The following table summarizes Solaris patch management features.
Feature |
patchadd/patchrm Commands |
Solaris 2.6, 7, and 8 Patch Management Tools |
Solaris 9 Patch Management Tools |
PatchPro Interactive or PatchPro Expert |
---|---|---|---|---|
How do I get this tool? |
Bundled in Solaris release (SUNWswmt) |
Must download tool from http://www.sun.com/PatchPro |
Must download tool from http://www.sun.com/PatchPro |
Run tool from http://www.sun.com/PatchPro |
Solaris release availability |
Solaris 2.6, 7, 8, and 9 |
Solaris 2.6, 7, and 8 |
Solaris 9 |
Solaris 2.6, 7, 8, and 9 |
Adds signed patches? |
Yes* |
Yes, and automatically verifies the signed patch when it is downloaded |
Yes, and automatically verifies the signed patch when it is downloaded |
No |
Adds unsigned patches? |
Yes |
No |
Yes |
Yes |
GUI available? |
No |
No |
Yes |
No |
Analyzes system for required patches and downloads signed or unsigned patches |
No |
Yes, both signed and unsigned patches |
Yes, both signed and unsigned patches |
Yes, unsigned patches only |
Local and remote system patch support |
Local |
Local |
Local and Remote |
No |
RBAC support? |
No |
No |
Yes |
No |
*You can unpack a signed patch and add it to your system with the patchadd command, but the digital signature will be lost. For information on manually verifying a signed patch and adding it with the patchadd command, see http://sunsolve.Sun.COM/patches/spag.pdf.
Detailed information about how to install and back out a patch is provided in the patchadd(1M) and patchrm(1M) man pages. Each patch also contains a README file that contains information about the patch.
Solaris Patch Manager Base Version 1.0, which is the smpatch command, is used to manage signed patches on systems running the Solaris 2.6, 7, and 8 releases. You can use the smpatch command with PatchPro 2.1 to manage signed patches on systems running the Solaris 9 release.
Both signed patch tools provide the following capabilities:
They analyze patch requirements and download signed patches on the local system only. Similar to PatchPro Expert, this tool reads the /etc/patchpro_hdw.conf file to determine what hardware is installed. Other than this feature, the two tools are entirely independent.
They apply one or more signed patches in JAR format, which also authenticates the patch or patches to be added.
They remove one or more patches, which checks patch dependencies before removing the patch or patches.
You can set up a default patch policy that allows the installation of various patch types such as clientroot, clientusr, rebootafter, or standard patches.
If you upgrade to the Solaris 9 release, the smpatch command is automatically upgraded to the lastest version.
The patchadd command is still available to add unsigned patches to systems running the Solaris 2.6, 7, 8, and 9 releases. You cannot use Patch Manager Base Version 1.0 to add unsigned patches on these systems.
The Solaris 2.6, 7, and 8 signed patch tools limitations are:
You cannot install signed patches to alternate boot environments nor to diskless clients.
You cannot install patches that do not have a digital signature.
You cannot install patches with the rebootimmediate, reconfigimmediate, or nonconforming attributes.
When you install the patch management tools, several Solaris packages are added to your system, including some Java packages, that are required for the tools to run. In addition, several packages must be installed on your system before you can install the patch tools. These packages are as follows:
Solaris 2.6 release – Core cluster plus the SUNWmfrun, SUNWlibC, and SUNWxcu4 packages.
Solaris 7 and 8 releases – Core cluster plus the SUNWmfrun and SUNWlibC packages.
Solaris 9 release – Developer cluster (SUNWprog) is required if you are using the Solaris Management Console Patches Tool with PatchPro 2.1.
For information on verifying whether the required Solaris packages are installed on your system, see How to Verify Package Requirements for Signed Patch Tools.
You can download the Solaris patch management tools from the following location:
Follow the links for your Solaris release and select the appropriate tar file.
After you have installed a patch management tool, you can use several different methods of downloading or adding a signed patch or patches to your system. Use the following table to determine which method is best for your needs.
Command or Tool |
Description |
For More Information |
---|---|---|
smpatch update |
Use this command to identify required patches, and then, automatically download and add the patches to your system. | |
smpatch analyze |
Use this command to identify required patches and display a list of required patch IDs for your system. Then, you could use the smpatch download and smpatch add commands to download and add the patches to your system. |
smpatch(1M) |
smpatch download and smpatch add |
Use these commands to download and add a patch or patches to your system. These commands also download and add any prerequisite patches. |
Examples—Downloading and Adding a Signed Patch on a Solaris System (smpatch Command) |
ftp and smpatch add |
Use the ftp command to transfer a patch or patches to your system. Then, use the smpatch add command to add the patch or patches to your system. |
Examples—Downloading and Adding a Signed Patch on a Solaris System (smpatch Command) |
Solaris Management Console Patches Tool |
For Solaris 9 systems only – Use this tool when you want the convenience of a GUI tool to manage signed patches. |
Solaris Management Console online help |