PKGSIGN(1) | User Commands | PKGSIGN(1) |
pkgsign
— Image
Packaging System signing utility
pkgsign |
[-a hash_algorithm]
[-c
path_to_signing_certificate]
[-i
path_to_intermediate_cert]...
[-k path_to_private_key]
[-n ] -s
path_or_uri [--help ]
[--no-index ]
[--no-catalog ] [--dkey
ssl_key --cert
ssl_cert]
pkg_fmri_pattern... |
pkgsign
updates the manifest for the given
FMRIs in place in the repository by adding a signature action using the
provided key and certificates. The modified package retains the original
timestamp.
The following options are supported:
--help
-a
hash_algorithm-c
and -k
options).-c
path_to_signing_certificate-c
option can only be used with the
-k
option.-i
path_to_intermediate_cert-c
. Multiple certificates can be provided by
specifying -i
multiple times.-k
path_to_private_key-k
option can only be used
with the -c
option. If -k
is not set, then the signature value is the hash of the manifest.-n
-s
path_or_uri--no-index
--no-catalog
--dkey
ssl_key--dcert
ssl_certThe following operand is supported:
The following exit values are returned:
Example 1 Sign Using the Hash Value of the Manifest
Sign a package published to http://localhost:10000 using the hash value of the manifest. This is often useful for testing.
pkgsign -s http://localhost:10000 -a sha256 \ example_pkg@1.0,5.11-0:20100626T030108Z
Example 2 Sign Using a Key and Certificate
Sign a package published into the file repository in /foo/bar using rsa-sha384 to hash and sign the manifest. The signature key is in /key/usr2.key, its associated certificate is in /key/usr2.cert, and a certificate needed to validate the certificate is in /icerts/usr1.cert.
pkgsign -s file:///foo/bar/ -a rsa-sha384 \ -k /key/usr2.key -c /key/usr2.cert -i /icerts/usr1.cert \ example_pkg@1.0,5.11-0:20100626T031341Z
The command line interface of pkgsign
is
Uncommitted.
The output of pkgsign
is
Not-An-Interface
and may change at any time.
pkg(1), pkgrecv(1), pkgrepo(1), pkgsend(1), glob(3C), pkg(7)
February 17, 2022 | OmniOS |