test

Sun Update Connection System 1.0.8 Administration Guide

Chapter 1 Overview of the Sun Update Connection System

The SunSM Update Manager software is one part of the Sun Update Connection System software that enables you to locally manage updates on your system. Sun Update Connection System Update Manager is henceforth referred to as Update Manager.

This chapter covers the following topics:

Note –

The terms patch and update are used interchangeably in the Sun Update Connection System software and in this book.

Getting Started With the Sun Update Connection System

Note –

If you are familiar with the Sun Update Connection System and would like to install the Update Manager client software, go to Chapter 2, Installing the Sun Update Connection System Software.

The Sun Update Connection System has three user interfaces that you can use to manage updates on your system. You can use either of the two Update Manager user interfaces to locally manage updates on your system. The user interfaces are the Sun Update Manager graphical user interface and the smpatch command-line interface. You can also use the Sun Update Connection Hosted web application to remotely manage updates on one or more of your systems.

This section covers the following topics:

Getting Started Process Overview

Before you can use Update Manager or the Sun Update Connection Hostedweb application to manage updates on your systems, you must determine the update management strategy you want to use.

  1. Install and start the Update Manager application on your SolarisTM 10 system.

  2. Find the situation that best describes your update management environment.

    • Your client system is directly connected to the Internet.

      You are ready to begin the system registration process.

    • Your client system is connected to the Internet by means of a network proxy.

      You must first specify the host name and port of the network proxy during the system registration process. If required, also specify the user name and password associated with the network proxy.

    • You want to have several client systems obtain updates from a Sun Update Connection Proxy on your intranet.

      You must first configure a system to act as your Sun Update Connection Proxy. See Configuring Your Sun Update Connection Proxy (Task Map). Then, configure your client system to obtain updates from the proxy during the registration process.

  3. Register your Solaris system with Update Manager.

    During the registration process, you are prompted for a Sun Online Account. You might already have a Sun Online Account if you registered for an account with programs such as Java Developer ConnectionSM, Online Support Center (OSC), My Sun, SunSolveSM, and Sun Store.

    Determine the update management strategy you want to use based on your level of registration and subscription.

    • Unregistered system. Manually obtain and manage Solaris security updates locally on your system by using the smpatch add command and the smpatch remove command.

    • Registered system with no subscription. Use Update Manager to locally manage only Solaris security updates.

    • Registered system with a subscription and managed with Sun Update Connection System. Use the Sun Update Connection Hosted web application to remotely manage all Solaris updates. A subscription is part of the Sun Service Plan. You can still manage updates locally by using the Update Manager GUI or the smpatch command.

  4. Manage updates on your Solaris systems.

Comparison of Update Manager User Interfaces

The following table summarizes the Sun Update Connection System features and tasks that are supported by the GUI, the command-line interface (smpatch), and the Sun Update Connection Hosted browser interface.

Table 1–1 Comparison of Features Supported by the Sun Update Connection System User Interfaces

Feature/Task 

Graphical User Interface 

Command-Line Interface 

Browser Interface 

Can apply updates to a system?

Yes 

Yes 

Yes 

Can perform update management operations on a remote system?

Yes. You can run the GUI on a remote system and display it on your local system. 

Also, use the Sun Update Connection Hosted web application to remotely manage your system. 

Yes, in remote mode smpatch only. Local mode smpatch can only be run on the local system.

Yes 

Can analyze a system for updates?

Yes 

Yes 

Yes 

Can perform a scheduled update analysis of your system?

Yes 

Yes. Use cron to run the smpatch analyze command.

Yes 

Can download individual updates?

No, only those updates that are marked as Download Only, which the Sun Update Connection System cannot install, can be downloaded. 

Yes 

No, only those updates that are marked as Download Only, which the Sun Update Connection System cannot install, can be downloaded. 

Can resolve update dependencies?

Yes 

Sometimes. If you run smpatch add, update dependencies are not resolved. However, if you run smpatch update or smpatch analyze -i update-id, update dependencies are resolved.

Yes 

Can remove more than one update at a time?

