<?xml version="1.0" encoding="iso-8859-1"?>
<!--Arbortext, Inc., 1988-2008, v.4002-->
<!ENTITY % ent SYSTEM "entities.ent">
%ent;
]>
<refentry id="pkgsign-1">
<refmeta><refentrytitle>pkgsign</refentrytitle><manvolnum>1</manvolnum>
<refmiscinfo class="date">21 May 2013</refmiscinfo>
<refmiscinfo class="sectdesc">&man1;</refmiscinfo>
<refmiscinfo class="software">&release;</refmiscinfo>
<refmiscinfo class="arch">generic</refmiscinfo>
<refmiscinfo class="copyright">Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.</refmiscinfo>
</refmeta>
<refnamediv>
<refname>pkgsign</refname><refpurpose>Image Packaging System signing utility</refpurpose>
</refnamediv>
<refsynopsisdiv><title></title>
[-c <replaceable>path_to_signing_certificate</replaceable>]
[-i <replaceable>path_to_intermediate_cert</replaceable>] ...
[-k <replaceable>path_to_private_key</replaceable>] [-n] -s <replaceable>path_or_uri
</replaceable>
[--help] [--no-index] [--no-catalog]
(<replaceable>fmri</replaceable>|<replaceable>pattern</replaceable>) ...</synopsis>
</refsynopsisdiv>
<refsect1 id="pkgsign-1-desc" role="description"><title></title>
<para><command>pkgsign</command> updates the manifest for the given FMRIs
in place in the repository by adding a signature action using the provided
key and certificates. The modified package retains the original timestamp.</para>
</refsect1>
<refsect1 role="options"><title></title>
<para>The following options are supported:</para>
<variablelist termlength="wholeline">
<varlistentry><term><option>-help</option></term>
<listitem><para>Display a usage message.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>a</option> <replaceable>hash_algorithm</replaceable></term>
<listitem><para>Use the signature algorithm <replaceable>hash_algorithm</replaceable> instead
of the default. The default signature algorithm is <literal>rsa-sha256</literal>.
Supported signature algorithms are <literal>rsa-sha256</literal>, <literal>rsa-sha384
</literal>, <literal>rsa-sha512</literal>, <literal>sha256</literal>, <literal>sha384
</literal>, and <literal>sha512</literal>. A signature algorithm that only
specifies a hash algorithm causes the signature value to be the hash of the
manifest of the package. A signature algorithm that specifies <literal>rsa</literal> and
a hash algorithm causes the signature value to be the hash of the manifest
signed with the private key provided (see the <option>c</option> and <option>k</option> options).
</para>
</listitem>
</varlistentry>
<varlistentry><term><option>c</option> <replaceable>path_to_signing_certificate</replaceable></term>
<listitem><para>Add the certificate <replaceable>path_to_signing_certificate</replaceable> as
the certificate to use when verifying the value of the signature in the action.
The <option>c</option> option can only be used with the <option>k</option> option.
</para>
</listitem>
</varlistentry>
<varlistentry><term><option>i</option> <replaceable>path_to_intermediate_cert</replaceable></term>
<listitem><para>Add the certificate <replaceable>path_to_intermediate_cert</replaceable> as
a certificate to use when validating the certificate <replaceable>path_to_signing_certificate
</replaceable> given as an argument to <option>c</option>. Multiple certificates
can be provided by specifying <option>i</option> multiple times.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>k</option> <replaceable>path_to_private_key</replaceable></term>
<listitem><para>Use the private key stored in <replaceable>path_to_private_key</replaceable> to
sign the manifest. The <option>k</option> option can only be used with the <option>
c</option> option. If <option>k</option> is not set, then the signature value
is the hash of the manifest.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>n</option></term>
<listitem><para>Perform a trial run that does not change the repository in
any way.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>s</option> <replaceable>path_or_uri</replaceable></term>
<listitem><para>Sign packages in the repository at <replaceable>path_or_uri</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry><term><option>-no-index</option></term>
<listitem><para>Do not update the repository search indexes after the signed
manifest has been republished.</para>
</listitem>
</varlistentry>
<varlistentry><term><option>-no-catalog</option></term>
<listitem><para>Do not update the repository catalog after the signed manifest
has been republished.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="examples"><title></title>
<example><title>Sign Using the Hash Value of the Manifest</title>
the hash value of the manifest. This is often useful for testing.</para>
<userinput>example_pkg@1.0,5.11-0:20100626T030108Z</userinput></screen>
</example>
<example><title>Sign Using a Key and Certificate</title>
<para>Sign a package published into the file repository in <literal>/foo/bar</literal> using <literal>
rsa-sha384</literal> to hash and sign the manifest. The signature key is in <literal>
</literal>.</para>
<userinput>example_pkg@1.0,5.11-0:20100626T031341Z</userinput></screen>
</example>
</refsect1>
<refsect1 role="exit-status"><title></title>
<para>The following exit values are returned:</para>
<variablelist>
<varlistentry><term><returnvalue>0</returnvalue></term>
<listitem><para>Command succeeded.</para>
</listitem>
</varlistentry>
<varlistentry><term><returnvalue>1</returnvalue></term>
<listitem><para>An error occurred.</para>
</listitem>
</varlistentry>
<varlistentry><term><returnvalue>2</returnvalue></term>
<listitem><para>Invalid command line options were specified.</para>
</listitem>
</varlistentry>
<varlistentry><term><returnvalue>3</returnvalue></term>
<listitem><para>Multiple operations were requested, but only some of them
succeeded.</para>
</listitem>
</varlistentry>
<varlistentry><term><returnvalue>99</returnvalue></term>
<listitem><para>An unanticipated exception occurred.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="attributes"><title></title>
<para>See <literal>attributes</literal>(7) for descriptions of the following
attributes:</para>
<informaltable frame="all" orient="port">
<tgroup cols="2" colsep="1" rowsep="1"><colspec colname="col1" colwidth="198*"
align="left"/><colspec colname="col2" colwidth="198*" align="left"/><thead>
<row>
<entry align="center">
<para>ATTRIBUTE TYPE</para>
</entry>
<entry align="center">
<para>ATTRIBUTE VALUE</para>
</entry>
</row>
</thead>
<tbody>
<row>
<entry align="left">
<para>Availability</para>
</entry>
<entry align="left">
</entry>
</row>
<row>
<entry align="left">
<para>Interface Stability</para>
</entry>
<entry align="left">
<para>Uncommitted</para>
</entry>
</row>
</tbody>
</tgroup>
</informaltable></refsect1>
<refsect1 role="see-also"><title></title>
<para><olink targetdoc="refman" targetptr="pkg-1"><citerefentry><refentrytitle>pkg</refentrytitle><manvolnum>1</manvolnum></citerefentry></olink>,
<olink targetdoc="refman" targetptr="pkgrecv-1"><citerefentry><refentrytitle>pkgrecv</refentrytitle><manvolnum>1</manvolnum></citerefentry></olink>,
<olink targetdoc="refman" targetptr="pkgsend-1"><citerefentry><refentrytitle>pkgsend</refentrytitle><manvolnum>1</manvolnum></citerefentry></olink>,
<olink targetdoc="refman" targetptr="pkgrepo-1"><citerefentry><refentrytitle>pkgrepo</refentrytitle><manvolnum>1</manvolnum></citerefentry></olink>,
<olink targetdoc="refman" targetptr="pkg-7"><citerefentry><refentrytitle>pkg</refentrytitle><manvolnum>7</manvolnum></citerefentry></olink></para>
</refsect1>
</refentry>