For the purpose of this discussion, patch administration involves installing or removing Solaris patches from a running Solaris system. It might also involve removing (called backing out) unwanted or faulty patches.
This is a list of the overview information in this chapter.
In its simplest form, you can think of a patch as a collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package format, which conforms to the Application Binary Interface. (For details about packages, see Chapter 20, Software Administration (Overview).)
There are two utilities for managing patches:
patchadd - use to install directory-format patches to a Solaris system.
patchrm - use to remove patches installed on a Solaris system. This command restores the file system to its state before a patch was applied.
Detailed information about how to install and back out a patch is provided in patchadd(1M) and patchrm(1M). Each patch also contains a README file that contains specific information about the patch.
Before installing patches, you might want to know more about patches that have previously been installed. The table below describes commands that provide useful information about patches already installed on a system.
Table 22-1 Helpful Commands for Patch Administration
Command |
Function |
---|---|
showrev -p |
Shows all patches applied to a system. |
pkgparam pkgid PATCHLIST |
Shows all patches applied to the package identified by pkgid. |
pkgparam pkgid PATCH_INFO_patch-number |
Shows the installation date and name of the host from which the patch was applied. pkgid is the name of the package: for example, SUNWadmap. |
patchadd -R client_root_path -p |
Shows all patches applied to a client, from the server's console. |
patchadd -p |
Shows all patches applied to a system. |
All Sun customers can access security patches and other recommended patches via the World Wide Web or anonymous ftp. Sun customers who have purchased a service contract can access an extended set of patches and a complete database of patch information. This information is available via the World Wide Web, anonymous ftp, and it is regularly distributed on a CD-ROM (See the table below).
Table 22-2 Customer Patch Access Information
If You Are ... |
Then ... |
---|---|
A Sun Service customer |
You have access to the SunSolve database of patches and patch information. These are available via the World Wide Web or anonymous ftp, as described in "Patch Access Via the World Wide Web" and "Patch Access Via ftp". These patches are updated nightly. You also receive a patch CD-ROM every 6 to 8 weeks. |
Not a Sun Service customer |
You have access to a general set of security patches and other recommended patches. These are available via the World Wide Web or anonymous ftp, as described in "Patch Access Via the World Wide Web" and "Patch Access Via ftp". |
You can access Sun patches via the World Wide Web or anonymous ftp. If you have purchased a Sun service contract, you will also be able to get patches from the patch CD-ROM that is regularly distributed.
To access patches on the World Wide Web, you need a machine that is:
Connected to the Internet
Capable of running Web browsing software such as Netscape
To access patches via anonymous ftp, you need a machine that is:
Connected to the Internet
Capable of running the ftp program
To access patches via the World Wide Web, use this uniform resource locator (URL):
After reaching the Sun home page, click on the Sales and Service button and navigate your way to the SunSolve patch database.
The patch database for publicly available patches are labeled "Public patch access." The patch database for the comprehensive set of patches and patch information available to contract customers is labeled "Contract customer patch access." You will be prompted for a password to access this contract customer database.
You can also access publicly available patches using this URL:
http://metalab.unc.edu/pub/sun-info/sun-patches/
Scroll to the bottom of this list to display the Solaris patch reports at this site.
To access patches via ftp, you can use the ftp command to connect to either the sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina). When ftp prompts you for a login, enter anonymous as the login name. Use your complete email address when prompted for a password. After the connection is complete, you can find publicly available patches in the /pubs/patches directory.
To transfer patches, you will need to change the ftp transfer mode to binary. To do this, enter bin at the ftp prompt.
Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number. For example, patch 106925-02 is a SunOS 5.7 patch for the glm device driver.
When you install a patch, the patchadd command calls the pkgadd command to install the patch packages from the patch directory to a local system's disk. More specifically, patchadd:
Determines the Solaris version number of the managing host and the target host
Updates the patch package's pkginfo file with information about patches obsoleted by the patch being installed, other patches required by this patch, and patches incompatible with this patch
During the patch installation, patchadd keeps a log of the patch installation in /var/sadm/patch/patch-number/log for the Solaris 2.4 release and compatible versions.
The patchadd command will not install a patch under the following conditions:
The package is not fully installed on the host
The patch packages architecture differs from the system's architecture
The patch packages version does not match the installed package's version
There is already an installed patch with the same base code and a higher version number
The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file)
The patch being installed requires another patch that is not installed
When you back out a patch, the patchrm command restores all files modified by that patch, unless:
The patch was installed with patchadd -d (which instructs patchadd not to save copies of files being updated or replaced)
The patch has been obsoleted by a later patch
The patch is required by another patch
The patchrm command calls pkgadd to restore packages that were saved from the initial patch installation.
During the patch removal process, patchrm keeps a log of the back out process in /tmp/backoutlog.process_id. This log file is removed if the patch backs out successfully.