Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > S


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


swverify — verify software products


swverify [-d|-r] [-F] [-v] [-C session_file] [-f software_file] [-J jobid] [-Q date] [-S session_file] [-t target_file] [-x option=value] [-X option_file] [software_selections] [@ target_selections]


  • This command supports operations on remote systems. See Remote Operation below.

  • For an overview of all SD commands, see the sd(5) man page by typing man 5 sd on the command line.


The swverify command verifies the software_selections at one or more target_selections (e.g., root filesystems). When verifying installed software, swverify checks software states, dependency relationships, file existence and integrity, in addition to executing vendor-supplied verification scripts.

The swverify command also verifies software_selections at one or more target depots. For target depots, swverify performs all of the checks listed above, but does not execute verification scripts.

NOTE: swverify does not support operations on a tape depot.

The swverify command also supports these features:

  • Verifies whether installed or configured software is compatible with the hosts on which that software is installed.

  • Verifies that all dependencies (prerequisites, corequisites, exrequisites) are being met (for installed software) or can be met (for available software).

  • Executes vendor-specific verify scripts that check if the software products is correctly configured.

  • Executes vendor-specific fix scripts that correct and report specific problems.

  • Reports missing files, check all file attributes (ignoring volatile files). These attributes include permissions, file types, size, checksum, mtime, link source and major/minor attributes.

Remote Operation

You can enable SD to manage software on remote systems. To let the root user from a central SD controller (also called the central management server or manager node) perform operations on a remote target (also called the host or agent):


Set up the root, host, and template Access Control Lists (ACLs) on the remote machines to permit root access from the controller system. To do this, run the following command on each remote system:

/usr/lib/sw/mx/setaccess controller


  • controller is the name of the central management server.

  • If remote system is 11.00, make sure SD patch PHCO_22526 or a superseding patch is installed on remote system before running setaccess.

  • If remote system is older than 11.00 or for some other reason does not have setaccess in place, copy setaccess script from an 11.11 or higher system to the remote system.


swinstall, swcopy, and swremove have enhanced GUI interfaces for remote operations. Enable the enhanced GUIs by creating the .sdkey file on the controller. Use this command:

touch /var/adm/sw/.sdkey

See sd(5), swinstall(1M), swcopy(1M), swjob(1M), swlist(1M), or swremove(1M) for more information on interactive operations.

NOTE: You can also set up remote access by using swacl directly on the remote machines to grant root or non-root access to users from the controller system.


swverify supports the following options:


Operate on a depot rather than installed software.


Runs vendor-specific fix scripts to correct and report problems on installed software. The fix script can create missing directories, correct file modifications (mode, owner, group, major, and minor), and recreate symbolic links.


Operates on an alternate root directory, which must be specified in the @ target_selections option. Verify scripts are not run when verifying software in an alternate root directory. (This option is not required for alternate root operations but is maintained for backward compatibility. See the Alternate Root Directory and Depot Directory heading in sd(5) for more information.)


Turns on verbose output to stdout. (The swverify logfile is not affected by this option.) Verbose output is enabled by default; see the verbose option below.

-C session_file

Save the current options and operands to session_file. You can enter a relative or absolute path with the file name. The default directory for session files is $HOME/.sw/sessions/. You can recall a session file with the -S option.

-f software_file

Read the list of software_selections from software_file instead of (or in addition to) the command line.

-J jobid

Executes the previously scheduled job. This is the syntax used by the daemon to start the job.

-Q date

Schedules the job for this date. You can change the date format by editing the /var/adm/sw/getdate.templ file.

-S session_file

Execute swverify based on the options and operands saved from a previous session, as defined in session_file. You can save session information to a file with the -C option.

-t target_file

Read the list of target_selections from target_file instead of (or in addition to) the command line.

-x option=value

Set the session option to value and override the default value (or a value in an alternate options_file specified with the -X option). Multiple -x options can be specified.

-X option_file

Read the session options and behaviors from options_file.