Yes 

No. smpatch remove can remove just one update at a time.

Yes 

Can be run while the system is in single-user mode?

No 

Yes. Limited operations of local mode smpatch only.

No 

Can access updates from a Sun Update Connection Proxy ?

Yes 

Yes 

Not applicable. 

Can operate on update lists?

No 

Yes 

No 

Can configure the update management environment for your system?

Yes 

Yes 

Yes 

Supports RBAC?

No 

Yes 

No 

Overview of Solaris Update Management

Update management involves applying Solaris updates, also referred to as patches, to a system. Update management might also involve removing unwanted or faulty updates. Removing updates is also called backing out updates.

This section covers the following topics:

For information about applying patches to diskless client systems, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.

For information about recommended strategies and practices for using Solaris updates, see Solaris Patch Management Recommended Strategies at http://docs.sun.com/app/docs/coll/1078.1.

Types of Updates

An update is a collection of files and directories that replaces or updates existing files and directories that are preventing proper execution of the existing software. An update might also introduce a new feature to the system. Such an update is called a feature update. The existing software is derived from a specified package format, which conforms to the application binary interface (ABI).

You can manage updates on your Solaris system by using the Update Manager application, the smpatch command, or the patchadd command.

Note –

Do not use the Update Manager GUI, the smpatch command, and the patchadd command simultaneously to manage updates on your system. While the Update Manager GUI is running, changes made by smpatch and patchadd might not be reflected correctly in Update Manager.

Signed and Unsigned Updates

A signed update is one that has a digital signature applied to it. An update that has its digital signature verified has not been modified since the signature was applied. The digital signature of a signed update is verified after the update is downloaded to your system.

Updates and patches for Solaris releases are available as signed updates and as unsigned updates. Unsigned updates do not have a digital signature.

Signed updates are stored in JavaTM archive format (JAR) files and are available from the Sun update server. Unsigned updates are stored in directory format and are also available from the Sun update server as .zip files.

Accessing Solaris Updates

Sun customers can access updates and patches from the Sun update server whether or not they are in the SunSpectrumSM program. These updates and patches are updated nightly.

You can obtain Solaris updates in the following ways:

You can access individual updates or a set of updates from an update cluster, or refer to update reports. You can also use Update Manager to analyze your system to determine the appropriate updates. Update Manager can also download and apply the updates to your system.

Each update is associated with a README file that has information about the update. You can view, print, or save each README file from the Update Manager GUI.

Solaris Update Numbering

Updates are identified by unique update IDs. An update ID is an alphanumeric string that is an update base code and the update revision number joined with a hyphen. For example, update 118822-02 is the update ID for the SunOSTM 5.10 kernel update.

Tools for Managing Solaris Updates

You can use the following tools to apply updates to Solaris systems:

If you need to apply a patch to a diskless client system, see “Patching Diskless Client OS Services” in System Administration Guide: Basic Administration.

The Update Manager application is part of the Sun Update Connection System software product. The Sun Update Connection Hosted web application is also part of this software product.

The following table summarizes the availability of various Solaris update management tools.

Table 1–2 Availability of Solaris Update Management Tools

Tool Availability 

Update Manager and Sun Patch Manager 2.0 

Sun Update Connection System 

patchadd/ patchrm Commands

Solaris 2.6 and Solaris 7 Patch Management Tools 

How do I get this tool?

For Solaris 10 – Apply the Update Manager feature update.

For Solaris 8 or Solaris 9 – Download the appropriate version of the Patch Manager tool from the Sun Download Center web site.

Run tool from the Sun Update Connection System web site. 

Included with the Solaris release. 

Download the tool from the Sun Download Center. 

Solaris release availability

For Solaris 10 – Update Manager.

For Solaris 8 and Solaris 9 – Sun Patch Manager 2.0.

Solaris 10. 

Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases. 

Solaris 2.6 and Solaris 7 releases. 

Applies signed updates?

Yes, and automatically verifies the signed update when it is downloaded. 

