Solaris pkg upgrade fails with “maximum number of instances of the package which may be supported at one time on the same system has already been met” message

This message is pretty awesome, isn’t it? You can get this message when trying to upgrade a package. At least that’s what happened to me.

username# pkgadd -d .

The following packages are available:

  1  pkgname          pkgname

                          (sparc) version.sol5.sparc

Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]: 1

Processing package instance <pkgname> from </tmp/ven/solaris>

pkgname(sparc) version.sol5.sparc Illumio

Current administration requires that a unique instance of the <pkgname> package be created.  However, the maximum number of instances of the package which may be supported at one time on the same system has already been met.

 No changes were made to the system.

This issue is pretty easy to get around. You just need point your admin file that has the right options. In my case, my admin file needed the instance=overwrite:

mail=
instance=overwrite
partial=ask
runlevel=ask
Require that our dependencies are met when installing.
idepend=quit
However, if someone tries to uninstall us but another package depends on us,
we should just warn them & ask if they want to proceed anyway.
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=nocheck
networktimeout=60
networkretries=3
authentication=quit
keystore=/var/sadm/security
proxy=
basedir=default

If you’re using instance=ask, it works also. It’ll just ask you before overwriting.

Fooling around with pkgadd (Solaris packages)

I basically had a Solaris SVR4 package that I needed to install. I didn’t care if the package worked or not after it installed. This is what happened when it first failed.

pkgadd: ERROR: checkinstall script did not complete successfully

The installer said that I was missing a package, so I went into the pkgname/install/checkinstall script and just commented those lines out. After doing that, this happened.

[email protected]:/tmp# pkgadd -d .
The following packages are available:
1 pkgname pkgname
(i386) version
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance from
pkgname(i386) version
company
Executing checkinstall script.
OS Release = 11.4
Processing package information.
Processing system information.
pkgadd: ERROR: packaging file is corrupt
file cksum <26912> expected <26914> actual
Installation of failed (internal error).
No changes were made to the system.

Obviously, there’s some sort of check for integrity of the file. To get around that, I went in and edited the pkgname/pkgmap file to make the changes from 26912 to 26914.

After doing this, the package magically installed. Fun!

Changing root password on Solaris 11.3 x86

I’m posting this only because the process has changed a bit since I did it back in the days. Because I’m not using Solaris on SPARC, there’s no STOP-A, boot -s, etc.

Just like back in the days with Solaris 8, you would need to boot with a cdrom or PXE or jumpstart, whatever method you have. Afterwards, you take the shell option. Obviously, you’re not installing the OS.

Solaris 11 uses ZFS, not UFS so you can’t directly mount a partition. You need import a pool instead.

mkdir /b
zpool import -f -R /a rpool
zfs set mountpoint=legacy rpool/ROOT/solaris
mount -F zfs rpool/ROOT/solaris /b
vi /b/etc/shadow

Edit the shadow file

Find your username and remove the password hash

Change your user id
username:whateverthehashis:12345::::::23456
to
username::12345::::::23456

Then we will need to allow empty passwords at login

$ vi /b/etc/default/login
Change the line:
PASSREQ=YES
to
PASSREQ=NO

umount /b
zfs set mountpoint=/ rpool/ROOT/solaris
zpool export rpool
init 6

When the system boots, you should be able to log in as root and just press return for the password. If you’re logging in through SSH, you won’t need to enter a password.

Hope this saved you some time!

What’s NonRootPortBinding? I just want to run my web server on port 443!

In the Unix world, privileged ports are 1-1024. As a non-root user, you’re not allowed to start a service and listen on them.

So, how do web servers work then? They usually use ports 80 and 443.

There are a few ways around this. The most common is that the process is started as root and then downgraded.

If you want to start a process without ever having root access though, the way to do it is with NonRootPortBinding. You can find information about it using Apache here.

Basically, for any process you want to start on a port under 1025, you can run:

setcap cap_net_bind_service=+ep <path to binary> 

Following that, you can confirm that you’ve set the correct permission by running:

getcap <path to binary> 

It should return with: cap_net_bind_service+ep

When you patch or update the binary, you will need to rerun the setcap command.

Hope this helps!