Current File : //usr/man/man1/pkgsign.1

'\" te
.\" Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
.TH pkgsign 1 "21 May 2013" "SunOS 5.11" "User Commands"
.SH NAME
pkgsign \- Image Packaging System signing utility

.SH SYNOPSIS


.LP
.nf
/usr/bin/pkgsign [-a \fIhash_algorithm\fR]
    [-c \fIpath_to_signing_certificate\fR]
    [-i \fIpath_to_intermediate_cert\fR] \&.\&.\&.
    [-k \fIpath_to_private_key\fR] [-n] -s \fIpath_or_uri\fR
    [--help] [--no-index] [--no-catalog]
    (\fIfmri\fR|\fIpattern\fR) \&.\&.\&.
.fi

.SH DESCRIPTION

.sp
.LP
\fBpkgsign\fR updates the manifest for the given FMRIs in place in the repository by adding a signature action using the provided key and certificates\&. The modified package retains the original timestamp\&.

.SH OPTIONS

.sp
.LP
The following options are supported:

.sp
.ne 2
.mk
.na
\fB\fB--help\fR\fR
.ad
.br
.sp .6
.RS 4n
Display a usage message\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-a\fR \fIhash_algorithm\fR\fR
.ad
.br
.sp .6
.RS 4n
Use the signature algorithm \fIhash_algorithm\fR instead of the default\&. The default signature algorithm is \fBrsa-sha256\fR\&. Supported signature algorithms are \fBrsa-sha256\fR, \fBrsa-sha384\fR, \fBrsa-sha512\fR, \fBsha256\fR, \fBsha384\fR, and \fBsha512\fR\&. A signature algorithm that only specifies a hash algorithm causes the signature value to be the hash of the manifest of the package\&. A signature algorithm that specifies \fBrsa\fR and a hash algorithm causes the signature value to be the hash of the manifest signed with the private key provided (see the \fB-c\fR and \fB-k\fR options)\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-c\fR \fIpath_to_signing_certificate\fR\fR
.ad
.br
.sp .6
.RS 4n
Add the certificate \fIpath_to_signing_certificate\fR as the certificate to use when verifying the value of the signature in the action\&. The \fB-c\fR option can only be used with the \fB-k\fR option\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-i\fR \fIpath_to_intermediate_cert\fR\fR
.ad
.br
.sp .6
.RS 4n
Add the certificate \fIpath_to_intermediate_cert\fR as a certificate to use when validating the certificate \fIpath_to_signing_certificate\fR given as an argument to \fB-c\fR\&. Multiple certificates can be provided by specifying \fB-i\fR multiple times\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-k\fR \fIpath_to_private_key\fR\fR
.ad
.br
.sp .6
.RS 4n
Use the private key stored in \fIpath_to_private_key\fR to sign the manifest\&. The \fB-k\fR option can only be used with the \fB-c\fR option\&. If \fB-k\fR is not set, then the signature value is the hash of the manifest\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-n\fR\fR
.ad
.br
.sp .6
.RS 4n
Perform a trial run that does not change the repository in any way\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-s\fR \fIpath_or_uri\fR\fR
.ad
.br
.sp .6
.RS 4n
Sign packages in the repository at \fIpath_or_uri\fR\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB--no-index\fR\fR
.ad
.br
.sp .6
.RS 4n
Do not update the repository search indexes after the signed manifest has been republished\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB--no-catalog\fR\fR
.ad
.br
.sp .6
.RS 4n
Do not update the repository catalog after the signed manifest has been republished\&.
.RE


.SH EXAMPLES

.LP
\fBExample 1\fR Sign Using the Hash Value of the Manifest

.sp
.LP
Sign a package published to \fBhttp://localhost:10000\fR using the hash value of the manifest\&. This is often useful for testing\&.

.sp
.in +2
.nf
$ \fBpkgsign -s http://localhost:10000 -a sha256 \e\fR
\fBexample_pkg@1\&.0,5\&.11-0:20100626T030108Z\fR
.fi
.in -2
.sp

.LP
\fBExample 2\fR Sign Using a Key and Certificate

.sp
.LP
Sign a package published into the file repository in \fB/foo/bar\fR using \fBrsa-sha384\fR to hash and sign the manifest\&. The signature key is in \fB/key/usr2\&.key\fR, its associated certificate is in \fB/key/usr2\&.cert\fR, and a certificate needed to validate the certificate is in \fB/icerts/usr1\&.cert\fR\&.

.sp
.in +2
.nf
$ \fBpkgsign -s file:///foo/bar/ -a rsa-sha384 \e\fR
\fB-k /key/usr2\&.key -c /key/usr2\&.cert -i /icerts/usr1\&.cert \e\fR
\fBexample_pkg@1\&.0,5\&.11-0:20100626T031341Z\fR
.fi
.in -2
.sp

.SH EXIT STATUS

.sp
.LP
The following exit values are returned:

.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 6n
.rt
Command succeeded\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB1\fR\fR
.ad
.RS 6n
.rt
An error occurred\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB2\fR\fR
.ad
.RS 6n
.rt
Invalid command line options were specified\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB3\fR\fR
.ad
.RS 6n
.rt
Multiple operations were requested, but only some of them succeeded\&.
.RE

.sp
.ne 2
.mk
.na
\fB\fB99\fR\fR
.ad
.RS 6n
.rt
An unanticipated exception occurred\&.
.RE


.SH ATTRIBUTES

.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:

.sp
.TS
tab(
) box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPE
ATTRIBUTE VALUE
_
Availability
\fBpackage/pkg\fR
_
Interface Stability
Uncommitted
.TE

.SH SEE ALSO

.sp
.LP
\fBpkg\fR(1), \fBpkgrecv\fR(1), \fBpkgsend\fR(1), \fBpkgrepo\fR(1), \fBpkg\fR(5)

.sp
.LP
\fBhttps://java\&.net/projects/ips/pages/Home\fR