDEX ACTION VALUE PACKAGE
org.opensolaris.smf.fmri set svc:/network/http pkg:/web/server/lighttpd-14@1.4.23-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http pkg:/web/proxy/privoxy@3.0.17-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http pkg:/web/proxy/squid@3.1.18-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http pkg:/web/java-servlet/tomcat@6.0.35-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http pkg:/web/server/apache-22@2.2.22-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http:apache22 pkg:/web/server/apache-22@2.2.22-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http:lighttpd14 pkg:/web/server/lighttpd-14@1.4.23-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http:privoxy pkg:/web/proxy/privoxy@3.0.17-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http:squid pkg:/web/proxy/squid@3.1.18-0.175.0.0.0.2.1
org.opensolaris.smf.fmri set svc:/network/http:tomcat6 pkg:/web/java-servlet/tomcat@6.0.35-0.175.0.0.0.2.1
Example 11 Search for Packages that Depend on the Specified Package
Search for installed packages that depend on package/pkg.
$ pkg search -l depend::package/pkg
INDEX ACTION VALUE PACKAGE
incorporate depend package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/consolidation/ips/ips-incorporation@0.5.11-0.175.0.0.0.2.1
require depend pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/system/library/install@0.5.11-0.175.0.0.0.2.1
require depend pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/system/library/boot-management@0.5.11-0.175.0.0.0.2.1
require depend package/pkg pkg:/system/zones/brand/brand-solaris@0.5.11-0.175.0.0.0.2.1
require depend pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/install/distribution-constructor@0.5.11-0.175.0.0.0.2.1
require depend pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/system/boot-environment-utilities@0.5.11-0.175.0.0.0.2.1
require depend pkg:/package/pkg@0.5.11-0.175.0.0.0.2.1 pkg:/package/pkg/system-repository@0.5.11-0.175.0.0.0.2.1
Example 12 Search for Dependencies
Search for all incorporate dependencies in installed packages.
$ pkg search -l depend:incorporate:
INDEX ACTION VALUE PACKAGE
incorporate depend pkg:/BRCMbnx@0.5.11-0.175.0.0.0.2.1 pkg:/consolidation/osnet/osnet-incorporation@0.5.11-0.175.0.0.0.2.1
incorporate depend pkg:/BRCMbnxe@0.5.11-0.175.0.0.0.2.1 pkg:/consolidation/osnet/osnet-incorporation@0.5.11-0.175.0.0.0.2.1
...
Example 13 Add a Publisher
Add a new publisher example.com, with a repository located at
http://www.example.com/repo.
$ pkg set-publisher -g http://www.example.com/repo example.com
Example 14 Add a Publisher With Key and Certificate
Add a new publisher example.com, with a secure repository located at
https://secure.example.com/repo, and a key and certificate stored in
the directory /root/creds.
$ pkg set-publisher -k /root/creds/example.key \
-c /root/creds/example.cert -g https://secure.example.com/repo \
example.com
Example 15 Add and Automatically Configure a Publisher
Add a new publisher with a repository located at /export/repo using
automatic configuration.
$ pkg set-publisher -p /export/repo
Example 16 Add and Manually Configure a Publisher
Add a new publisher example.com with a repository located at
/export/repo/example.com using manual configuration.
$ pkg set-publisher -g /export/repo example.com
Example 17 Add a Publisher and Configure a Proxy
Add a new publisher mypub with origin http://server/repo and proxy
http://webcache:8080.
$ pkg set-publisher -g http://server/repo \
--proxy http://webcache:8080 mypub
Example 18 Verify All Signed Packages
Configure an image to verify all signed packages.
$ pkg set-property signature-policy verify
Example 19 Require All Packages To Be Signed
Configure an image to require all packages to be signed, and require
the string example.com to be seen as a common name for one of the cer‐
tificates in the chain of trust.
