pakiti-client man page

pakiti-client — report the list of installed packages to a collecting server


pakiti-client [Options]


pakiti-client finds the list of installed packages (i.e. "rpm -qa" on an RPM-based system) and formats it in a report that it sends (using a POST request) to a collecting server (see the --url option) and/or writes to a file (see the --output option).

In addition to the list of installed packages, the report also contains information about the submitting machine:

If a certificate (see the --encrypt option) is given then the report will be S/MIME encrypted before transmission. For reference, the exact command used to encrypt the report is:

  $ openssl smime -encrypt -binary -aes-256-cbc -outform DER

The recommended way to use this program is daily via "cron", for instance with (using bash):

  # echo "MAILTO=somebody@some.where" > /etc/cron.d/pakiti-client
  # echo "$((RANDOM % 60)) $((RANDOM % 24)) * * * nobody pakiti-client \
    --config /etc/pakiti-client.cfg" >> /etc/cron.d/pakiti-client


--config, --conf PATH

use this configuration file before processing the command line parameters

--curl PATH

set the path of the "curl" command to use

--debug, -d

enable debug mode

--dpkg-query PATH

set the path of the "dpkg-query" command to use

--encrypt PATH|STRING

use this certificate to encrypt the report; the value can either be the path of the file containing the certificate or the certificate itself as multi-line ASCII armored contents

--expect STRING

set the response string to expect from the server in case of success (default: "OK")

--help, -h, -?

show some help

--host STRING

set the host name to use in the report

--hostname PATH

set the path of the "hostname" command to use

--input, -i PATH

do not prepare a new report but, instead, read the report from the given file

--lsb_release PATH

set the path of the "lsb_release" command to use

--manual, -m

show this manual

--mode STRING

the mode that determines how the report should be processed by the server. The following modes are supported: 'store-only', 'report-only', 'store-and-report'.


do not include the protocol version in the message sent to the server.

--openssl PATH

set the path of the "openssl" command to use

--output, -o PATH

write the prepared report to the given file

--pkg PATH

set the path of the "pkg" command to use

--rndsleep, -r NUMBER

sleep for a random amount of seconds, up to the given number (useful when pakiti-client is invoked by "cron")

--rpm PATH

set the path of the "rpm" command to use

--site NAME

set the site name to use in the report

--tag STRING

set the tag used by the collecting server to group reports

--uname PATH

set the path of the "uname" command to use

--url URL

send the prepared report to the collecting server at the given URL

--wget PATH

set the path of the "wget" command to use

Configuration File

pakiti-client can read its options from a configuration file (see the --config option).

The file can contain empty lines, comments (lines starting with "#") or option settings either on one line or using the "heredoc" syntax. For instance:

  # this is my pakiti-client configuration
  url =
  encrypt = <<EOT

The options specified on the command line have precedence over the ones found in the configuration file.

Report Format

The generated report is made of a header (containing information about the submitting machine) and a body (containing the list of installed packages).

The report is in text format and is made of lines, all ending with the newline character (0x0A). The report contains in order:

A separator line only contains the hash character (0x23), followed by the newline character (just like any other line).

A header line contains the header name (such as "host"), a colon character (0x3A), a space character (0x20) and the header value. See the "Description" section for the list of all possible header names.

A package line contains the package name, a tab character (0x09), the package full version, another tab and the package architecture. For "rpm" based systems, the full version is in fact EPOCH:VERSION:RELEASE.


Lionel Cons <>


2017-10-31 pakiti v3 System Manager's Manual