IPS: Image Packaging System
-
Upload
esproul -
Category
Technology
-
view
1.944 -
download
2
description
Transcript of IPS: Image Packaging System
![Page 1: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/1.jpg)
IPS: It Sucks Less Than You ThinkEric Sproul OmniTI
![Page 2: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/2.jpg)
What Is IPS?
Image Packaging System, aka "pkg(5)"
Created by Sun for OpenSolaris
Now used by OmniOS, OpenIndiana, Oracle Solaris 11
Transactional, metadata-driven and integrated with ZFS
Network-based, extensive search grammar
Changes-only updates
![Page 3: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/3.jpg)
Motivations
Unify packaging and OS patching
Be smf(5)- and ZFS-aware
Verify correct installation
Optimize for the update case
Ease developer burden
Add dependency-based network retrieval
![Page 4: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/4.jpg)
IPS: The Good
Every package 100% described by metadata
Updating requires fetching only changed assets
Get a new BE automatically, when needed
Automatic fetching of dependencies
![Page 5: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/5.jpg)
IPS: The Not-So-Good
No single-file on-disk format (except archives)
Latency-sensitive
No pre- or post-install scripting*
* This is actually a good thing! Tasks usually scripted are now first-class actions
![Page 6: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/6.jpg)
A Few IPS Commands
pkg(1) :: installation and information client
pkgsend(1) :: publication client
pkgrecv(1) :: raw contents transfer utility
pkg.depotd(1M) :: repository server
pkgsign(1) :: cryptographic signing utility
![Page 7: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/7.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 8: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/8.jpg)
FMRIs in IPSpkg://omnios/web/[email protected],5.11-0.151006:20130703T175442Z
omnios Publisher
curl Name
7.31.0,5.11-0.151006:20130703T175442Z Version
pkg Scheme
web Category*
* Category can be arbitrarily deep; Name is the basename (last element)
![Page 9: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/9.jpg)
FMRIs in IPSPublisher name is optional: pkg://omnios/web/curl Must be preceded by '//' if present
Scheme is also optional:
/web/curl Leading '/' anchors to any publisher root
pkg:/web/curl Note the use of only one '/' after the scheme
web/curl Anything ending in '/web/curl'
curl Anything named 'curl' or ending in '/curl'
//omnios/web/curl Publisher included
![Page 10: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/10.jpg)
FMRIs: VersionStrictly numeric comparison, split on punctuation
Comparison is left to right
7.31.0,5.11-0.151006:20130703T175442Z
7.31.0 Component Version ("the software's version")
5.11 Build Version (OS version, aka `uname -r`)
0.151006 Branch Version (distro-specific meaning)
20130703T175442Z Timestamp (ISO 8601)
![Page 11: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/11.jpg)
FMRIs: VersionVersions may be included when specifying names:
curl@*-0.151006
curl@7 Anything 7.x
7.31.x
Any version for branch 0.151006
![Page 12: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/12.jpg)
FMRIs: Versionpkg://omnios/web/[email protected],5.11-0.151006:20130703T175442Z
But, that's hard to read!?
Version strings are for machines, not people!
Rarely do you need to worry about anything but the component version
![Page 13: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/13.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 14: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/14.jpg)
Package Manifest
Describes a specific version of a package
Collection of actions that deliver files, dirs, links, dependencies, etc. via attributes
Attributes are key-value pairs
Viewable with `pkg contents -m <name>`
![Page 15: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/15.jpg)
Package Manifestset name=pkg.fmri value=pkg://omnios/web/[email protected],5.11-0.151006:20130703T175442Zset name=pkg.summary value="curl - command line tool for transferring data with URL syntax"set name=pkg.descr value="curl - command line tool for transferring data with URL syntax"set name=publisher [email protected] group=bin mode=0755 owner=root path=usr/bin/amd64file 3a8938b01cf732fc0b4838218d94508fca75e54cchash=d923dfc752598ed149a64c873065fc71cbbf83fbelfarch=i386 elfbits=64 elfhash=aabff399422fb0e74df8ffb4356d7bee97db89a5 group=bin mode=0755 owner=rootpath=usr/bin/amd64/curlpkg.csize=100864 pkg.size=174672
...link path=usr/lib/amd64/libcurl.so target=libcurl.so.4.3.0...depend fmri=library/security/[email protected] type=requiredepend fmri=library/zlib type=requiredepend fmri=web/ca-bundle type=require
