Manage Dars and Packages

A package is a unit of compiled Daml code corresponding to one Daml project. A DAR is a collection of packages including a main package and all other packages from the dependencies of this Daml project.

Uploading DARs

To use a Daml application on a participant, you need to upload it to your participant node. The application always comes packaged as one or more DARs that need to be uploaded in the order of their dependency. There are two ways to upload DARs to a Canton node: either via the Ledger Api, or through Canton console command:

@ participant2.dars.upload("dars/CantonExamples.dar")
res1: String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

Inspecting DARs and Packages

You can get a list of uploaded DARs using:

@ participant2.dars.list()
res2: Seq[com.digitalasset.canton.participant.admin.v0.DarDescription] = Vector(
  DarDescription(
    hash = "1220aa9cedfab48270477d1ec174272836da3a6e8b5963ea8c83bd55556421ad2412",
    name = "AdminWorkflowsWithVacuuming"
  ),
  DarDescription(
    hash = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057",
    name = "CantonExamples"
  )
)

Please note that the package “AdminWorkflows” is a package that ships with Canton. It contains the Daml templates used by the participant.health.ping command.

In order to inspect the contents of the DAR, you need to grab the hash identifying it:

@ val dars = participant2.dars.list(filterName = "CantonExamples")
dars : Seq[com.digitalasset.canton.participant.admin.v0.DarDescription] = Vector(
  DarDescription(
    hash = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057",
    name = "CantonExamples"
  )
)
@ val hash = dars.head.hash
hash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

Using that hash, you can inspect the contents of the DAR using:

@ val darContent = participant2.dars.list_contents(hash)
darContent : DarMetadata = DarMetadata(
  name = "CantonExamples",
  main = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
  packages = Vector(
    "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
    "94f7c83923aa273fb90b907f57385ae951ca1195fb35806275cbd03e9e4faab6",
    "cb0552debf219cc909f51cbb5c3b41e9981d39f8f645b1f35e2ef5be2e0b858a",
    "3f4deaf145a15cdcfa762c058005e2edb9baa75bb7f95a4f8f6f937378e86415",
..

You can also directly look at the packages, using:

@ participant2.packages.list()
res6: Seq[com.digitalasset.canton.participant.admin.v0.PackageDescription] = Vector(
  PackageDescription(
    packageId = "86828b9843465f419db1ef8a8ee741d1eef645df02375ebf509cdc8c3ddd16cb",
    sourceDescription = "CantonExamples"
  ),
  PackageDescription(
    packageId = "cc348d369011362a5190fe96dd1f0dfbc697fdfd10e382b9e9666f0da05961b7",
    sourceDescription = "CantonExamples"
..

Please note that a DAR can include packages that are already included in other DARs. In particular the Daml standard library are shipped with every DAR. Therefore, the sourceDescription will always contain only one textual reference to a DAR.

You can also inspect the content of a package, using:

@ participant2.packages.list_contents(darContent.main)
res7: Seq[com.digitalasset.canton.participant.admin.v0.ModuleDescription] = Vector(
  ModuleDescription(name = "CantonExamples"),
  ModuleDescription(name = "ContractKeys"),
  ModuleDescription(name = "SafePaint"),
  ModuleDescription(name = "LockIou"),
  ModuleDescription(name = "Iou"),
  ModuleDescription(name = "Divulgence"),
  ModuleDescription(name = "Paint"),
..

Understanding Package Vetting

Every participant operator uploads DARs individually to their participant node. There is no global DAR repository anywhere and participants do not have access to each others DAR repositories. Therefore, for two participants to synchronise on a transaction that uses packages contained in a certain DAR, we need both participant operators to have uploaded the same DAR before the transaction was submitted.

If one of the involved participants doesn’t know about a certain DAR, then the transaction will bounce with an error PACKAGE_NO_VETTED_BY_RECIPIENTS.

This error goes back to the fact that both participants not only upload the DAR, but also publicly declare towards their peers that they are ready to receive transactions referring to certain packages. This declaration happens automatically when you upload a DAR. The package vettings can be inspected using (preview):

@ participant2.topology.vetted_packages.list()
res8: Seq[ListVettedPackagesResult] = Vector(
  ListVettedPackagesResult(
    context = BaseResult(
      domain = "Authorized",
      validFrom = 2023-06-19T12:49:48.862318Z,
      validUntil = None,
      operation = Add,
      serialized = <ByteString@7b9b1c9b size=2582 contents="\n\223\024\n\301\021\n\274\021\n\271\021\022 buFrWpC1J764TKziGMBLVqx4wir80sBfJ...">,
..

