What You See Is What You Get Element

Command Summary: Basic Operations with the Image Packaging System

In Oracle Solaris 11

by Ginny Henningsen

This article summarizes the commands that control the Image Packaging System in Oracle Solaris 11, and shows you how to perform basic operations with them.


Published September 2012

To help system administrators get up to speed quickly using the Image Packaging System (IPS) in Oracle Solaris 11, we collected a summary of commonly used IPS commands in the "Oracle Solaris 11 Cheat Sheet for the Image Packaging System." This article expands on that cheat sheet by reviewing basic IPS concepts and showing you how to perform basic operations with those commands.

Have some favorite sysadmin commands of your own that you'd like to share?   Become an OTN member and get paid for publishing your article on OTN.

What Is the Image Packaging System, Again?

IPS is a new model for software packaging introduced in Oracle Solaris 11.  It is a comprehensive delivery framework that spans the full software lifecycle, addressing software installation, system updates, upgrades, and software package removal. In contrast to the SVR4 packaging model in earlier Oracle Solaris releases, IPS radically changes how you perform software maintenance because it eliminates OS patching. Instead, IPS relies on the use of network-centric software repositories for software updates as well as for installation.

IPS pulls software packages from locally connected or remote software package repositories, automatically checking for software dependencies and installing the required software. Since IPS checks software versions in non-global zones for consistency with the global zone, it also aids in administering the software configuration for zones in a system.

Although IPS does not always generate an Oracle Solaris 11 boot environment (BE) when you add or update software, it is generally good administrative practice to do so. Since creating a new BE takes advantage of built-in ZFS snapshot capabilities, you can build a system clone almost instantly without requiring additional space. Creating a BE allows you to perform the update even if the system is a live production system. You can then activate the updated BE at the next reboot, and if there's a problem, you can roll back to the previous software state. In this way, IPS facilitates safe and controlled transitions between software configurations.

For more technical information about IPS, go to the Oracle Solaris 11 IPS Technology Page.

Image Packaging System

Figure 1. Oracle Solaris IPS can apply updates to a clone of the current boot environment.

Installing Packages and Updating a System

The primary administrative interface for IPS is the pkg command. Many of its subcommands query the current software state (for example, the list, info, contents, search, and history subcommands) and can be performed by any user. Only privileged administrators, however, can perform subcommands that change the system software image (such as pkg install, pkg uninstall, or pkg update).

Table 1 lists a few examples of Oracle Solaris 11 pkg commands and their SVR4 equivalents.

Table 1. Example of pkg Commands
Task IPS command SVR4 Packaging Command
Install package(s) pkg install pkgadd -a
Update installed package(s) in current image pkg update pkgadd -a
Display package state and version information pkg list pkginfo
Verify package installation pkg verify pkgchk -v
Display package information, such as license pkg info pkginfo -l
Display contents of a package pkg contents pkgchk -l
Search for a package pkg search pkgchk -l -p

In the following example, the pkg install command installs the diagnostic/wireshark package, along with dependencies if any exist:

# pkg install diagnostic/wireshark

The pkg update command updates installed packages to the newest versions, including packages that are installed in Oracle Solaris 11 zones. To preview its actions, use the -nv argument, for example:

# pkg update -nv

To create a new boot environment for an update called be_fix-nfs, enter this command:

# pkg update --be-name be_fix-nfs

The pkg list, pkg info, pkg contents, and pkg search commands are typically the tools you use to investigate and learn more about installed and uninstalled packages. For example, on an Oracle Solaris 11 system, the pkg list command lists what's currently installed:

$ pkg list

To display information about a specific installed package called wireshark, enter this command:

$ pkg info wireshark

To search currently configured software repositories for information about an uninstalled package called xchat, use the -r argument to pkg info:

$ pkg info -r xchat

To display the contents of the wireshark package, enter this command:

$ pkg contents wireshark 

To display all locally installed packages that match the string gcc, enter the following:

$ pkg search -l gcc

To list all packages in the configured software repositories containing header file gcrypt-module.h, enter this command:

$ pkg search 'gcrypt-module.h'

To find all packages installed locally that have a dependency on library/libxml2, enter the following:

$ pkg search --l -o pkg.name 'depend::library/libxml2'

Understanding the Package FMRI

Some of the pkg subcommands display information about a software package in the format of a Fault Managed Resource Indicator (FMRI). An FMRI uniquely describes a software package, including the package's publisher and specific identification details, as in this sample output from pkg info:

$ pkg info wireshark
pkg://solaris/diagnostic/wireshark@1.4.2,5.11-0.174:20110128T0635Z

In this FMRI, solaris is the publisher, diagnostic/wireshark is the package name, 1.4.2 is the component version, 5.11 is the build version, 0.174 is the branch version, and 20110128T0635Z is the package time stamp. For more information about FMRI identifiers, see the pkg(5) man page.

