Chapter 2 Managing Signed Patches by Using Solaris Patch Management Tools (Tasks)

This chapter provides instructions for managing signed patches by using Solaris patch management tools. See these sections:

• Using Solaris Patch Management Tools

• Solaris Patch Management Tool Caveats

• Downloading and Installing the Patch Management Tools (Task Map)

• Selecting the Best Method for Applying Signed Patches

• Downloading and Applying Signed Patches to a Solaris System (Task Map)

• Troubleshooting Signed Patch Problems (Task Map)

For information about how to manage signed patches without Solaris patch management tools, see Appendix A, Managing Signed Patches Without Solaris Patch Management Tools (Tasks).

See Chapter 1, Managing Signed Patches (Overview) for overview information about using signed patches. For information about troubleshooting problems with the patch management tools, see the Signed Patches Release Notes for PatchPro 2.2.

Using Solaris Patch Management Tools

Patch Manager Base 1.0.1 and PatchPro 2.2 are tools that manage signed patches on Solaris systems. Patch Manager Base 1.0.1 runs on Solaris 2.6, Solaris 7, and Solaris 8 systems. PatchPro 2.2 runs on Solaris 9 systems. These tools also run on both SPARC^TM and x86 hardware.

By using the patch management tools, you can do the following:

• Analyze a Solaris system to determine the recommended patches.

  If your system includes hardware products from Sun Network Storage, the patch management tools can recommend firmware patches associated with that hardware. You might need to identify that hardware manually. See How to Identify the Hardware on Your System.

• Download the recommended patches from Sun to a local system.

• Apply the recommended patches to a local system.

• Remove patches from a local system.

Solaris Patch Management Tool Caveats

Be aware of these key points when using the Solaris patch management tools:

• For Solaris 2.6, Solaris 7, or Solaris 8 only – If you have a previous version of the PatchPro software on your system, the older version will be upgraded when Solaris Patch Manager Base 1.0.1 is installed.

• The digital signature for signed patches is verified when the patches are downloaded with the smpatch download command.

  However, on a Solaris 9 system, no patch signature validation message is displayed during the patch download, even if the patch signature is successfully verified. If the patch signature verification fails, you will know because the patch is not downloaded to your system.

• For Solaris 9 only – The smpatch command prompts you for authentication information if you do not specify the information in the command line.

  For example, you can specify authentication information to the smpatch command using the following syntax:

  # smpatch add -p mypassword -u root -- -i patch-ID

  The smpatch subcommands are separated from the authentication options and arguments by --. The smpatch subcommands are add, analyze, download, remove, and update. Support for the update subcommand began with the Solaris 9 4/03 release.

  Or, you can let the smpatch command prompt you for the authentication information.

  # /usr/sadm/bin/smpatch add -i patch-ID Authenticating as user: root Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password :: Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug Login to starbug as user root was successful. Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was successful.

• Use the /opt/SUNWppro/bin/uninstallpatchpro script if you need to uninstall PatchPro 2.2.

Downloading and Installing the Patch Management Tools (Task Map)

Use this task map to identify the tasks that must be completed before you can apply signed patches to your system. Notice that you can install or upgrade a patch management tool in interactive mode or in non-interactive mode. Perform the tasks in the order shown.

How to Verify Package Requirements for Patch Management Tools

1. Verify that the appropriate Solaris cluster and Solaris packages are installed on your system.

   • For the Solaris 2.6 release, verify that these packages are present:

     # pkginfo | grep SUNWmfrun system SUNWmfrun Motif RunTime Kit # pkginfo | grep SUNWlibC system SUNWlibC Sun Workshop Compilers Bundled libC # pkginfo | grep SUNWxcu4 system SUNWxcu4 XCU4 Utilities

   • For the Solaris 7 or Solaris 8 release, verify that these packages are present:

     # pkginfo | grep SUNWmfrun system SUNWmfrun Motif RunTime Kit # pkginfo | grep SUNWlibC system SUNWlibC Sun Workshop Compilers Bundled libC

   • For the Solaris 9 release, verify that one of these Solaris clusters is present by checking the /var/sadm/system/admin/CLUSTER file:

     • SUNWCprog

     • SUNWCall

     • SUNWCXall

2. If the pkginfo commands do not return any output, you must install the required packages.

How to Download the Patch Management Tools From SunSolve Online

The Solaris patch management tools are available for both the SPARC and x86 platforms.