Vetting is necessary, as otherwise, a malicious participant might send a transaction referring to package a receiver does not have, which would make it impossible for the receiver to process the transaction, leading to a ledger fork. As transactions are valid only if all involved participants have vetted the used packages, this attack cannot happen.

Removing Packages and DARs

Note

Note that package and DAR removal is under active development. The behaviour described in this documentation may change in the future. Package and DAR removal is a preview feature and should not be used in production.

Canton supports removal of both packages and DARs that are no longer in use. Removing unused packages and DARs has the following advantages:

  • Freeing up storage
  • Preventing accidental use of the old package / DAR
  • Reducing the number of packages / DARs that are trusted and may potentially have to be audited

Certain conditions must to be met in order to remove packages or DARs. These conditions are designed to prevent removal of packages or DARs that are currently in use. The rest of this page describes the requirements.

Removing DARs

The following checks are performed before a DAR can be removed:

  • The main package of the DAR must be unused – there should be no active contract from this package
  • All package dependencies of the DAR should either be unused or contained in another of the participant node’s uploaded DARs. Canton uses this restriction to ensure that the package dependencies of the DAR don’t become “stranded” if they’re in use.
  • The main package of the dar should not be vetted. If it is vetted, Canton will try to automatically revoke the vetting for the main package of the DAR, but this automatic vetting revocation will only succeed if the main package vetting originates from a standard dars.upload. Even if the automatic revocation fails, you can always manually revoke the package vetting.

The following tutorial shows how to remove a DAR with the Canton console. The first step is to upload a DAR so that we have one to remove. Additionally, store the packages that are present before the DAR is uploaded, as these can be used to double-check that DAR removal reverts to a clean state.

@ val packagesBefore = participant1.packages.list().map(_.packageId).toSet
packagesBefore : Set[String] = HashSet(
  "86828b9843465f419db1ef8a8ee741d1eef645df02375ebf509cdc8c3ddd16cb",
  "5921708ce82f4255deb1b26d2c05358b548720938a5a325718dc69f381ba47ff",
  "c14ff783e5b18b1d8967ef9b0fdc9dd993355006d1941d9f4d1b40e82890e831",
  "433e2ff9c5ed284320036b4c4bbd3124595c781d5730c05d24d87dda40302173",
  "cc348d369011362a5190fe96dd1f0dfbc697fdfd10e382b9e9666f0da05961b7",
  "6839a6d3d430c569b2425e9391717b44ca324b88ba621d597778811b2d05031d",
  "99a2705ed38c1c26cbb8fe7acf36bbf626668e167a33335de932599219e0a235",
  "e22bce619ae24ca3b8e6519281cb5a33b64b3190cc763248b4c3f9ad5087a92c",
  "d58cf9939847921b2aab78eaa7b427dc4c649d25e6bee3c749ace4c3f52f5c97",
..
@ val darHash = participant1.dars.upload("dars/CantonExamples.dar")
darHash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

If the DAR hash is unknown, it can be found using dars.list:

@ val darHash_ = participant1.dars.list().filter(_.name == "CantonExamples").head.hash
darHash_ : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

The DAR can then be removed with the following command:

@ participant1.dars.remove(darHash)

Note that, right now, DAR removal will only remove the main packages associated with the DAR:

@ val packageIds = participant1.packages.list().filter(_.sourceDescription == "CantonExamples").map(_.packageId)
packageIds : Seq[String] = Vector(
  "86828b9843465f419db1ef8a8ee741d1eef645df02375ebf509cdc8c3ddd16cb",
  "cc348d369011362a5190fe96dd1f0dfbc697fdfd10e382b9e9666f0da05961b7",
  "e491352788e56ca4603acc411ffe1a49fefd76ed8b163af86cf5ee5f4c38645b",
  "d61e3eff09ab0f1d269427925e72858c313d103bb0c890489dfa2f7a44b9258b",
  "cb0552debf219cc909f51cbb5c3b41e9981d39f8f645b1f35e2ef5be2e0b858a",
  "38e6274601b21d7202bb995bc5ec147decda5a01b68d57dda422425038772af7",
  "99a2705ed38c1c26cbb8fe7acf36bbf626668e167a33335de932599219e0a235",
  "f20de1e4e37b92280264c08bf15eca0be0bc5babd7a7b5e574997f154c00cb78",
  "8a7806365bbd98d88b4c13832ebfa305f6abaeaf32cfa2b7dd25c4fa489b79fb",
..

