test

System Administration Guide: Basic Administration

Troubleshooting Problems With Signed Patches

For up-to-date information on troubleshooting signed patch problems or error messages, see http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/spfaq.

Viewing Patch Tool Log Files

Various log files on the system can identify problems with installing patch management tools or adding signed patches.

By default, PatchPro writes to the system log file.The syslog configuration file, /etc/syslog.conf, identifies where the system log file resides on the system. You can instruct PatchPro to write messages to a different file on the local file system by updating the patchpro.log.file property in the PatchPro configuration file, /opt/SUNWppro/etc/patchpro.conf.

For example, if you want PatchPro to write to the /var/tmp/patchpro.log file, assign /var/tmp/patchpro.log to the patchpro.log.file property.

Use the following table to determine which log file might contain information about a failed installation of a patch management tool or a signed patch.

Log File 

Description 

/var/tmp/ppro_install_log.nnn

Identifies the success or failure of the installation of PatchPro packages and patches. 

/var/tmp/log/patchpro.log

Identifies problems when adding a signed patch with the various patch tools. 

/var/adm/messages

Can identify problems when adding a signed patch with the various patch tools or when the patch tools did not initialize properly. 

Solaris Management Console 's Log Viewer on a Solaris 9 system 

Identifies the success or failure of adding a signed patch with the Solaris Management Console's Patches tool.  

How to Resolve a Sequestered Patch

A patch might not install successfully if it requires prerequisite patches or if a system reboot is required to install the patch. Patches that cannot be installed by PatchPro are sequestered in the /var/spool/pkg/patchproSequester directory.

Review the patch README file to find out if there are any prerequisite patches, which are listed in a section called REQUIRED PATCHES.

You can either view a copy of the patch README from the SunSolve Online website or extract the README file from the JAR archive. Do not expand the JAR archive to avoid any tampering with the digital signature. Use the following procedure to safely extract the patch README file.

You should also review the contents of the /var/tmp/log/patchpro.log file to find out why a patch did not install successfully.

  1. Verify that a patch or patches were not installed by viewing the contents of the /var/spool/pkg/patchproSequester directory.


    # cd /var/spool/pkg/patchproSequester; ls

  2. Extract the README file from the JAR archive:

    1. First, identify the name of the README file. For example:


      # /usr/j2se/bin/jar tvf 107058-01.jar | grep README

    2. Then, extract the README file. For example:


      # /usr/j2se/bin/jar xvf 107058-01.jar 107058-01/README.107058-01
extracted: 107058-01/README.107058-01

  3. View the README file.

    For example:


    # more 107058-01/README.107058-01

How to Remove Imported Certificates

If a problem occurred during the PatchPro installation, you might just remove the certificates and import them again.

  1. Become superuser.

  2. Remove the previously imported certificates.


    #/usr/j2se/bin/keytool -delete -alias smicacert -keystore 
/usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit
# /usr/j2se/bin/keytool -delete -alias smirootcacert -keystore 
/usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit
# /usr/j2se/bin/keytool -delete -alias patchsigning -keystore 
/usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit