Use the pkg verify command to validate the installation of packages in the image. If the current signature policy for related publishers is not ignore, the signatures of each package are validated based on policy. See Image Properties for Signed Packages for an explanation of how signature policies are applied. Verification of installed package content is based on a custom content analysis that might return different results than those of other programs.
If you do not provide a package name, all installed packages are examined. The -v option provides informational messages, at least one line for each installed package. The following example shows only a small sample of output. The installation of the pkg/depot package has an error.
$ pkg verify -v PACKAGE STATUS pkg://solaris/archiver/gnu-tar OK pkg://solaris/audio/audio-utilities OK pkg://solaris/benchmark/x11perf OK ... pkg://solaris/package/pkg/depot ERROR dir: var/cache/pkg/depot Group: 'pkg5srv (97)' should be 'bin (2)' file: var/log/pkg/depot/access_log editable file has been changed file: var/log/pkg/depot/error_log editable file has been changed ... pkg://solaris/security/sudo OK file: etc/sudoers editable file has been changed ... pkg://solaris/x11/xlock OK pkg://solaris/x11/xmag OK pkg://solaris/x11/xvidtune OK
Use the pkg fix command to fix package errors that are reported by the pkg verify command.
The pkg verify output shows that components of the installed sudo package are different from the packaged components but these differences are not reported as validation errors. The pkg fix makes no changes. The /etc/sudoers file is not replaced.
$ pkg fix pkg://solaris/security/sudo No repairs for this image.
If you remove the /etc/sudoers file, the package fails validation and pkg fix replaces the file.
$ pkg fix pkg://solaris/security/sudo Verifying: pkg://solaris/security/sudo ERROR file: etc/sudoers Missing: regular file does not exist Created ZFS snapshot: 2014-03-13-22:05:42 Repairing: pkg://solaris/security/sudo Creating Plan (Evaluating mediators): DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 1/1 1/1 0.0/0.0 990B/s PHASE ITEMS Updating modified actions 1/1 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done
Only the missing file is replaced, as noted by the one file downloaded and one action (the file action) modified. Other sudo package content was not touched. The operation saved a snapshot of the current installation before performing the repair. See the “Created ZFS snapshot” line in the pkg fix output. The repair was performed in the current image.
$ zfs list -r rpool/ROOT/s11 NAME USED AVAIL REFER MOUNTPOINT rpool/ROOT/s11 16.3G 22.5G 26.1G / rpool/ROOT/s11@2014-03-13-23:52:19 249M - 26.1G -
The pkg verify output shows an error in ownership of a directory in the installed pkg/depot package. The pkg fix output shows only the error in the “Verifying” section. The other differences with the packaged components are not shown.
$ ls -ld /var/cache/pkg/depot drwxr-xr-x 3 pkg5srv pkg5srv 3 Dec 2 19:47 /var/cache/pkg/depot/ $ pkg fix pkg://solaris/package/pkg/depot Verifying: pkg://solaris/package/pkg/depot ERROR dir: var/cache/pkg/depot Group: 'pkg5srv (97)' should be 'bin (2)' Created ZFS snapshot: 2014-03-13-22:18:52 Repairing: pkg://solaris/package/pkg/depot Creating Plan (Evaluating mediators): PHASE ITEMS Updating modified actions 1/1 Updating package state database Done Updating package cache 0/0 Updating image state Done Creating fast lookup database Done
The following output shows that only the error has been fixed. The other differences between installed and packaged components remain.
$ ls -ld /var/cache/pkg/depot drwxr-xr-x 3 pkg5srv bin 3 Dec 2 19:47 /var/cache/pkg/depot/ $ pkg verify -v pkg://solaris/package/pkg/depot PACKAGE STATUS pkg://solaris/package/pkg/depot OK file: var/log/pkg/depot/access_log editable file has been changed file: var/log/pkg/depot/error_log editable file has been changed