$ pkg set-property signature-policy require-names example.com
Example 20 Require All Packages From a Specified Publisher To Be Signed
Configure an image so that all packages installed from publisher exam‐
ple.com must be signed.
$ pkg set-publisher --set-property signature-policy=require-signatures \
example.com
Example 21 Require a Specified String in the Chain of Trust
Add the string foo to the image's list of common names that must be
seen in a signature's chain of trust to be considered valid.
$ pkg add-property-value signature-require-names foo
Example 22 Remove a String From the Chain of Trust for a Specified Pub‐
lisher
Remove the string foo from the list of common names that must be seen
to validate a signature for the publisher example.com.
$ pkg set-publisher --remove-property-value signature-require-names=foo \
example.com
Example 23 Add a Trusted CA Certificate
Add the certificate stored in /tmp/example_file.pem as a trusted CA
certificate for the publisher example.com.
$ pkg set-publisher --approve-ca-cert /tmp/example_file.pem \
example.com
Example 24 Revoke a Certificate
Revoke the certificate with the hash a12345 for publisher example.com,
preventing the certificate from validating any signatures for packages
from example.com.
$ pkg set-publisher --revoke-ca-cert a12345 example.com
Example 25 Forget About a Certificate
Make pkg forget that the certificate a12345 was ever added or revoked
by the user.
$ pkg set-publisher --unset-ca-cert a12345 example.com
Example 26 Downgrade a Package
Downgrade the installed package foo@1.1 to an older version.
$ pkg update foo@1.0
Example 27 Switch Conflicting Package Installation
In the case of two conflicting packages, change which package is
installed. Suppose package A depends on either package B or package C,
and B and C are mutually exclusive. If A and B are installed, use the
following command to switch to using C instead of B without unin‐
stalling A:
$ pkg install --reject B C
Example 28 List Packages in a Package Archive
List all versions of all packages in a package archive.
$ pkg list -f -g /my/archive.p5p
Example 29 List Packages in a Package Repository
List all versions of all packages in a repository.
$ pkg list -f -g http://example.com:10000
Example 30 Display Information About a Package in a Package Archive
Display the package information for the latest version of a package in
a package archive. The package might or might not be currently
installed.
$ pkg info -g /my/archive.p5p pkg_name
Example 31 Display Contents of a Package in a Package Archive
Display the contents of a package in a package archive. The package is
not currently installed.
$ pkg contents -g /my/archive.p5p pkg_name
Example 32 Remove All Publisher Origins and Mirrors
Remove all of the origins and mirrors for a publisher and add a new
origin.
$ pkg set-publisher -G '*' -M '*' -g http://example.com:10000 \
example.com
Example 33 Dehydrating and Rehydrating an Image
In these examples, /tmp/test_image is the image that you want to dehy‐
drate and rehydrate.
Because no publisher is specified, the following command fully dehy‐
drates the /tmp/test_image image by operating on all publishers that
are enabled in the /tmp/test_image image.
$ pkg -R /tmp/test_image dehydrate
Because no publisher is specified, the following command operates on
all publishers configured in the /tmp/test_image image to fully restore
the /tmp/test_image image.
$ pkg -R /tmp/test_image rehydrate
Example 34 Dehydrating and Rehydrating an Image Specifying Publishers
In these examples, /tmp/test_image is the image that you want to dehy‐
drate and rehydrate, and the test1 and test2 publishers are enabled in
the /tmp/test_image image and their origins provide the necessary con‐
tent.
The following command operates only on files and hardlinks delivered by
the test1 publisher.
$ pkg -R /tmp/test_image dehydrate -p test1
The following command rehydrates only files and hardlinks delivered by
the test1 publisher.
$ pkg -R /tmp/test_image rehydrate -p test1
Example 35 Verify an Individual Path in an Image
Verify an individual file at path /tmp/test_image/usr/bin/ls and dis‐
play verbose result.
