Use the pkg verify command to validate the installation of packages in the image. If the current signature policy for related publishers is not ignore, the signatures of each package are validated based on policy. See Image Properties for Signed Packages for an explanation of how signature policies are applied. Verification of installed package content is based on a custom content analysis that might return different results than those of other programs.
If you do not provide a package name, all installed packages are examined. The -v option provides informational messages, at least one line for each installed package. The following example shows only a small sample of output. The installation of the pkg/depot package has an error.
$ pkg verify -v
PACKAGE STATUS
pkg://solaris/archiver/gnu-tar OK
pkg://solaris/audio/audio-utilities OK
pkg://solaris/benchmark/x11perf OK
...
pkg://solaris/package/pkg/depot ERROR
dir: var/cache/pkg/depot
Group: 'pkg5srv (97)' should be 'bin (2)'
file: var/log/pkg/depot/access_log
editable file has been changed
file: var/log/pkg/depot/error_log
editable file has been changed
...
pkg://solaris/security/sudo OK
file: etc/sudoers
editable file has been changed
...
pkg://solaris/x11/xlock OK
pkg://solaris/x11/xmag OK
pkg://solaris/x11/xvidtune OK
Use the pkg fix command to fix package errors that are reported by the pkg verify command.
The pkg verify output shows that components of the installed sudo package are different from the packaged components but these differences are not reported as validation errors. The pkg fix makes no changes. The /etc/sudoers file is not replaced.
$ pkg fix pkg://solaris/security/sudo No repairs for this image.
If you remove the /etc/sudoers file, the package fails validation and pkg fix replaces the file.
$ pkg fix pkg://solaris/security/sudo
Verifying: pkg://solaris/security/sudo ERROR
file: etc/sudoers
Missing: regular file does not exist
Created ZFS snapshot: 2014-03-13-22:05:42
Repairing: pkg://solaris/security/sudo
Creating Plan (Evaluating mediators):
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 1/1 0.0/0.0 990B/s
PHASE ITEMS
Updating modified actions 1/1
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
Only the missing file is replaced, as noted by the one file downloaded and one action (the file action) modified. Other sudo package content was not touched. The operation saved a snapshot of the current installation before performing the repair. See the “Created ZFS snapshot” line in the pkg fix output. The repair was performed in the current image.
$ zfs list -r rpool/ROOT/s11 NAME USED AVAIL REFER MOUNTPOINT rpool/ROOT/s11 16.3G 22.5G 26.1G / rpool/ROOT/s11@2014-03-13-23:52:19 249M - 26.1G -
The pkg verify output shows an error in ownership of a directory in the installed pkg/depot package. The pkg fix output shows only the error in the “Verifying” section. The other differences with the packaged components are not shown.
$ ls -ld /var/cache/pkg/depot
drwxr-xr-x 3 pkg5srv pkg5srv 3 Dec 2 19:47 /var/cache/pkg/depot/
$ pkg fix pkg://solaris/package/pkg/depot
Verifying: pkg://solaris/package/pkg/depot ERROR
dir: var/cache/pkg/depot
Group: 'pkg5srv (97)' should be 'bin (2)'
Created ZFS snapshot: 2014-03-13-22:18:52
Repairing: pkg://solaris/package/pkg/depot
Creating Plan (Evaluating mediators):
PHASE ITEMS
Updating modified actions 1/1
Updating package state database Done
Updating package cache 0/0
Updating image state Done
Creating fast lookup database Done
The following output shows that only the error has been fixed. The other differences between installed and packaged components remain.
$ ls -ld /var/cache/pkg/depot
drwxr-xr-x 3 pkg5srv bin 3 Dec 2 19:47 /var/cache/pkg/depot/
$ pkg verify -v pkg://solaris/package/pkg/depot
PACKAGE STATUS
pkg://solaris/package/pkg/depot OK
file: var/log/pkg/depot/access_log
editable file has been changed
file: var/log/pkg/depot/error_log
editable file has been changed