pkg - man pages section 1: User Commands

Language:

pkg(1)

Name

pkg - Image Packaging System retrieval client

Synopsis

/usr/bin/pkg [options] command [
cmd_options] [operands]

/usr/bin/pkg refresh [-q] [--full] [publisher ...]

/usr/bin/pkg install [-nvq] [-C n] [-g path_or_uri]...
    [-r [[-z zonename]... | [-Z zonename]... ]]
    [--accept] [--licenses] [--no-index] [--no-refresh]
    [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--reject pkg_fmri_pattern]...
    [--sync-actuators | --sync-actuators-timeout timeout]
    pkg_fmri_pattern ...

/usr/bin/pkg exact-install [-nvq] [-C n] [-g path_or_uri]...
    [--accept] [--licenses] [--no-index] [--no-refresh]
    [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--reject pkg_fmri_pattern]...  pkg_fmri_pattern ...

/usr/bin/pkg uninstall [-nvq] [-C n]
    [-r [[-z zonename]... | [-Z zonename]... ]]
    [--ignore-missing] [--no-index] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--sync-actuators | --sync-actuators-timeout timeout]
    pkg_fmri_pattern ...

/usr/bin/pkg update [-fnvq] [-C n] [-g path_or_uri]...
    [-r [[-z zonename]... | [-Z zonename]... ]]
    [--accept] [--ignore-missing] [--licenses]
    [--no-index] [--no-refresh] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--reject pkg_fmri_pattern]...
    [--sync-actuators | --sync-actuators-timeout timeout]
    [pkg_fmri_pattern ...]

/usr/bin/pkg list [-Hafnqsuv] [-g path_or_uri]...
    [--no-refresh] [pkg_fmri_pattern ...]

/usr/bin/pkg info [-lqr] [-g path_or_uri]... [--license]
    [pkg_fmri_pattern ...]

/usr/bin/pkg contents [-Hmr] [-a attribute=pattern]...
    [-g path_or_uri]... [-o attribute[,attribute]...]...
    [-s sort_key] [-t action_name[,action_name]...]...
    [pkg_fmri_pattern ...]

/usr/bin/pkg search [-HIaflpr]
    [-o attribute[,attribute]...]... [-s repo_uri] query

/usr/bin/pkg verify [-Hqv] [pkg_fmri_pattern ...]

/usr/bin/pkg fix [--accept] [--licenses]
    [pkg_fmri_pattern ...]

/usr/bin/pkg revert [-nv] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    (--tagged tag-name ... | path-to-file ...)

/usr/bin/pkg mediator [-aH] [-F format] [mediator ...]

usr/bin/pkg set-mediator [-nv] [-I implementation]
    [-V version] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    mediator ...

/usr/bin/pkg unset-mediator [-nvIV] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    mediator ...

/usr/bin/pkg variant [-Haiv] [-F format] [variant_pattern ...]

/usr/bin/pkg change-variant [-nvq] [-C n] [-g path_or_uri]...
    [-r [[-z zonename]... | [-Z zonename]... ]]
    [--accept] [--licenses] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--sync-actuators | --sync-actuators-timeout timeout]
    variant_name=value ...

/usr/bin/pkg facet [-Haim] [-F format] [facet_pattern ...]

/usr/bin/pkg change-facet [-nvq] [-C n] [-g path_or_uri]...
    [-r [[-z zonename]... | [-Z zonename]... ]]
    [--accept] [--licenses] [--no-be-activate]
    [--no-backup-be | --require-backup-be]
    [--backup-be-name name]
    [--deny-new-be | --require-new-be] [--be-name name]
    [--sync-actuators | --sync-actuators-timeout timeout]
    facet_name=(True|False|None) ...

/usr/bin/pkg avoid [pkg_fmri_pattern ...]

/usr/bin/pkg unavoid [pkg_fmri_pattern ...]

/usr/bin/pkg freeze [-n] [-c reason] [pkg_fmri_pattern ...]

/usr/bin/pkg unfreeze [-n] [pkg_name_pattern ...]

/usr/bin/pkg property [-H] [propname ...]

/usr/bin/pkg set-property propname propvalue

/usr/bin/pkg add-property-value propname propvalue

/usr/bin/pkg remove-property-value propname propvalue

/usr/bin/pkg unset-property propname ...

/usr/bin/pkg publisher [-HPn] [-F format] [publisher ...]

/usr/bin/pkg set-publisher [-Ped] [-c ssl_cert] [-k ssl_key]
    [-g origin_to_add | --add-origin origin_to_add]...
    [-G origin_to_remove | --remove-origin origin_to_remove]...
    [-m mirror_to_add | --add-mirror mirror_to_add]...
    [-M mirror_to_remove | --remove-mirror mirror_to_remove]...
    [--disable] [--enable] [--no-refresh] [--reset-uuid]
    [--non-sticky] [--sticky] [--search-after publisher]
    [--search-before publisher] [--search-first]
    [--approve-ca-cert path_to_CA]
    [--revoke-ca-cert hash_of_CA_to_remove]
    [--unset-ca-cert hash_of_CA_to_remove]
    [--set-property name_of_property=value]
    [--add-property-value name_of_property=value_to_add]
    [--remove-property-value name_of_property=value_to_remove]
    [--unset-property name_of_property_to_delete]
    [--proxy proxy_to_use] publisher

/usr/bin/pkg set-publisher -p repo_uri [-Ped]
    [-c ssl_cert] [-k ssl_key] [--non-sticky] [--sticky]
    [--search-after publisher] [--search-before publisher]
    [--search-first] [--approve-ca-cert path_to_CA]
    [--revoke-ca-cert hash_of_CA_to_remove]
    [--unset-ca-cert hash_of_CA_to_remove]
    [--set-property name_of_property=value]
    [--add-property-value name_of_property=value_to_add]
    [--remove-property-value name_of_property=value_to_remove]
    [--unset-property name_of_property_to_delete]
    [--proxy proxy_to_use] [publisher]

/usr/bin/pkg unset-publisher publisher ...

/usr/bin/pkg history [-HNl]
    [-n number] [-o column[,column]...]...
    [-t time | time-time[,time | time-time]...]...

/usr/bin/pkg purge-history

/usr/bin/pkg rebuild-index

/usr/bin/pkg update-format

/usr/bin/pkg version

/usr/bin/pkg help

/usr/bin/pkg image-create [-FPUfz] [--force]
    [--full | --partial | --user] [--zone]
    [-c ssl_cert] [-k ssl_key]
    [-g path_or_uri | --origin path_or_uri]...
    [-m uri | --mirror uri]...
    [--facet facet_name=(True|False)]... [--no-refresh]
    [--set-property name_of_property=value]
    [--variant variant_name=value]...
    [(-p | --publisher) [name=]repo_uri] dir

Description

pkg is the retrieval client for the Image Packaging System. With a valid configuration, pkg can be invoked to create locations for packages to be installed, called images, and install packages into those images. Packages are published by publishers, who can make their packages available at one or more repositories, or in package archives. pkg retrieves packages from a publisher’s repository or package archives and installs the packages into an image.

Packages can only be installed into file systems that are part of a BE. For example, on a default Oracle Solaris 11 installation, only datasets under rpool/ROOT/BEname/ are supported for package operations.

A publisher name identifies a person, group of persons, or an organization as the source of one or more packages. To avoid publisher name collisions and help identify the publisher, a best practice is to use a domain name that represents the entity publishing the packages as a publisher name.

A repository is a location where clients can publish and retrieve package content (files contained within the package such as programs and documents) and metadata (information about the package such as its name and description). As an example, a publisher named example.org might have their repository located at the URI http://example.org/repository.

pkg can also uninstall packages, refresh publisher metadata (such as the list of available packages), validate package installation in an image, and query the image for various tokens. These queries can also be made of pkg(5) repositories.

Images can be of three types: full images, capable of providing a complete system; partial images, which are linked to a full image (parent image), but do not provide a complete system on their own; and user images.

Options

The following options are supported:

–?
–-help: Display a usage message.
–R dir: Operate on the image rooted at dir. If no directory was specified or determined based on environment, the default is /. See the “Environment Variables” section for more information.

Sub Commands

The following subcommands are supported:

pkg refresh [–q] [– -full] [publisher ...]