1. Go to http://www.sun.com/PatchPro.

2. To begin the download process, go to the section that describes Patch Manager and click the download link.

   The binary code license agreement appears.

3. Agree to the terms of the binary code license agreement.

   • To accept the license agreement, click Agree.

     The Patch Manager download page appears.

   • To reject the license agreement, click Cancel.

     You are not permitted to download the software.

4. Identify the Solaris version and platform of your local system to get the appropriate patch management tool.

   1. Determine which version of Solaris you need:

      • Solaris 2.6

      • Solaris 7

      • Solaris 8

      • Solaris 9

   2. Click the README link associated with the Solaris version you chose to get information about installing the patch management tool.

   3. Click the platform link associated with the version of Solaris that this tool supports.

      • Click SPARC to download the SPARC version of the patch management tool.

      • Click x86 to download the x86 version of the patch management tool.

5. Choose a directory on your local system in which to download and extract the tool.

   For example, you might create a directory called /export/download/patchpro.

   Ensure that this directory can be written by superuser.

6. Download the software tar file to that directory.

   The software you selected is downloaded.

7. Become superuser.

8. Change to the directory in which you downloaded the tar file.

   # cd /export/download/patchpro

9. Extract the patch management tool from the tar file.

   • If you are downloading the tar file for Solaris 2.6 or Solaris 7, the tar file is compressed.

     # zcat pproSunOSsparc5.6jre2.2.tar.Z | tar xvf -

   • If you are downloading the tar file for Solaris 8 or Solaris 9, the tar file is in zip format.

     # gunzip -dc pproSunOSx865.9jre2.2.tar.gz | tar xvf -

   The name of the tar file indicates the operating system type, platform, and operating system version:

   ppro<OS><platform><OS version>jre2.2.tar

   For example, pproSunOSsparc5.8jre2.2.tar is the tar file that contains the patch management tool for the SPARC version of Solaris 8 (SunOS^TM 5.8). pproSunOSx865.9jre2.2.tar is the tar file that contains the patch management tool for the x86 version of Solaris 9 (SunOS 5.9).

Now, you can install and configure the tool on your system. See How to Install and Configure the Patch Management Tool in Interactive Mode or How to Install the Patch Management Tool in Non-Interactive Mode.

How to Install and Configure the Patch Management Tool in Interactive Mode

Use the setup command to install and configure the patch management tool on your system in interactive mode.

If you want to install the patch management tool in a hands-off manner, such as a custom JumpStart^TM installation, see How to Install the Patch Management Tool in Non-Interactive Mode.

1. Become superuser.

2. Change to the directory in which you downloaded the tar file.

   # cd /export/download/patchpro

3. Run the setup command to install and configure the tool.

   For example, install and configure the Solaris 9 (SPARC Platform Edition) version of the patch management tool:

   # cd pproSunOSsparc5.9jre2.2 # ./setup

4. Specify the mechanism your system uses to connect to the Internet to retrieve Sun patches.

   The patch management tool requires that your system be connected to the Internet, either directly or indirectly through a web proxy.

   • If your system is connected directly to the Internet, type 1.

     • If your system runs Solaris 2.6, Solaris 7, or Solaris 8 software, go to Step 6.

     • If your system runs Solaris 9 software, go to Step 5.

   • If your system is connected to the Internet through a web proxy, type 2.

   1. Specify the host name or IP address of the web proxy.

   2. Specify the port number of the web proxy.

   3. Specify whether the web proxy requires authentication.

      • If the web proxy does not require authentication, type n.

        • If your system runs Solaris 2.6, Solaris 7, or Solaris 8 software, go to Step 6.

        • If your system runs Solaris 9 software, go to Step 5.

      • If the web proxy requires authentication, type y.

   4. Specify the name of a user for the web proxy.

   5. Specify the password of the user for the web proxy.

5. Solaris 9 only – Indicate whether to automatically restart the Solaris WBEM services after you install the patch management tool.