It’s possible to remove each of these manually, using package removal. There is a complication here that packages needed for admin workflows (e.g. the Ping command) cannot be removed, so these are skipped.

@ packageIds.filter(id => ! packagesBefore.contains(id)).foreach(id => participant1.packages.remove(id))

The following command verifies that all the packages have been removed.

@ val packages = participant1.packages.list().map(_.packageId).toSet
packages : Set[String] = HashSet(
  "86828b9843465f419db1ef8a8ee741d1eef645df02375ebf509cdc8c3ddd16cb",
  "5921708ce82f4255deb1b26d2c05358b548720938a5a325718dc69f381ba47ff",
  "c14ff783e5b18b1d8967ef9b0fdc9dd993355006d1941d9f4d1b40e82890e831",
  "433e2ff9c5ed284320036b4c4bbd3124595c781d5730c05d24d87dda40302173",
  "cc348d369011362a5190fe96dd1f0dfbc697fdfd10e382b9e9666f0da05961b7",
  "6839a6d3d430c569b2425e9391717b44ca324b88ba621d597778811b2d05031d",
  "99a2705ed38c1c26cbb8fe7acf36bbf626668e167a33335de932599219e0a235",
  "e22bce619ae24ca3b8e6519281cb5a33b64b3190cc763248b4c3f9ad5087a92c",
  "d58cf9939847921b2aab78eaa7b427dc4c649d25e6bee3c749ace4c3f52f5c97",
..
@ assert(packages == packagesBefore)

The following sections explain what happens when the DAR removal operation goes wrong, for various reasons.

Main package of the DAR is in use

The first step to illustrate this is to upload a DAR and create a contract using the main package of the DAR:

@ val darHash = participant1.dars.upload("dars/CantonExamples.dar")
darHash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"
@ val packageId = participant1.packages.find("Iou").head.packageId
packageId : String = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975"
@ participant1.domains.connect_local(mydomain)
@ val createIouCmd = ledger_api_utils.create(packageId,"Iou","Iou",Map("payer" -> participant1.adminParty,"owner" -> participant1.adminParty,"amount" -> Map("value" -> 100.0, "currency" -> "EUR"),"viewers" -> List()))
..
@ participant1.ledger_api.commands.submit(Seq(participant1.adminParty), Seq(createIouCmd))
res21: com.daml.ledger.api.v1.transaction.TransactionTree = TransactionTree(
  transactionId = "122059076d49ad774b47f6b76c5570260f3625fa400d8172d613b79fadda63c2d967",
  commandId = "fe22acc0-ebf3-4a84-b021-476028ccb17a",
  workflowId = "",
  effectiveAt = Some(
..

Now that a contract exists using the main package of the DAR, a subsequent DAR removal operation will fail:

@ participant1.dars.remove(darHash)
ERROR com.digitalasset.canton.integration.EnterpriseEnvironmentDefinition$$anon$3 - Request failed for participant1.
  GrpcRequestRefusedByServer: FAILED_PRECONDITION/PACKAGE_OR_DAR_REMOVAL_ERROR(9,d62f6351): The DAR DarDescriptor(SHA-256:cf8e19cb32ce...,CantonExamples) cannot be removed because its main package eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975 is in-use by contract ContractId(0006e456dd680720a9c25182e993843542b9795b016c50865494595b409f9cf865ca011220cf470d7d8e22d6ca8e548e82f7db7009ff67b356f937e339e04ba836a59cfe26)
on domain mydomain::12204773f378....
  Request: RemoveDar(1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057)
  CorrelationId: d62f63513abe4f05fd1efa374efee927
  Context: Map(participant -> participant1, test -> PackageDarManagementDocumentationIntegrationTest, pkg -> eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975)
  Command ParticipantAdministration$dars$.remove invoked from cmd10000056.sc:1

In order to remove the DAR, we must archive this contract. Note that the contract ID for this contract can also be found in the error message above.

