Interpreting code checker verification error messages

 

This topic provides information about what messages are returned by the code checker integrity verification function on your system running the i5/OS^® operating system and how to use these messages to ensure that the code checker function is uncorrupted, as well as possible solutions if messages indicate that the function or key operating system objects may be corrupted.

The following table provides a list of messages that the code checker verification function generates during processing. This table is not a comprehensive list of all messages that you may receive. Instead the table lists those messages most likely to indicate that the code checker verification succeeded fully or that it encountered a serious problem. See the documentation for the Check System (QydoCheckSystem) API for a detailed list of error messages.

Also, a number of messages generated by the code checker verification function as it processes are informational messages and are not listed here. To learn more about how the code checker verification process works, see Verifying code checker function integrity.

Table 1. Code checker verification error messages

Error message	Possible problem and solution
CPFB729	Indicates that the code checker verification process failed to complete as expected. This failure can be caused by a wide range of problems. Review the job log for more detailed error messages to determine the exact nature of the failure and the possible cause. If you determine that key operating system objects failed the integrity check, this failure may indicate that the object has been changed since it was signed when the operating system was shipped. You may need to reinstall the operating system to ensure system integrity.
When reviewing the job log, you see messages such as CPFB723, CPD37A1, or CPD37A0 for these specific objects: Program (*PGM) objects: QYDONOSIG in library QTEMP QYDOBADSIG in library QTEMP Command (*CMD) objects: QYDOBADSIG in library QTEMP SIGNOFF in library QTEMP	Indicates that the special set of objects that the code checker verification function uses for integrity testing failed as expected. This failure indicates that the RSTOBJ command, RSTLIB command, the CHKOBJITG command, and the Verify Object API are reporting errors correctly. No further action is necessary.
CPFB723 for any other object other than those listed previously in this table.	Indicates that the signature on a key operating system object failed to verify. This failure may indicate that the object has been changed since it was signed when the operating system was shipped. You may need to reinstall the operating system to ensure system integrity.
CPFB722 for any other object other than those listed previously in this table.	Indicates that the a key operating system object has no signature when a signature is expected. This lack of signature may indicate that the object has been changed since it was signed when the operating system was shipped. You may need to reinstall the operating system to ensure system integrity.
CPF72A for any other object other than those listed previously in this table.	Indicates that the a key operating system object failed the integrity check. This failure may indicate that the object has been changed since it was signed when the operating system was shipped. You may need to reinstall the operating system to ensure system integrity.

If you ever need to reinstall code that verifies the integrity of the code checker function, obtain it from a known, good source. For example, you might load the install media that you used to install the current release. To restore the code checker verification function, follow these steps from an i5/OS command prompt:

1. Run the command QSYS/DLTPGM QSYS/QYDOCHKS. This command deletes the Check System (OPM, QYDOCHKS; ILE, QydoCheckSystem) API.

2. Run the command QSYS/DLTSRVPGM QSYS/QYDOCHK1. This command deletes the code checker service program with the Check System (OPM, QYDOCHKS; ILE, QydoCheckSystem) API.

3. Run the command QSYS/DLTF QSYS/QYDOCHKF. This command deletes the save file that contains the objects that the code checker function uses to test for bad signatures and no signatures

4. Run the command QSYS/RSTOBJ OBJ(QYDOCHK*) SAVLIB(QSYS) DEV(OPT01) OBJTYPE(*ALL) OPTFILE('Q5722SS1/Q5200M_/Q00/Q90'). This command restores all the necessary objects for the code checker verification function from the loaded install media.

 

Parent topic:

Troubleshooting signed objects

Related tasks
Verifying code checker function integrity