test

Sun Patch Manager 2.0 Administration Guide for the Solaris 9 Operating System

Chapter 5 Managing Solaris Patches by Using the Sun Patch Manager Command-Line Interface (Tasks)

This chapter describes how to use the Patch Manager command-line interface to manage patches on your Solaris 9 systems.

The following task-related information is in this chapter:

Managing Solaris Patches by Using the Sun Patch Manager Command-Line Interface (Task Map)

The following table identifies the tasks that you might perform when you use the Sun Patch Manager command-line interface.

Task 

Description 

For Instructions 

Access the command-line interface. 

If you want to perform patch management tasks on the command-line, use the smpatch command.

Accessing the Sun Patch Manager Command-Line Interface

Configure the patch management environment for your system. 

By default, your system is assumed to be connected directly to the Internet and configured to obtain patches from the Sun patch server. 

If this is not true for your system, change the configuration settings to match your environment. 

Configuring Your Patch Management Environment by Using the Command-Line Interface (Task Map)

Manage patches on your system. 

You can use the command-line interface to perform an analysis of your system, apply one or more patches, find patch dependencies, order patch lists, and remove patches. 

Managing Patches by Using the Command-Line Interface (Task Map)

(Optional) Tune the patch management environment for your system. 

Change some optional configuration settings, such as the policy for applying patches. 

Tuning Your Patch Management Environment by Using the Command-Line Interface (Task Map)

Accessing the Sun Patch Manager Command-Line Interface

Caution – Caution –

Do not run simultaneous Patch Manager operations on your system because it might become unstable. Do not interrupt a patch operation once it has started. If a patch operation is running, you must wait for that operation to complete before starting another operation.

This behavior pertains to operations initiated by both the smpatch command and by the browser interface.

You can run either the local mode or remote mode smpatch command as a user with the appropriate authorizations, such as superuser, or by assuming a role that includes the appropriate profiles.

A user must have the solaris.admin.patchmgr.* authorization to run the smpatch command.

The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

Note –

The pprosetup and pprosvc commands are included with Sun Patch Manager 2.0 for transition purposes. It is best not to use these commands and to use the smpatch command instead.

For more information about smpatch command-line options, see the smpatch(1M) man page.

ProcedureHow to Access the Sun Patch Manager Command-Line Interface (Command Line)

By default, the smpatch command runs in local mode.

  1. Decide whether to manage patches on the local system or on a remote system.

    • If you want to manage patches on the local system only, go to Step 2.

    • If you want to manage patches on a remote system, go to Step 4.

      The Solaris WBEM services must be running on the remote system.

  2. Log in to a system as a user with appropriate authorizations or assume a role with the appropriate authorizations.

    Note that you must be an appropriately authorized user to assume an appropriate role. See Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  3. Run the smpatch command you want.

    For example:


    $ smpatch analyze

  4. Log in to a system as a user who is appropriately authorized or is permitted to assume a role that is appropriately authorized.

  5. Run the smpatch command with the -n option to specify the name of the system on which to operate.

    For example:


    $ smpatch analyze -n system-name

    To perform the operation with an assumed role, type:


    $ smpatch analyze -r role-name -n system-name
Example 5–1 Accessing the Sun Patch Manager Command-Line Interface

The following examples use the smpatch get command, which lists the configuration settings for your patch management environment.

This example shows how to run the smpatch command on the local system.


# smpatch get

This example shows how an authorized user can run the smpatch command on the remote system called jupiter.


# smpatch get -n jupiter

This example shows how you can run the smpatch command on the remote system called jupiter as the role patcher.


# smpatch get -r patcher -n jupiter
What to Do Next

You can use the smpatch command to configure the patch management environment for your system and manage patches. See the following:

Configuring Your Patch Management Environment by Using the Command-Line Interface (Task Map)

Use the smpatch command to perform the configuration tasks in this section. For the list of configuration parameters you can set, see Setting Patch Manager Configuration Parameters and the smpatch(1M) man page.

If you want to use the browser interface to configure your patch management environment, see Configuring Your Patch Management Environment by Using the Browser Interface (Task Map).

By default, the patch management environment is configured to obtain patches directly from the Sun patch server. Therefore, you must customize your environment if your system does one or more of the following:

The following table identifies the tasks that you might perform when you configure the patch management environment for your system.