   Restarting the Solaris WBEM services on an active system can cause unexpected problems, so ensure that your system is in a quiet state before restarting these services.

   • If you can restart the services now, type y.

     The services are automatically restarted after the patch management tool is installed.

   • If you cannot restart the services now, type n.

     After you install the patch management tool, bring your system to a quiet state, then manually restart the services.

     # /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start

6. Verify that the data you specified is correct.

   The setup program shows the configuration information that you supplied.

   • If the configuration data is correct, type y.

   • If the configuration data is incorrect and you want to change some of the values, type n.

   The patch management tool is installed.

7. Add patch management tool directories to your path.

   • For Bourne shell or Korn shell:

     # PATH=/usr/sadm/bin:/opt/SUNWppro/bin:${PATH} # export PATH

   • For C shell:

     machine_name# setenv PATH /usr/sadm/bin:/opt/SUNWppro/bin:${PATH}

8. Add the patch man page directory to your man page path.

   • For Bourne shell or Korn shell:

     # MANPATH=/opt/SUNWppro/man:${MANPATH} # export MANPATH

   • For C shell:

     machine_name# setenv MANPATH /opt/SUNWppro/man:${MANPATH}

How to Install the Patch Management Tool in Non-Interactive Mode

Use the setup command with the -f option if you want to perform a hands-off installation. This command can be used to perform a custom JumpStart installation.

If you want to install and configure the patch management tool in interactive mode, see How to Install and Configure the Patch Management Tool in Interactive Mode.

1. Become superuser.

2. Change to the directory in which you downloaded the tar file.

   # cd /export/download/patchpro

3. Run the setup command to install the tool.

   For example, install the Solaris 9 (x86 Platform Edition) version of the patch management tool:

   # cd pproSunOSx865.9jre2.2 # ./setup -f

After the patch management tool is installed, you must configure it by running the pprosetup command. See How to Set Up Your Patch Management Environment After a Non-Interactive Installation or Upgrade.

If not configured, the patch management tool will not be functional.

How to Upgrade From PatchPro 2.1 to PatchPro 2.2 in Interactive Mode

Use the setup command to manually upgrade your system that runs PatchPro 2.1 to PatchPro 2.2. You do not need to uninstall PatchPro 2.1 before you upgrade the tool. The setup command also enables you to configure the patch management tool on your system.

If you want to upgrade the patch management tool in a hands-off manner, such as a custom JumpStart installation, see How to Upgrade From PatchPro 2.1 to PatchPro 2.2 in Non-Interactive Mode.

If your system is not already running PatchPro 2.1, just install PatchPro 2.2 by using one of the following procedures:

• How to Install and Configure the Patch Management Tool in Interactive Mode

• How to Install the Patch Management Tool in Non-Interactive Mode

1. Become superuser.

2. Change to the directory in which you downloaded the PatchPro 2.2 tar file.

   # cd /export/download/patchpro

3. Run the setup command to upgrade and configure the tool.

   For example, upgrade and configure the Solaris 9 (SPARC Platform Edition) version of the patch management tool:

   # cd pproSunOSsparc5.9jre2.2 # ./setup

4. Indicate whether you want to continue with the upgrade of the patch management tool.

   • If yes, type y.

   • If you want to exit the setup program, type q.

5. Specify the mechanism your system uses to connect to the Internet to retrieve Sun patches.

   The patch management tool requires that your system be connected to the Internet, either directly or indirectly through a web proxy.

   • If your system is connected directly to the Internet, type 1.

     • If your system runs Solaris 2.6, Solaris 7, or Solaris 8 software, go to Step 7.

     • If your system runs Solaris 9 software, go to Step 6.

   • If your system is connected to the Internet through a web proxy, type 2.

   1. Specify the host name or IP address of the web proxy.

   2. Specify the port number of the web proxy.

   3. Specify whether the web proxy requires authentication.

      • If the web proxy does not require authentication, type n.

        • If your system runs Solaris 2.6, Solaris 7, or Solaris 8 software, go to Step 7.

        • If your system runs Solaris 9 software, go to Step 6.