Most SD commands support two types of operands: software selections followed by target selections. These operands are separated by the "at" (@) character. This syntax implies that the command operates on "software selections at targets".

Software Selections

The swverify command supports the following syntax for each software_selection:

bundle[.product[.subproduct][.fileset]][,version] product[.subproduct][.fileset][,version]

  • The = (equals) relational operator lets you specify selections with the following shell wildcard and pattern-matching notations:

    • [ ], *, ?

  • Bundles and subproducts are recursive. Bundles can contain other bundles and subproducts can contain other subproducts.

  • The \* software specification selects all products. Use this specification with caution.

The version component has the form:

[,r <op> revision][,a <op> arch][,v <op> vendor] [,c <op> category][,q=qualifier][,l=location] [,fr <op> revision][,fa <op> arch]

  • location applies only to installed software and refers to software installed to a location other than the default product directory.

  • fr and fa apply only to filesets.

  • r , a , v , c , and l apply only to bundles and products. They are applied to the leftmost bundle or product in a software specification.

  • The <op> (relational operator) component can be of the form:

    • =, ==, >=, <=, <, >, or !=

    which performs individual comparisons on dot-separated fields.

    For example, r>=B.10.00 chooses all revisions greater than or equal to B.10.00. The system compares each dot-separated field to find matches.

  • The = (equals) relational operator lets you specify selections with the shell wildcard and pattern-matching notations:

    • [ ], *, ?, !

    For example, the expression r=1[01].* returns any revision in version 10 or version 11.

  • All version components are repeatable within a single specification (e.g. r>=A.12, r<A.20). If multiple components are used, the selection must match all components.

  • Fully qualified software specs include the r=, a=, and v= version components even if they contain empty strings. For installed software, l= is also included.

  • No space or tab characters are allowed in a software selection.

  • The software instance_id can take the place of the version component. It has the form:

    • [instance_id]

    within the context of an exported catalog, where instance_id is an integer that distinguishes versions of products and bundles with the same tag.

Target Selections

  • The swverify command supports the following syntax for each target_selection. The colon (:) is required if both a host and directory are specified.



Default Options

In addition to the standard options, several SD behaviors and policy options can be changed by editing the default values found in:


the system-wide default values.


the user-specific default values.

Values must be specified in the defaults file using this syntax:


The optional command_name prefix denotes one of the SD commands. Using the prefix limits the change in the default value to that command. If you leave the prefix off, the change applies to all commands.

You can also override default values from the command line with the -x or -X options:

command -x option=value command -X option_file

The following section lists all of the keywords supported by the swverify command. If a default value exists, it is listed after the =. The commands that this option applies to are also specified.

admin_directory=/var/adm/sw (for normal mode)

admin_directory=/var/home/LOGNAME/sw (for nonprivileged mode)

The location for SD logfiles and the default parent directory for the installed software catalog. The default value is /var/adm/sw for normal SD operations. When SD operates in nonprivileged mode (that is, when the run_as_superuser default option is set to true):

  • The default value is forced to /var/home/LOGNAME/sw.

  • The path element LOGNAME is replaced with the name of the invoking user, which SD reads from the system password file.

  • If you set the value of this option to HOME/path, SD replaces HOME with the invoking user's home directory (from the system password file) and resolves path relative to that directory. For example, HOME/my_admin resolves to the my_admin directory in your home directory.

  • If you set the value of the installed_software_catalog default option to a relative path, that path is resolved relative to the value of this option.

SD's nonprivileged mode is intended only for managing applications that are specially designed and packaged. This mode cannot be used to manage the HP-UX operating system or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor Administration Guide, available at the http://docs.hp.com web site.

See also the installed_software_catalog and run_as_superuser options.


Causes the target agent to automatically exit after Execute phase, or after a failed Analysis phase. This is forced to false when the controller is using an interactive UI, or when -p (preview) is used. This enhances network reliability and performance. The default value of true causes the target agent to automatically exit when appropriate. When set to false, the target agent will not exit until the controller ends the session.