Yes 

Starting with Solaris 9 12/03 – Yes, and automatically verifies the signed update when it is downloaded.

Yes, and automatically verifies the signed update when it is downloaded. 

Applies unsigned updates?

For Update Manager – No.

For Sun Patch Manager 2.0 – Yes, but the updates must be unzipped first.

Yes 

Yes 

No 

GUI available?

For Solaris 10 – Yes, for systems running Update Manager.

For Solaris 9 – Yes, for systems running Patch Manager (smc).

For Solaris 8 – No.

Web application is hosted at Sun. 

No 

No 

Analyzes system to determine the appropriate updates, and downloads signed or unsigned updates

Yes, signed updates only. 

Yes 

No 

Yes, signed updates only. 

Local and remote system update support

Local and remote. 

For Solaris 8 – Local.

Remote 

Local 

Local 

RBAC support?

For Update Manager – No.

For smpatch Yes.

Not applicable 

Yes 

No 

Managing Solaris Updates

While you apply updates, the patchadd command logs information in the /var/sadm/patch/update-id/log file.

The patchadd command cannot apply an update under the following conditions:

Selecting the Best Method for Applying Updates

You can use several different methods to download or apply one or more updates to your system. Use the following table to determine which method is best for your needs.

Note –

The version of the smpatch command described in this table was first available for Solaris 8 systems.

Table 1–3 Comparison of Update Methods

Command or Tool 

Description 

For More Information 

Update Manager GUI 

Use this tool when you want the convenience of a GUI to manage updates. 

Following are some features of this GUI: 

  • Analyzing your system to determine the appropriate updates

  • Updating the system with one or more updates

  • Removing updates

  • Viewing the list of applied updates

  • Configuring your update management environment

  • Notifying you when new updates are available for your system

Chapter 4, Managing Solaris Updates by Using the Update Manager GUI

Sun Update Connection Hosted web application 

Use this web application, which is hosted at Sun, to remotely manage updates on all of your Solaris 10 systems. 

Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface

smpatch update

Use this command to analyze your system to determine the appropriate updates, and to automatically download and apply the updates. 

Note that this command will not apply an update that has the interactive property set.

For Solaris 8 systems, only the local mode smpatch is available.

smpatch(1M) man page

smpatch analyze and smpatch update

First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch update to download and apply one or more of the updates to your system.

Note that this command will not apply an update that has the interactive property set.

For Solaris 8 systems, only the local mode smpatch is available.

smpatch(1M) man page

smpatch analyze, smpatch download, and smpatch add

First, use smpatch analyze to analyze your system to determine the appropriate updates. Then, use smpatch download to download them. This command also downloads any prerequisite updates. Then, use smpatch add to apply one or more of the updates to your system while the system is in single-user or multiuser mode.

For Solaris 8 systems, only the local mode smpatch is available.

smpatch(1M) man page

patchadd

Starting with Solaris 2.6 release – Apply unsigned updates to your system.

Starting with Solaris 9 12/03 release – Use this command to apply either signed or unsigned updates to your system. To apply signed updates, you must first set up your package keystore.

patchadd(1M) man page

If you choose to use the smpatch command-line interface or the Update Manager graphical user interface to apply updates, see Getting Started With the Sun Update Connection System for additional information that might affect which method you select.

Sun Update Connection System Features

This section describes the main features of Sun Update Connection System:

To use the Update Manager tool, you must install at least the End User Solaris Software Group of Solaris 10 software.

Note –

As of March 2006, not all Sun updates are available through the Update Manager application. Such updates include those that do not conform to PatchPro standards and those that have third-party contract restrictions.

Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.comSM site.

Update Manager Graphical User Interface

Update Manager offers a graphical user interface for updating systems with updates. You can use the GUI to analyze your system, apply updates you select, remove updates, and configure your update management environment.

As of June 2006, the Update Manager GUI has an updated GNOME Graphics Tool Kit (GTK+) look and feel. Update Manager now has these new features:

Sun Update Connection Hosted Web Application

The Sun Update Connection Hosted web application enables you to remotely monitor and manage all update activities for each of your registered systems. This web application is hosted at Sun.