      • If the web proxy requires authentication, type y.

   4. Specify the name of a user for the web proxy.

   5. Specify the password of the user for the web proxy.

6. Solaris 9 only – Indicate whether to automatically restart the Solaris WBEM services after you upgrade the patch management tool.

   Restarting the Solaris WBEM services on an active system can cause unexpected problems, so ensure that your system is in a quiet state before restarting these services.

   • If you can restart the services now, type y.

     The services are automatically restarted after the patch management tool is upgraded.

   • If you cannot restart the services now, type n.

     After you upgrade the patch management tool, bring your system to a quiet state, then manually restart the services.

     # /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start

7. Verify that the data you specified is correct.

   The setup program shows the configuration information that you supplied.

   • If the configuration data is correct, type y.

   • If the configuration data is incorrect and you want to change some of the values, type n.

8. Indicate whether you want to upgrade your current installation.

   You are asked to specify whether to upgrade software on a per-package basis.

   • If you want to upgrade to the new version of the specified package, type y.

   • If you want to exit the setup program, type q.

9. Indicate whether to continue with the upgrade of the patch management tool.

   • If you want to continue, type y.

     The patch management tool is upgraded on your system. The old version is removed, and the tool is configured based on your answers to the configuration questions.

     The PatchPro configuration settings you specified are displayed.

   • If you want to exit the setup program, type q.

10. Add patch management tool directories to your path.

    • For Bourne shell or Korn shell:

      # PATH=/usr/sadm/bin:/opt/SUNWppro/bin:${PATH} # export PATH

    • For C shell:

      machine_name# setenv PATH /usr/sadm/bin:/opt/SUNWppro/bin:${PATH}

11. Add the patch man page directory to your man page path.

    • For Bourne shell or Korn shell:

      # MANPATH=/opt/SUNWppro/man:${MANPATH} # export MANPATH

    • For C shell:

      machine_name# setenv MANPATH /opt/SUNWppro/man:${MANPATH}

How to Upgrade From PatchPro 2.1 to PatchPro 2.2 in Non-Interactive Mode

If you are already running PatchPro 2.1 on your system, you can upgrade your system to run PatchPro 2.2.

If you want to upgrade the patch management tool interactively, instead of in a hands-off manner, see How to Upgrade From PatchPro 2.1 to PatchPro 2.2 in Interactive Mode.

If your system is not already running PatchPro 2.1, just install PatchPro 2.2 by using one of the following procedures:

• How to Install and Configure the Patch Management Tool in Interactive Mode

• How to Install the Patch Management Tool in Non-Interactive Mode

1. Become superuser.

2. Change to the directory in which you downloaded the PatchPro 2.2 tar file.

   # cd /export/download/patchpro

3. Run the setup command to install and configure the tool.

   For example, upgrade the Solaris 7 x86 version of the patch management tool:

   # cd pproSunOSx865.7jre2.2 # ./setup -f UPGRADE=true

After the patch management tool is upgraded, you must configure it by running the pprosetup command. See How to Set Up Your Patch Management Environment After a Non-Interactive Installation or Upgrade.

If not configured, the patch management tool will not be functional.

How to Set Up Your Patch Management Environment After a Non-Interactive Installation or Upgrade

1. Become superuser.

2. Add patch management tool directories to your path.

   • For Bourne shell or Korn shell:

     # PATH=/usr/sadm/bin:/opt/SUNWppro/bin:${PATH} # export PATH

   • For C shell:

     machine_name# setenv PATH /usr/sadm/bin:/opt/SUNWppro/bin:${PATH}

3. Add the patch man page directory to your man page path.

   • For Bourne shell or Korn shell:

     # MANPATH=/opt/SUNWppro/man:${MANPATH} # export MANPATH

   • For C shell:

     machine_name# setenv MANPATH /opt/SUNWppro/man:${MANPATH}

4. Specify whether an Internet connection must be established by a web proxy.

   • If you do not need to use a web proxy to establish an Internet connection, you have completed the web proxy configuration process.

   • If you must use a web proxy to establish an Internet connection, run the following command:

     # pprosetup -x proxy-server:proxy-port

     where proxy-server is the host name of the web proxy, and proxy-port is the port number of the web proxy, which is 8080 by default. Notice that these values must be separated by a colon (:).