Update the client’s list of available packages and publisher metadata for all publishers.

publisher: Update the client’s list of available packages and publisher metadata only for the specified publishers.
–q: Hide progress messages during the requested operation.
–-full: Force a full retrieval of all publisher metadata, instead of attempting an incremental update, and request that any proxies used during the operation ignore cached data. This option exists for troubleshooting purposes and should not be used on a regular basis.

pkg install [–nvq] [–C n] [–g path_or_uri]... [–r [[–z zonename]... | [–Z zonename]... ]] [–-accept] [–-licenses] [–-no-index] [–-no-refresh] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-reject pkg_fmri_pattern]... [–-sync-actuators | –-sync-actuators-timeout timeout] pkg_fmri_pattern ...

Install and update the specified packages to the newest version that match pkg_fmri_pattern allowed by the packages installed in the image. To explicitly request the latest version of a package, use latest for the version portion of pkg_fmri_pattern. For example, specify vim@latest. The pkg_fmri_pattern pattern can include the ? and * characters as glob(3C)-style wildcards to match one or more packages.

Packages are selected based on publisher search order and stickiness. See the pkg publisher and pkg set-publisher commands for information about search order and stickiness. If the pkg_fmri_pattern does not specify the publisher, the first publisher that provides a matching package is used as the installation source. If that publisher does not provide a version of the package that can be installed in this image, then the installation operation fails. Use the pkg list -a command to see which publishers provide a version of the package that can be installed in this image.

If more than one pkg_fmri_pattern is specified, and if any of the specified packages cannot be installed in this image, then none of the specified packages will be installed.

Some configuration files might be renamed or replaced during the installation process. For more information about how the package system determines which files to preserve, and how they are preserved during package operations, see “File Actions” in the pkg(5) man page.

If a package is on the avoid list, installing it removes it from that list.

–C n

Specify the number of child images to update in parallel. When recursing into child images (usually installed solaris branded non-global zones), update at most n child images in parallel. The default number of child images to update in parallel is 1. If n is 0 or a negative number, all child images are updated in parallel. See also PKG_CONCURRENCY in the “Environment Variables” section.

–g path_or_uri

Temporarily add the specified package repository or archive to the list of sources in the image from which to retrieve package data. Repositories that require a client SSL certificate cannot be used with this option. This option can be specified multiple times.

When deciding which version of a package to use, publishers configured in the image, but not found in the specified path_or_uri sources, take precedence. If the version of the package to be installed is provided by a publisher configured in the image and by a path_or_uri source, the client retrieves the content for that package from the path_or_uri sources. After installation or update, any packages provided by publishers not configured in the image are added to the image configuration without an origin. Use the pkg publisher command to see which publishers are configured in the image.

–n

Perform a trial run of the operation with no package changes made.

–q

Hide progress messages during the requested operation.

–r

Run this operation in the global zone and also in all installed solaris branded non-global zones. The effect on the non-global zone is similar to logging into each non-global zone and running the command directly. Without this option, when you run pkg commands in the global zone, non-global zones are modified only to the extent required to keep them compatible with the global zone. With this option, the pkg operation is applied to all installed non-global zones except as limited by the –z and –Z options. Zones that are excluded by the –z and –Z options might still be modified if updates are required to keep them in sync with the global zone.

–z zonename

Run this operation only in the specified non-global zone. The –z option can be specified multiple times. The –z option can only be used with the –r option. The –z option cannot be used with the –Z option.

–Z zonename

Run this operation in all non-global zones except for the specified zone. The –Z option can be specified multiple times. The –Z option can only be used with the –r option. The –Z option cannot be used with the –z option.

–v

Issue verbose progress messages during the requested operation, and display detailed planning information (such as changing facets, mediators, and variants). This option can be specified multiple times to increase the amount of planning information displayed.

–-accept

Indicate that you agree to and accept the terms of the licenses of the packages that are updated or installed. If you do not provide this option, and any package licenses require acceptance, the installation operation fails.

–-licenses

Display all of the licenses for the packages that are installed or updated as part of this operation. For updated packages, display the license only if the license has changed.

–-no-index

Do not update the search indexes after the operation has completed successfully.

–-no-refresh

Do not attempt to contact the repositories for the image’s publishers to retrieve the newest list of available packages and other metadata.

–-no-be-activate

If a boot environment is created, do not set it as the active boot environment on the next boot. See the beadm(1M) man page for more information.

–-no-backup-be

Do not create a backup boot environment.

–-require-backup-be

Always create a backup boot environment if a new boot environment will not be created. Without this option, a backup boot environment is created based on image policy. See be-policy in “Image Properties” below for an explanation of when backup boot environments are created automatically.

–-backup-be-name name

Name the created backup boot environment using the given argument. Use of –-backup-be-name implies –-require-backup-be. See also the beadm(1M) man page.

–-deny-new-be

Do not create a new boot environment. This operation is not performed if a new boot environment is required.

–-require-new-be

Always create a new boot environment. Without this option, a boot environment is created based on image policy. See be-policy in “Image Properties” below for an explanation of when boot environments are created automatically. This option cannot be combined with –-require-backup-be.

–-be-name name

Rename the newly created boot environment to be the argument given. Use of –-be-name implies –-require-new-be. See also the beadm(1M) man page.

–-reject pkg_fmri_pattern

Prevent packages with names matching the given pattern from being installed. If matching packages are already installed, they are removed as part of this operation. Rejected packages that are the target of group dependencies are placed on the avoid list. This option can be specified multiple times.

–-sync-actuators

Run SMF actuators synchronously. The pkg(1) command will not return until all SMF actuators have finished in the zone in which pkg was invoked (the global zone or a non-global zone).

–-sync-actuators-timeout timeout

Run SMF actuators synchronously. If the actuators do not finish within the given timeout in seconds, pkg(1) will continue operation and exit with return code 8.

pkg exact-install [–nvq] [–C n] [–g path_or_uri]... [–-accept] [–-licenses] [–-no-index] [–-no-refresh] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-reject pkg_fmri_pattern]... pkg_fmri_pattern ...

Install or update the specified packages as if installing onto a bare system. Any previously installed packages that are not specified on the command line and are not a dependency of the specified packages will be removed. This command ignores restrictions to not install packages that are on the avoid list and not update packages that are on the frozen list. Otherwise, this exact-install subcommand behaves the same way that the install subcommand behaves. To explicitly request the latest version of a package, use latest for the version portion of pkg_fmri_pattern. For example, specify vim@latest.

If more than one pkg_fmri_pattern is specified, and if any of the specified packages cannot be installed in this image, then none of the specified packages will be installed.

If a package is on the avoid list, installing it removes it from that list.

For descriptions of options, see the install command above.

pkg uninstall [–nvq] [–C n] [–r [[–z zonename]... | [–Z zonename]... ]] [–-ignore-missing] [–-no-index] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-sync-actuators | –-sync-actuators-timeout timeout] pkg_fmri_pattern ...

Remove installed packages that match pkg_fmri_pattern.

If a package is the subject of a group dependency, uninstalling it places it on the avoid list. See the avoid subcommand below.

In the command output, note any messages that say a new boot environment has been created. If a new boot environment has been created and activated, that is the environment that is booted by default on next reboot. See the beadm(1M) man page for information about managing boot environments.

–-ignore-missing: Ignore packages that are not installed. Using this option prevents pkg uninstall from failing when attempting to uninstall a package that is not currently installed.

For all other options, see the install command above.

pkg update [–fnvq] [–C n] [–g path_or_uri]... [–r [[–z zonename]... | [–Z zonename]... ]] [–-accept] [–-ignore-missing] [–-licenses] [–-no-index] [–-no-refresh] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-reject pkg_fmri_pattern]... [–-sync-actuators | –-sync-actuators-timeout timeout] [pkg_fmri_pattern ...]

Update all packages installed in the current image to the newest version allowed by the constraints imposed on the system by installed packages and publisher configuration.

In the command output, note any messages that say a new boot environment has been created. If a new boot environment has been created and activated, that is the environment that is booted by default on next reboot if you do not specify the –-no-be-activate option. See the beadm(1M) man page for information about managing boot environments.

pkg_fmri_pattern

Update only the specified packages installed in the current image. If asterisk (*) is one of the pkg_fmri_pattern patterns provided, update all packages installed in the current image in the same way as when no pkg_fmri_pattern is provided.

To explicitly request the latest version of a package, use latest for the version portion of pkg_fmri_pattern. For example, specify vim@latest.

