Overview of Solaris Update Management

Update management involves applying Solaris updates, also referred to as patches, to a system. Update management might also involve removing unwanted or faulty updates. Removing updates is also called backing out updates.

This section covers the following topics:

• Types of Updates

• Accessing Solaris Updates

• Tools for Managing Solaris Updates

For information about applying patches to diskless client systems, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.

For information about recommended strategies and practices for using Solaris updates, see Solaris Patch Management Recommended Strategies at http://docs.sun.com/app/docs/coll/1078.1.

Types of Updates

An update is a collection of files and directories that replaces or updates existing files and directories that are preventing proper execution of the existing software. An update might also introduce a new feature to the system. Such an update is called a feature update. The existing software is derived from a specified package format, which conforms to the application binary interface (ABI).

You can manage updates on your Solaris system by using the Update Manager application, the smpatch command, or the patchadd command.

---

Note –

Do not use the Update Manager GUI, the smpatch command, and the patchadd command simultaneously to manage updates on your system. While the Update Manager GUI is running, changes made by smpatch and patchadd might not be reflected correctly in Update Manager.

---

Signed and Unsigned Updates

A signed update is one that has a digital signature applied to it. An update that has its digital signature verified has not been modified since the signature was applied. The digital signature of a signed update is verified after the update is downloaded to your system.

Updates and patches for Solaris releases are available as signed updates and as unsigned updates. Unsigned updates do not have a digital signature.

Signed updates are stored in Java^TM archive format (JAR) files and are available from the Sun update server. Unsigned updates are stored in directory format and are also available from the Sun update server as .zip files.

Accessing Solaris Updates

Sun customers can access updates and patches from the Sun update server whether or not they are in the SunSpectrum^SM program. These updates and patches are updated nightly.

You can obtain Solaris updates in the following ways:

• From the http://sunsolve.sun.com web site

  To access updates from the Sun Patch Portal, your system must be connected to the Internet and be capable of running a web browser, such as the Mozilla^TM software.

• By using the Update Manager tools that are described in Chapter 4, Managing Solaris Updates by Using the Update Manager GUI

• By using the Sun Update Connection Hosted web application that is described in Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface

You can access individual updates or a set of updates from an update cluster, or refer to update reports. You can also use Update Manager to analyze your system to determine the appropriate updates. Update Manager can also download and apply the updates to your system.

Each update is associated with a README file that has information about the update. You can view, print, or save each README file from the Update Manager GUI.

Solaris Update Numbering

Updates are identified by unique update IDs. An update ID is an alphanumeric string that is an update base code and the update revision number joined with a hyphen. For example, update 118822-02 is the update ID for the SunOS^TM 5.10 kernel update.

Tools for Managing Solaris Updates

You can use the following tools to apply updates to Solaris systems:

• Sun Update Connection System tools:

  • Update Manager graphical user interface (GUI)

  • Sun Update Connection Hosted web application

  • Update Manager command-line interface (smpatch)

• patchadd command

• Solaris Management Console (smc) Patches tool (GUI, starting with Solaris 9)

If you need to apply a patch to a diskless client system, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.

The Update Manager application is part of the Sun Update Connection System software product. The Sun Update Connection Hosted web application is also part of this software product.

The following table summarizes the availability of various Solaris update management tools.

Table 1–2 Availability of Solaris Update Management Tools

Tool Availability	Update Manager and Sun Patch Manager 2.0	Sun Update Connection System	patchadd/ patchrm Commands	Solaris 2.6 and Solaris 7 Patch Management Tools
How do I get this tool?	For Solaris 10 – Apply the Update Manager feature update. For Solaris 8 or Solaris 9 – Download the appropriate version of the Patch Manager tool from the Sun Download Center web site.	Run tool from the Sun Update Connection System web site.	Included with the Solaris release.	Download the tool from the Sun Download Center.
Solaris release availability	For Solaris 10 – Update Manager. For Solaris 8 and Solaris 9 – Sun Patch Manager 2.0.	Solaris 10.	Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases.	Solaris 2.6 and Solaris 7 releases.
Applies signed updates?	Yes, and automatically verifies the signed update when it is downloaded.	Yes	Starting with Solaris 9 12/03 – Yes, and automatically verifies the signed update when it is downloaded.	Yes, and automatically verifies the signed update when it is downloaded.
Applies unsigned updates?	For Update Manager – No. For Sun Patch Manager 2.0 – Yes, but the updates must be unzipped first.	Yes	Yes	No
GUI available?	For Solaris 10 – Yes, for systems running Update Manager. For Solaris 9 – Yes, for systems running Patch Manager (smc). For Solaris 8 – No.	Web application is hosted at Sun.	No	No
Analyzes system to determine the appropriate updates, and downloads signed or unsigned updates	Yes, signed updates only.	Yes	No	Yes, signed updates only.
Local and remote system update support	Local and remote.  For Solaris 8 – Local.	Remote	Local	Local
RBAC support?	For Update Manager – No. For smpatch – Yes.	Not applicable	Yes	No

Managing Solaris Updates

While you apply updates, the patchadd command logs information in the /var/sadm/patch/update-id/log file.

The patchadd command cannot apply an update under the following conditions:

• The package is not fully installed on the system.

• The update package’s architecture differs from the system’s architecture.

• The update package’s version does not match the installed package’s version.

• An update with the same base code and a higher revision number has already been applied.

• An update that makes an applied update obsolete.

• The update is incompatible with an update that has already been applied to the system.

• The update being applied depends on another update that has not yet been applied.

Selecting the Best Method for Applying Updates

You can use several different methods to download or apply one or more updates to your system. Use the following table to determine which method is best for your needs.

---

Note –

The version of the smpatch command described in this table was first available for Solaris 8 systems.

---

Table 1–3 Comparison of Update Methods

Command or Tool	Description	For More Information
Update Manager GUI	Use this tool when you want the convenience of a GUI to manage updates.  Following are some features of this GUI:  Analyzing your system to determine the appropriate updates Updating the system with one or more updates Removing updates Viewing the list of applied updates Configuring your update management environment Notifying you when new updates are available for your system	Chapter 4, Managing Solaris Updates by Using the Update Manager GUI
Sun Update Connection Hosted web application	Use this web application, which is hosted at Sun, to remotely manage updates on all of your Solaris 10 systems.	Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface
smpatch update	Use this command to analyze your system to determine the appropriate updates, and to automatically download and apply the updates.  Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available.	smpatch(1M) man page
smpatch analyze and smpatch update	First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch update to download and apply one or more of the updates to your system. Note that this command will not apply an update that has the interactive property set. For Solaris 8 systems, only the local mode smpatch is available.	smpatch(1M) man page
smpatch analyze, smpatch download, and smpatch add	First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch download to download them. This command also downloads any prerequisite updates. Then, use smpatch add to apply one or more of the updates to your system while the system is in single-user or multiuser mode. For Solaris 8 systems, only the local mode smpatch is available.	smpatch(1M) man page
patchadd	Starting with Solaris 2.6 release – Apply unsigned updates to your system. Starting with Solaris 9 12/03 release – Use this command to apply either signed or unsigned updates to your system. To apply signed updates, you must first set up your package keystore.	patchadd(1M) man page

If you choose to use the smpatch command-line interface or the Update Manager graphical user interface to apply updates, see Getting Started With the Sun Update Connection System for additional information that might affect which method you select.