![Page 16: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/16.jpg)
Manifests: DependenciesRequire :: the referenced package provides essential functionality; including a version sets a "floor"
Optional :: non-essential, but if installed, must meet version constraint, if any (same as require)
Exclude :: conflicts; may not be installed with this package (these are evil, avoid them)
Incorporate :: like optional, but sets "ceiling" as well as "floor" to the given degree of precision
![Page 17: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/17.jpg)
Manifests: Dependencies
requireoptionalexclude
# any version of foolibrary/foo !# foo >= 2library/foo@2 !# foo >= 2.1library/[email protected]
![Page 18: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/18.jpg)
Manifests: Dependencies
incorporate
# foo 2.x, not 1.x or 3.xlibrary/foo@2 !# foo 2.1.x, not 2.0 or 2.2library/[email protected] !# foo 2.1.2 onlylibrary/[email protected]
![Page 19: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/19.jpg)
Manifests: Dependencies
Packages containing only incorporate dependencies are called "incorporations"!Used to ensure a compatible set of installed software!Used carefully, they can be very handy:!omniti/incorporation/perl-516-incorporation
![Page 20: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/20.jpg)
Manifests: Dependencies$ pkg contents -mr perl-516-incorporationset name=pkg.fmri value=pkg://perl.omniti.com/omniti/incorporation/[email protected] name=pkg.summary value="Constrains omniti/runtime/perl to version 5.16.x"set name=pkg.descr value="Constrains omniti/runtime/perl to version 5.16.x"set name=pkg.human-version value=5.16set name=publisher [email protected] fmri=omniti/runtime/[email protected] type=incorporate
Version of omniti/runtime/perl must be 5.16.x
Module dist pkgs have their own versions, but require the incorporation matching the perl they were built with
![Page 21: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/21.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 22: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/22.jpg)
Publisher
An entity that provides packages
Named for products ("omnios") or domain style ("ms.omniti.com")
One publisher can have multiple URLs
![Page 23: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/23.jpg)
Publisher
$ pkg publisherPUBLISHER TYPE STATUS URIomnios origin online http://pkg.omniti.com/omnios/release/ms.omniti.com origin online http://pkg.omniti.com/omniti-ms/perl.omniti.com origin online http://pkg.omniti.com/omniti-perl/
Publishers are searched in the listed order
List publishers
![Page 24: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/24.jpg)
Publisher
# pkg set-publisher -g http://pkg.omniti.com/omniti-ms/ ms.omniti.comAdd a publisher
Change publisher URL# pkg set-publisher -G <old_url> —g <new_url> <publisher>
# pkg unset-publisher ms.omniti.comRemove a publisher
![Page 25: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/25.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 26: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/26.jpg)
Repository
Location to which packages are published
Can be used locally (file://) or remotely (http://) via pkg.depotd(1M)
Created and managed by pkgrepo(1)
![Page 27: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/27.jpg)
Repository
# pkgrepo get -s /repo/omniti-ms/SECTION PROPERTY VALUEpublisher prefix ms.omniti.comrepository version 4!# pkgrepo info -s /repo/omniti-ms/PUBLISHER PACKAGES STATUS UPDATEDms.omniti.com 602 online 2014-03-23T20:50:49.146202Z
Get repo information
![Page 28: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/28.jpg)
Repository# pkgrepo get -s /repo/omniti-ms/publisher/ms.omniti.com/SECTION PROPERTY VALUEfeed description ""feed icon web/_themes/pkg-block-icon.pngfeed id ""feed logo web/_themes/pkg-block-logo.pngfeed name package\ repository\ feedfeed window 24publisher alias ""publisher prefix ""repository collection_type corerepository description ""repository detailed_url ""repository legal_uris ()repository maintainer ""repository maintainer_url ""repository mirrors ()repository name package\ repositoryrepository origins ()repository refresh_seconds 14400repository registration_uri ""repository related_uris ()repository version 3
Get per-publisher information
![Page 29: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/29.jpg)
Repository
pkg5.repositorypublisher/publisher/ms.omniti.com/publisher/ms.omniti.com/catalogpublisher/ms.omniti.com/catalog/catalog.attrspublisher/ms.omniti.com/catalog/catalog.base.Cpublisher/ms.omniti.com/catalog/catalog.dependency.Cpublisher/ms.omniti.com/catalog/catalog.summary.Cpublisher/ms.omniti.com/catalog/update.20140403T20Z.C
Repository layout