Causes a target agent to exit if it has been inactive for the specified time. This can be used to make target agents more quickly detect lost network connections since RPC can take as long as 130 minutes to detect a lost connection. The recommended value is the longest period of inactivity expected in your environment. For command line invocation, a value between 10 minutes and 60 minutes is suitable. A value of 60 minutes or more is recommended when the GUI will be used. The default of 10000 is slightly less than 7 days.


Requires that the software products which are being installed be "compatible" with the target selections. (All of the target selections must match the list of supported systems defined for each selected product.) If set to true, target compatibility is not enforced.


Prevents the installation or configuration of another, independent version of a product when a version already is installed or configured at the target.

If set to true, another version of an existing product can be installed into a new location, or can be configured in its new location. Multiple versions can only be installed if a product is locatable. Multiple configured versions will not work unless the product supports it.


Controls automatic job removal of completed jobs. If the job is automatically removed, job information (job status or target log files) cannot be queried with swjob.


Controls the automatic selection of prerequisite, corequisite, and exrequisite software that is not explicitly selected by the user. When set to true, the requisite software is automatically selected for configuration. When set to false, requisite software which is not explicitly selected is not automatically selected for configuration.


Causes swverify to verify the time stamp, size, and checksum attributes of files. If set to false, these attributes are not verified.


(This option is ignored if check_contents is set to false.) Controls whether or not swverify validates the size and checksum for compressed files. In the default state of false, swverify checks only the mtime, size and cksum attributes of the compressed file. If set to true, swverify uncompresses the file in memory and verifies the size and cksum attributes of the uncompressed contents.

Only files compressed with SD's internal compressor can be uncompressed during a swverify operation. See the compress_files option of the swpackage(1M) command for more information.


(This option is ignored if check_contents is set to false.) Controls whether or not swverify computes a checksum on the contents of the file. In the default state of true, swverify checks all file attributes including the checksum. If set to false, swverify checks only the file timestamp and size.


Causes swverify to verify the mode, owner, UID, group, and GID attributes of installed files. If set to false, these attributes are not verified.


Causes swverify to verify that the prerequisite, corequisite, and exrequisite dependencies of the software selections are being met. If set to false, these checks are not performed.


Causes swverify to run the fileset/product verify scripts for installed software. If set to false, these scripts are not executed.


Causes swverify to not verify those files marked as volatile (i.e., can be changed). If set to true, volatile files are also checked (for installed software).


Specifies the location of a depot for the controller to access to resolve selections. Setting this option can reduce network traffic between the controller and the target. Use the target selection syntax to specify the location:

  • [host][:][path]

This option has no effect on which sources the target uses.


Defines the default distribution directory of the target depot. The target_selection operand overrides this default.


Requires that all dependencies specified by the software_selections be resolved either in the specified source, or at the target_selections themselves.

If set to false, dependencies will still be checked, but not enforced. Corequisite dependencies, if not enforced, may keep the selected software from working properly. Prerequisite or exrequisite dependencies, if not enforced, may cause the installation or configuration to fail.


(Currently, swverify recognizes this option, but the option has no associated behavior. See swinstall(1M) or sd(5) for more information.) Controls the handling of errors when relocating a non-locatable fileset. If true, an error is generated when an attempt is made to locate a non-locatable fileset. If false, an attempt is made to locate the fileset in any case.


If true, runs vendor-specific scripts to correct and report problems on installed software. Fix scripts can create missing directories, correct file modifications, (mode, owner, group, major, minor), and recreate symbolic links. If false, fix scripts are not run.


Defines the directory path where the Installed Products Database (IPD) is stored. This information describes installed software. When set to an absolute path, this option defines the location of the IPD. When this option contains a relative path, the SD controller appends the value to the value specified by the admin_directory option to determine the path to the IPD. For alternate roots, this path is resolved relative to the location of the alternate root. This option does not affect where software is installed, only the IPD location.

