svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
pkgsign(1)
pkgsign(1) User Commands pkgsign(1)
NAME
pkgsign - Image Packaging System signing utility
SYNOPSIS
/usr/bin/pkgsign [-a hash_algorithm]
[-c path_to_signing_certificate]
[-i path_to_intermediate_cert] ...
[-k path_to_private_key] [-n] -s path_or_uri
[--help] [--no-index] [--no-catalog]
(fmri|pattern) ...
DESCRIPTION
pkgsign updates the manifest for the given FMRIs in place in the repos‐
itory by adding a signature action using the provided key and certifi‐
cates. The modified package retains the original timestamp.
OPTIONS
The following options are supported:
--help
Display a usage message.
-a hash_algorithm
Use the signature algorithm hash_algorithm instead of the default.
The default signature algorithm is rsa-sha256. Supported signature
algorithms are rsa-sha256, rsa-sha384, rsa-sha512, sha256, sha384,
and sha512. A signature algorithm that only specifies a hash algo‐
rithm causes the signature value to be the hash of the manifest of
the package. A signature algorithm that specifies rsa and a hash
algorithm causes the signature value to be the hash of the manifest
signed with the private key provided (see the -c and -k options).
-c path_to_signing_certificate
Add the certificate path_to_signing_certificate as the certificate
to use when verifying the value of the signature in the action. The
-c option can only be used with the -k option.
-i path_to_intermediate_cert
Add the certificate path_to_intermediate_cert as a certificate to
use when validating the certificate path_to_signing_certificate
given as an argument to -c. Multiple certificates can be provided
by specifying -i multiple times.
-k path_to_private_key
Use the private key stored in path_to_private_key to sign the mani‐
fest. The -k option can only be used with the -c option. If -k is
not set, then the signature value is the hash of the manifest.
-n
Perform a trial run that does not change the repository in any way.
-s path_or_uri
Sign packages in the repository at path_or_uri.
--no-index
Do not update the repository search indexes after the signed mani‐
fest has been republished.
--no-catalog
Do not update the repository catalog after the signed manifest has
been republished.
EXAMPLES
Example 1 Sign Using the Hash Value of the Manifest
Sign a package published to http://localhost:10000 using the hash value
of the manifest. This is often useful for testing.
$ pkgsign -s http://localhost:10000 -a sha256 \
example_pkg@1.0,5.11-0:20100626T030108Z
Example 2 Sign Using a Key and Certificate
Sign a package published into the file repository in /foo/bar using
rsa-sha384 to hash and sign the manifest. The signature key is in
/key/usr2.key, its associated certificate is in /key/usr2.cert, and a
certificate needed to validate the certificate is in /icerts/usr1.cert.
$ pkgsign -s file:///foo/bar/ -a rsa-sha384 \
-k /key/usr2.key -c /key/usr2.cert -i /icerts/usr1.cert \
example_pkg@1.0,5.11-0:20100626T031341Z
EXIT STATUS
The following exit values are returned:
0 Command succeeded.
1 An error occurred.
2 Invalid command line options were specified.
3 Multiple operations were requested, but only some of them suc‐
ceeded.
99 An unanticipated exception occurred.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitypackage/pkg _ Interface StabilityUncommit‐
ted
SEE ALSO
pkg(1), pkgrecv(1), pkgsend(1), pkgrepo(1), pkg(7)
https://github.com/oracle/solaris-ips
Oracle Solaris 11.4 21 May 2013 pkgsign(1)