Versions older or newer than what is already installed can be specified to perform in-place downgrades or upgrades of specific packages. Updating specific packages across package rename or obsolete boundaries is not supported.

Any preserved configuration files that are part of packages to be downgraded and that have been changed since the original version was installed are renamed using the extension .update. For more information about how the package system determines which files to preserve, and how these files are preserved during package upgrades, see “File Actions” in the pkg(5) man page.

If more than one pkg_fmri_pattern is specified, and if any of the specified packages cannot be updated in this image, then none of the specified packages will be updated.

–f

Do not execute the client up-to-date check when updating all installed packages.

–-ignore-missing

Ignore packages that are not installed. Using this option prevents pkg update from failing when attempting to update a package that is not currently installed.

For all other options, see the install command above.

pkg list [–Hafnqsuv] [–g path_or_uri]... [–-no-refresh] [pkg_fmri_pattern ...]

Display a list of all packages installed in the current image, including information such as version and installed state. By default, package variants for a different architecture or zone type are excluded. The usual output is in three columns:

NAME (PUBLISHER)       VERSION                IFO
system/core-os         0.5.11-0.175.0.0.0.2.1 i--
x11/wm/fvwm (fvwm.org) 2.6.5                  i--

The first column contains the name of the package. If the publisher from which the package is installed (or available, if not installed) is not the first in the publisher search order, then the publisher name is listed in parentheses after the package name. The second column contains the release and branch versions of the package. See the pkg(5) man page for information about release and branch versions and about variants.

The last column contains a set of flags that show the status of the package:

An i in the I column shows that the package is installed.
An f in the F column shows that the package is frozen.
An o in the O column shows that the package is obsolete. An r in the O column shows that the package has been renamed (a form of obsoletion).

pkg_fmri_pattern: List only the specified packages.
–H: Omit the headers from the listing.
–a: List installed packages and list the newest version of packages that are not installed but could be installed in this image. Packages can be installed if they are allowed by the installed incorporations and by the image’s variants. If one or more patterns are specified, then the newest version matching the specified pattern and allowed by any installed incorporations and the image’s variants is listed. Without –a, list only installed packages.
–af: List all versions of all packages for all variants regardless of incorporation constraints or installed state. To explicitly list the latest version of a package when using these options, use latest for the version portion of pkg_fmri_pattern. For example, specify vim@latest.
–g path_or_uri: Use the specified package repository or archive as the source of package data for the operation. Repositories that require a client SSL certificate cannot be used with this option. This option can be specified multiple times. Use of –g implies –a if –n is not specified.
–n: Display the newest versions of all known packages, regardless of installed state.
–q: Do not list any packages, but return failure if a fatal error occurs.
–s: Display a one-line short-form giving the package name and summary. This option can be used with –a, –n, or –u.
–u: List installed packages that have newer versions available. This option cannot be used with –g.
–v: Show full package FMRIs, including publisher and complete version, all in the first column (the VERSION column disappears). This option can be used with –a, –n, or –u.
–-no-refresh: Do not attempt to contact the repositories for the image’s publishers to retrieve the newest list of available packages.

pkg info [–lqr] [–g path_or_uri]... [–-license] [pkg_fmri_pattern ...]

Display information about all packages installed in the current image in a human-readable form.

pkg_fmri_pattern: Display information for only the specified packages.
–g path_or_uri: Use the specified package repository or archive as the source of package data for the operation. Repositories that require a client SSL certificate cannot be used with this option. This option can be specified multiple times. Use of –g implies –r.
–l: Only display information for installed packages. This is the default.
–q: Do not display any package information, but return failure if a fatal error occurs.
–r: Match packages based on the newest available versions, retrieving information for packages not currently installed (if necessary) from the repositories of the image’s configured publishers. At least one package must be specified when using this option. Without –r, only installed packages are displayed by default.
–-license: Display the license texts for the packages. This option can be combined with –l, –q, or –r. Return success if all pkg_fmri_pattern patterns match known packages and have licenses. Return failure if one or more patterns are unmatched or match packages that do not have licenses.

pkg contents [–Hmr] [–a attribute=pattern]... [–g path_or_uri]... [–o attribute[,attribute]...]... [–s sort_key] [–t action_name[,action_name]...]... [pkg_fmri_pattern ...]

Display the contents (action attributes) of all packages installed in the image. With no options, display the value of the path attribute for actions installed in the current image, sorted alphabetically by attribute value. For information about actions and their attributes, see “Actions” in the pkg(5) man page. See also the list of pseudo attribute names below.

pkg_fmri_pattern: Display contents of only the specified packages.
–H: Omit the headers from the output.
–a attribute=pattern: Limit the output to those actions that have an attribute named in the option argument with a value that matches the (glob) pattern in the option argument. This option can be specified multiple times. If multiple –a options are given, then actions that match any of them are displayed.
–g path_or_uri: Display information for packages that could be installed in this image from the specified package repository or archive. Repositories that require a client SSL certificate cannot be used with this option. Packages that could be installed include packages that are currently installed and other packages that satisfy criteria for installation in this image, such as variant and facet restrictions. This option can be specified multiple times. Use of –g implies –r.
–m: Display all attributes of all actions in the specified packages, including actions that could not be installed in this image.
–o attribute: Display the specified attributes, sorted according to the values of the first attribute listed. The –o option can be specified multiple times, or multiple attributes can be specified as the argument to one –o option by separating the attribute names with commas. Only actions that have the requested attributes are displayed.
–r: Display information for the newest available versions of packages that could be installed in this image from the repositories of the publishers configured in this image. Packages that could be installed include packages that are currently installed and other packages that satisfy criteria for installation in this image, such as variant and facet restrictions. At least one package must be specified when using this option.
–s sort_key: Sort actions by the specified action attribute. If not provided, the default is to sort by path or by the first attribute specified by the – o option. The –s option can be specified multiple times.
–t action_name: Only list the specified actions. The –t option can be specified multiple times, or multiple actions can be specified as the argument to one –t option by separating the action names with commas. The value of action_name is one of the actions listed in “Actions” in the pkg(5) man page, such as file, directory, driver, depend, set.

Several special pseudo attribute names are available for convenience:

action.hash: The value of the action’s hash, if the action carries a payload.
action.key: The value of the action’s key attribute. For example, for a file action, the key attribute is the path to the file. Some actions do not have a key attribute.
action.name: The name of the action. For example, for a file action, this is file.
action.raw: All attributes of matching actions.
pkg.fmri: The full FMRI of the package containing the action, such as pkg://solaris/group/feature/[email protected],5.11-0.175.0.0.0.2.1:20120705T153434Z.
pkg.name: The name of the package containing the action, such as web/amp.
pkg.publisher: The publisher of the package containing the action, such as solaris.
pkg.shortfmri: The short form FMRI of the package containing the action, such as pkg://solaris/group/feature/[email protected],5.11-0.175

The contents and search subcommands are related: Both query the system for the contents of packages. The contents subcommand displays actions in one or more installed or installable packages, filtering the output based on the specified options. The search subcommand approaches the query from the other direction, displaying the names of all packages that contain a user-supplied token.

Each subcommand is capable of formulating some queries of which the other is capable. Care should be taken in choosing the subcommand, as a given query can be more naturally formulated in one than in the other.

pkg search [–HIaflpr] [–o attribute[,attribute]...]... [–s repo_uri] query

Search for actions that match query, and display the matching search index, action name, action value, and package name. See the description of query below. Some searches might yield duplicate results.

–H

Omit the headers from the output.

–I

Use a case-sensitive search.

–a

Perform the search and display information about the matching actions. This is the default.

–f

Show all results, regardless of package version. By default, search prunes results from packages older than the currently installed version and from package versions excluded by current incorporations.

–l

Search the image’s installed packages.

Both –l and –r (or –s) can be specified together, in which case both local and remote searches are performed.

–o attribute

Specify the columns to include in the output. The –o option can be specified multiple times, or multiple attributes can be specified as the argument to one –o option by separating the attribute names with commas. In addition to the pseudo attributes outlined above, the following attributes are defined for search results. These attributes help show why a particular result was a match:

search.match: The string that matched the search query.
search.match_type: The attribute that contained the string that matched the search query.

–p

Display packages that have some actions that match each query term. Using this option is equivalent to putting angle brackets (<>) around each term in the query. See query below for more description of the <> operator.