This option permits the simultaneous installation and removal of multiple software applications by multiple users or multiple processes, with each application or group of applications using a different IPD.

Caution: use a specific installed_software_catalog to manage a specific application. SD does not support multiple descriptions of the same application in multiple IPDs.

See also the admin_directory and run_as_superuser options, which control SD's nonprivileged mode. (This mode is intended only for managing applications that are specially designed and packaged. This mode cannot be used to manage the HP-UX operating system or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor Administration Guide, available at the http://docs.hp.com web site.)


This is an ASCII string giving a title to a job. It is displayed along with the job ID to provide additional identifying information about a job when swjob is invoked.


Controls the amount of detail written to the logfile. When set to true, this option adds detailed task information (such as options specified, progress statements, and additional summary information) to the logfile. This information is in addition to log information controlled by the loglevel option.


Defines the default log file for each SD command. (The agent log files are always located relative to the target depot or target root, e.g. /var/spool/sw/swagent.log and /var/adm/sw/swagent.log.)


Controls the log level for the events logged to the command logfile, the target agent logfile, and the source agent logfile. This information is in addition to the detail controlled by the logdetail option. See logdetail, above, and the sd(5) manual page (by typing man 5 sd) for more information. A value of:


provides no information to the logfile.


enables verbose logging to the logfiles.


enables very verbose logging to the logfiles.


Adds numeric identification numbers at the beginning of SD logfile messages:


(default) No identifiers are attached to messages.


Adds identifiers to ERROR messages only.


Adds identifiers to ERROR and WARNING messages.


Adds identifiers to ERROR, WARNING, and NOTE messages.


Adds identifiers to ERROR, WARNING, NOTE, and certain other informational messages.


By default, the SD commands attempt to mount all filesystems in the /etc/fstab file at the beginning of the analysis phase, to ensure that all listed filesystems are mounted before proceeding. This policy helps to ensure that files are not loaded into a directory that may be below a future mount point, and that the expected files are available for a remove or verify operation.

If set to false, the mount operation is not attempted, and no check of the current mounts is performed.

rpc_binding_info=ncacn_ip_tcp:[2121] ncadg_ip_udp:[2121]

Defines the protocol sequence(s) and endpoint(s) on which the daemon listens and which the other commands use to contact the daemon. If the connection fails for one protocol sequence, the next is attempted. SD supports both the tcp (ncacn_ip_tcp:[2121]) and udp (ncadg_ip_udp:[2121]) protocol sequence on most platforms. See the sd(5) man page by typing man 5 sd for more information.


Relative length of the communications timeout. This is a value in the range from 0 to 9 and is interpreted by the DCE RPC. Higher values mean longer times; you may need a higher value for a slow or busy network. Lower values will give faster recognition on attempts to contact hosts that are not up, or are not running swagentd. Each value is approximately twice as long as the preceding value. A value of 5 is about 30 seconds for the ncadg_ip_udp protocol sequence. This option may not have any noticeable impact when using the ncacn_ip_tcp protocol sequence.


This option controls SD's nonprivileged mode. This option is ignored (treated as true) when the invoking user is super-user.

When set to the default value of true, SD operations are performed normally, with permissions for operations either granted to a local super-user or set by SD ACLs. (See swacl(1M) for details on ACLs.)

When set to false and the invoking user is local and is not super-user, nonprivileged mode is invoked:

  • Permissions for operations are based on the user's file system permissions.

  • SD ACLs are ignored.

  • Files created by SD have the uid and gid of the invoking user, and the mode of created files is set according to the invoking user's umask.

SD's nonprivileged mode is intended only for managing applications that are specially designed and packaged. This mode cannot be used to manage the HP-UX operating system or patches to it. For a full explanation of nonprivileged SD, see the Software Distributor Administration Guide, available at the http://docs.hp.com web site.

See also the admin_directory and installed_software_catalog options.