@ val iou = participant1.ledger_api.acs.find_generic(participant1.adminParty, _.templateId == "Iou.Iou")
iou : com.digitalasset.canton.admin.api.client.commands.LedgerApiTypeWrappers.WrappedCreatedEvent = WrappedCreatedEvent(
  event = CreatedEvent(
    eventId = "#122059076d49ad774b47f6b76c5570260f3625fa400d8172d613b79fadda63c2d967:0",
    contractId = "0006e456dd680720a9c25182e993843542b9795b016c50865494595b409f9cf865ca011220cf470d7d8e22d6ca8e548e82f7db7009ff67b356f937e339e04ba836a59cfe26",
    templateId = Some(
      value = Identifier(
        packageId = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
        moduleName = "Iou",
        entityName = "Iou"
      )
..
@ val archiveIouCmd = ledger_api_utils.exercise("Archive", Map.empty, iou.event)
..
@ participant1.ledger_api.commands.submit(Seq(participant1.adminParty), Seq(archiveIouCmd))
res24: com.daml.ledger.api.v1.transaction.TransactionTree = TransactionTree(
  transactionId = "12208970acd0aa4896747f1133ff1cce3470433de14d5cc36b6676934d4f5eee6664",
  commandId = "4f5ed060-b2d3-4d05-a1ca-da50d3d7b7b9",
  workflowId = "",
  effectiveAt = Some(
..

The DAR removal operation will now succeed.

@ participant1.dars.remove(darHash)

Main package of the DAR can’t be automatically removed

Similarly, DAR removal may fail because the DAR can’t be automatically removed. To illustrate this, upload the DAR without automatic vetting and subsequently vet all the packages manually.

@ val darHash = participant1.dars.upload("dars/CantonExamples.dar", vetAllPackages = false)
darHash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"
@ import com.daml.lf.data.Ref.IdString.PackageId
@ val packageIds = participant1.packages.list().filter(_.sourceDescription == "CantonExamples").map(_.packageId).map(PackageId.assertFromString)
packageIds : Seq[PackageId] = Vector(
  "86828b9843465f419db1ef8a8ee741d1eef645df02375ebf509cdc8c3ddd16cb",
  "cc348d369011362a5190fe96dd1f0dfbc697fdfd10e382b9e9666f0da05961b7",
..
@ participant1.topology.vetted_packages.authorize(TopologyChangeOp.Add, participant1.id, packageIds)
res29: com.google.protobuf.ByteString = <ByteString@2689ee2a size=2384 contents="\n\315\022\n\373\017\n\366\017\n\363\017\022 4aQRFsvwUasTrOIXUx4WnBM9i3IGImghJ...">

The DAR removal operation will now fail:

@ participant1.dars.remove(darHash)
ERROR com.digitalasset.canton.integration.EnterpriseEnvironmentDefinition$$anon$3 - Request failed for participant1.
  GrpcRequestRefusedByServer: FAILED_PRECONDITION/PACKAGE_OR_DAR_REMOVAL_ERROR(9,9ad3fba1): An error was encountered whilst trying to unvet the DAR DarDescriptor(SHA-256:cf8e19cb32ce...,CantonExamples) with main package eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975 for DAR removal. Details: IdentityManagerParentError(Mapping(VettedPackages(
  participant = participant1::1220c1e2bd99...,
  packages = Seq(
    eabed7ee422f...,
    94f7c83923aa...,
    cb0552debf21...,
    3f4deaf145a1...,
    86828b984346...,
    f20de1e4e37b...,
    76bf0fd12bd9...,
    38e6274601b2...,
    d58cf...
  Request: RemoveDar(1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057)
  CorrelationId: 9ad3fba15d775fa3347df6d4fc5b6142
  Context: Map(participant -> participant1, test -> PackageDarManagementDocumentationIntegrationTest)
  Command ParticipantAdministration$dars$.remove invoked from cmd10000076.sc:1

The DAR can be successfully removed after manually revoking the vetting for the main package:

@ participant1.topology.vetted_packages.authorize(TopologyChangeOp.Remove, participant1.id, packageIds, force = true)
res30: com.google.protobuf.ByteString = <ByteString@1bc24689 size=2386 contents="\n\317\022\n\375\017\n\370\017\n\365\017\b\001\022 4aQRFsvwUasTrOIXUx4WnBM9i3IGImg...">
@ participant1.dars.remove(darHash)

Note that a force flag is needed used to revoke the package vetting; throughout this tutorial force will be used whenever a package vetting is being removed. See topology.vetted_packages.authorize for more detail.