–r

Search the repositories corresponding to the image’s publishers. This is the default.

Both –l and –r (or –s) can be specified together, in which case both local and remote searches are performed.

–s repo_uri

Search the pkg(5) repository located at the given URI. This can be specified multiple times. Package archives are not supported.

query

By default, query is interpreted as a series of terms to be matched exactly and multiple terms are ANDed.

AND and OR are supported.

The ? and * characters can be used as glob(3C)-style wildcards, allowing more flexible query matches.

In addition to simple token matching and wildcard search, a more complicated query language is supported. Phrases can be searched for by using single or double quotation marks (' or "). Be sure to take your shell into account so that pkg actually sees the ' or ".

Which tokens are indexed is action-dependent, but can include content hashes and path names. For information about actions and their attributes, see “Actions” in the pkg(5) man page. See also the list of pseudo attribute names in pkg contents and – o above.

Structured queries are supported with the following syntax:

pkg_name:action_name:
index:token

The value of action_name is one of the actions listed in “Actions” in the pkg(5) man page. The index is an attribute of the action. The value of index must match token.

Not all action attributes are searchable. For example, mode is an attribute of the file action, but mode is not a valid value for index.

Some values for index are not action attributes but are values derived from other attributes. For example, index can be basename, which is not an attribute of any action but is derived from the path attribute of the file or dir action by taking the last component of the path.

Different action types have different valid values for index. This documentation does not list all possible values. Some of the more useful index values are basename and path for file system actions, the dependency type (for example, require, optional, group) for depend actions, and driver_name and alias for driver actions.

One special value for index is the value of a name attribute for a set action. In this case, token is matched against the value of the value attribute that corresponds to the specified name attribute. For example, the following search finds packages that are classified as either Development/Databases or System/Databases. In the “Examples” section, see the example of finding SMF services.

$ pkg search info.classification:databases

Missing fields in a structured query are implicitly wildcarded. A search for basename:pkg matches all actions in all packages that have an index of basename and that match the token pkg, as shown in the following partial output:

$ pkg search basename:pkg
INDEX    ACTION VALUE         PACKAGE
basename dir    usr/share/pkg pkg:/package/[email protected]
basename dir    var/sadm/pkg  pkg:/package/[email protected]
basename dir    var/spool/pkg pkg:/package/[email protected]
basename file   usr/bin/pkg   pkg:/package/[email protected]

Adding another field narrows the search, as shown in the following complete output:

$ pkg search file:basename:pkg
INDEX    ACTION VALUE       PACKAGE
basename file   usr/bin/pkg pkg:/package/[email protected]

Explicit wildcards are supported in the pkg_name and token fields. The action_name and index must match exactly.

See the “Examples” section for examples of searching for files and dependencies.

To convert actions to the packages that contain those actions, use <>, as shown in the following partial output:

$ pkg search \<pkg\>
PACKAGE                                  PUBLISHER
pkg:/package/[email protected]  solaris
pkg:/package/[email protected] solaris

With the –a option (and by default), searching for token results in information about the actions that match token, while searching for <token> results in a list of packages that contain actions that match token.

pkg verify [–Hqv] [pkg_fmri_pattern ...]

Validate the installation of all packages installed in the current image. If current signature policy for related publishers is not ignore, the signatures of each package are validated based on policy. See signature-policy in “Image Properties” below for an explanation of how signature policies are applied.

pkg_fmri_pattern: Validate the installation of only the specified packages installed in the current image.
–H: Omit the headers from the verification output.
–q: Suppress progress messages and all other output during the requested operation.
–v: Include informational messages regarding packages.

pkg fix [–-accept] [–-licenses] [pkg_fmri_pattern ...]

Fix any errors reported by pkg verify. Verification of installed package content is based on a custom content analysis that might return different results than those of other programs.

pkg_fmri_pattern: Fix errors reported by pkg verify for only the specified packages installed in the current image.
–-accept: Indicate that you agree to and accept the terms of the licenses of the packages that are updated or installed. If you do not provide this option, and any package licenses require acceptance, the operation fails.
–-licenses: Display all of the licenses for the packages that are installed or updated as part of this operation. For updated packages, display the license only if the license has changed.

pkg revert [–nv] [– -no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] (–-tagged tag-name ... | path-to-file ...)

Revert files delivered by pkg(5) packages to their as-delivered condition. File ownership and protections are also restored.

Caution - Reverting some editable files to their default values can make the system unbootable, or cause other malfunctions.

–-tagged tag-name: Revert all files tagged with tag-name, and remove any unpackaged files or directories that are under directories with this tag and that match pattern. See the description of the revert-tag attribute in “File Actions” and “Directory Actions” in the pkg(5) man page for more information about tag-name and pattern.
path-to-file: Revert the specified files.

For all other options, see the install command above.

pkg mediator [–aH] [–F format] [mediator ...]

Display the current selected version and/or implementation of all mediators.

mediator: Display the current selected version and/or implementation of only the specified mediators.
–F format: Specify an alternative output format. The value of format can be tsv (Tab Separated Values), json (JavaScript Object Notation as a single line), or json-formatted (JavaScript Object Notation, formatted for readability).
–H: Omit the headers from the listing.
–a: List the mediations that can be set for currently installed packages.

pkg set-mediator [–nv] [–I implementation] [–V version] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] mediator ...

Set the version and/or implementation for the specified mediators in the current image.

–I implementation: Set the implementation of the mediated interface to use. By default, if no version is specified, all implementation versions are allowed. To specify an implementation with no version, append an at sign (@).
–V version: Set the version of the mediated interface to use.

If the specified mediator version and/or implementation is not currently available, any links using the specified mediators are removed.

For all other options, see the install command above.

pkg unset-mediator [–nvIV] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] mediator ...

Revert the version and/or implementation of the specified mediators to the system default.

–I: Revert only the implementation of the mediated interface.
–V: Revert only the version of the mediated interface.

For all other options, see the install command above.

pkg variant [–Haiv] [–F format] [variant_pattern ...]

Display the current values of all variants set in this image. See “Facets and Variants” in the pkg(5) man page for more information about variants.

variant_pattern: Display the current values of only the specified variants set in this image.
–F format: Specify an alternative output format. For a description, see the pkg mediator command.
–H: Omit the headers from the listing.
–a: Display all variants explicitly set in the image and all variants that are listed in installed packages. The –a option cannot be combined with the –i option.
–i: Display all variants that are listed in installed packages. The –i option cannot be combined with the –a option.
–v: Display the possible variant values that can be set for installed packages. The –v option can be combined with the –a or –i option.

pkg change-variant [–nvq] [–C n] [–g path_or_uri]... [–r [[–z zonename]... | [–Z zonename]... ]] [–-accept] [–-licenses] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-sync-actuators | –-sync-actuators-timeout timeout] variant_name=value ...

Change the values of the specified variants set in the current image.

Changing the value of a variant can cause package content to be removed, updated, or installed. Changing a variant value can also cause entire packages to be installed, updated, or removed to satisfy the new image configuration. See “Facets and Variants” in the pkg(5) man page for more information about variants.

For descriptions of options, see the install command above.

pkg facet [–Haim] [–F format] [facet_pattern ...]

Display the current values and source of all facets that either have been set locally in this image by using the pkg change-facet command or have been inherited from a parent image (such as a non-global zone inheriting the facet setting from the global zone). See “Facets and Variants” in the pkg(5) man page for more information about facets.

facet_pattern: Display the current values of only the specified facets set in this image.
–F format: Specify an alternative output format. For a description, see the pkg mediator command.
–H: Omit the headers from the listing.
–a: Display all facets explicitly set in the image and all facets that are listed in installed packages. The –a option cannot be combined with the –i option.
–i: Display all facets that are listed in installed packages. The –i option cannot be combined with the –a option.
–m: Include masked facets in the output. Display a column that indicates which, if any, facets are masked. Masked facets are facets set locally in an image (by using the pkg change-facet command) that are hidden by an inherited facet with the same name.

pkg change-facet [–nvq] [–C n] [–g path_or_uri]... [–r [[–z zonename]... | [–Z zonename]... ]] [–-accept] [–-licenses] [–-no-be-activate] [–-no-backup-be | –-require-backup-be] [–-backup-be-name name] [–-deny-new-be | –-require-new-be] [–-be-name name] [–-sync-actuators | –-sync-actuators-timeout timeout] facet_name=(True|False|None) ...

