Sun Patch Manager 2.0 Administration Guide for the Solaris 9 Operating System

Tools for Managing Solaris Patches

You can use the following tools to apply patches to Solaris systems:

Sun Patch Manager command-line interface (smpatch)
Sun Patch Manager browser interface
patchadd
Solaris Management Console Patches tool (GUI, starting with Solaris 9)

If you need to apply a patch to a diskless client system, see Patching Diskless Client OS Services in System Administration Guide: Basic Administration.

Note –

The browser interface that was originally released with the Sun Patch Manager 2.0 product for Solaris 9 systems has been withdrawn.

The Patch Manager product will be replaced by the new Sun Update Manager product.

The following table summarizes the availability of the Solaris patch management tools.

Tool Availability	`patchadd`/`patchrm` Commands	Solaris 2.6 and Solaris 7 Patch Management Tools	Sun Patch Manager 2.0	PatchPro Interactive or PatchPro Expert
How do I get this tool?	Included with the Solaris release	Download the tool from the Sun Download Center web site [The Sun Download Center web site is `http://wwws.sun.com/software/download`.]	Download the Solaris 8 or Solaris 9 version of the tool from the Sun Download Center web site	Run tool from the PatchPro web site [The PatchPro web site is `http://www.sun.com/PatchPro`.]
Solaris release availability	Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases	Solaris 2.6 and Solaris 7 releases	Solaris 8 and Solaris 9 releases	Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 releases
Applies signed patches?	Starting with the Solaris 9 12/03 release – Yes, and automatically verifies the signed patch when it is downloaded	Yes, and automatically verifies the signed patch when it is downloaded	Yes, and automatically verifies the signed patch when it is downloaded	No, these tools do not apply patches
Applies unsigned patches?	Yes	No	Yes, but the patches must be unzipped first	No
GUI available?	No	No	Yes, for Solaris 9 systems only	Yes, these tools can only be run from the PatchPro web site
Analyzes system to determine the appropriate patches and downloads signed or unsigned patches	No	Yes, signed patches only	Yes, signed patches only	Yes, unsigned patches only
Local and remote system patch support	Local	Local	Local and remote For Solaris 8 systems – Local	No
RBAC support?	Yes	No	Yes	No

Note –

Starting with the Solaris 9 release – A graphical user interface (GUI), the Patches tool in the Solaris Management Console (smc), is also available. The Patches tool enables you to analyze systems to determine the appropriate patches, view patch properties, download patches, apply patches to systems, and remove patches.

Managing Solaris Patches

When you apply a patch, the patch tools call the pkgadd command to apply the patch packages from the patch directory to a local system's disk.

Caution –

Do not run the pkgadd command directly to apply patches.

More specifically, the patch tools do the following:

Determine the Solaris version number of the managing host and the target host
Update the patch package's pkginfo file with this information:
- Patches that have been obsoleted by the patch being applied
- Other patches that are required by this patch
- Patches that are incompatible with this patch

While you apply patches, the patchadd command logs information in the /var/sadm/patch/patch-id/log file.

The patchadd command cannot apply a patch under the following conditions:

The package is not fully installed on the system.
The patch package's architecture differs from the system's architecture.
The patch package's version does not match the installed package's version.
A patch with the same base code and a higher revision number has already been applied.
A patch that obsoletes this patch has already been applied.
The patch is incompatible with a patch that has already been applied to the system. Each patch that has been applied keeps this information in its pkginfo file.
The patch being applied depends on another patch that has not yet been applied.

Selecting the Best Method for Applying Patches

You can use several different methods to download or apply one or more patches to your system. Use the following table to determine which method is best for your needs.

Command or Tool	Description	For More Information
`smpatch update`	Starting with the Solaris 8 release – Use this command to analyze your system to determine the appropriate patches, and to automatically download and apply the patches. Note that this command will not apply a patch that has the `interactive` property set. Note – For Solaris 8 systems, only the local mode `smpatch` is available.	How to Update Your System With Patches (Command Line) smpatch(1M) man page
`smpatch analyze` and `smpatch update`	Starting with the Solaris 8 release – First, use `smpatch analyze` to analyze your system to determine the appropriate patches. Then, use `smpatch update` to download and apply one or more of the patches to your system. Note – For Solaris 8 systems, only the local mode `smpatch` is available.	How to Analyze Your System to Obtain the List of Patches to Apply (Command Line) How to Update Your System With Patches (Command Line) smpatch(1M) man page
`smpatch analyze`, `smpatch download`, and `smpatch add`	Starting with the Solaris 8 release – First, use `smpatch analyze` to analyze your system to determine the appropriate patches. Then, use `smpatch download` to download them. This command also downloads any prerequisite patches. Then, use `smpatch add` to apply one or more of the patches to your system while the system is in single-user or multiuser mode. Note – For Solaris 8 systems, only the local mode `smpatch` is available.	Managing Patches by Using the Command-Line Interface (Task Map) smpatch(1M) man page
Patch Manager browser interface	Starting with the Solaris 9 release – Use this tool when you want the convenience of a web browser tool to manage patches. The browser interface enables you to do the following: Analyze your system to determine the appropriate patches Update the system with one or more patches Remove patches View the list of applied patches View the patch management tool logs Configure your patch management environment	Managing Solaris Patches by Using the Sun Patch Manager Browser Interface (Task Map)
`patchadd`	Starting with the Solaris 2.6 release – Apply unsigned patches to your system. Starting with the Solaris 9 12/03 release – Use this command to apply either signed or unsigned patches to your system. To apply signed patches, you must first set up your package keystore.	patchadd(1M) man page
Solaris Management Console Patches tool	Starting with the Solaris 9 release – Use this tool when you want the convenience of a GUI tool to manage signed patches.	Solaris Management Console online help

If you choose to use the smpatch command-line interface or the Patch manager browser interface, see Chapter 4, Getting Started With Sun Patch Manager (Overview) for additional information that might affect which method you select to apply patches.