- remove a Solaris patch package and restore previously saved files
patchrm [-f] [-G] [-B backout_dir] [-C net_install_image | -R client_root_path | -S service] [-t] patch_id
patchrm removes a patch package and restores previously saved files to a system running the Solaris 2.x operating environment or later Solaris environments (such as Solaris 8) that are compatible with Solaris 2.x. patchrm cannot be used with Solaris 1 patches. patchrm must be run as root.
With respect to zones(5), when invoked in the global zone, by default, patchrm patches all appropriate packages in all zones. Patch removal behavior in a zones environment varies according to the following factors:
use of the -G option (described below)
setting of the SUNW_PKG_ALLZONES variable in the pkginfo file (see pkginfo(4)).
type of zone, global or local (non-global) in patchrm which is invoked
The interaction of the factors above is specified in “Interaction of -G and pkginfo Variable in Zones,” below.
When you remove patches from packages on a Solaris system with zones installed, you will see numerous zones-related messages, the frequency and content of which depend on whether you invoke patchrm in a global or local zone, the setting of SUNW_PKG_ALLZONES, and the use of the -G option.
With the “Zones Parallel Patching” feature, patches can be removed from zones in parallel. Using this feature, patches are removed from all zones first and, once they are removed from all zones, removed from the global zone. For this removal to occur, the patch removal software starts a number of processes whose task is to remove patches from zones. The number of processes to be started would be determined by the num_proc parameter in the configuration file /etc/patch/pdo.conf.
The number of processes to be started is determined in the following order:
The value of the num_proc parameter. Setting this to 1 retains the current behavior of the patch system.
The number of online CPUs in the system.
The upper bound is the number of configured Solaris zones.
The following options are supported:
Removes a patch whose backout data has been saved to a directory other than the package database. This option is only needed if the original backout directory, supplied to the patchadd command at installation time, has been moved. Specify backout_dir as an absolute path name.
Removes the patched files located on the mini root on a Net Install Image created by setup_install_server. Specify net_install_image as the absolute path name to a Solaris 2.6 or compatible version boot directory. See EXAMPLES.
Forces the patch removal regardless of whether the patch was superseded by another patch.
Remove patch(es) to packages in the current zone only. When used in the global zone, the patch is removed from packages in the global zone only and is not removed from packages in any existing non-global zone. When used in a non-global zone, the patch is removed from packages in the non-global zone only. See “Interaction of -G and pkginfo Variable in Zones,”, below.
Locates all patch files generated by patchrm under the directory client_root_path. client_root_path is the directory that contains the bootable root of a client from the server's perspective. Specify client_root_path as the absolute path name to the beginning of the directory tree under which all patch files generated from patchrm will be located. -R cannot be specified with the -S option.
Note - The root file system of any non-global zones must not be referenced with the -R option. Doing so might damage the global zone's file system, might compromise the security of the global zone, and might damage the non-global zone's file system. See zones(5).
Specifies an alternate service (for example, Solaris_2.3). This service is part of the server and client model, and can only be used from the server's console. Servers can contain shared /usr file systems that are created by smosservice(1M). These service areas can then be made available to the clients they serve. -S cannot be specified with the -R option.
Maintains the patchrm return codes from the Solaris release prior to Solaris 10. On a system with zones(5) installed, a return code of 0 indicates success. Any other return code indicates failure.
The following list specifies the interaction between the -G option and the SUNW_PKG_ALLZONES variable (see pkginfo(4)) when removing a patch in global and local (non-global) zones.
If any packages have SUNW_PKG_ALLZONES set to true: Error; nothing changes.
If no packages have SUNW_PKG_ALLZONES set to true: Remove patch from package(s) in global zone only.
If any packages have SUNW_PKG_ALLZONES set to true: Remove patch from appropriate package(s) in all zones.
If no packages have SUNW_PKG_ALLZONES set to true: Remove patch from appropriate package(s) in all zones.
If any packages have SUNW_PKG_ALLZONES set to true: Error; nothing changes.
If no packages have SUNW_PKG_ALLZONES set to true: Remove patch from package(s) in local zone only.
The following operands are supported:
The patch number of a given patch. 104945-02 is an example of a patch_id.
The examples in this section assume that patch 104945-02 has been installed to the system prior to removal. All of the examples are relative to the /usr/sbin directory.
Example 1 Removing a Patch From a Stand-alone System
The following example removes a patch from a standalone system:
example# patchrm 104945-02
Example 2 Removing a Patch From a Client's System From the Server's Console
The following example removes a patch from a client's system from the server's console:
example# patchrm -R /export/root/client1 104945-02
Note the caveat on the use of the -R option in the description of that option, above.
Example 3 Removing a Patch From a Server's Service Area
The following example removes a patch from a server's service area:
example# patchrm -S Solaris_2.3 104945-02
Example 4 Removing a Patch From a Net Install Image
The following example removes a patch from a Net Install Image:
example# patchrm -C /export/Solaris_2.6/Tools/Boot 104945-02
One configuration file of note:
Patch configuration file. Can be used to configure “Zones Parallel Patching” feature.
The following exit values are returned:
An error occurred.