Change the values of the specified facets set in the current image. The changes also appear in any images that inherit these facets, such as non-global zones.

Facets can be set to True or False. Setting a facet to None applies the default value of True to that facet; thus, any actions subject to the facet will be installed. See “Actions” in the pkg(5) man page for information about actions.

Changing the value of a facet can cause package content to be removed, updated, or installed. Changing a facet value can also cause entire packages to be installed, updated, or removed to satisfy the new image configuration. See “Facets and Variants” in the pkg(5) man page for more information about facets.

For descriptions of options, see the install command above.

pkg avoid [pkg_fmri_pattern ...]

Display each avoided package along with any packages that have a group dependency on that package.

Packages that are on the avoid list are installed if needed to satisfy a required dependency. If that dependency is removed, the package is uninstalled.

pkg_fmri_pattern: Avoid the specified packages if they are the target of a group dependency by placing the package names that currently match the specified patterns on the avoid list. Only packages that are not currently installed can be avoided. If a package is currently the target of a group dependency, uninstalling the package places it on the avoid list.

pkg unavoid [pkg_fmri_pattern ...]

Display the list of avoided packages.

pkg_fmri_pattern: Remove the specified packages from the avoid list. Packages on the avoid list that match an installed package’s group dependency cannot be removed using this subcommand. To remove a package from the avoid list that matches a group dependency, install the package.

pkg freeze [–n] [–c reason] [pkg_fmri_pattern ...]

Display information about currently frozen packages: package names, versions, when the package was frozen, and any associated reasons for freezing the packages.

Freezing a package does not prevent removal of the package. No warning is displayed if the package is removed.

pkg_fmri_pattern

Freeze the specified packages to the specified versions. If no version is given, the package must be installed and is frozen at that installed version. Freezing a package that is already frozen replaces the freeze version with the newly specified version.

When a package that is frozen is installed or updated, it must end up at a version that matches the version at which it was frozen. For example, if a package was frozen at 1.2, then it could be updated to 1.2.1, 1.2.9, 1.2.0.0.1, and so on. That package could not end up at 1.3, or 1.1. A publisher presented in the pkg_fmri_pattern is used to find matching packages. However, publisher information is not recorded as part of the freeze. A package is frozen with respect to its version only, not its publisher.

–c reason

Record the reason with the packages that are frozen. The reason is shown if a freeze prevents an installation or update from succeeding.

–n

Perform a trial run of the freeze operation, displaying the list of packages that would be frozen without freezing any packages.

pkg unfreeze [–n] [pkg_name_pattern ...]

Display information about currently frozen packages: package names, versions, when the package was frozen, and any associated reasons for freezing the packages.

pkg_fmri_pattern: Remove the constraints that freezing imposes from the specified packages. Any versions provided are ignored.
–n: Perform a trial run of the unfreeze operation, displaying the list of packages that would be unfrozen without unfreezing any packages.

pkg property [–H] [propname ...]

Display the names and values of all image properties. See “Image Properties” below for descriptions of image properties.

propname: Display the names and values for only the specified properties.
–H: Omit the headers from the listing.

pkg set-property propname propvalue

Update an existing image property or add a new image property.

pkg add-property-value propname propvalue

Add a value to an existing image property or add a new image property.

pkg remove-property-value propname propvalue

Remove a value from an existing image property.

pkg unset-property propname ...

Remove an existing image property or properties.

pkg publisher [–HPn] [–F format] [publisher ...]

Display the list of all publishers in order of search preference. The following information is displayed for each publisher: name, attributes such as non-sticky and disabled, type (origin or mirror), online status, proxy, and location URI. Proxy information is shown only as T (true) or F (false) under the column labeled P. To show the proxy value for a publisher with T in the P column, use the -F tsv option or specify the publisher name argument. Proxies shown by the pkg publisher command were set by using the –-proxy option of the pkg set-publisher command. Proxies set by using an http_proxy environment variable are not shown by the pkg publisher command.

publisher: Display detailed configuration for only the specified publishers. Additional information displayed includes the proxy URI, key, and certificate for each origin or mirror URI, the client UUID, and the time the catalog was last updated.
–F format: Specify an alternative output format. For a description, see the pkg mediator command.
–H: Omit the headers from the listing.
–P: Display only the first publisher in the publisher search order.
–n: Display only enabled publishers.

pkg set-publisher [-Ped] [–c ssl_cert] [–k ssl_key] [–g origin_to_add | –-add-origin origin_to_add]... [–G origin_to_remove | –-remove-origin origin_to_remove]... [–m mirror_to_add | –-add-mirror mirror_to_add]... [–M mirror_to_remove | –-remove-mirror mirror_to_remove]... [–-disable] [–-enable] [–-no-refresh] [–-reset-uuid] [–-non-sticky] [–-sticky] [–-search-after publisher] [–-search-before publisher] [–-search-first] [–-approve-ca-cert path_to_CA] [–-revoke-ca-cert hash_of_CA_to_remove] [–-unset-ca-cert hash_of_CA_to_remove] [–-set-property name_of_property=value] [–-add-property-value name_of_property=value_to_add] [–-remove-property-value name_of_property=value_to_remove] [–-unset-property name_of_property_to_delete] [–-proxy proxy_to_use] publisher

Update an existing publisher or add a publisher. If no options affecting search order are specified, new publishers are appended to the search order and are thus searched last.

–G origin_to_remove

–-remove-origin origin_to_remove

Remove the URI or path from the list of origins for the given publisher. The special value * can be used to remove all origins.

–M mirror_to_remove

–-remove-mirror mirror_to_remove

Remove the URI from the list of mirrors for the given publisher. The special value * can be used to remove all mirrors.

–P

–-search-first

Set the specified publisher first in the search order. When installing new packages, this publisher is searched first. Updates to already installed packages come from the same publisher that originally provided the package as long as that publisher remains sticky.

–c ssl_cert

Specify the client SSL certificate.

–d

–-disable

Disable the publisher. A disabled publisher is not used when populating the package list or in certain package operations (install, uninstall, and update). However, the properties for a disabled publisher can still be set and viewed. If only one publisher exists, it cannot be disabled.

–e

–-enable

Enable the publisher.

–g origin_to_add

–-add-origin origin_to_add

Add the specified URI or path as an origin for the given publisher. This should be the location of a package repository or archive.

–k ssl_key

Specify the client SSL key.

–m mirror_to_add

–-add-mirror mirror_to_add

Add the URI as a mirror for the given publisher.

–-add-property-value name_of_property=value_to_add

Add a value to an existing publisher property or add a new publisher property.

–-approve-ca-cert path_to_CA

For verifying signed packages, add the specified certificate as a CA certificate that is trusted. The hashes of the PEM representation of the user-approved CA certificates are listed in the detailed output of the pkg publisher command.

–-no-refresh

Do not attempt to contact the repositories for the image’s publishers to retrieve the newest list of available packages and other metadata.

–-non-sticky

Higher ranked publishers than this one can provide updates to packages originally installed from this publisher.

–-proxy proxy_to_use

Use the specified proxy URI to retrieve content for the specified origin (–g) or mirror (–m). The proxy value is stored as part of the publisher configuration, which means the system repository used by child images is automatically updated. This option cannot be used to set an authenticated proxy. The proxy_to_use value cannot have the form protocol://user:password@host.

At run time, http_proxy or related environment variables override this proxy setting. See the “Environment” section of the curl(1) man page for the list of accepted environment variable names. If you use an environment variable to set the proxy URI, you must also set the appropriate proxy property of the svc:/application/pkg/system-repository SMF service to the same value. See “Specifying a Proxy” in Adding and Updating Software in Oracle Solaris 11.2.

–-remove-property-value name_of_property=value_to_remove

Remove a value from an existing publisher property.

–-reset-uuid

Choose a new unique identifier that identifies this image to its publisher.

–-revoke-ca-cert hash_of_CA_to_remove

For verifying signed packages, treat the certificate with the given hash of its PEM representation as revoked. The hashes of the user-revoked CA certificates are listed in the detailed output of the pkg publisher command.

–-search-after publisher

Alter the publisher search order so that the publisher being added or modified is searched after the publisher specified in this option.

–-search-before publisher

Alter the publisher search order so that the publisher being added or modified is searched before the publisher specified in this option.