Note –

Systems that you manage with the Sun Update Connection Hosted web application can still be managed locally by using Update Manager. The update data that appears in these tools might be out of sync due to latency.

The Sun Update Connection Hosted web application is hosted on a Sun web site. You can use this tool to create jobs to run on systems as they check in to the service. A job either installs an update or uninstalls an update. You can also use the Hosted web application to view the update status of your systems and of your jobs.

The Sun Update Connection Hosted web application has these features:

For more information about the Sun Update Connection Hosted web application, see Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface.

Sun Update Connection Proxy

The Sun Update Connection Proxy was previously called local patch server.

This proxy supports client systems that use the Sun Update Connection System software and the Sun Patch Manager 2.0 software. A Sun Update Connection System client system is not compatible with the older local patch server feature associated with the Sun Patch Manager 2.0 product.

Note –

The Sun Update Connection Proxy is an optional feature that you can obtain at no charge if you have a Sun Service Plan. For information about obtaining a Sun Service Plan, go to Solaris Operating System Software Support at http://www.sun.com/service/support/software/solaris/ and select the appropriate level of service.

Starting with the Solaris 8 Operating System, client systems can access updates and update data to perform update analysis and maintenance. This update data is provided by an update source. The update source can be an update server, such as the Sun update server or a Sun Update Connection Proxy (also referred to as a local patch server), or a local collection of updates.

By using a Sun Update Connection Proxy on your intranet, you can serve updates to your local systems and minimize the Internet traffic between your systems and the Sun update server. This type of proxy caches any updates that are downloaded from its update source.

For information about configuring this type of proxy on your intranet, see Configuring Your Sun Update Connection Proxy by Using the Command-Line Interface.

The Sun Update Connection Proxy obtains updates from its source of updates on a per-request basis. You do not need to stock your proxy with updates before you use it.

The system that you choose to act as the Sun Update Connection Proxy must be running at least Solaris 10 and have at least the Developer Solaris Software Group installed. This system must also have the Update Manager software installed.

Benefits of Using a Sun Update Connection Proxy

Using a Sun Update Connection Proxy addresses security concerns as well as system analysis and update download performance issues.

For instance, if your client systems are connected to a Sun Update Connection Proxy and managed locally, the client systems do not need to be connected to the Internet. These client systems also do not need to be registered by the Update Manager software.

As another example, using this type of proxy can improve update-related performance issues. Instead of updates and metadata being downloaded from the Sun update server to each of your systems, the update is downloaded only once to your Sun Update Connection Proxy . After the update data is stored on this server, update data is transferred to your system for analysis over your intranet instead of over the Internet.

You can configure a chain of Sun Update Connection System Proxies on your intranet. The last link in the chain of proxies can point to the Sun update server or to a local collection of updates. By using this chain of proxies, an update download request from your system to its primary Sun Update Connection Proxy can be forwarded to other proxies in the chain in an attempt to fulfill the request. If your system’s primary Sun Update Connection Proxy cannot locate an update, it makes the same request of the next proxy in the chain to see if the update is stored there. If the update is found, it is downloaded to the system. If the update is not found, the request continues along the chain until the update is found or the last proxy in the chain is reached.

For example, your company has a Sun Update Connection Proxy that obtains updates directly from the Sun update server. Each office in your company has its own Sun Update Connection Proxy that obtains updates from the company proxy.

Each Sun Update Connection Proxy in the chain stores the updates found on another proxy in the chain based on the download request. So, an update that is not initially found on your proxy will be downloaded to your Sun Update Connection Proxy and stored before being downloaded to the client system. Each system in a chain of proxies might increase the amount of time it takes to download updates to your client system. So, the first time a client system requests a download, the update is downloaded to the proxy system over the Internet. Subsequent requests for that update are downloaded to the client system from the proxy system over your intranet.

PatchPro Analysis Engine

Update Manager incorporates PatchPro functionality. PatchPro performs update analyses on systems, then downloads and applies the resulting updates. This automation functionality was previously available for Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 as a separate PatchPro product, and in the Sun Patch Manager 2.0 product. PatchPro functionality is now part of the Update Manager software.

