Locking Packages to a Specified Version
Use the pkg freeze
command to constrain a package version.
If no version is provided in the package operand, the named package must be installed and is constrained to the version installed on the system. If a version is provided in the package operand, then this constraint, or freeze, acts as if an incorporate
dependency were installed where the fmri
attribute had the value of the specified package version.
When a package that is frozen is installed or updated, it must end up at a version that matches the version at which it was frozen. For example, if a package was frozen at 1.2, then it could be updated to 1.2.1, 1.2.9, 1.2.0.0.1, and so on. That package could not end up at 1.3, or 1.1.
A publisher that is specified in the package operand is used to find matching packages. However, publisher information is not recorded as part of the freeze. A package is frozen with respect to its version only, not its publisher.
Freezing a package that is already frozen replaces the frozen version with the newly specified version.
Freezing a package does not prevent removal of the package. No warning is displayed if the package is removed.
In the following example, the package is frozen at the current installed version. The -c
option argument is the reason the package is being frozen. The reason is shown if a freeze prevents an installation or update from succeeding.
$ pkg list openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 1.0.2.15-11.4.0.0.1.10.0 i-- $ pkg freeze -c "Prevent update until testing complete." openssl library/security/openssl was frozen at 1.0.2.15-11.4.0.0.1.10.0:20180702T170444Z
If no packages are specified, the following information about currently frozen packages is displayed: package name, frozen version, when the package was frozen, and the reason the package was frozen.
$ pkg freeze
NAME VERSION DATE COMMENT
library/security/openssl 1.0.2.15-11.4.0.0.1.10.0:20180702T170444Z 06 Aug 2018 15:56:16 PDT Prevent
update until testing complete.
The f
in the package listing indicates that the package is frozen.
$ pkg list openssl
NAME (PUBLISHER) VERSION IFO
library/security/openssl 1.0.2.15-11.4.0.0.1.10.0 if-
The State field of the pkg info output also indicates that this package is frozen.
$ pkg info openssl
Name: library/security/openssl
Summary: OpenSSL - a Toolkit for Secure Sockets Layer (SSL v2/v3) and
Transport Layer (TLS v1) protocols and general purpose
cryptographic library
Description: OpenSSL is a full-featured toolkit implementing the Secure
Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols as well as a full-strength general purpose
cryptography library.
Category: System/Security
State: Installed (Frozen)
Publisher: solaris
Version: 1.0.2.15 (1.0.2o)
Branch: 11.4.0.0.1.10.0
Packaging Date: Mon Jul 02 17:04:44 2018
Size: 16.05 MB
FMRI: pkg://solaris/library/security/openssl@1.0.2.15-11.4.0.0.1.10.0:20180702T170444Z
Project URL: https://www.openssl.org/
Source URL: https://www.openssl.org/source/openssl-1.0.2o.tar.gz
When you try to install a different version of the frozen package, you see a message about the freeze.
$ pkg list -n openssl NAME (PUBLISHER) VERSION IFO library/security/openssl 1.0.2.15-11.4.0.0.1.12.0 --- $ pkg update openssl No updates available for this image. $ pkg update openssl@1.0.2.15-11.4.0.0.1.12.0 Creating Plan (Solver setup): / pkg update: No matching version of library/security/openssl can be installed: Reject: pkg://solaris/library/security/openssl@1.0.2.15-11.4.0.0.1.12.0 Reason: This version is excluded by a freeze on library/security/openssl at version 1.0.2.15-11.4.0.0.1.10.0:20180702T170444Z. The reason for the freeze is: Prevent update until testing complete.
A freeze is never lifted automatically by the packaging system. Use the pkg unfreeze
command to remove the constraints that freezing imposes from the specified packages. Any versions provided are ignored.