Sun Patch Manager 2.0 Administration Guide for the Solaris 9 Operating System


The following terms are used throughout this book.


To check a system to determine the list of patches that are appropriate for this system.

Patch Manager uses analysis modules and a list of available patches from the Sun patch server to generate a list of patches for your Solaris system.


To install a patch on a system.

back out

To remove a patch from a system.

backout data

Data that is created when a patch is applied to enable the system to return to its previous state if the patch is removed (backed out).

backout directory

Directory in which backout data is stored. By default, this is the save directory of each package that was installed by the patch.


The ability of a server in a chain of patch servers to store a patch that has been downloaded to it from another server.


See patch dependency.

digital signature

An electronic signature that can be used to ensure that a document has not been modified since the signature was applied.


To copy one or more patches from a source of patches, such as a local patch server or the Sun patch server, to the system where the patches are to be applied.

download directory

Directory in which patches are stored when they are downloaded from the patch source. This is also the directory from which patches are applied. The default location is /var/sadm/spool.


A repository of certificates and keys that is queried when you attempt to apply a signed patch.

local mode

A mode available for the smpatch command, which can only be run on the local system. This mode can be used to apply patches while the system is either in single-user mode or in multiuser mode.

local patch server

A system on your intranet that provides access to patch data in lieu of the Sun patch server. The server caches patches downloaded from its patch source.

nonstandard patch

A patch that is associated with the interactive property, with one or more of the rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, and singleuser properties, or a patch that cannot be applied by running the usual patch management tools.


To sort a set of patches in an order suitable for applying patches.


The form in which software products are delivered for installation on a system. The package contains a collection of files and directories in a defined format.


An update to software that corrects an existing problem or that introduces a feature.

patch analysis

A method of checking a system to determine which patches are appropriate for the system.

patch dependency

An instance where a patch depends on the existence of another patch on a system. A patch that depends on one or more patches can only be applied to a system when those other patches have already been applied.

patch ID

A unique alphanumeric string, with the patch base code first, a hyphen, and a number that represents the patch revision number.

patch incompatibility

A rare situation where two patches cannot be on the same system. Each patch in the relationship is incompatible with the other. If you want to apply a patch that is incompatible with a patch already on the system, you must first remove the patch that is already on the system. Then, you can apply the new patch.

patch list

A file that contains a list of patches, one patch ID per line. Such a list can be used to perform patch operations. The list can be generated based on the analysis of a system or on user input.

Each line in a patch list has two columns. The first column is the patch ID, and the second column is a synopsis of that patch.

patch management process

A process that involves analyzing a system to determine the appropriate patches, downloading the patches to that system, and applying the patches. Another part of the patch management process is the optional removal of patches.

patch obsolescence

An instance where a patch replaces another patch, even if it has not already been applied to a system. A patch that obsoletes one or more patches replaces those patches entirely and does not require that the obsolete patches be applied before the replacement patch is applied.

patch server

A source of Solaris patches that can be used by your systems to perform patch analyses and from which to obtain the appropriate patches. The patch server can be the Sun patch server, or a server on your intranet, called the local patch server.


A product developed by Sun Network Storage to provide automated patch management technology, which is used by Sun Patch Manager.

policy for applying patches

A user-configurable policy that specifies the types of patches that can be applied during an update of your system.

remote mode

A mode available for the smpatch command, which can be run on a local system to update another system with patches. This mode can only be used while the system is in multiuser mode.


To determine the patch dependencies required for a list of patches. Each patch in the list is checked to determine whether any other patches must be added to the list. If any patches are required, they are added to the ordered patch list.

signed patch

A patch that is signed with a valid digital signature. A signed patch offers greater security than an unsigned patch. The digital signature of the patch can be verified before the patch is applied to your system. A valid digital signature ensures that the signed patch has not been modified since the signature was applied. Signed patches are stored in Java Archive (JAR) format files.

standard patch

A patch that can be applied to a Solaris system that is running in multiuser mode without having to reboot. Such a patch is associated with the standard patch property.

Sun Alert

A notification to customers of a known product issue that might negatively impact customers' computing environments or productivity. A problem that warrants a Sun Alert notification meets the criteria for issues that are related to at least one of these concerns: availability, security, and data loss.

SunSolve Online

The Sun Microsystems web site that provides access to patch data. Patch Manager uses the data to perform patch analyses of your systems. See

unsigned patch

A patch that is not signed with a digital signature.


To perform the steps necessary to apply patches to a system. The system is analyzed, and the patches are downloaded and then applied.

web proxy

A system that is used to connect your system to the Internet. Your system cannot connect directly to the Internet, but must use the web proxy to establish the connection.