–-set-property name_of_property=value

Update an existing publisher property or add a new publisher property.

–-sticky

Updates to packages that were installed from this publisher must also come from this publisher. This is the default behavior.

–-unset-ca-cert hash_of_CA_to_remove

For verifying signed packages, remove the certificate with the given hash from the list of approved certificates and the list of revoked certificates.

–-unset-property name_of_property_to_delete

Remove an existing publisher property.

pkg set-publisher –p repo_uri [-Ped] [–c ssl_cert] [–k ssl_key] [–-non-sticky] [–-sticky] [–-search-after publisher] [–-search-before publisher] [–-search-first] [–-approve-ca-cert path_to_CA] [–-revoke-ca-cert hash_of_CA_to_remove] [–-unset-ca-cert hash_of_CA_to_remove] [–-set-property name_of_property=value] [–-add-property-value name_of_property=value_to_add] [–-remove-property-value name_of_property=value_to_remove] [–-unset-property name_of_property_to_delete] [–-proxy proxy_to_use] [publisher]

Retrieve publisher configuration information from the repo_uri repository URI.

If a publisher operand is specified to this set-publisher subcommand, then only that publisher is added or updated. If no publisher is specified, all publishers in repo_uri are added or updated as appropriate.

For descriptions of options, see the set-publisher command above. When used with –p, the –P, –-search-first, –-search-before, and –-search-after options only apply to added publishers, not to updated publishers.

The –p option cannot be combined with the –g, – -add-origin, –G, –-remove-origin, – m, –-add-mirror, –M, –-remove-mirror, –-disable, –-enable, –-no-refresh, or –-reset-uuid options.

pkg unset-publisher publisher ...

Remove the configuration associated with the specified publisher or publishers.

pkg history [–HNl] [–n number] [–o column[,column]...]... [–t time | time-time[,time | time-time]...]...

Display the command history of the applicable image. Display the start time of the operation, the name of the operation (for example, install), the client (for example, pkg), and the outcome of the operation (Succeeded or Failed).

–H

Omit the headers from the listing.

–l

Display the long form of the command history of the image. Additional information displayed includes the version of the client, the name of the user who performed the operation, whether a new boot environment was created, the time the operation completed and total time taken, the complete command that was issued, and any errors that were encountered while executing the command. For operations such as update, complete FMRIs of changed packages are shown.

–N

Display the release note text.

–n number

Display only the specified number of most recent entries.

–o column

Display output using the specified column names. The –o option can be specified multiple times, or multiple column names can be specified as the argument to one –o option by separating the column names with commas. Valid column names are:

be: The name of the boot environment this operation was started on.
be_uuid: The uuid of the boot environment this operation was started on.
client: The name of the client.
client_ver: The version of the client.
command: The command line used for this operation.
finish: The time that this operation finished.
id: The user id that started this operation.
new_be: The new boot environment created by this operation.
new_be_uuid: The uuid of the new boot environment created by this operation.
operation: The name of the operation.
outcome: A summary of the outcome of this operation.
reason: Additional information on the outcome of this operation.
release_note: Indicates whether this operation generated release notes.
snapshot: The snapshot taken during this operation. This is only recorded if the snapshot was not automatically removed after successful operation completion.
start: The time that this operation started.
time: The total time taken to perform this operation. For operations that take less than one second, 0:00:00 is shown.
user: The username that started this operation.

If the command or reason columns are specified, they must be the last item in the –o list, in order to preserve output field separation. These two columns cannot be shown in the same history command.

An asterisk (*) is shown after the values for be or new_be if the boot environment is no longer present on the system.

The values for be and new_be are obtained by looking up the current boot environment name, using the be_uuid or new_be_uuid fields. If a boot environment was subsequently renamed, and later deleted, the values displayed for be and new_be are the values recorded at the time of the pkg operation.

–t time

–t time-time

Display log records for a comma-separated list of timestamps, formatted with %Y-%m-%dT%H:%M:%S (see the strftime(3C) man page). To specify a range of times, use a hyphen (-) between a start and finish timestamp. The keyword now can be used as an alias for the current time. This option can be specified multiple times. If the timestamps specified contain duplicate timestamps or overlapping ranges, duplicate history events are not displayed. Only a single instance of each history event is displayed.

pkg purge-history

Delete all existing history information.

pkg rebuild-index

Rebuild the index used by pkg search. This is a recovery operation not intended for general use.

pkg update-format

Update the format of the image to the current version. Once this operation has completed, the image can no longer be used with older versions of the pkg(5) system.

pkg version

Display a unique string identifying the version of pkg. This string is not guaranteed to be comparable in any fashion between versions.

pkg help

Display a usage message.

pkg image-create [–FPUfz] [–-force] [–-full | –-partial | –-user] [–-zone] [–c ssl_cert] [–k ssl_key] [–g path_or_uri | –-origin path_or_uri]... [–m uri | –-mirror uri]... [–-facet facet_name=(True|False)]... [–-no-refresh] [–-set-property name_of_property=value] [–-variant variant_name=value]... [(–p | –-publisher) [name=]repo_uri] dir

At the location given by dir, create an image suitable for package operations. Images created by using the image-create subcommand are not bootable. Most users should use the –-be-name or –-require-new-be options with pkg commands, or use the beadm or zoneadm commands to create images. The pkg image-create command is used for tasks such as maintaining packages and operating system distributions.

The default image type is user, which can be specified by using the –U or –-user option. Alternatively, the image type can be set to a full image (–-F or –-full) or to a partial image (–P or –-partial) linked to the full image enclosing the given dir path.

Additional origins can be specified using –g or –-origin. Additional mirrors can be specified using –m or –-mirror.

A package repository URI must be provided using the –p or –-publisher option. If a publisher name is also provided, then only that publisher is added when the image is created. If a publisher name is not provided, then all publishers known by the specified repository are added to the image. An attempt to retrieve the catalog associated with this publisher is made following the initial creation operations.

For publishers using client SSL authentication, a client key and client certificate can be registered via the –c and –k options. This key and certificate are used for all publishers added during image creation.

If the image is to be run within non-global zone context, use the –z (–-zone) option to set an appropriate variant.

–f
–-force: Force the creation of an image over an existing image. This option should be used with care.
–-facet facet_name=(True|False): Set the specified facet to the indicated value. See “Facets and Variants” in the pkg(5) man page for more information about facets.
–-no-refresh: Do not attempt to contact the repositories for the image’s publishers to retrieve the newest list of available packages and other metadata.
–-set-property name_of_property=value: Set the specified image property to the indicated value. See “Image Properties” below for descriptions of image properties.
–-variant variant_name=value: Set the specified variant to the indicated value. See “Facets and Variants” in the pkg(5) man page for more information about variants.

Image Properties

The following properties define characteristics of the image. These properties store information about the purpose, content, and behavior of the image. To view the current values of these properties in the image, use the pkg property command. To modify the values of these properties, use the pkg set-property and pkg unset-property commands.

be-policy

(string) Specify when a boot environment is created during packaging operations. The following values are allowed:

default

Apply the default boot environment creation policy, create-backup.

always-new

Requires a reboot for all package operations by performing them in a new boot environment set as active on the next boot. A backup boot environment is not created unless explicitly requested.

This policy is the safest, but is more strict than most sites need since no packages can be added without a reboot.

create-backup

For package operations that require a reboot, a new boot environment is created and set as active on the next boot. If packages are modified or content that could affect the kernel is installed and the operation affects the live boot environment, a backup boot environment is created but not set as active. A backup boot environment can also be explicitly requested.

This policy is potentially risky only if newly installed software causes system instability, which is possible but relatively rare.

when-required

For package operations that require a reboot, a new boot environment is created and set as active on the next boot. A backup boot environment is not created unless explicitly requested.

This policy carries the greatest risk since if a packaging change to the live boot environment makes further changes impossible, there might be no recent boot environment to which one can fallback.

ca-path

(string) A path name that points to a directory where CA certificates are kept for SSL operations. The format of this directory is specific to the underlying SSL implementation. To use an alternate location for trusted CA certificates, change this value to point to a different directory. See the CApath portions of SSL_CTX_load_verify_locations(3openssl) for requirements for the CA directory.

Default value: /etc/openssl/certs

check-certificate-revocation

(boolean) If this is set to True, the package client attempts to contact any CRL distribution points in the certificates used for signature verification to determine whether the certificate has been revoked since being issued.