Removing Packages

Canton also supports removing individual packages, giving the user more fine-grained control over the system. Packages can be removed if the package satisfies the following two requirements:

  • The package must be unused. This means that there shouldn’t be an active contract corresponding to the package.
  • The package must not be vetted. This means there shouldn’t be an active vetting transaction corresponding to the package.

The following tutorial shows how to remove a package using the Canton console. The first step is to upload and identify the package ID for the package to be removed.

@ val darHash = participant1.dars.upload("dars/CantonExamples.dar")
darHash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"
@ val packageId = participant1.packages.find("Iou").head.packageId
packageId : String = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975"

Package removal will initially fail as, by default, uploading the DAR will add a vetting transaction for the package:

@ participant1.packages.remove(packageId)
ERROR com.digitalasset.canton.integration.EnterpriseEnvironmentDefinition$$anon$3 - Request failed for participant1.
  GrpcRequestRefusedByServer: FAILED_PRECONDITION/PACKAGE_OR_DAR_REMOVAL_ERROR(9,8c3309c6): Package eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975 is currently vetted and available to use.
  Request: RemovePackage(eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975,false)
  CorrelationId: 8c3309c6f0692d9392c7897f0c964403
  Context: Map(participant -> participant1, test -> PackageDarManagementDocumentationIntegrationTest)
  Command ParticipantAdministration$packages$.remove invoked from cmd10000087.sc:1

The vetting transaction must be manually revoked:

@ val packageIds = participant1.topology.vetted_packages.list().map(_.item.packageIds).filter(_.contains(packageId)).head
packageIds : Seq[com.digitalasset.canton.package.LfPackageId] = Vector(
  "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
  "94f7c83923aa273fb90b907f57385ae951ca1195fb35806275cbd03e9e4faab6",
..
@ participant1.topology.vetted_packages.authorize(TopologyChangeOp.Remove, participant1.id, packageIds, force = true)
res35: com.google.protobuf.ByteString = <ByteString@d7f3085 size=2386 contents="\n\317\022\n\375\017\n\370\017\n\365\017\b\001\022 fIepa8nt8xDbbxh8sFU1wHbqmo7PFm8...">

And then the package can be removed:

@ participant1.packages.remove(packageId)

Package is in use

The operations above will fail if the package is in use. To illustrate this, first re-upload the package (uploading the associated DAR will work):

@ val darHash = participant1.dars.upload("dars/CantonExamples.dar")
darHash : String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

Then create a contract using the package:

@ val createIouCmd = ledger_api_utils.create(packageId,"Iou","Iou",Map("payer" -> participant1.adminParty,"owner" -> participant1.adminParty,"amount" -> Map("value" -> 100.0, "currency" -> "EUR"),"viewers" -> List()))
createIouCmd : com.daml.ledger.api.v1.commands.Command = Command(
  command = Create(
    value = CreateCommand(
      templateId = Some(
        value = Identifier(
..
@ participant1.ledger_api.commands.submit(Seq(participant1.adminParty), Seq(createIouCmd))
res39: com.daml.ledger.api.v1.transaction.TransactionTree = TransactionTree(
  transactionId = "122077ca3af21f3ab527b5f537d857f394b26595c81f94dc0d02d1f1beb92a153c81",
  commandId = "bd267dc8-156c-4acd-9915-b2048a3475e0",
  workflowId = "",
  effectiveAt = Some(
    value = Timestamp(
      seconds = 1687179000L,
      nanos = 989559000,
      unknownFields = UnknownFieldSet(fields = Map())
    )
..