PatchPro uses signed updates, which improves the security of Solaris updates by ensuring that they have not been modified.

Note –

The pprosetup and pprosvc commands are included with Update Manager for transition purposes. It is best not to use these commands and to use the smpatch command instead.

Local-Mode Command-Line Interface

Note –

On Solaris 8 systems, you can only run smpatch in local mode.

Starting with Solaris 9, the smpatch command is available in two modes: local mode and remote mode. Local mode can only be run on the local system. This mode can be run while the system is in single-user or multiuser mode. Remote mode can be used to perform tasks on remote systems. Both local mode and remote mode can be used by users or roles that have the appropriate authorizations.

By default, smpatch runs in local mode. In local mode, the Solaris WBEM services are not used, and none of the authentication options or options that refer to remote systems are available. The smpatch command in local mode runs faster than in remote mode.

If you specify any of the remote or authentication options (except for -L), remote mode is used.

Single-User Mode Operations in Local Mode

You can use the smpatch add command in local mode to apply updates while the system is in single-user mode. Apply updates in this way when the updates are associated with the singleuser update property, or when you want to apply any updates to a quiet system.

Use only the smpatch add, smpatch order, and smpatch remove commands to manage updates when your system is running in single-user mode.

You can configure your update management environment while the system is running in single-user mode by using the smpatch get, smpatch set, and smpatch unset commands.

Do not use the smpatch analyze, smpatch download, and smpatch update commands while the system is running in single-user mode. These commands depend on network services that are not available while the system is in single-user mode.

Some updates cannot be automatically applied to your system if they do not meet the policy for applying updates. These updates might need to be applied manually in single-user mode.

Updates that require an immediate reboot or reconfiguration reboot after applying them are not applied immediately. Instead, these updates are automatically applied during a scheduled system shutdown.

The smpatch Live Upgrade Support Feature

This new feature enables users to install all updates in multi-user mode, instead of deferring the updates that require a system-restart to single-user mode.

To activate live upgrade support, you can use the -b boot-env option with the smpatch add, smpatch remove, or smpatch update commands, where -b is the boot environment and the value boot-env is the name of the specific boot environment. The command syntax is as follows:.

smpatch -add -b boot-env

Note –

The current boot environment is copied to the specified boot environment. The chosen updates are applied to the specified boot environment. The specified environment will be activated so that on reboot, the system will run the newly updated boot environment instead of the current one.

After you run the smpatch command with the selected option, a message appears on the command-line prompting you to restart the system at a convenient time.

Caution – Caution –

If you run the smpatch command once again specifying the same boot environment, the changes made by any earlier command are lost. The system applies the most recent set of changes. This issue does not apply when you use the smpatch -update command, because this command installs the complete set of updates once again.

Update List Operations

You can use the smpatch command to create an ordered list of updates. You can save the ordered list to a text file and use it to perform update operations.

You might use an update list to apply the same set of updates to systems that have the same hardware and software configurations. Or, you might create an update list file that contains all pertinent security updates and use that list to apply those security updates to one or more systems.

You can create a file that contains an ordered update list by using the smpatch command in any of these ways:

If you modify an update list and the updates are available on your system, use the smpatch order command to put the list in an order suitable for applying updates. Otherwise, use the smpatch analyze command, which also produces an ordered list of updates.

Caution – Caution –

The smpatch add command attempts to apply all of the updates in the update list, regardless of the policy for applying updates and update dependencies.

You can use update lists as input to the smpatch add, smpatch analyze, smpatch download, smpatch order, and smpatch update commands.

Update Manager Concepts

To use the Update Manager software, you must be familiar with these concepts:

Information about Solaris patches and the Sun Patch Manager 2.0 software is in System Administration Guide: Basic Administration in the Solaris 10 System Administrator Collection on the docs.sun.com site.