     For example, if you select webaccess.corp.net.com as the proxy server, the pprosetup command would look like this:

     # pprosetup -x webaccess.corp.net.com:8080

     Obtain this information from your system administrator or from your network administrator.

5. (Optional) Specify whether the web proxy requires authentication.

   • If the web proxy does not require authentication, you have completed the web proxy configuration process.

   • If the web proxy does require authentication, do the following:

   1. Specify the name for your web proxy.

      # pprosetup -U proxy-user-name

   2. Specify the user's password for your web proxy by adding the password to the /opt/SUNWppro/lib/.proxypw file.

      # echo proxy-user-passwd > /opt/SUNWppro/lib/.proxypw

      Keep the password safe by setting the owner, group, and permissions of this file to root, sys, and 0600, respectively.

6. Solaris 9 only – Notify the Solaris Management Console server that the PatchPro packages are added to the system.

   # /etc/init.d/init.wbem stop # /etc/init.d/init.wbem start

After you have completed all the signed patch preparation tasks, you can begin applying signed patches to your system by using your patch management tool.

You can use the pprosetup command to change the configuration of your patch management environment. See the pprosetup(1M) man page.

Solaris 9 only – If you change your patch management environment by running pprosetup, you must restart the Solaris WBEM services before you use the smpatch command. Restarting these services causes the configuration changes take effect.

How to Identify the Hardware on Your System

You can use your patch management tool to apply firmware patches to Sun Network Storage hardware products that are attached to your system. The tool needs to know what hardware is attached to your system. Some of the hardware is automatically identified by software, but some needs to be identified manually by following this procedure.

When the hardware is identified, the smpatch analyze command can determine whether you need specific firmware patches based on your hardware configuration.

1. Become superuser.

2. Start up the dialog program to identify the hardware that exists on your system.

   # pprosetup -H Change Hardware Configuration. Analyzing this computer. ..............

3. Select the numbers that are associated with the disk drives that are attached to your system.

   You must page through the entire list before you can make your selections. So, note the numbers that are associated with the disk drives that are attached to your system.

   Your selections are listed.

4. Select the numbers that are associated with the storage servers and disk arrays that are attached to your system.

   You must page through the entire list before you can make your selections. So, note the numbers that are associated with the storage servers and disk arrays that are attached to your system.

   Your selections are listed.

5. Select the numbers that are associated with the tape storage systems that are attached to your system.

   You must page through the entire list before you can make your selections. So, note the numbers that are associated with the tape storage systems that are attached to your system.

   Your selections are listed.

6. Save your selections to a file.

   This file is also used by PatchPro Expert, which is available on the SunSolve Online site.

   • If you want to save your selections, type y.

   • If you do not want to save your selections, type n.

How to Identify the Types of Patches to Apply to Your System

This procedure enables you to establish the default patch policy for your system. See also the pprosetup(1M) man page.

1. Become superuser.

2. Identify the types of patches to apply to the system.

   # pprosetup -i standard:singleuser:rebootafter:reconfigafter

   In this example command line, the default patch policy applies the following types of patches to your system:

   • Standard patches

   • Patches that must be applied in single-user mode

   • Patches that must have the system undergo a reboot after they have been applied

   • Patches that must have the system undergo a reconfiguration reboot after they have been applied

How to Configure Your System to Access Contract Patches

If you are a customer with a Sun service contract, additional patches are available to you. To access these patches, you must specify your SunSolve^TM user name and password.

1. Specify your SunSolve user name.

   # pprosetup -u sunsolve-user-name

2. Specify your SunSolve password by adding the password to the /opt/SUNWppro/lib/.sunsolvepw file.

   # echo sunsolve-user-passwd > /opt/SUNWppro/lib/.sunsolvepw

   Keep the password safe by setting the owner, group, and permissions of this file to root, sys, and 0600, respectively.

How to Uninstall the Patch Management Tool

When you uninstall the patch management tool, the tool is completely removed from your system.

