A constraint package specifies which versions of packages can be installed. These version constraints help keep the system in a supportable state across updates. See Constraint Packages for more information about constraint packages and version constraints.
Some packages that are incorporate dependencies might be safe to downgrade or upgrade at a version different from the version specified by the incorporate dependency of the constraint package. The version constraint is expressed by a version-lock.package facet tag specified on the depend action in the constraint package. The default value of the version-lock.package facet property is true. To relax the version constraint on a package, set the value of its version-lock. facet to false.
In the following example, you want to downgrade to an earlier version of a package. The pkg update command downgrades as well as upgrades packages.
$ pkg list -af library/security/openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 18.104.22.168-0.175.2.0.0.24.0 i-- library/security/openssl 22.214.171.124-0.175.2.0.0.23.0 --- $ pkg update email@example.com Creating Plan (Solver setup): pkg update: No matching version of library/security/openssl can be installed: Reject: pkg://firstname.lastname@example.org,5.11-0.175.2.0.0.23.0:20130916T191702Z Reason: This version is excluded by installed incorporation pkg://email@example.com,5.11-0.175.2.0.0.24.0:20131001T160408Z
The pkg contents command shows how this version constraint is set. To relax the version constraint on this package, set its version-lock facet to false. Then try the downgrade again. Notice that a new BE is not created, but a backup BE is created. See Boot Environment Policy Image Properties for information about when BEs are created.
$ pkg contents -m userland-incorporation | grep 'library/security/openssl' depend facet.version-lock.library/security/openssl=true fmri=pkg:/firstname.lastname@example.org type=incorporate $ pkg change-facet facet.version-lock.library/security/openssl=false Packages to update: 850 Variants/Facets to change: 1 Create boot environment: No Create backup boot environment: Yes PHASE ITEMS Removing old actions 1/1 Updating image state Done Creating fast lookup database Done Reading search index Done Building new search index 850/850 $ pkg update email@example.com Packages to update: 1 Create boot environment: No Create backup boot environment: Yes DOWNLOAD PKGS FILES XFER (MB) SPEED Completed 1/1 10/10 1.6/1.6 0B/s PHASE ITEMS Removing old actions 3/3 Installing new actions 3/3 Updating modified actions 14/14 Updating package state database Done Updating package cache 1/1 Updating image state Done Creating fast lookup database Done Reading search index Done Updating search index 1/1 $ pkg list library/security/openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 126.96.36.199-0.175.2.0.0.23.0 i--
To prevent this package from being downgraded or upgraded, freeze the package at the current version. The f in the package listing indicates that the package is frozen.
$ pkg freeze -c "Downgrade to avoid bug" library/security/openssl library/security/openssl was frozen at 188.8.131.52,5.11-0.175.2.0.0.23.0:20130916T191702Z $ pkg list library/security/openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 184.108.40.206-0.175.2.0.0.23.0 if-
To re-enable downgrade or upgrade, use the pkg unfreeze command to remove the version freeze. If the package is installed at a version lower than the version specified in the constraint package, setting the version-lock facet for this package to true installs the version specified in the constraint package.
If other installed packages have require dependency relationships with the package that you want to downgrade or upgrade, you might need to also relax version constraints on those related packages. In the following example, version constraints have been lifted on the hexedit package but installation is rejected because of version constraints on the system/library package.
$ pkg install firstname.lastname@example.org Creating Plan (Solver setup): pkg install: No matching version of editor/hexedit can be installed: Reject: pkg://email@example.com:20131014T170634Z Reason: All versions matching 'require' dependency pkg:/firstname.lastname@example.org,5.11-0.175.2.0.0.24.0 are rejected Reject: pkg://email@example.com,5.11-0.175.2.0.0.24.0:20131001T152820Z pkg://firstname.lastname@example.org,5.11-0.175.2.0.0.25.0:20131014T161136Z Reason: This version is excluded by installed incorporation pkg://email@example.com,5.11-0.175.2.0.0.24.0:20131001T150429Z
In addition to individual component packages, you can also relax version constraints on constraint packages. In this case, setting the version-lock facet to false enables you to unlock the constraint package from the rest of the system. Though the constraint package is unlocked, its incorporate dependency packages continue to be synchronized.