Default value: False

content-update-policy

(string) Specify when the package system will update non-editable files during packaging operations. The following values are allowed:

default: Always apply the default content update policy.
always: Always download and update non-editable files that have changed.
when-required: Download and update non-editable files that have changed only if the package system has determined that an update is required.

Default value: always

flush-content-cache-on-success

(boolean) If this is set to True, the package client removes the files in its content-cache when image-modifying operations complete successfully. For operations that create a boot environment, the content will be removed from both the source and destination boot environment.

This property can be used to keep the content-cache small on systems with limited disk space. This property can cause operations to take longer to complete.

Default value: True

mirror-discovery

(boolean) This property tells the client to discover link-local content mirrors using mDNS and DNS-SD. If this property is set to True, the client attempts to download package content from mirrors it dynamically discovers. To run a mirror that advertises its content via mDNS, see the pkg.depotd(1M) man page.

Default value: False

send-uuid

(boolean) Send the image’s Universally Unique Identifier (UUID) when performing network operations. Although users can disable this option, some network repositories might refuse to talk to clients that do not supply a UUID.

Default value: True

signature-policy

(string) Determine what checks will be performed on manifests when installing, updating, modifying, or verifying packages in the image. The final policy applied to a package depends on the combination of image policy and publisher policy. The combination will be at least as strict as the stricter of the two policies taken individually. By default, the package client does not check whether certificates have been revoked. To enable those checks, which might require the client to contact external Internet sites, set the check-certificate-revocation image property to True. The following values are allowed:

ignore: Ignore signatures for all manifests.
verify: Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed. This is the default value.
require-signatures: Require that all newly installed packages have at least one valid signature. The pkg fix and pkg verify commands also warn if an installed package does not have a valid signature.
require-names: Follow the same requirements as require-signatures but also require that the strings listed in the signature-required-names property appear as a common name of the certificates used to verify the chains of trust of the signatures.

signature-required-names

(list of strings) A list of names that must be seen as common names of certificates while validating the signatures of a package.

trust-anchor-directory

(string) The path name of the directory that contains the trust anchors for the image. This path is relative to the image. The default value is ignore.

use-system-repo

(boolean) This property indicates whether the image should use the system repository as a source for image and publisher configuration and as a proxy for communicating with the publishers provided. The default value is False. See the pkg.sysrepo(1M) man page for information about system repositories.

Publisher Properties

The following properties define signature policy for a particular publisher. The image properties of the same name define signature policy for the image. To view the current values of these properties for a particular publisher, use the pkg publisher publisher_name command. To modify the values of these publisher signature policy properties, use the – -set-property and –-unset-property options of the pkg set-publisher command.

signature-policy: (string) This property functions identically to the image property of the same name except that it only applies to packages from the particular publisher.
signature-required-names: (list of strings) This property functions identically to the image property of the same name except that it only applies to packages from the particular publisher.

Examples

Example 1 Create an Image With Publisher Configured

Create a new, full image, with publisher example.com, stored at /aux0/example_root.

$ pkg image-create -F -p example.com=http://pkg.example.com:10000 \

/aux0/example_root

Example 2 Create an Image, Specifying Additional Origins and Mirror

Create a new, full image, with publisher example.com, that also has an additional mirror, two additional origins, and is stored at /aux0/example_root.

$ pkg image-create -F -p example.com=http://pkg.example.com:10000 \

-g http://alternate1.example.com:10000/ \
-g http://alternate2.example.com:10000/ \
-m http://mirror.example.com:10000/ \
/aux0/example_root

Example 3 Create an Image With No Publisher Configured

Create a new, full image with no publishers configured at /aux0/example_root.

$ pkg image-create -F /aux0/example_root

Example 4 Install a Package

Install the latest version of the widget package in the current image.

$ pkg install application/widget

Example 5 List Specified Contents of a Package

List the contents of the system/file-system/zfs package. Display the action name, the mode of the file (if defined), the size (if defined), the path, and the target (if a link). Limit the action to types dir, file, link, and hardlink, since specifying the action.name attribute, which is available for all actions, displays a line for all actions, which is not desired here.

$ pkg contents -t dir,file,link,hardlink \
-o action.name,mode,pkg.size,path,target system/file-system/zfs
ACTION.NAME MODE PKG.SIZE PATH                 TARGET
dir         0755          etc
dir         0755          etc/fs
dir         0755          etc/fs/zfs
link                      etc/fs/zfs/mount     ../../../usr/sbin/zfs
link                      etc/fs/zfs/umount    ../../../usr/sbin/zfs
dir         0755          etc/zfs
dir         0755          kernel
dir         0755          kernel/drv
dir         0755          kernel/drv/amd64
file        0755  1706744 kernel/drv/amd64/zfs
file        0644      980 kernel/drv/zfs.conf
dir         0755          kernel/fs
dir         0755          kernel/fs/amd64
hardlink                  kernel/fs/amd64/zfs  ../../../kernel/drv/amd64/zfs
...

Example 6 List Specified Contents of Two Packages

List the contents of web/browser/firefox and mail/thunderbird, limiting the display to just the package name and path attributes of actions whose path attribute ends in .desktop or .png.

$ pkg contents -o pkg.name,path -a path=\*.desktop \

-a path=\*.png web/browser/firefox mail/thunderbird
PKG.NAME            PATH
web/browser/firefox usr/share/applications/firefox.desktop
mail/thunderbird    usr/share/applications/thunderbird.desktop
web/browser/firefox usr/share/pixmaps/firefox-icon.png
mail/thunderbird    usr/share/pixmaps/thunderbird-icon.png
...

Example 7 Search for a Package

Search the package database for the token bge.

$ pkg search bge
INDEX       ACTION VALUE                                 PACKAGE
driver_name driver bge                                   pkg:/driver/network/ethernet/[email protected]
basename    file   kernel/drv/sparcv9/bge                pkg:/driver/network/ethernet/[email protected]
basename    file   kernel/drv/amd64/bge                  pkg:/driver/network/ethernet/[email protected]
basename    file   platform/sun4v/kernel/drv/sparcv9/bge pkg:/system/kernel/[email protected]
pkg.fmri    set    solaris/driver/network/bge            pkg:/driver/network/[email protected]
pkg.fmri    set    solaris/driver/network/ethernet/bge   pkg:/driver/network/ethernet/[email protected]

The token is in the package driver/network/bge both as the basename for the file action representing /kernel/drv/ arch/bge and as a driver name.

Example 8 Search for a File

Search for the package that delivers a file by specifying the full path name of the file, including the leading slash character.

$ pkg search -o path,pkg.name -l /usr/bin/vim
PATH         PKG.NAME
usr/bin/vim  editor/vim/vim-core

Search for a file and the package that delivers that file by specifying file for the action_name, path or basename for the index, and the full or partial file name for the token.

$ pkg search -o path,pkg.name -l file:basename:vim
PATH         PKG.NAME
usr/bin/vim  editor/vim/vim-core

Example 9 Search for Files and Directories

Search for files and directories and the packages that deliver them by specifying path or basename for the index and the full or partial file name for the token. Depending on your shell, you might need to escape wildcards.

$ pkg search -o path,pkg.name -l path:*/vim
PATH           PKG.NAME
usr/bin/vim    editor/vim/vim-core
usr/share/vim  editor/vim
usr/share/vim  editor/vim/vim-core
$ pkg search -o path,pkg.name -l basename:vim
PATH           PKG.NAME
usr/share/vim  editor/vim
usr/share/vim  editor/vim/vim-core
usr/bin/vim    editor/vim/vim-core

Example 10 Show Which Packages Provide Which SMF Services

Show which packages provide a particular SMF service by specifying the value org.opensolaris.smf.fmri for the index in a structured search and the name of the service you want to find for the token. The value org.opensolaris.smf.fmri is the name of an attribute of a set action. Remember to escape the : in the name of the service.

For example, show which HTTP servers are available by specifying the value svc:/network/http for the token.