1. Become superuser.

2. Uninstall the PatchPro software.

   # /opt/SUNWppro/bin/uninstallpatchpro

3. Solaris 2.6, Solaris 7, and Solaris 8 only – Determine whether you want the Java 2 software removed.

   Java 2 is installed with the patch management tool.

   • If you want to remove the Java 2 software, type y.

   • If you do not want to remove the Java 2 software, type n.

Selecting the Best Method for Applying Signed Patches

After you have installed or upgraded your patch management tool and completed the preparatory tasks (see Downloading and Installing the Patch Management Tools (Task Map)), use this table to determine which method is best for downloading and applying signed patches to your system.

Downloading and Applying Signed Patches to a Solaris System (Task Map)

Use this task map to identify the tasks that are used to manage signed patches. Perform the tasks in the order shown.

Be aware of these disk space considerations when using the smpatch command to download and apply signed patches:

• The default patch directory for signed patches is /var/sadm/spool.

• To specify an alternate patch directory, use the -d option of the smpatch add, smpatch download, or smpatch update command.

• The download process might use more disk space than anticipated because prerequisite patches might be required by and downloaded with the patch that you download.

• To reclaim disk space in the patch directory, remove the signed patches from the /var/sadm/spool directory after they are successfully downloaded and applied to your system. Notice that the smpatch and pprosvc -i commands automatically remove the patch after it has been successfully applied.

How to Analyze Your System to Identify the Recommended Patches

Ensure that you have completed the preparation tasks before analyzing your system. For more information, see Downloading and Installing the Patch Management Tools (Task Map).

1. Become superuser.

2. Analyze the system.

   # smpatch analyze Assessing required patches for machine "venus/172.20.27.26" . Please wait... 110453-04 SunOS 5.8: admintool Patch 109318-33 SunOS 5.8: suninstall Patch 112396-02 SunOS 5.8: /usr/bin/fgrep patch ...

Now, you can download and apply these patches to your system. See How to Download and Apply a Signed Patch to a Solaris System. Notice that the smpatch download command also performs the analysis step before downloading the patches to your system.

How to Download and Apply a Signed Patch to a Solaris System

Ensure that you have completed the preparation tasks before downloading and applying a signed patch to your system. For more information, see Downloading and Installing the Patch Management Tools (Task Map).

To download and apply a signed patch on a Solaris system, follow this procedure. Following the procedure are examples.

1. Become superuser.

2. Download one or more signed patches from the SunSolve Web site to your local system.

   # smpatch download -i patch-ID -i patch-ID ... Requested patches: patch-ID patch-ID ... Downloading the requested patches /var/sadm/spool/patch-ID.jar has been validated. /var/sadm/spool/patch-ID.jar has been validated. ... For downloaded patch(es) see /var/sadm/spool

   This command also analyzes the system to determine the list of recommended patches to download.

3. Apply the signed patches.

   # smpatch add -i patch-ID -i patch-ID

Example—Downloading and Applying a Signed Patch That Has No Dependencies

This example shows how to download and apply patch 105407-01 by using the smpatch command on a Solaris 2.6 system.

# smpatch download -i 105407-01

Requested patches:

    105407-01

Downloading the requested patches



/var/sadm/spool/105407-01.jar has been validated.

For downloaded patch(es) see /var/sadm/spool
# smpatch add -i 105407-01

On machine "earth/172.20.27.27" ...


Installing patch 105407-01 ...
Purging /var/sadm/spool/105407-01
/var/sadm/spool/README.txt has been moved to 
/var/sadm/spool/patchproSequester

Example—Downloading and Applying a Signed Patch That Has Dependencies

This example shows how to download and apply patch 107081-45 by using the smpatch command on a Solaris 7 system or a Solaris 8 system. This patch has two patch dependencies, which are automatically downloaded and verified.

# smpatch download -i 107081-45

Requested patches:

    107081-45

Downloading the requested patches

The following patches were added due to patch dependencies:
    108376-37
    107656-09

/var/sadm/spool/108376-37.jar has been validated.

/var/sadm/spool/107656-09.jar has been validated.

/var/sadm/spool/107081-45.jar has been validated.