Update Manager Tool

Update Manager is a tool for managing updates on Solaris 10 systems. Update Manager extends the functionality that was previously available with the Sun Patch Manager 2.0 software. This new functionality is only available if you have a Sun Online Account and you register your system with Sun.

Note –

You can always use the smpatch add command and the smpatch remove command to manage updates that you manually download from Sun. A system that you manage in this way need not be registered. However, your system must be registered if you use the smpatch analyze, smpatch download, or smpatch update command.

Update Manager Registration

Only systems that have been registered with Update Manager can use its functionality and be managed remotely by the Sun Update Connection Hosted web application.

For instructions on registering your system, see How to Register Your System. For information about obtaining a subscription key, see How to Obtain a Sun Subscription Key.

Note –

If you locally manage a system that is a client of a Sun Update Connection Proxy on your intranet, you do not need to register the client system. You must register the system that acts as the proxy. If, however, your client system is also remotely managed by the Sun Update Connection Hosted web application, the client system must be registered.

A customer with a Sun Service Plan, which includes software support, can do any of the following:

For information about the available Solaris Service Plans, go to the http://www.sun.com/service/solaris10/ web site.

Registration Service Levels

To use Update Manager, you must register the system on which you installed the software. You can select from three levels of registration and entitlement, which are described in the following sections:

Note –

An unregistered system only has access to security updates. You can manage the updates on your unregistered system by using the smpatch add command and the smpatch remove command.

Registered With No Subscription

You have sent basic information about your system to Sun, but have not purchased an update management subscription. At this service level, you can use the Update Manager application to locally manage updates, which includes doing the following:

Note –

If your update management environment includes a Sun Update Connection Proxy and your system is a client of that proxy, your client system does not need to be registered to use the Update Manager software. However, the system that acts as the proxy must be registered.

Registered With a Subscription

You have sent system information to Sun and have purchased an update management subscription. This service level expands the functionality available at the previous (basic) service level. You can use the Update Manager application for these tasks:

Note –

If your update management environment includes a Sun Update Connection Proxy and your system is a client of that proxy, your client system does not need to be registered to use the Update Manager software. The system that acts as the proxy must be registered. If, however, you decide to use the Sun Update Connection Hosted web application to remotely manage your client system, that system must be registered.

Registered With a Subscription and Managed With Sun Update Connection System

You have sent system information, purchased a subscription, and want to use the Sun Update Connection Hosted web application to remotely manage updates. This service level expands the functionality available at the previous (middle) service level. You can use the Sun Update Connection Hosted web application for these tasks:

Update Management Process

Update Manager enables you to perform the update management process, which includes the following tasks:

For information about recommended strategies and practices for using Solaris updates, see Solaris Patch Management Recommended Strategies at http://docs.sun.com/app/docs/coll/1078.1.

After an update has been successfully applied, the downloaded update is removed from the download directory.

Updates are applied to your system depending on the specified policy and the update properties that are associated with the downloaded updates.

If an update does not meet the policy for applying updates, the update is not applied immediately. Instead, the update is applied during a scheduled system shutdown. The Update Manager application shows these updates as being Restart Required updates.

For any of the updates that have the interactive property set, follow the instructions in the update’s README file to manually apply them. The Update Manager application shows these updates as being Download Only updates.

Analyzing Your System

Before you apply updates to your system, you must determine which updates are needed. You can use Update Manager to perform a update analysis of your system to obtain a list of appropriate updates.

Update Manager uses analysis modules and a list of available updates to perform the analysis of your Solaris system. For information about the source of updates, see Specifying the Source of Updates.

Based on the result of the analysis, the updates can be downloaded and applied to your system.

Sometimes an update cannot be applied to the system until another update is applied. The first update is said to depend on the second update. When Update Manager analyzes your system, it checks for update dependencies and automatically includes all updates in the resulting list.

Note –

The list of updates that is generated by the analysis is based on all of the available updates from the Sun update server. No explicit information about your host system or its network configuration is transmitted to Sun. Only a request for the Sun update set is transmitted. The update set is scanned for updates that are appropriate for this host system, the results are displayed, and those updates are optionally downloaded.