![Page 30: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/30.jpg)
Repository
publisher/ms.omniti.com/filepublisher/ms.omniti.com/file/23publisher/ms.omniti.com/file/23/2394829fbd7dfffdcccf3108492fd439b5b39235publisher/ms.omniti.com/file/5epublisher/ms.omniti.com/file/5e/5edd8900fe90576085fe13062568c633c9ad6b8fpublisher/ms.omniti.com/file/86publisher/ms.omniti.com/file/86/8624bcdae55baeef00cd11d5dfcfa60f68710a02publisher/ms.omniti.com/file/ffpublisher/ms.omniti.com/file/ff/ff26358690ff2fbe7d1b6171ab680eb40bc2ee64
Repository layout
![Page 31: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/31.jpg)
Repository
publisher/ms.omniti.com/indexpublisher/ms.omniti.com/pkgpublisher/ms.omniti.com/pkg/omniti%2Fsystem%2Fmbufferpublisher/ms.omniti.com/pkg/omniti%2Fsystem%2Fmbuffer/ 20130220%2C5.11-0.151006%3A20130619T143708Zpublisher/ms.omniti.com/tmppublisher/ms.omniti.com/tmp/lockpublisher/ms.omniti.com/trans
Repository layout
![Page 32: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/32.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 33: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/33.jpg)
Image
Location where packages can be installed
May be rooted at arbitrary point in the filesystem tree
Default image rooted at '/'
Has properties that govern policy; see pkg(1)
![Page 34: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/34.jpg)
Image
$ pkg propertyPROPERTY VALUEbe-policy defaultca-path /etc/ssl/certscheck-certificate-revocation Falseflush-content-cache-on-success Truemirror-discovery Falsepreferred-authority publisher-search-order ['omnios', 'ms.omniti.com', 'circonus']send-uuid Truesignature-policy verifysignature-required-names []trust-anchor-directory etc/ssl/certsuse-system-repo False
Image properties
![Page 35: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/35.jpg)
IPS Concepts
FMRI :: Fault Managed Resource Identifier
Manifest :: describes a specific version of a package
Publisher :: entity that provides one or more packages
Repository :: location for publishing and retrieving pkgs
Image :: location where packages may be installed
Boot Environment :: (BE) bootable instance of an image
![Page 36: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/36.jpg)
Boot EnvironmentBootable instance of an image
Integrated with ZFS
Can be auto-created according to image policy
Can be manually created
Created and managed by beadm(1M)
![Page 37: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/37.jpg)
Boot Environment$ beadm listBE Active Mountpoint Space Policy Createdomnios - - 6.76M static 2012-08-13 21:02omnios-backup-1 - - 6.33M static 2012-09-11 17:00omnios-backup-2 - - 210K static 2012-10-29 18:01omnios-r151004 - - 7.06M static 2012-11-02 18:36omnios-r151004-1 - - 63.0K static 2012-12-18 15:17omnios-r151004-backup-1 - - 62.0K static 2012-12-18 15:44omnios-r151004-backup-2 - - 87.0K static 2013-03-21 18:39omnios-r151006 NR / 4.96G static 2014-04-03 14:12
![Page 38: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/38.jpg)
IPS Concepts
OK got it. Now, how do I actually do stuff?
![Page 39: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/39.jpg)
Use Cases
Install
Update
List/Info
Inventory
Search
Audit
![Page 40: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/40.jpg)
Use Cases: Install
# dry run, verbose pkg install -nv foo !# latest pkg install foo !# latest available 2.x pkg install foo@2 !# exact version pkg install [email protected]
When "foo" is not installed
![Page 41: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/41.jpg)
Use Cases: Update
# dry run, verbose pkg update -nv foo !# latest available pkg update foo !# stay within 2.x line pkg update foo@2 !# downgrade pkg update [email protected]
Assuming "foo 2.1" is installed
![Page 42: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/42.jpg)
Use Cases: List/Info# all installed packages pkg list !# list installed packages matching "foo" pkg list foo !# list all known versions of foo, installed or not pkg list -fav foo !# detailed information pkg info foo !# same, but remote pkg info -r foo
![Page 43: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/43.jpg)
Use Cases: Inventory# file/directory paths only pkg contents foo !# raw manifest pkg contents -m foo !# same, but remote pkg contents -mr foo !# list deps pkg contents -t depend -o fmri
![Page 44: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/44.jpg)
Use Cases: Search
Powerful due to package metadata
Local or remote
Expressive grammar
Results sometimes non-obvious
![Page 45: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/45.jpg)
Use Cases: Searchpkg_name : action_type : key : token
pkg_name :: the value of pkg.fmri
action_type :: file, dir, link, depend, set, etc.
