System Administration Guide: Basic Administration

Patch Management Terms and Definitions

The following terms are used throughout the patch management chapters.


To install a patch on a system.

back out

To remove a patch from a system.

backout data

Data that is created when a patch is applied to enable the system to return to its previous state if the patch is removed (backed out).

backout directory

Directory in which backout data is stored. By default, this is the save directory of each package that was installed by the patch.


See patch dependency.

digital signature

An electronic signature that can be used to ensure that a document has not been modified since the signature was applied.


To copy one or more patches from a source of patches, such as the Sun patch server, to the system where the patches are to be applied.

download directory

Directory in which patches are stored when they are downloaded from the patch source. This is also the directory from which patches are applied. The default location is /var/sadm/spool.


A repository of certificates and keys that is queried when you attempt to apply a signed patch.

nonstandard patch

Nonstandard patches cannot be installed using the patchadd command. Nonstandard patches, those that are typically used to deliver firmware or software application fixes that are not delivered in package format, must be installed by using the instructions that are specified in the patch README file.


To sort a set of patches in an order suitable for applying patches.


The form in which software products are delivered for installation on a system. The package contains a collection of files and directories in a defined format.


An update to software that corrects an existing problem or that introduces a feature.

patch analysis

A method of checking a system to determine which patches are appropriate for the system.

patch dependency

An instance where a patch depends on the existence of another patch on a system. A patch that depends on one or more patches can only be applied to a system when those other patches have already been applied.

patch ID

A unique alphanumeric string, with the patch base code first, a hyphen, and a number that represents the patch revision number.

patch incompatibility

A rare situation where two patches cannot be on the same system. Each patch in the relationship is incompatible with the other. If you want to apply a patch that is incompatible with a patch already on the system, you must first remove the patch that is already on the system. Then, you can apply the new patch.

patch list

A file that contains a list of patches, one patch ID per line. Such a list can be used to perform patch operations. The list can be generated based on the analysis of a system or on user input.

Each line in a patch list has two columns. The first column is the patch ID, and the second column is a synopsis of that patch.

patch obsolescence

An instance where a patch replaces another patch, even if it has not already been applied to a system. A patch that obsoletes one or more patches replaces those patches entirely and does not require that the obsolete patches be applied before the replacement patch is applied.

patch server

A source of patches that can be used by your systems to perform patch analyses and from which to obtain the appropriate patches.

signed patch

A patch that is signed with a valid digital signature. A signed patch offers greater security than an unsigned patch. The digital signature of the patch can be verified before the patch is applied to your system. A valid digital signature ensures that the signed patch has not been modified since the signature was applied. Signed patches are stored in Java Archive (JAR) format files.

software update

A change to software that you apply that corrects an existing problem or that introduces a feature.

special handling

Patches with properties that indicate they must be installed in single-user mode. Also, patches that require you to restart the system after the patch has been applied are referred to as having special handling requirements.

standard patch

Standard patches are those that adhere to the Oracle Solaris patch specification and are installable by using the patchadd command. Note that nonstandard patches cannot be installed by using the patchadd command

SunSolve Online

The patch portal Website that provides access to patches, patch information, and patch clusters. See for more information.

unsigned patch

A patch that is not signed with a digital signature.

web proxy

A system that is used to connect your system to the Internet. Your system cannot connect directly to the Internet, but must use the web proxy to establish the connection.