If no target_selections are specified, select the default target_directory of the local host as the target_selection for the command.


Defines the default software_selections. There is no supplied default. If there is more than one software selection, they must be separated by spaces. Software is usually specified in a software input file, as operands on the command line, or in the GUI.


Defines the default target_selections. There is no supplied default (see select_local above). If there is more than one target selection, they must be separated by spaces. Targets can be specified in a target input file or as operands on the command line.


Controls the verbosity of a non-interactive command's output:


disables output to stdout. (Error and warning messages are always written to stderr).


enables verbose messaging to stdout.


for swpackage and swmodify, enables very verbose messaging to stdout.

The -v option overrides this default if it is set to 0.

Session File

Each invocation of the swverify command defines a verify session. The invocation options, source information, software selections, and target hosts are saved before the installation or copy task actually commences. This lets you re-execute the command even if the session ends before proper completion.

Each session is saved to the file $HOME/.sw/sessions/swverify.last. This file is overwritten by each invocation of swverify.

You can also save session information to a specific file by executing swverify with the -C session__file option.

A session file uses the same syntax as the defaults files. You can specify an absolute path for the session file. If you do not specify a directory, the default location for a session file is $HOME/.sw/sessions/.

To re-execute a session file, specify the session file as the argument for the -S session__file option of swverify.

Note that when you re-execute a session file, the values in the session file take precedence over values in the system defaults file. Likewise, any command line options or parameters that you specify when you invoke swverify take precedence over the values in the session file.

Environment Variables

SD programs that execute control scripts set environment variables for use by the control scripts.

The environment variables that affect the swverify command are:


Determines the language in which messages are displayed. If LANG is not specified or is set to the empty string, a default value of C is used. See the lang(5) man page by typing man 5 sd for more information.

NOTE: The language in which the SD agent and daemon log messages are displayed is set by the system configuration variable script, /etc/rc.config.d/LANG. For example, /etc/rc.config.d/LANG, must be set to LANG=ja_JP.SJIS or LANG=ja_JP.eucJP to make the agent and daemon log messages display in Japanese.


Determines the locale to be used to override any values for locale categories specified by the settings of LANG or any environment variables beginning with LC_.


Determines the interpretation of sequences of bytes of text data as characters (e.g., single-versus multibyte characters in values for vendor-defined attributes).


Determines the language in which messages should be written.


Determines the format of dates (create_date and mod_date) when displayed by swlist. Used by all utilities when displaying dates and times in stdout, stderr, and logging.


Determines the time zone for use when displaying dates and times.

Environment variables that affect scripts:


Holds the path to the Installed Products Database (IPD), relative to the path in the SW_ROOT_DIRECTORY environment variable. Note that you can specify a path for the IPD using the installed_software_catalog default option.


Defines the current directory of the script being executed, either a temporary catalog directory, or a directory within in the Installed Products Database (IPD). This variable tells scripts where other control scripts for the software are located (e.g., subscripts).


Holds the tag name of the control_file being executed. When packaging software, you can define a physical name and path for a control file in a depot. This lets you define the control_file with a name other than its tag and lets you use multiple control file definitions to point to the same file. A control_file can query the SW_CONTROL_TAG variable to determine which tag is being executed.


Defines the location of the product, which may have been changed from the default product directory. When combined with the SW_ROOT_DIRECTORY, this variable tells scripts where the product files are located.


A PATH variable which defines a minimum set of commands available to for use in a control script (e.g. /sbin:/usr/bin).


Defines the root directory in which the session is operating, either / or an alternate root directory. This variable tells control scripts the root directory in which the products are installed. A script must use this directory as a prefix to SW_LOCATION to locate the product's installed files. The configure script is only run when SW_ROOT_DIRECTORY is /.