Managing Repositories and Publishers

Software developers, including Oracle, publish their software in software package repositories. Administrators access these repositories to install new systems, add or update software packages, or search for package information. In addition, administrators can make a local copy of repositories if systems reside in a network-restricted environment (refer back to Figure 1).

You can use the pkg publisher command to show the currently configured repositories:

# pkg publisher 
PUBLISHER   TYPE    STATUS   URI 
solaris     origin  online   http://pkg.oracle.com/solaris/release/ 

Oracle Solaris 11 has a default publisher, solaris, which supplies software packages from the release repository http://pkg.oracle.com/solaris/release/. Customers who have an active Oracle support agreement can change the default publisher to point to the Oracle Solaris 11 support repository at https://pkg.oracle.com/solaris/support:

# pkg set-publisher -G http://pkg.oracle.com/solaris11/release \ 
-g http://pkg.oracle.com/solaris11/support -k /path/to/ssl_key \ 
-c /path/to/ssl_cert solaris
# pkg publisher 
PUBLISHER   TYPE    STATUS   URI 
solaris     origin  online   https://pkg.oracle.com/solaris/support/

In the Oracle Technology Network article "How to Update Oracle Solaris 11 Systems From Oracle Support Repositories," Glynn Foster steps through the process of downloading security certificates and keys and switching to the support repository.

If you choose to set up a local repository copy, you need to add a new publisher at the URI, for example:

# pkg set-publisher -p http://www.example.com/solaris11

Miscellaneous Commands

The system records a history of package installations, updates, and modifications in a log file. To browse the pkg command history (including actions performed using the graphical Package Manager client), use the pkg history command. The -n option displays the specified number of the most recent operations:

# pkg history -n4 
START                  OPERATION               CLIENT   OUTCOME 
2011-09-07T12:15:52    update                  pkg      Succeeded 
2011-09-26T18:53:12    refresh-publishers      pkg      Succeeded 
2011-09-26T18:53:50    rebuild-image-catalogs  pkg      Succeeded 
2011-09-27T09:05:34    update                  pkg      Succeeded

To purge the pkg command history (which basically empties the log file), enter this:

# pkg purge-history

To verify the integrity of the current system image, enter the following:

# pkg verify 

To verify the integrity of an installed package, enter a pkg verify command with the package name:

# pkg verify -v system/install/auto-install/auto-install-common 
PACKAGE                                                        STATUS 
pkg://solaris/system/install/auto-install/auto-install-common  ERROR              
       file: usr/share/auto_install/manifest/default.xml                 
              Missing: regular file does not exist

The pkg verify command validates package signatures, depending on the signature policy.

To fix errors reported by pkg verify on an installed package, use pkg fix with the --accept option to indicate that you accept the license terms for the specified packages, as shown in Listing 1.

# pkg fix --accept system/install/auto-install/auto-install-common 
Verifying: pkg://solaris/system/install/auto-install/auto-install-common    ERROR         
file: usr/share/auto_install/manifest/default.xml                 
Missing: regular file does not exist 
Created ZFS snapshot: 2011-09-28-05:34:02 
Repairing: pkg://solaris/system/install/auto-install/auto-install-common  

DOWNLOAD      PKGS       FILES    XFER (MB) 
Completed     1/1        1/1      0.0/0.0  

PHASE              ACTIONS 
Update Phase       1/1  

PHASE                         ITEMS 
Image State Update Phase      2/2

Listing 1. Fixing Errors Reported by pkg verify

To prevent future updates and freeze a package's state, enter the following command:

# pkg freeze wireshark

You may want to freeze a package in a non-global zone if you do not want that package to be updated when the global zone is updated. To reverse this action and allow future updates, enter this:

# pkg unfreeze wireshark

See Also

Also see the following resources:

About the Author

Ginny Henningsen has worked for the last 15 years as a freelance writer developing technical collateral and documentation for high-tech companies. Prior to that, Ginny worked for Sun Microsystems, Inc. as a Systems Engineer in King of Prussia, PA and Milwaukee, WI. Ginny has a BA from Carnegie-Mellon University and a MSCS from Villanova University.

Revision 1.0, 09/27/2012

facebook banner twitter banner