test

Sun Patch Manager 2.0 Administration Guide for the Solaris 9 Operating System

Patch Management Process

Patch Manager enables you to manually or automatically perform the patch management process, which includes the following tasks:

For information about recommended strategies and practices for using Solaris patches, see Solaris Patch Management: Recommended Strategies on docs.sun.com.

Automatically Updating Your System With Patches

Patch Manager can automatically apply the set of appropriate patches to your system.

An update performs these steps in the patch management process:

After a patch has been successfully applied, the downloaded patch is removed from the download directory.

Patches are applied to your system depending on the specified policy and the patch properties associated with the patches that are downloaded.

If a patch does not meet the policy for applying patches, the patch is not applied. Instead, a patch entry for that patch is written to the disallowed_patch_list file in the download directory. Sun Patch Manager continues trying to apply the other patches. Later, you can go to the download directory and use the smpatch add command to manually apply any disallowed patches that are listed in this file. For any of the patches that have the interactive property set, follow the instructions in the patch's README file to apply them.

For example, you can bring your system to single-user mode and apply the patches listed in the disallowed_patch_list file by typing the following:


# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list

Instead of performing an update, you can perform the analyze, download, and apply tasks manually by using the smpatch command. These tasks are described in the following sections.

Analyzing Your System

Before you can apply patches to your system, you can determine which patches are needed. You can use Patch Manager to perform a patch analysis of your system to obtain a list of appropriate patches.

Patch Manager uses analysis modules and a list of available patches from the source of patches, which is the SunSolve Online web site by default, to perform the analysis of your Solaris system. For information about the source of patches, see Specifying the Source of Patches.

Based on the result of the analysis, the patches can be downloaded and applied to your system.

Sometimes a patch depends on another patch, that is, the first patch cannot be applied to the system until the other patch is applied. The first patch is said to have a dependency on the second patch. When Patch Manager analyzes your system, it checks for patch dependencies and automatically includes all patches in the resulting list. If you request a system analysis based on particular patches, Patch Manager adds any patches to the list that are needed to resolve patch dependencies.

Note –

The list of patches that is generated by the analysis is based on all of the available patches from the Sun patch server. No explicit information about your host system or its network configuration is transmitted to Sun. Only a request for the Sun patch set is transmitted. The patch set is scanned for patches that are appropriate for this host system, the results are displayed, and those patches are optionally downloaded.

Downloading Patches to Your System

Before you apply patches to your system, you must download the patches that you want from the Sun patch server to that system.

You can download patches from the Sun patch server based on an analysis of the system, or you can specify particular patches to download.

You cannot use the Patch Manager browser interface to just download patches. When you select patches from the list of patches and click Apply or Apply All, the patches you specified are both downloaded and applied. To just download patches, use the smpatch download command.

Applying Patches to Your System

Patch Manager can apply patches to your system.

If you use the smpatch add command to apply particular patches, it attempts to apply only those patches that you specified. The smpatch add command does not attempt to resolve patch dependencies. If you want to apply a patch that has a missing dependency, the patch is not applied. You can use the smpatch analyze command or the smpatch update command to resolve patch dependencies.

When you use the browser interface to apply patches that you selected from the list of patches, each patch is downloaded (if necessary) before it is applied.

Removing Patches From Your System

You might want to remove (or back out) a patch that you previously applied to your system. Patch Manager enables you to remove patches.

Caution – Caution –

Do not remove the Sun Patch Manager 2.0 WBEM patch (117680-01 for x86 and 117679-01 for SPARC®) from a system, or Patch Manager will not work properly.

When you remove a patch, the Solaris patch tools restore all of the files that have been modified by that patch, unless any of the following are true:

The Solaris patch tools call the pkgadd command to restore packages that were saved when the patch was initially applied.

During the patch removal process, the patchrm command logs the backout process in the /tmp/backoutlog.process-id file. This log file is automatically removed if the patch is successfully removed.

You can use the browser interface to remove one or more patches by selecting them from the list of applied patches. However, you can only remove one patch at a time when you use the smpatch remove command.

Note –

If you attempt to remove a patch on which other patches depend, it is not removed. If you remove all of the patches that depend upon this patch, then you can remove it.