Contains the pathname of a file containing the value of every option for a particular command, including software and target selections. This lets scripts retrieve any command options and values other than the ones provided explicitly by other environment variables. For example, when the file pointed to by SW_SESSIONS_OPTIONS is made available to a request script, the targets option contains a list of software_collection_specs for all targets specified for the command. When the file pointed to by SW_SESSIONS_OPTIONS is made available to other scripts, the targets option contains the single software_collection_spec for the targets on which the script is being executed.


This variable contains the fully qualified software specification of the current product or fileset. The software specification allows the product or fileset to be uniquely identified.


The swverify command catches the signals SIGQUIT, SIGINT, and SIGUSR1. If these signals are received, the command prints a message, sends a Remote Procedure Call (RPC) to the agents to wrap up after completion, and then exits.

The agent ignores SIGHUP, SIGINT, and SIGQUIT. It immediately exits gracefully after receiving SIGTERM, SIGUSR1, or SIGUSR2. Killing the agent may leave corrupt software on the system, and thus should only be done if absolutely necessary. Note that when an SD command is killed, the agent does not terminate until completing the task in progress.

The daemon ignores SIGHUP, SIGINT and SIGQUIT. It immediately exits gracefully after receiving SIGTERM and SIGUSR2. After receiving SIGUSR1, it waits for completion of a copy or remove from a depot session before exiting, so that it can register or unregister depots if necessary. Requests to start new sessions are refused during this wait.


The swverify command returns:


The software_selections were successfully verified.


The verify operation failed on all target_selections.


The verify operation failed on some target_selections.


The swverify command writes to stdout, stderr, and to specific logfiles.

Standard Output

The swverify command writes messages for significant events. These include:

  • a begin and end session message,

  • selection, analysis, and execution task messages for each target_selection.

Standard Error

The swverify command also writes messages for all WARNING and ERROR conditions to stderr.


The swverify command logs summary events at the host where the command was invoked. It logs detailed events to the swagent logfile associated with each target_selection.

Command Log

The swverify command logs all stdout and stderr messages to the the logfile /var/adm/sw/swverify.log. (The user can specify a different logfile by modifying the logfile option.)

Target Log

A swagent process performs the actual verify operation at each target_selection. When verifying installed software, the swagent logs messages to the file var/adm/sw/swagent.log beneath the root directory (e.g. / or an alternate root directory). When verifying available software (within a depot), the swagent logs messages to the file swagent.log beneath the depot directory (e.g. /var/spool/sw).

  • Command and target log files can be viewed using the swjob command.

swagentd Disabled

If the swagentd daemon has been disabled on the host, it can be enabled by the host's system administrator by setting the SW_ENABLE_SWAGENTD entry in /etc/rc.config.d/swconfig to 1 and executing /usr/sbin/swagentd -r.


Verify the C and Pascal products installed at the local host:

swverify cc pascal

Verify a particular version of HP Omniback:

swverify Omniback,1=/opt/Omniback_v2.0

Verify the entire contents of a local depot:

swverify -d \* @ /var/spool/sw

Verify the entire contents of a system:

swverify \*

Verify the C and Pascal products on remote hosts:

  • swverify cc pascal @ hostA hostB hostC



Contains the user-specific default values for some or all SD options.


Contains session files automatically saved by the SD commands, or explicitly saved by the user.


Contains the master list of current SD options with their default values.


The directory which contains all the configurable and non-configurable data for SD. This directory is also the default location of logfiles.


Contains the active system-wide default values for some or all SD options.


Contains the set of date/time templates used when scheduling jobs.


The Installed Products Database (IPD), a catalog of all products installed on a system.


The default location of a target software depot.


swverify was developed by the Hewlett-Packard Company.


install-sd(1M), swacl(1M), swagentd(1M), swask(1M), swconfig(1M), swcopy(1M), swinstall(1M), swjob(1M), swlist(1M), swmodify(1M), swpackage(1M), swreg(1M), swremove(1M), sd(4), swpackage(4), sd(5).

Software Distributor Administration Guide, available at http://docs.hp.com.

SD customer web site at http://docs.hp.com/en/SD/.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.