Downloading Updates to Your System

Before you apply updates to your system, you must download the updates that you want from the Sun update server to that system.

You can download updates from the Sun update server based on an analysis of the system, or you can specify particular updates to download.

The Update Manager application ties the download operation and the installation operation together. So, when you request that an update be installed, the update is first downloaded to your system and then installed.

Some updates, which are marked as Download Only, cannot be installed by the Update Manager application. When you request that a Download Only update be installed, the update is downloaded to your system, but not installed. To install the update, you must follow the installation instructions in the update’s README file.

Applying Updates to Your System

Update Manager can apply updates to your system.

If you use the smpatch add command to apply particular updates, it attempts to apply only those updates that you specified. The smpatch add command does not attempt to resolve update dependencies. If you want to apply an update that has a missing dependency, the update is not applied. You can use the smpatch analyze command or the smpatch update command to resolve update dependencies.

When you use the Update Manager GUI to apply updates that you selected from the list of updates, each update is downloaded (if necessary) before it is applied.

If you attempt to install a list of updates, Update Manager first performs an analysis to determine whether dependent updates must also be installed.

Removing Updates From Your System

You might want to remove (or back out) an update that you previously applied to your system. Update Manager enables you to remove updates.

Caution – Caution –

Do not remove the Update Manager feature update from a system, or Update Manager will not work properly.

When you remove an update, the Solaris update tools restore all of the files that have been modified by that update, unless any of the following are true:

During the update removal process, the patchrm command logs the backout process in the /tmp/backoutlog.process-id file. This log file is automatically removed if the update is successfully removed.

You can use the Update Manager GUI to remove one or more updates by selecting them from the list of applied updates. However, you can only remove one update at a time with the smpatch remove command.

Note –

If you attempt to remove an update on which other updates depend, it is not removed. If you remove all of the updates that depend upon this update, you can remove the update.

When you attempt to remove an update on which other updates depend, Update Manager presents you with the list of updates that must be removed as well. To remove the update you originally selected, you must agree to remove these updates.

Using the Sun Update Connection Hosted Web Application to Manage Your Systems

You can request that your Solaris 10 systems be managed by the Sun Update Connection Hosted web application either during or after the registration process. This Hosted web application enables you to manage the updates on all of your systems. For more information, see Chapter 5, Managing Solaris Updates by Using the Sun Update Connection Hosted Browser Interface.

Even if your system is managed by the Sun Update Connection Hosted web application, you can still use Update Manager to manage updates on your local system.

Specifying the Source of Updates

When you use Update Manager, your client systems and any Sun Update Connection proxies must have access to Solaris updates and update data. Both client systems and proxies can obtain updates from these sources:

The default source of updates for client systems and Sun Update Connection System Proxies is the Sun update server. As a result, any client system or Sun Update Connection Proxy that obtains updates from the Sun update server must be connected, either directly or through a network proxy, to the Internet.

You can use a combination of Sun Update Connection System Proxies and different update sources to configure these update management environments.

Clients access updates and update data from the following sources:

For instructions on specifying the source of updates for your client system, see How to Specify a Source of Updates (GUI).

For instructions on specifying the source of updates for your proxy, see How to Change Configuration Settings for Your Sun Update Connection Proxy (Command Line).

Customizing the Policy for Applying Updates

Update Manager applies these types of updates to your system:

Standard updates are associated with the standard update property. Updates marked as Restart Required are associated with the rebootafter, reconfigafter, rebootimmediate, reconfigimmediate, and singleuser update properties. Updates marked as Download Only are associated with the interactive update property. Download Only updates are only downloaded to your system and must be applied manually according to the instructions in the update’s README file.

If you use the smpatch update command to update your system, however, you can customize the policy for applying updates.

For more information about this policy, see the smpatch(1M) man page.

Setting Update Manager Configuration Properties

The smpatch set command uses the following parameters to configure your update management environment.

Note –

Except for patchpro.patchset, parameters can also be modified in the Update Manager GUI by choosing Preferences from the File menu and specifying the appropriate values.