Chapter 18 Patch Administration (Overview)

For the purpose of this discussion, patch administration involves installing or removing Solaris patches from a running Solaris system. It may also involve removing (called backing out) unwanted or faulty patches.

This is a list of the overview information in this chapter.

• "What Is a Patch"

• "Tools For Managing Patches"

• "Patch Distribution"

• "Patch Numbering"

• "What Happens When You Install a Patch"

• "What Happens When You Remove a Patch"

What Is a Patch

In its simplest form, you can think of a patch as a collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package format, which conforms to the Application Binary Interface. (For details about packages, see Chapter 16, Software Administration (Overview).)

Tools For Managing Patches

There are two utilities for managing patches:

• patchadd - use to install directory-format patches to a Solaris 7 system.

• patchrm - use to remove patches installed on a Solaris 7 system. This command restores the file system to its state before a patch was applied.

Detailed information about how to install and back out a patch is provided in the Install.info file with each patch. Each patch also contains a README file that contains specific information about the patch.

Before installing patches, you might want to know more about patches that have previously been installed. Table 18-1 shows commands that provide useful information about patches already installed on a system.

Table 18-1 Helpful Commands for Patch Administration

Command	Function
showrev -p	Shows all patches applied to a system.
pkgparam pkgid PATCHLIST	Shows all patches applied to the package identified by pkgid.
pkgparam pkgid PATCH_INFO_patch-number	Shows the installation date and name of the host from which the patch was applied. pkgid is the name of the package: for example, SUNWadmap.
patchadd -R client_root_path -p	Shows all patches applied to a client, from the server's console.
patchadd -p	Shows all patches applied to a system.

Patch Distribution

All Sun customers can access security patches and other recommended patches via the World Wide Web or anonymous ftp. Sun customers who have purchased a service contract can access an extended set of patches and a complete database of patch information. This information is available via the World Wide Web, anonymous ftp, and it is regularly distributed on a CD-ROM (See Table 18-2).

Table 18-2 Customer Patch Access Information

If You Are ...	Then ...
A Sun Service customer	You have access to the SunSolve database of patches and patch information. These are available via the World Wide Web or anonymous ftp, as described in "Patch Access Via the World Wide Web" and "Patch Access Via ftp". These patches are updated nightly. You also receive a patch CD-ROM every 6 to 8 weeks.
Not a Sun Service customer	You have access to a general set of security patches and other recommended patches. These are available via the World Wide Web or anonymous ftp, as described in "Patch Access Via the World Wide Web" and "Patch Access Via ftp".

What You Need to Access Sun Patches

You can access Sun patches via the World Wide Web or anonymous ftp. If you have purchased a Sun service contract, you will also be able to get patches from the patch CD-ROM that is regularly distributed.

To access patches on the World Wide Web, you need a machine that is:

• Connected to the Internet

• Capable of running Web browsing software such as Mosaic or Netscape

To access patches via anonymous ftp, you need a machine that is:

• Connected to the Internet

• Capable of running the ftp program

Patch Access Via the World Wide Web

To access patches via the World Wide Web, use this uniform resource locator (URL):

http://www.sun.com/

After reaching the Sun home page, click on the Sales and Service button and navigate your way to the SunSolve patch database.

The patch database for publicly available patches are labeled "Public patch access." The patch database for the comprehensive set of patches and patch information available to contract customers is labeled "Contract customer patch access." You will be prompted for a password to access this contract customer database.

You can also access publicly available patches using this URL:

http://sunsite.unc.edu/

Patch Access Via ftp

To access patches via ftp, you can use the ftp command to connect to either the sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina). When ftp prompts you for a login, enter anonymous as the login name. Use your complete email address when prompted for a password. After the connection is complete, you can find publicly available patches in the /pubs/patches directory.

---

Note -

To transfer patches, you will need to change the ftp transfer mode to binary. To do this, enter bin at the ftp prompt.

---

Patch Numbering

Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number. For example, patch 101977-02 is a Solaris 2.4 patch to correct the lockd daemon.

What Happens When You Install a Patch

When you install a patch, the patchadd command copies files from the patch directory to a local system's disk. More specifically, patchadd:

• Determines the Solaris version number of the managing host and the target host

• Updates the patch package's pkginfo file with information about patches obsoleted by the patch being installed, other patches required by this patch, and patches incompatible with this patch

During the patch installation, patchadd keeps a log of the patch installation in /var/sadm/patch/patch-number/log for the Solaris 2.4 release and compatible versions. The Solaris 2.5 release and compatible versions also store log files in this location, but only if installation errors occurred.

The patchadd command will not install a patch under the following conditions:

• The package is not fully installed on the host

• The patch's architecture differs from the system's architecture

• The patch's version does not match the installed package's version

• There is already an installed patch with the same base code and a higher version number

• The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file)

• The patch being installed requires another patch that is not installed

What Happens When You Remove a Patch

When you back out a patch, the patchrm command restores all files modified by that patch, unless:

• The patch was installed with patchadd -d (which instructs patchadd not to save copies of files being updated or replaced)

• The patch has been obsoleted by a later patch

• The patch is required by another patch

The patchrm command calls pkgadd to restore packages that were saved from the initial patch installation.

During the patch installation, patchrm keeps a log of the patch installation in /tmp/backoutlog.process_id. This log file is removed if the patch backs out successfully.