$ pkg search 'org.opensolaris.smf.fmri:svc\:/network/http*'

INDEX                    ACTION VALUE                        PACKAGE
org.opensolaris.smf.fmri set    svc:/network/http            pkg:/web/server/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http            pkg:/web/proxy/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http            pkg:/web/proxy/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http            pkg:/web/java-servlet/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http            pkg:/web/server/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http:apache22   pkg:/web/server/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http:lighttpd14 pkg:/web/server/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http:privoxy    pkg:/web/proxy/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http:squid      pkg:/web/proxy/[email protected]
org.opensolaris.smf.fmri set    svc:/network/http:tomcat6    pkg:/web/java-servlet/[email protected]

Example 11 Search for Packages that Depend on the Specified Package

Search for installed packages that depend on package/pkg.

$ pkg search -l depend::package/pkg
INDEX       ACTION VALUE                                    PACKAGE
incorporate depend package/[email protected]      pkg:/consolidation/ips/[email protected]
require     depend pkg:/package/[email protected] pkg:/package/pkg/[email protected]
require     depend pkg:/package/[email protected] pkg:/system/library/[email protected]
require     depend pkg:/package/[email protected] pkg:/package/pkg/[email protected]
require     depend pkg:/package/[email protected] pkg:/system/library/[email protected]
require     depend package/pkg                             pkg:/system/zones/brand/[email protected]
require     depend pkg:/package/[email protected] pkg:/install/[email protected]
require     depend pkg:/package/[email protected] pkg:/system/[email protected]
require     depend pkg:/package/[email protected] pkg:/package/pkg/[email protected]

Example 12 Search for Dependencies

Search for all incorporate dependencies in installed packages.

$ pkg search -l depend:incorporate:
INDEX       ACTION VALUE                                PACKAGE
incorporate depend pkg:/[email protected]  pkg:/consolidation/osnet/[email protected]
incorporate depend pkg:/[email protected] pkg:/consolidation/osnet/[email protected]
...

Example 13 Add a Publisher

Add a new publisher example.com, with a repository located at http://www.example.com/repo.

$ pkg set-publisher -g http://www.example.com/repo example.com

Example 14 Add a Publisher With Key and Certificate

Add a new publisher example.com, with a secure repository located at https://secure.example.com/repo, and a key and certificate stored in the directory /root/creds.

$ pkg set-publisher -k /root/creds/example.key \
-c /root/creds/example.cert -g https://secure.example.com/repo \
example.com

Example 15 Add and Automatically Configure a Publisher

Add a new publisher with a repository located at /export/repo using automatic configuration.

$ pkg set-publisher -p /export/repo

Example 16 Add and Manually Configure a Publisher

Add a new publisher example.com with a repository located at /export/repo/example.com using manual configuration.

$ pkg set-publisher -g /export/repo example.com

Example 17 Add a Publisher and Configure a Proxy

Add a new publisher mypub with origin http://server/repo and proxy http://webcache:8080.

$ pkg set-publisher -g http://server/repo \
--proxy http://webcache:8080 mypub

Example 18 Verify All Signed Packages

Configure an image to verify all signed packages.

$ pkg set-property signature-policy verify

Example 19 Require All Packages To Be Signed

Configure an image to require all packages to be signed, and require the string example.com to be seen as a common name for one of the certificates in the chain of trust.

$ pkg set-property signature-policy require-names example.com

Example 20 Require All Packages From a Specified Publisher To Be Signed

Configure an image so that all packages installed from publisher example.com must be signed.

$ pkg set-publisher --set-property signature-policy=require-signatures \

example.com

Example 21 Require a Specified String in the Chain of Trust

Add the string foo to the image’s list of common names that must be seen in a signature’s chain of trust to be considered valid.

$ pkg add-property-value signature-require-names foo

Example 22 Remove a String From the Chain of Trust for a Specified Publisher

Remove the string foo from the list of common names that must be seen to validate a signature for the publisher example.com.

$ pkg set-publisher --remove-property-value signature-require-names=foo \

example.com

Example 23 Add a Trusted CA Certificate

Add the certificate stored in /tmp/example_file.pem as a trusted CA certificate for the publisher example.com.

$ pkg set-publisher --approve-ca-cert /tmp/example_file.pem \

example.com

Example 24 Revoke a Certificate

Revoke the certificate with the hash a12345 for publisher example.com, preventing the certificate from validating any signatures for packages from example.com.

$ pkg set-publisher --revoke-ca-cert a12345 example.com

Example 25 Forget About a Certificate

Make pkg forget that the certificate a12345 was ever added or revoked by the user.

$ pkg set-publisher --unset-ca-cert a12345 example.com

Example 26 Downgrade a Package

Downgrade the installed package [email protected] to an older version.

$ pkg update [email protected]

Example 27 Switch Conflicting Package Installation

In the case of two conflicting packages, change which package is installed. Suppose package A depends on either package B or package C, and B and C are mutually exclusive. If A and B are installed, use the following command to switch to using C instead of B without uninstalling A:

$ pkg install --reject B C

Example 28 List Packages in a Package Archive

List all versions of all packages in a package archive.

$ pkg list -f -g /my/archive.p5p

Example 29 List Packages in a Package Repository

List all versions of all packages in a repository.

$ pkg list -f -g http://example.com:10000

Example 30 Display Information About a Package in a Package Archive

Display the package information for the latest version of a package in a package archive. The package might or might not be currently installed.

$ pkg info -g /my/archive.p5p pkg_name

Example 31 Display Contents of a Package in a Package Archive

Display the contents of a package in a package archive. The package is not currently installed.

$ pkg contents -g /my/archive.p5p pkg_name

Example 32 Remove All Publisher Origins and Mirrors

Remove all of the origins and mirrors for a publisher and add a new origin.

$ pkg set-publisher -G '*' -M '*' -g http://example.com:10000 \

example.com

Environment Variables

PKG_IMAGE

The directory containing the image to use for package operations. Ignored if –R is specified.

PKG_CLIENT_CONNECT_TIMEOUT

Seconds to wait trying to connect during transport operations (for each attempt) before the client aborts the operation. A value of 0 means wait indefinitely.

Default value: 60

PKG_CLIENT_LOWSPEED_TIMEOUT

Seconds below the lowspeed limit (1024 bytes/second) during transport operations before the client aborts the operation. A value of 0 means do not abort the operation.

Default value: 30

PKG_CLIENT_MAX_CONSECUTIVE_ERROR

Maximum number of transient transport errors before the client aborts the operation. A value of 0 means do not abort the operation.

Default value: 4

PKG_CLIENT_MAX_REDIRECT

Maximum number of HTTP or HTTPS redirects allowed during transport operations before a connection is aborted. A value of 0 means do not abort the operation.

Default value: 5

PKG_CONCURRENCY

The number of child images to update in parallel. Ignored if the –C option is specified.

When recursing into child images (usually installed solaris branded non-global zones), update at most $PKG_CONCURRENCY child images in parallel. If $PKG_CONCURRENCY is 0 or a negative number, all child images are updated in parallel.

Default value: 1

PKG_CLIENT_MAX_TIMEOUT

Maximum number of transport attempts per host before the client aborts the operation. A value of 0 means do not abort the operation.

Default value: 4

http_proxy, https_proxy

HTTP or HTTPS proxy server.

Exit Status

The following exit values are returned:

0: Command succeeded.
1: An error occurred.
2: Invalid command line options were specified.
3: Multiple operations were requested, but only some of them succeeded.
4: No changes were made - nothing to do.
5: The requested operation cannot be performed on a live image.
6: The requested operation cannot be completed because the licenses for the packages being installed or updated have not been accepted.
7: The image is currently in use by another process and cannot be modified.
8: One or more SMF actuators timed out.
99: An unanticipated exception occurred.

Files

A pkg(5) image can be located arbitrarily within a larger file system. In the following file descriptions, the token $IMAGE_ROOT is used to distinguish relative paths. For a typical system installation, $IMAGE_ROOT is equivalent to /

$IMAGE_ROOT/var/pkg: Metadata directory for a full or partial image.
$IMAGE_ROOT/.org.opensolaris,pkg: Metadata directory for a user image.

Within a particular image’s metadata, certain files and directories can contain information useful during repair and recovery. The token $IMAGE_META refers to the top-level directory containing the metadata. $IMAGE_META is typically one of the two paths given above.

$IMAGE_META/lost+found: Location of conflicting directories and files moved during a package operation. Location of unpackaged contents of a removed directory.
$IMAGE_META/publisher: Contains a directory for each publisher. Each directory stores publisher-specific metadata.

Other paths within the $IMAGE_META directory hierarchy are private and are subject to change.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	`package/pkg`
Interface Stability	Uncommitted