HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > Chapter 3 Secure Delivery

PCSI and Secure Delivery

 » Table of Contents

 » Glossary

 » Index

The POLYCENTER Software Installation utility (PCSI) is a software installation and management tool for OpenVMS systems. It can package, install, remove, and manage software products. It can also save information about software products such as system requirements and installation options.

Beginning in OpenVMS Version 8.3, PCSI checks for the existence of a manifest for kits that are being installed. If a manifest is not found, PCSI issues a warning and asks whether or not to proceed. If a manifest is found but does not match the kit, the installation is ended. The PCSI database contains an indication as to whether a kit used Secure Delivery on installation. For more information, see “PCSI History File (Product Database)”.

The PCSI utility validates kits (when a manifest is present in the source directory) for the following commands:

PRODUCT CONFIGURE
PRODUCT COPY
PRODUCT EXTRACT {FILE | PDF | PTF | RELEASE_NOTES}
PRODUCT INSTALL
PRODUCT LIST
PRODUCT RECONFIGURE
PRODUCT REGISTER PRODUCT

In OpenVMS Version 8.3, kit validation checking can be turned off by specifying the /OPTIONS=NOVALIDATE_KIT qualifier to the PRODUCT command.

For more information about PCSI, see the System Management Utilities Reference Manual: M-Z and the POLYCENTER Software Installation Utility Developer's Guide.

Examples 3-1, 3-2, 3-3. and 3-4 show validation output from the PRODUCT INSTALL command.

Example 3-1 Valid Manifest

$ PRODUCT INSTALL *

Performing product kit validation ...

%PCSI-I-VALPASSED, validation of HP-I64VMS-TEST_THIS-0100--1.PCSI$COMPRESSED;1 succeeded
%PCSI-I-VALPASSED, validation of HP-I64VMS-TEST_THAT-0200--1.PCSI$COMPRESSED;1 succeeded

The following products have been selected:

HP-I64VMS-TEST_THIS V1.0 Layered Product
HP-I64VMS-TEST_THAT V2.0 Layered Product

Do you want to continue? [YES]

Example 3-2 Unsigned Kit

$ PRODUCT INSTALL *

%PCSI-I-CANNOTVAL, cannot validate HP-I64VMS-COBOL-0100--1.PCSI;1
-PCSI-I-NOTSIGNED, product kit was created without an associated manifest
%PCSI-I-CANNOTVAL, cannot validate HP-I64VMS-FORTRAN-0200--1.PCSI$COMPRESSED;1
-PCSI-I-NOTSIGNED, product kit was created without an associated manifest

The following products have been selected:

HP-I64VMS-COBOL V1.0 Layered Product
HP-I64VMS-FORTRAN V2.0 Layered Product

Do you want to continue? [YES]

Example 3-3 Missing Manifest

$ PRODUCT INSTALL TEST
...
%PCSI-W-NOVALDONE, cannot validate HP-I64VMS-TEST-0100--1.PCSI$COMPRESSED;1
-PCSI-W-NOMANFILE, associated manifest file was not found in source directory

Do you want to continue? [NO]

Example 3-4 Invalid Manifest

$ PRODUCT INSTALL TEST

Performing product kit validation ...
%PCSI-E-VALFAILED, validation of PCSIBX$DKA0:[KRYCKA.SD]HP-I64VMS-TEST-0100--1.PCSI$COMPRESSED;1 failed
-PCSI-E-CDSA_TEXT, CSSM_ERRCODE_MODULE_MANIFEST_VERIFY_FAILED:
Modules manifest verification failed
%PCSI-E-S-OPFAIL, operation failed
%PCSIUI-E-ABORT, operation terminated due to an unrecoverable error condition
$

PCSI History File (Product Database)

The product database, or history file, is a set of binary files located in SYS$SYSDEVICE:[VMS$COMMON] with a .PCSI$DATABASE file extension.

The history file is the single source of information about operations performed on products that use PCSI. This information includes a history of operations performed, which products are installed, which files and other managed objects are owned by each product, software dependencies among products, and so forth.

The PCSI history file uses the following codes relating to Secure Delivery:

Val 

Kit passed validation

Sys 

Kit installed from Operating System media

(U) 

Unsigned kit, not validated

(M) 

Kit marked as signed, but no manifest found

(D) 

Validation disabled by user

(C) 

CDSA not loaded, unable to validate

Example 3-4 shows a partial output of a PCSI history file.

Example 3-5 PCSI History File (Partial Output)

PRODUCT                            KITTYPE Operation VAL   DATE
---------------------------------- ------- -------- --- -----------
HP I64VMS C S7.1-13 Full LP Install (U) 03-NOV-2005
HP I64VMS CDSA T2.2-117 Full LP Install Val 25-OCT-2005
HP I64VMS DECNET_PHASE_IV V8.3-B1B Full LP Install Val 25-OCT-2005
HP I64VMS DWMOTIF_SUPPORT V8.3-B1B Full LP Install Val 25-OCT-2005
HP I64VMS OPENVMS V8.3-B1B Platform Install Val 25-OCT-2005
HP I64VMS VMS V8.3-B1B Oper Sys Install Sys 25-OCT-2005
HP I64VMS CDSA V2.1-355 Full LP Remove - 25-OCT-2005
HP I64VMS DECNET_PHASE_IV V8.3-AX0 Full LP Remove - 25-OCT-2005
HP I64VMS DWMOTIF_SUPPORT V8.3-AX0 Full LP Remove - 25-OCT-2005
HP I64VMS OPENVMS V8.3-AX0 Platform Remove - 25-OCT-2005
HP I64VMS VMS V8.3-AX0 Oper Sys Remove - 25-OCT-2005
HP I64VMS BLISSI64 V1.12-67 Full LP Install (U) 08-AUG-2005
...
HP I64VMS TCPIP V5.5-11 Full LP Install 17-MAY-2005
HP I64VMS TDC_RT V2.1-69 Full LP Install 17-MAY-2005
HP I64VMS VMS V8.2 Oper Sys Install 17-MAY-2005
---------------------------------- -------- ------- --- -----------