See attributes(5) for descriptions of the following attributes:
The following messages may help in determining some of the most common problems associated with backing out a patch.
prebackout patch exited with return code code. patchrm exiting.
The prebackout script supplied with the patch exited with a return code other than 0. Generate a script trace of the prebackout script to determine why the prebackout script failed. Add the -x option to the first line of the prepatch script to fix the problem and run patchadd again.
postbackout patch exited with return code code. patchrm exiting.
The postbackout script supplied with the patch exited with a return code other than 0. Look at the postbackout script to determine why it failed. Add the -x option to the first line of the prepatch script to fix the problem, and, if necessary, re-exececute the postbackout script only.
Only one service may be defined.
You have attempted to specify more than one service from which to backout a patch. Different services must have their patches backed out with different invocations of patchrm.
The -S and -R arguments are mutually exclusive.
You have specified both a non-native service and a client_root_path from which to backout a patch. These two arguments are mutually exclusive. If backing out a patch from a non-native usr partition, the -S option should be used. If backing out a patch from a client's root partition (either native or non-native), the -R option should be used.
The service service cannot be found on this system
You have specified a non-native service from which to backout a patch, but the specified service is not installed on your system. Correctly specify the service when backing out the patch.
Only one client_root_path may be defined.
You have specified more than one client_root_path using the -R option. The -R option may be used only once per invocation of patchrm.
The dir directory cannot be found on this system.
You have specified a directory using the -R option which is either not mounted, or does not exist on your system. Verify the directory name and re-backout the patch.
Patch patch_id has not been successfully installed to this system.
You have attempted to backout a patch that is not installed on this system. If you must restore previous versions of patched files, you may have to restore the original files from the initial installation CD.
Patch patch_id has not been successfully applied to this system. Will remove directory dir.
You have attempted to back out a patch that is not applied to this system. While the patch has not been applied, a residual /var/sadm/patch/patch_id (perhaps from an unsuccessful patchadd) directory still exists. The patch cannot be backed out. If you must restore old versions of the patched files, you may have to restore them from the initial installation CD.
This patch was obsoleted by patch patch_id. Patches must be backed out in the reverse order in which they were installed. Patch backout aborted.
You are attempting to backout patches out of order. Patches should never be backed-out out of sequence. This could undermine the integrity of the more current patch.
Patch patch_id is required to be installed by an already installed patch_id. It cannot be backed out until the required patch is backed out first.
Backout the patch that is required to be installed then backout the desired patch.
The installation of patch patch_id was interrupted.
A previous installation was interrupted. The interrupted patch needs to be installed before backing out the desired patch.
Patch patch_id was installed without backing up the original files. It cannot be backed out.
Either the -d option of patchadd was set when the patch was applied, or the save area of the patch was deleted to regain space. As a result, the original files are not saved and patchrm cannot be used. The original files can only be recovered from the original installation CD.
pkgadd of pkgname package failed return code code. See /var/sadm/patch/patch_id/log for reason for failure.
The installation of one of patch packages failed. See the log file for the reason for failure. Correct the problem and run the backout script again.
Restore of old files failed.
The backout script uses the cpio command to restore the previous versions of the files that were patched. The output of the cpio command should have preceded this message. The user should take the appropriate action to correct the cpio failure. This is for Solaris 2.4 or previous versions.
Illegal character found during parsing. Read the man page for pdo config file.
The /etc/patch/pdo.conf follows a specific layout. Each entry in this file should conform to this layout. See pdo.conf(4).
Warning: Cannot open configuration file %s for reading. Using default serial patching behavior
The /etc/patch/pdo.conf file is missing from the system. This file is typically created during an initial install or update or by applying the patch for the “Zones Parallel Patching” feature. If the file is not present, the default, one-at-time behavior of adding or removing patches from a zoned system would ensue.
On client server machines the patch package is not removed from existing clients or from client root template space. Therefore, when appropriate, all client machines will need the patch removed directly using this same patchrm method on the client. A bug affecting a package utility (for example, pkgadd, pkgrm, pkgchk) could affect the reliability of patchadd or patchrm which use package utilities to install and backout the patch package. It is recommended that any patch that fixes package utility problems be reviewed and, if necessary, applied before other patches are applied. Existing patches are:
Certain patches are classified as “deferred activation” patches (sometimes with initial capitals, as “Deferred Activation” patches). Under conditions indicated below, such patches require special treatment. A patch's README file specifies whether that patch is of the deferred activation variety. (Search on “Deferred Activation” in the README file.)
If you are installing or removing a patch that uses deferred activation patching, you must check on the following:
On a system running zones, all non-global zones must be in a halted state for adding or removing a patch.
Deferred activation patching requires the loopback file system (lofs) in order to complete safely. Systems running Sun Cluster 3.1 or Sun Cluster 3.2 are likely to have lofs turned off because of restrictions on HA-NFS functionality when lofs is enabled. Therefore, before a deferred activation patch is installed or removed, you must re-enable the loopback file system by commenting out the following line in the /etc/system file:
Then, reboot your system and install or remove the patch. After you have completed the patch operation, uncomment the line cited above, then reboot to resume normal operation.