key :: attribute name within the selected action
token :: attribute value, i.e., "what you're searching for"
![Page 46: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/46.jpg)
Use Cases: Searchpkg_name : action_type : key : token
Blank fields implicitly wild-carded
Simple globbing permitted for pkg_name, token
Leading colons optional
`pkg search tmux` is effectively: `pkg search ':::tmux'`
To have success, understand what you're looking for
![Page 47: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/47.jpg)
Use Cases: Search# 'tmux' as any value pkg search tmuxINDEX ACTION VALUE PACKAGEbasename file usr/bin/tmux pkg:/terminal/[email protected] file usr/bin/tmux pkg:/terminal/[email protected] file usr/bin/tmux pkg:/terminal/[email protected] set omnios/terminal/tmux pkg:/terminal/[email protected] set omnios/terminal/tmux pkg:/terminal/[email protected] set omnios/terminal/tmux pkg:/terminal/[email protected]
![Page 48: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/48.jpg)
Use Cases: Search# same as before, but show only pkg name pkg search -p tmuxPACKAGE PUBLISHERpkg:/terminal/[email protected] omniospkg:/terminal/[email protected] omniospkg:/terminal/[email protected] omnios
![Page 49: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/49.jpg)
Use Cases: Search
$ pkg search 'dir::pgsql*'INDEX ACTION VALUE PACKAGE...basename dir opt/pgsql925 pkg:/omniti/database/postgresql-925/[email protected]...
results from this manifest entry:dir group=bin mode=0755 owner=root path=opt/pgsql925
This answer:
![Page 50: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/50.jpg)
Use Cases: Search
$ pkg search -o pkg.name 'file:path:*perl*.so'PKG.NAMEomniti/perl/db_fileomniti/perl/b-callcheckeromniti/perl/bsd-resourceomniti/perl/clone...
Packages that deliver perl .so files
![Page 51: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/51.jpg)
Use Cases: Search
$ pkg search -H -o pkg.name 'depend::web/curl'developer/versioning/gitdeveloper/versioning/mercurialentireincorporation/jeos/omnios-userland
Reverse dependencies
$ pkg search -o pkg.fmri,fmri '*-0.151006:depend:incorporate:web/curl'PKG.FMRI FMRIpkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20130506T214442Z web/curl@7,5.11-0.151006pkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20130716T202721Z web/curl@7,5.11-0.151006pkg:/incorporation/jeos/omnios-userland@11,5.11-0.151006:20131030T205312Z web/curl@7,5.11-0.151006
What r151006 packages incorporate on curl, and at what version?
![Page 52: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/52.jpg)
Use Cases: Audit# check installed state of all pkgs pkg verify !# check state of a single package pkg verify <pkg> !# repair installed state of a package pkg fix <pkg>
![Page 53: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/53.jpg)
Use Cases: Audit# pkg verify -v curlPACKAGE STATUS pkg://omnios/web/curl OK!# rm /usr/share/man/man3/libcurl.3!# pkg verify -v curlPACKAGE STATUS pkg://omnios/web/curl ERROR file: usr/share/man/man3/libcurl.3 Missing: regular file does not exist
![Page 54: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/54.jpg)
Use Cases: Audit# pkg fix curlVerifying: pkg://omnios/web/curl ERROR file: usr/share/man/man3/libcurl.3 Missing: regular file does not existCreated ZFS snapshot: 2013-10-16-02:07:42Repairing: pkg://omnios/web/curl !DOWNLOAD PKGS FILES XFER (MB)Completed 1/1 1/1 0.0/0.0!PHASE ACTIONSUpdate Phase 1/1!PHASE ITEMSImage State Update Phase 2/2
![Page 55: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/55.jpg)
Creating IPS Packages
Build software however you wish
Place build product in a proto area
Create manifest
Publish to a repo
IPS does not impose a build framework (think rpmbuild, debuild)
![Page 56: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/56.jpg)
Creating IPS Packages
1. `pkgsend generate /path/to/proto > /tmp/manifest.p5m`
2. Add FMRI, any other 'set' actions to manifest.p5m
3. `pkgsend publish -s <repo_url> -d /path/to/proto \ /tmp/manifest.p5m`
pkgsend(1) creates manifests and publishes packages
![Page 57: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/57.jpg)
Creating IPS Packages
Adding the 'set' stuff is tedious
May want to make other changes/additions to manifest
This needs to be automated!