For downloaded patch(es) see /var/sadm/spool
# smpatch add -i 108376-37 -i 107656-09 -i 107081-45

On machine "venus/172.20.27.26" ...

Installing patch 108376-37 ...
Installing patch 107656-09 ...
Installing patch 107081-45 ...
Purging /var/sadm/spool/108376-37
Purging /var/sadm/spool/107656-09
Purging /var/sadm/spool/107081-45

Example—Downloading and Applying a Signed Patch That Has No Dependencies to a Solaris 9 System

This example shows how to download and apply a signed patch by using the smpatch command on a Solaris 9 system.

# /usr/sadm/bin/smpatch download -i 111711-01
Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: xxx
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug
Login to starbug as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was 
successful.


        Requested patches:
                111711-01

        Downloading the requested patches ...


For downloaded patch(es) see /var/sadm/spool.
# smpatch add -i 111711-01
Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: xxx
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug
Login to starbug as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was 
successful.

        On machine starbug ...
                Installing patch 111711-01

Example—Downloading and Applying a Signed Patch That Has Dependencies to a Solaris 9 System

This example shows how to download and apply patch 113434-06 by using the smpatch command on a Solaris 9 system. This patch has a patch dependency, which is automatically downloaded and verified.

# smpatch download -i 113434-06
Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: xxx
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug
Login to starbug as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was
successful.


Requested patches:
	113434-06

Downloading the requested patches


The following patches were added due to patch dependencies:
	114482-02


For downloaded patch(es) see /var/sadm/spool.
# smpatch add -1 114482-02 -i 113434-06  
Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: xxx
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug
Login to starbug as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was
successful.

	On machine starbug ...
		Installing patch 114482-02
		Installing patch 113434-06

Example—Downloading and Applying a Signed Patch by Using ftp

This example shows how to use the ftp command to get a signed Solaris 8 patch from the SunSolve Online site. Then, the example shows how to use the smpatch add command to apply the signed patch to the system.

# ftp sunsolve.sun.com
Connected to sunsolve.sun.com.
220-
220-Welcome to the SunSolve Online FTP server.
220-
220-Public users may log in as anonymous. 
...
Name (sunsolve.sun.com:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password: xxx
230-
230-SUN MICROSYSTEMS, INC.
...
230 Guest login ok, access restrictions apply.
ftp> cd signed_patches
250 CWD command successful.
ftp> get 112846-01.jar /var/sadm/spool/112846-01.jar
200 PORT command successful.
150 Opening ASCII mode data connection for 112846-01.jar (22524 bytes).
226 Transfer complete.
local: /var/sadm/spool/112846-01 remote: 112846-01.jar
22613 bytes received in 0.065 seconds (341.70 Kbytes/s)
ftp> quit
# smpatch add -i 112846-01
On machine "earth/172.20.27.27" ...


Installing patch 112846-01 ...
Purging /var/sadm/spool/112846-01

How to Remove a Signed Patch From a Solaris System

If the patch you want to remove is required by one or more of the patches that have already been applied to the system, an error is issued and the patch is not removed.

1. Become superuser.

2. Remove the signed patch.

   # smpatch remove -i patch-ID

   You can remove only one patch at a time.

Example—Removing a Signed Patch From a Solaris 2.6 System

# smpatch remove -i 105407-01

On machine "earth/172.20.27.27" ...

Removing patch 105407-01

Checking installed patches...

Backing out patch 105407-01...

Patch 105407-01 has been backed out.

Example—Removing a Signed Patch From a Solaris 9 System

# /usr/sadm/bin/smpatch remove -i 111711-01
Authenticating as user: root

Type /? for help, pressing <enter> accepts the default denoted by [ ]
Please enter a string value for: password :: 
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from starbug
Login to starbug as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from starbug was 
successful.

          On machine starbug ...
                Removing patch 111711-01

Troubleshooting Signed Patch Problems (Task Map)

Use the following task map to troubleshoot signed patch problems.

For up-to-date information about troubleshooting signed patch problems, error messages, or documentation errata, see the Signed Patches Release Notes for PatchPro 2.2.