In this situation, the package cannot be removed:

@ participant1.packages.remove(packageId)
ERROR com.digitalasset.canton.integration.EnterpriseEnvironmentDefinition$$anon$3 - Request failed for participant1.
  GrpcRequestRefusedByServer: FAILED_PRECONDITION/PACKAGE_OR_DAR_REMOVAL_ERROR(9,ea82ffa2): Package eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975 is currently in-use by contract ContractId(00279cb417844958388c636a7f4ca40b483fffd121ddb1c287800496e56ee163dbca0112207fad4d2c47d87e037c95668072e6429b81f0f691dc0704402440c8be2652b355) on domain mydomain::12204773f378.... It may also be in-use by other contracts.
  Request: RemovePackage(eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975,false)
  CorrelationId: ea82ffa2bdc9d346a45b98f1190f3814
  Context: HashMap(participant -> participant1, test -> PackageDarManagementDocumentationIntegrationTest, domain -> mydomain::12204773f378..., pkg -> eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975, contract -> ContractId(00279cb417844958388c636a7f4ca40b483fffd121ddb1c287800496e56ee163dbca0112207fad4d2c47d87e037c95668072e6429b81f0f691dc0704402440c8be2652b355))
  Command ParticipantAdministration$packages$.remove invoked from cmd10000103.sc:1

To remove the package, first archive the contract:

@ val iou = participant1.ledger_api.acs.find_generic(participant1.adminParty, _.templateId == "Iou.Iou")
iou : com.digitalasset.canton.admin.api.client.commands.LedgerApiTypeWrappers.WrappedCreatedEvent = WrappedCreatedEvent(
  event = CreatedEvent(
    eventId = "#122077ca3af21f3ab527b5f537d857f394b26595c81f94dc0d02d1f1beb92a153c81:0",
    contractId = "00279cb417844958388c636a7f4ca40b483fffd121ddb1c287800496e56ee163dbca0112207fad4d2c47d87e037c95668072e6429b81f0f691dc0704402440c8be2652b355",
    templateId = Some(
      value = Identifier(
        packageId = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
        moduleName = "Iou",
        entityName = "Iou"
      )
..
@ val archiveIouCmd = ledger_api_utils.exercise("Archive", Map.empty, iou.event)
archiveIouCmd : com.daml.ledger.api.v1.commands.Command = Command(
  command = Exercise(
    value = ExerciseCommand(
      templateId = Some(
        value = Identifier(
          packageId = "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
          moduleName = "Iou",
          entityName = "Iou"
        )
      ),
..
@ participant1.ledger_api.commands.submit(Seq(participant1.adminParty), Seq(archiveIouCmd))
res42: com.daml.ledger.api.v1.transaction.TransactionTree = TransactionTree(
  transactionId = "1220f83d7f111be5ec30ce93bb87b9bfad02986c89f8e50cddb2a410abfc7b0bf8f6",
  commandId = "be4ad5ab-4527-454d-9754-b123484f1766",
  workflowId = "",
  effectiveAt = Some(
    value = Timestamp(
      seconds = 1687179001L,
      nanos = 481288000,
      unknownFields = UnknownFieldSet(fields = Map())
    )
  ),
  offset = "00000000000000000c",
..

Then revoke the package vetting transaction:

@ val packageIds = participant1.topology.vetted_packages.list().map(_.item.packageIds).filter(_.contains(packageId)).head
packageIds : Seq[com.digitalasset.canton.package.LfPackageId] = Vector(
  "eabed7ee422fc250c9299d6bf2dddafc9104d8948dd5d1ac1c506649c29eb975",
  "94f7c83923aa273fb90b907f57385ae951ca1195fb35806275cbd03e9e4faab6",
..
@ participant1.topology.vetted_packages.authorize(TopologyChangeOp.Remove, participant1.id, packageIds, force = true)
res44: com.google.protobuf.ByteString = <ByteString@7c855d31 size=2386 contents="\n\317\022\n\375\017\n\370\017\n\365\017\b\001\022 yz7I55X9tJQapnRPIUp8pYWnKjvKUbD...">

The package removal operation should now succeed.

@ participant1.packages.remove(packageId)

Force-removing packages

Packages can also be forcibly removed, even if the conditions above are not satisfied. This is done by setting the force flag to true.

To experiment with this, first re-upload the DAR so the package becomes available again:

@ participant1.dars.upload("dars/CantonExamples.dar")
res46: String = "1220cf8e19cb32ce97bb7f745716c46068753d391b7100fa13511be4954015c81057"

Then force-remove the package:

@ participant1.packages.remove(packageId, force = true)

Please note, this is a dangerous operation. Forced removal of packages should be avoided whenever possible.