Use pkgmogrify(1)
![Page 58: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/58.jpg)
Creating IPS Packagespkgmogrify(1)
Programmatic transformations of manifest contents
Macro replacements
Include other manifests or manifest fragments
Transformation of actions
By convention, we store these directives in a .mog file beside our build scripts
![Page 59: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/59.jpg)
Creating IPS Packagesgroup gid=90 groupname=postgresuser ftpuser=false gcos-field="PostgreSQL Reserved UID" group=postgres login-shell=/usr/bin/pfksh password=NP uid=90 username=postgres home-dir=/home/postgreslicense COPYING license=GPLv2
pkgmogrify: Add actions
![Page 60: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/60.jpg)
Creating IPS Packages<transform dir path=opt/riak/data.* -> set owner riak>!<transform dir path=opt/riak/data.* -> set group riak>!<transform file path=opt/riak/etc/.*\.args -> set mode 0644>!<transform file path=opt/apache22/libexec/amd64/libphp5.so -> edit path libphp5.so libphp5.53.so>!<transform file path=opt/elasticsearch/config/elasticsearch.yml -> set preserve true>!<transform file path=opt/omni/lib/ruby/gems/1.9/cache.* -> drop>!<transform file path=(var|lib)/svc/manifest/.*\.xml -> add restart_fmri svc:/system/manifest-import:default>
pkgmogrify: Transform actions
![Page 61: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/61.jpg)
Creating IPS PackagesTangent: renaming
pkg:/network/iftoppkg:/omniti/network/iftop
Forgot to follow naming convention
Also useful if upstream name changes
Users may have installed it, can't just abandon it
![Page 62: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/62.jpg)
Tangent: renaming
Solution: publish a "rename package"
Transitional package that allows update to new name
Creating IPS Packages
set name=pkg.fmri value=pkg://ms.omniti.com/network/[email protected],5.11-0.151006:20130816T191418Zset name=pkg.renamed value=trueset name=variant.opensolaris.zone value=global value=nonglobaldepend fmri=pkg://ms.omniti.com/omniti/network/iftop type=require
![Page 63: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/63.jpg)
Creating IPS Packages# pkgrepo create /data/myrepo# pkgrepo set -s /data/myrepo publisher/prefix=myrepo.example.com
Create a repo with pkgrepo(1)
May now use file:///data/myrepo to publish packages
publisher/prefix sets the default publisher name
![Page 64: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/64.jpg)
Creating IPS Packages$ pkgrecv -s http://pkg.omniti.com/omnios/release/ -d web_curl.p5a -a web/curlRetrieving packages for publisher omnios ...Retrieving and evaluating 1 package(s)... DOWNLOAD PKGS FILES XFER (MB)Completed 1/1 88/88 1.3/1.3!!ARCHIVE FILES STORE (MB)web_curl.p5a 158/158 1.5/1.5!$ scp web_curl.p5a me@my-other-box:
Create an archive with pkgrecv(1)
# pkg install -g web_curl.p5a web/curl
![Page 65: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/65.jpg)
Signing IPS Packages
pkgsign(1) updates the manifest in place on the repo
Adds the 'signature' action
Validates the manifest, which in turn validates its content
Signed package retains original timestamp
![Page 66: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/66.jpg)
Signing IPS Packagessignature <hash of certificate> \ algorithm=<signature algorithm> \ value=<signature value> \ chain="<hashes of certs needed to validate primary certificate>" \ version=<pkg version of signature>
Payload & chain :: hashes of certs downloadable from originating repo
Value :: signed hash of manifest's message text
Algorithm :: hash algorithm used, default is rsa-sha256
Version :: pkg(5) version of the signature action
![Page 67: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/67.jpg)
Signing IPS PackagesFirst, publish the unsigned package(s); then:# pkgsign \ -c /path/to/signing.crt \ -k /path/to/signing.key \ -s <repo_url> \ <fmri_list>
Multiple signatures (even from different entities) will not interfere with each other
Allows different entities to indicate acceptance during publication process (e.g., dev/QA/release)
![Page 68: IPS: Image Packaging System](https://reader033.fdocuments.in/reader033/viewer/2022061218/54b746e84a795950768b4617/html5/thumbnails/68.jpg)
Questions?Further reading
Man pages: pkg(5), pkg(1), pkgsend(1), pkgrecv(1), pkgmogrify(1), pkgrepo(1)
http://omnios.omniti.com/wiki.php/GeneralAdministration#PackageManagement
http://omnios.omniti.com/media/ipsdevguide.pdf
http://web.archive.org/web/20100105071515/http://blogs.sun.com/sch/entry/pkg_1_a_no_scripting