If a signed patch's contents are extracted into the same directory as the signed patch, the extracted patch cannot be installed by using the /usr/sbin/patchadd command. Instead, the signed patch is installed when you execute /usr/sbin/patchadd ./patchid. The unsigned, extracted patch is ignored.
In some instances, the following error messages might be displayed:
Verifying signed patch patchid... ERROR: Unable to open keystore /var/sadm/security/patchadd /truststore for reading ERROR: Unable to lock keystore /var/sadm/security for exclusive access Signature invalid on signed patch patchid. Patchadd is terminating. |
Workaround: Choose from the following workarounds:
Extract the signed patch into a directory other than the directory where the signed patch exists. Use the path to the extracted patch when executing the /usr/sbin/patchadd command.
After extracting the signed patch, but before running the /usr/sbin/patchadd command, delete the .jar file.
Do not extract the signed patch. Instead, populate the package keystore and install the signed patch directly. Follow these steps:
Become superuser.
Execute the following commands:
# /usr/bin/mkdir /var/sadm/security |
# /usr/bin/keytool -export -storepass changeit -alias \ gtecybertrustca -keystore usr/java/jre/lib/security/cacerts -file \ /tmp/gte.crt |
# /usr/bin/pkgadm addcert -t -f der /tmp/gte.crt |
Change the default password changeit to the password that is used to protect the Java keystore.