$ pkg -R /tmp/test_image verify -v -p /usr/bin/ls
ENVIRONMENT VARIABLES
The following environment variables are supported:
PKG_CLIENT_CONNECT_TIMEOUT
Seconds to wait trying to connect during transport operations (for
each attempt) before the client aborts the operation. A value of 0
means wait indefinitely.
Default value: 60
PKG_CLIENT_LOWSPEED_TIMEOUT
Seconds below the lowspeed limit (1024 bytes/second) during trans‐
port operations before the client aborts the operation. A value of
0 means do not abort the operation.
Default value: 30
PKG_CLIENT_MAX_CONSECUTIVE_ERROR
Maximum number of transient transport errors before the client
aborts the operation. A value of 0 means do not abort the opera‐
tion.
Default value: 4
PKG_CLIENT_MAX_REDIRECT
Maximum number of HTTP or HTTPS redirects allowed during transport
operations before a connection is aborted. A value of 0 means do
not abort the operation.
Default value: 5
PKG_CLIENT_MAX_TIMEOUT
Maximum number of transport attempts per host before the client
aborts the operation. A value of 0 means do not abort the opera‐
tion.
Default value: 4
PKG_CONCURRENCY
The number of child images to update in parallel. Ignored if the -C
option is specified.
When recursing into child images (usually installed solaris branded
non-global zones), update at most $PKG_CONCURRENCY child images in
parallel. If $PKG_CONCURRENCY is 0 or a negative number, all child
images are updated in parallel.
Default value: 1
PKG_IMAGE
The directory containing the image to use for package operations.
Ignored if -R is specified.
http_proxy, https_proxy
HTTP or HTTPS proxy server. Use the following syntax to set either
http_proxy or https_proxy:
http_proxy [protocol://]host[:port]
See "Specifying a Proxy" in Updating Systems and Adding Software in
Oracle Solaris 11.4.
no_proxy
List of host names that should not go through any proxy. If set to
asterisk (*) only, all hosts are matched: no hosts will be proxied.
Use the following syntax to set no_proxy:
no_proxy [* | host[,host]...]
EXIT STATUS
The following exit values are returned:
0 Command succeeded.
1 An error occurred.
2 Invalid command line options were specified.
3 Multiple operations were requested, but only some of them suc‐
ceeded.
4 No changes were made - nothing to do.
5 The requested operation cannot be performed on a live image.
6 The requested operation cannot be completed because the licenses
for the packages being installed or updated have not been
accepted.
7 The image is currently in use by another process and cannot be
modified.
8 One or more SMF actuators timed out.
99 An unanticipated exception occurred.
FILES
A pkg(7) image can be located arbitrarily within a larger file system.
In the following file descriptions, the token $IMAGE_ROOT is used to
distinguish relative paths. For a typical system installation,
$IMAGE_ROOT is equivalent to /
$IMAGE_ROOT/var/pkg
Metadata directory for a full or partial image.
$IMAGE_ROOT/.org.opensolaris,pkg
Metadata directory for a user image.
Within a particular image's metadata, certain files and directories can
contain information useful during repair and recovery. The token
$IMAGE_META refers to the top-level directory containing the metadata.
$IMAGE_META is typically one of the two paths given above.
$IMAGE_META/lost+found
Location of conflicting directories and files moved during a pack‐
age operation. Location of unpackaged contents of a removed direc‐
tory.
$IMAGE_META/publisher
Contains a directory for each publisher. Each directory stores pub‐
lisher-specific metadata.
Other paths within the $IMAGE_META directory hierarchy are private and
are subject to change.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitypackage/pkg _ Interface StabilityUncommit‐
ted
SEE ALSO
pkgsend(1), beadm(8), pkg.depotd(8), pkg.sysrepo(8), glob(3C), pkg(7),
svc.periodicd(8)
Updating Systems and Adding Software in Oracle Solaris 11.4
https://github.com/oracle/solaris-ips
Oracle Solaris 11.4 10 March 2021 pkg(1)