Task 

Description 

For Instructions 

(Optional) Specify the web proxy to use. 

If your system is connected to the Internet through a web proxy, you must specify the web proxy that is used to access the Sun patch server. 

By default, no web proxy is specified. 

How to Specify Your Web Proxy (Command Line)

(Optional) Specify the user and password needed to provide authentication for the web proxy. 

If your web proxy requires authentication, you must specify the web proxy user that is needed for authentication. 

By default, no web proxy user is specified. 

How to Specify Your Web Proxy (Command Line)

(Optional) Specify the user and password needed to obtain patches from the Sun patch server. 

If you needed a user and password to obtain patches, you must specify the user name and password. 

How to Specify a User Name and Password With Which to Obtain Patches (Command Line)

(Optional) Specify the source of patches for your system. 

Your system can obtain patches from one of the following sources: 

  • Sun patch server

  • Patch server on your intranet

  • Local collection of patches

The default source of patches for your system is the Sun patch server. 

How to Specify the Source of Patches (Command Line)

Note –

The following procedures and examples show how to run the local mode smpatch command, which is run by default. To run the remote mode version, use any of the authentication options (except for -L) or the remote options. See the smpatch(1M) man page.

ProcedureHow to Specify Your Web Proxy (Command Line)

If your system connects to the Internet through a web proxy, you must provide information about the web proxy to Patch Manager.

  1. Obtain the host name and the port of the web proxy from your network administrator.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  3. Specify the web proxy.


    # smpatch set patchpro.proxy.host=web-proxy-server \
patchpro.proxy.port=port

  4. (Optional) If the web proxy requires authentication, supply the user name and password.

    Obtain this information from your network administrator.

    1. Specify the user name to be used for authentication.


      # smpatch set patchpro.proxy.user=web-proxy-user

    2. Specify the proxy user's password by having smpatch prompt you for the password.


      # smpatch set patchpro.proxy.passwd
Web Proxy User Password: web-proxy-password

      Setting the password in this way ensures that the password you type does not appear as clear text in the following:

      • Standard output

      • Output of the ps command

      • Your shell history file

ProcedureHow to Specify a User Name and Password With Which to Obtain Patches (Command Line)

If you needed a user name and password to obtain patches from the Sun patch server, you must specify them for Patch Manager.

If you do not have an account on SunSolve, register for one at http://sunsolve.sun.com.

As of June 2005, a user name and password are not required to obtain patches from the Sun patch server.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Specify your user name.


    # smpatch set patchpro.sun.user=user-name

  3. Specify the password for your user by having smpatch prompt you for the password.


    # smpatch set patchpro.sun.passwd
Sun User Password: password

    Setting the password in this way ensures that the password you type does not appear as clear text in the following:

    • Standard output

    • Output of the ps command

    • Your shell history file

ProcedureHow to Specify the Source of Patches (Command Line)

Your system can obtain patches from the following sources:

By default, your system obtains patches from the Sun patch server.

Note –

The local patch server is an optional Sun Patch Manager 2.0 feature that you can obtain at no charge if you are a contract customer in the SunSpectrum program.

For information about becoming a contract customer or obtaining the local patch server distribution, go to http://sunsolve.sun.com and click Patch Portal.

Note –

If you want your system to obtain patches from a local patch server, you must first configure one. See Configuring Your Local Patch Server (Task Map).

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Specify the URL of the patch source.

    • For the Sun patch server, type:


      # smpatch unset patchpro.patch.source

    • For a local patch server, use this URL format:


      # smpatch set patchpro.patch.source=http://server-name:3816/solaris/

    • For a collection of patches in a directory, use this URL format:


      # smpatch set patchpro.patch.source=file:/directory-name

      Note that directory-name can be a local file system or a remotely mounted file system.

    See Example 5–2 for examples of using the file:/ URL format.

Example 5–2 Specifying the Source of Patches

The following example shows how to configure a system to obtain patches from the /export/patches directory on the local system.


# smpatch set patchpro.patch.source=file:/export/patches

The following example shows how to configure a system to obtain patches from the /export/patches directory on the remote system called jupiter.


# smpatch set patchpro.patch.source=file:/net/jupiter/export/patches

The following example shows how to configure a system to obtain patches from a CD mounted from the first CD-ROM drive of the local system.