How to Obtain Information About Your Patch Management Environment

To begin troubleshooting problems with PatchPro 2.2 or Patch Manager Base 1.0.1, you must understand how your patch management environment is configured. Use the pprosetup -L command to obtain the configuration information.

1. Become superuser.

2. Obtain the configuration information.

   # pprosetup -L Log file location: System log file (consult /etc/syslog.conf for exact location) Log file size: 50000 Download directory: /var/sadm/spool Sequester directory: /var/sadm/spool/patchproSequester Proxy server name: webaccess.corp.net.com Proxy server port: 8080 Server URL: https://patchpro.sun.com/servlet/ \ com.sun.patchpro.server.PatchProServerServlet/ Database URL: https://patchpro.sun.com/database/patchprodb.zip Detectors URL: https://patchpro.sun.com/database/pprodetectors.jar

How to View Patch Management Tool Log Files

Various log files on the system can help you to identify problems with installing patch management tools or applying signed patches.

By default, PatchPro writes to the system log file. The system log configuration file, /etc/syslog.conf, specifies where the system log file resides on the system. By default, the system log file is /var/adm/messages.

1. (Optional) To instruct PatchPro to write messages to a different file on the local file system, update the patchpro.log.file property in the PatchPro configuration file, /etc/opt/SUNWppro/etc/patchpro.conf.

   For example, if you want PatchPro to write to the /var/tmp/patchpro.log file, assign /var/tmp/patchpro.log to the patchpro.log.file property.

2. Use the following table to determine which log file might contain information about a failed installation of a patch management tool or a signed patch.

   Log File	Description
   /var/tmp/ppro_install_log.nnn	Identifies the success or failure of the installation of PatchPro packages and patches.
   /var/tmp/log/patchpro.log	Identifies problems that are found when using the patch management tool.
   /var/adm/messages	Identifies problems that are found when applying a signed patch to a system by using the various patch management tools. Also, identifies problems that are found when the patch management tools do not initialize properly.
   Solaris Management Console Log Viewer on a Solaris 9 system	Identifies the success or failure of applying a signed patch with the Solaris Management Console Patches Tool.

How to Move the Log From syslog to a Separate File

1. Select a file of specific maximum size to serve as the PatchPro circular log.

2. Become superuser.

3. Save the current PatchPro configuration by creating a copy of the PatchPro configuration file.

   # cp /etc/opt/SUNWppro/etc/patchpro.conf \ /etc/opt/SUNWppro/etc/patchpro.conf.orig

4. Edit the patchpro.conf configuration file.

   1. Change the value of the patchpro.log.file property to specify the new log file.

   2. Change the value of the patchpro.log.size property to specify the size of the log file in bytes.

5. Resume syslog logging.

   # cp /etc/opt/SUNWppro/etc/patchpro.conf.orig \ /etc/opt/SUNWppro/etc/patchpro.conf

How to Resolve a Sequestered Patch

A patch might not install successfully if the patch installation policy cannot be satisfied. Namely, a patch that has the rebootafter property cannot be applied in automatic mode. A patch that cannot be installed by PatchPro is sequestered in the /var/sadm/spool/patchproSequester directory, by default.

Review the README file associated with the patch to determine the installation details of the patch.

To view the README, do one of the following:

• View a copy of the patch README from the SunSolve Online Web site.

• Extract the README file from the JAR archive.

To protect the digital signature, do not expand the JAR archive. Use the following procedure to safely extract the patch README file.

Also, review the contents of the /var/tmp/log/patchpro.log file to determine why a patch did not install successfully.

1. Become superuser.

2. Verify that one or more patches were not installed by viewing the contents of the /var/sadm/spool/patchproSequester directory.

   # cd /var/sadm/spool/patchproSequester; ls

3. Extract the README file from the JAR archive.

   1. First, identify the name of the README file, for example:

      # /usr/j2se/bin/jar tvf 107058-01.jar | grep README 1440 Sat Apr 06 08:50:08 MST 2002 107058-01/README.107058-01

   2. Then, extract the README file.

      # /usr/j2se/bin/jar xvf 107058-01.jar 107058-01/README.107058-01 extracted: 107058-01/README.107058-01

4. View the README file.

   # more 107058-01/README.107058-01