You use the smpatch command with Solaris Patch Manager Base 1.0.1 to manage signed patches on systems that run the Solaris 2.6, Solaris 7, and Solaris 8 releases. You use the smpatch command with PatchPro 2.2 to manage signed patches on systems that run the Solaris 9 release.
Both Solaris patch management tools for signed patches provide the following capabilities:
Analyzing patch requirements and downloading signed patches for the local system only.
Applying one or more signed patches in JAR format. They also authenticate the patch or patches to be applied.
Solaris 9 GUI only – Removing one or more patches. Patch dependencies are checked beforehand.
Enabling you to set up a default policy for applying patches of various types, such as rebootafter and standard.
You can still use the patchadd command to apply unsigned patches to systems that run the Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases.
You cannot use Patch Manager Base 1.0.1 to apply unsigned patches to Solaris 2.6, Solaris 7, or Solaris 8 systems. However, you can use smpatch add to apply unsigned patches to Solaris 9 systems.
Patches are classified as standard patches or nonstandard patches. The Solaris patch management tools can apply patches in two modes: automatic mode and manual mode. In automatic mode, only standard patches can be applied on a regularly scheduled basis. In manual mode, all standard patches and most nonstandard patches can be applied from the command line.
A standard patch is one that is safe to apply and can be applied while the system is in multiuser mode. The effects of the patch are visible as soon as it is applied unless the application being patched is running while the patch is applied. In this case, the effects of the patch are visible after the affected application is restarted. A standard patch is associated with the standard property and can be applied in automatic mode.
A nonstandard patch has one of the following characteristics:
A patch that is associated with the interactive property.
A patch that is associated with the rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, or singleuser properties. This nonstandard patch can be applied in manual mode.
A patch that cannot be applied by running the patch management tools, but must be applied by following the instructions in the patch's README file.
Two options are available for applying patches in automatic mode:
Standard patches only – Only standard patches are downloaded to the patch directory and applied. A standard patch is one that does not require any special actions on the part of the user. A standard patch also does not require a reboot for the patch to take effect.
Specify this policy by using the pprosetup -p standard command.
No patches – No patches are downloaded to the patch directory or applied. This option is the default.
Specify this policy by using the pprosetup -p none command.
Most nonstandard patches can only be applied in manual mode. You can specify the patch policy for manual mode by using this command:
# pprosetup -i patch-property-list |
patch-property-list is one or more of the following patch properties: interactive, rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, singleuser, and standard. For descriptions of the patch properties, see the pprosetup(1M) man page.
A number of patches cannot be applied by PatchPro 2.2 or by Patch Manager Base 1.0.1 under any circumstances. For instance, nonconforming patches cannot be applied by using the smpatch, pprosvc, or patchadd command. Nonconforming patches must be extracted manually and applied by following the instructions in the patch's README file.
The patch management tool for Solaris 2.6, Solaris 7, and Solaris 8 has some limitations. You cannot apply signed patches in the following cases:
When applying signed patches to an alternate boot environment or to a diskless client
When automatically applying a signed patch that has the rebootimmediate, reconfigimmediate, or nonconforming patch property
Certain Solaris packages must be installed on your system before you install the Solaris patch management tools for signed patches.
For Solaris 2.6, Solaris 7, or Solaris 8 – Your system requires a minimal system configuration plus some additional packages. All the required packages are available from the End User cluster (SUNWCuser).
For Solaris 9 – You must have at least the Developer cluster (SUNWCprog) installed.
The following table shows the Solaris cluster and package requirements for running the Solaris patch management tools. Notice that when only a Solaris cluster is listed, the required packages are included in that cluster.
For information about verifying whether the required Solaris packages are installed on your system, see How to Verify Package Requirements for Patch Management Tools.
Feature |
patchadd and patchrm Commands |
Patch Check |
PatchPro Interactive or PatchPro Expert |
Solaris 2.6, Solaris 7, and Solaris 8 Patch Management Tool |
Solaris 9 Patch Management Tool |
---|---|---|---|---|---|
How do I get this tool? |
Included in Solaris release (SUNWswmt) |
SunSolve Online site |
Run tool from PatchPro Web site [The PatchPro Web site is http://www.sun.com/PatchPro.] |
Download Solaris Patch Manager Base 1.0.1 from PatchPro Web site |
Download PatchPro 2.2 from PatchPro Web site |
Solaris release availability |
Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 |
Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 |
Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 |
Solaris 2.6, Solaris 7, and Solaris 8 |
Solaris 9 |
Applies signed patches? |
Yes [You can unpack a signed patch and then apply it to your system by using the patchadd command. However, in this case, the digital signature is lost. For information about manually verifying a signed patch and then applying it with the patchadd command, see How to Verify a Signed Patch (jarsigner) or How to Verify a Signed Patch (signtool).] |
No |
No |
Yes, and automatically verifies the signed patch when it is downloaded |
Yes, and automatically verifies the signed patch when it is downloaded |
Applies unsigned patches? |
Yes |
Yes |
No |
No |
Yes |
GUI available? |
No |
No |
No |
No |
Yes |
Analyzes system for recommended patches, and downloads patches |
No |
Yes, unsigned patches only |
Yes, unsigned patches only |
Yes, signed patches only |
Yes, signed patches only |
Local and remote system patch support |
Local |
Local |
No |
Local |
Local and remote |
RBAC support? |
No |
No |
No |
No |
Yes |