A constraint package specifies which versions of packages can be installed. These version constraints help keep the system in a supportable state across updates. See Constraint Packages for more information about constraint packages and version constraints.
Some packages that are incorporate dependencies might be safe to downgrade or upgrade at a version different from the version specified by the incorporate dependency of the constraint package. The version constraint is expressed by a version-lock.package facet tag specified on the depend action in the constraint package. The default value of the version-lock.package facet property is true. To relax the version constraint on a package, set the value of its version-lock. facet to false.
In the following example, you want to downgrade to an earlier version of a package. The pkg update command downgrades as well as upgrades packages.
$ pkg list -af library/security/openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 1.0.1.5-0.175.2.0.0.24.0 i-- library/security/openssl 1.0.1.5-0.175.2.0.0.23.0 --- $ pkg update library/security/openssl@1.0.1.5-0.175.2.0.0.23.0 Creating Plan (Solver setup): pkg update: No matching version of library/security/openssl can be installed: Reject: pkg://solaris/library/security/openssl@1.0.1.5,5.11-0.175.2.0.0.23.0:20130916T191702Z Reason: This version is excluded by installed incorporation pkg://solaris/consolidation/userland/userland-incorporation@0.5.11,5.11-0.175.2.0.0.24.0:20131001T160408Z
The pkg contents command shows how this version constraint is set. To relax the version constraint on this package, set its version-lock facet to false. Then try the downgrade again. Notice that a new BE is not created, but a backup BE is created. See Boot Environment Policy Image Properties for information about when BEs are created.
$ pkg contents -m userland-incorporation | grep 'library/security/openssl'
depend facet.version-lock.library/security/openssl=true
fmri=pkg:/library/security/openssl@1.0.1.5-0.175.2.0.0.24.0 type=incorporate
$ pkg change-facet facet.version-lock.library/security/openssl=false
Packages to update: 850
Variants/Facets to change: 1
Create boot environment: No
Create backup boot environment: Yes
PHASE ITEMS
Removing old actions 1/1
Updating image state Done
Creating fast lookup database Done
Reading search index Done
Building new search index 850/850
$ pkg update library/security/openssl@1.0.1.5-0.175.2.0.0.23.0
Packages to update: 1
Create boot environment: No
Create backup boot environment: Yes
DOWNLOAD PKGS FILES XFER (MB) SPEED
Completed 1/1 10/10 1.6/1.6 0B/s
PHASE ITEMS
Removing old actions 3/3
Installing new actions 3/3
Updating modified actions 14/14
Updating package state database Done
Updating package cache 1/1
Updating image state Done
Creating fast lookup database Done
Reading search index Done
Updating search index 1/1
$ pkg list library/security/openssl
NAME (PUBLISHER) VERSION IFO
library/security/openssl 1.0.1.5-0.175.2.0.0.23.0 i--To prevent this package from being downgraded or upgraded, freeze the package at the current version. The “f” in the package listing indicates that the package is frozen.
$ pkg freeze -c "Downgrade to avoid bug" library/security/openssl library/security/openssl was frozen at 1.0.1.5,5.11-0.175.2.0.0.23.0:20130916T191702Z $ pkg list library/security/openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 1.0.1.5-0.175.2.0.0.23.0 if-
To re-enable downgrade or upgrade, use the pkg unfreeze command to remove the version freeze. If the package is installed at a version lower than the version specified in the constraint package, setting the version-lock facet for this package to true installs the version specified in the constraint package.
If other installed packages have require dependency relationships with the package that you want to downgrade or upgrade, you might need to also relax version constraints on those related packages. In the following example, version constraints have been lifted on the hexedit package but installation is rejected because of version constraints on the system/library package.
$ pkg install editor/hexedit@1.2.12-0.175.2.0.0.25.0
Creating Plan (Solver setup):
pkg install: No matching version of editor/hexedit can be installed:
Reject: pkg://solaris/editor/hexedit@1.2.12-0.175.2.0.0.25.0:20131014T170634Z
Reason: All versions matching 'require' dependency
pkg:/system/library@0.5.11,5.11-0.175.2.0.0.24.0 are rejected
Reject: pkg://solaris/system/library@0.5.11,5.11-0.175.2.0.0.24.0:20131001T152820Z
pkg://solaris/system/library@0.5.11,5.11-0.175.2.0.0.25.0:20131014T161136Z
Reason: This version is excluded by installed incorporation
pkg://solaris/consolidation/osnet/osnet-incorporation@0.5.11,5.11-0.175.2.0.0.24.0:20131001T150429Z
In addition to individual component packages, you can also relax version constraints on constraint packages. In this case, setting the version-lock facet to false enables you to unlock the constraint package from the rest of the system. Though the constraint package is unlocked, its incorporate dependency packages continue to be synchronized.