# smpatch set patchpro.patch.source=file:/cdrom/cdrom0
What to Do Next

After you specify a patch source, your client system is ready to manage patches. See Managing Patches by Using the Command-Line Interface (Task Map).

Managing Patches by Using the Command-Line Interface (Task Map)

Use the smpatch command to perform most of the common patch management tasks described in the following table. See the smpatch(1M) man page.

Task 

Description 

For Instructions 

Analyze your system to determine the list of patches. 

You want to analyze your system to obtain the list of appropriate patches. Based on the analysis, you can update your system with one or more patches in the list. 

How to Analyze Your System to Obtain the List of Patches to Apply (Command Line)

Automatically update your system with one or more patches in a single procedure. 

You want to automatically download and apply the patches that are appropriate for your system. The list of patches is determined by having Patch Manager analyze your system. 

How to Update Your System With Patches (Command Line)

Apply patches to your system. 

  • After you have determined the patches to apply and have downloaded them to your system, you can apply them.

  • Some patches should be applied while the system is in single-user mode because they might cause the system to become unstable. Such patches are associated with the singleuser patch property. In single-user mode, you must use the smpatch add command to apply patches.

  • Some patches are nonstandard and must be applied manually.

  • (Optional) Determine whether the patches you want to apply depend on others being applied first.

Remove patches from your system. 

You want to remove, or back out, patches that you applied to your system. 

How to Remove Patches From Your System (Command Line)

(Optional) View patch management tool log entries. 

View Patch Manager log entries in the system log file to identify problems with installing patch management tools or applying patches. 

How to View Patch Manager Log Entries (Command Line)

Apply patches to an inactive boot environment on your system by using luupgrade.

You want to use Solaris Live Upgrade to apply patches to a system that has more than one boot environment. 

How to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line)

Note –

The following procedures and examples show how to run the local mode smpatch command, which is run by default. To run the remote mode version, use any of the authentication options (except for -L) or the remote options. See the smpatch(1M) man page.

ProcedureHow to Analyze Your System to Obtain the List of Patches to Apply (Command Line)

You can perform an analysis of your system to determine the list of appropriate patches. This list is in an order that can be used to apply patches. You can also supply a list of one or more patches as input to restrict the analysis to just those patches. In addition to performing the analysis, you can save the patch list for modification or for use at a later time.

The system analysis writes the list of patches to standard output, so you can save the contents of the patch list to a file by redirecting standard output to a file.

Each line in a patch list has two columns. The first column is the patch ID, and the second column is a synopsis of that patch.

If you supply a list of one or more patches to the smpatch analyze command, the list of patches is augmented with any patches that are required as dependencies.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Perform a patch analysis of your system and optionally save the list of patches in a file.

    • To create a list of all the appropriate patches for your system, type:


      # smpatch analyze

    • To create a list of particular patches for your system based on a patch list, type:


      # smpatch analyze -x idlist=patch-list-file

    • To create a list of particular patches for your system, type:


      # smpatch analyze -i patch-id...
Example 5–3 Analyzing Your System to Obtain the List of Patches to Apply

The following example shows how to analyze a system to create a list of all appropriate patches. The list is written to the /tmp/patch.all file.


# smpatch analyze > /tmp/patch.all

The following example shows how to create a list of patches, plist, modify it, and resolve the patch dependencies. The list is written to the /tmp/patch.plist file.


# smpatch analyze > plist
# vi plist
.
.
.
# smpatch analyze -x idlist=plist > /tmp/patch.plist

The following example shows how to resolve patch dependencies for patch 112785-28 and write the resulting patch list to a file called /tmp/patch.out. Patch 112785-28 depends on patch 113096-03. After running the smpatch analyze command, the patch.out file contains this ordered list: 113096-03 and 112785-28.


# smpatch analyze -i 112785-28 > /tmp/patch.out

ProcedureHow to Update Your System With Patches (Command Line)

An update of a system performs the entire patch management process in one step. First, the analysis determines the appropriate patches for your system. Next, those patches are downloaded to your system. Finally, the patches are applied to your system.

All standard patches are applied by an update. You can configure your system to apply some nonstandard patches by changing the default policy for applying patches. To change the policy for your system, see How to Change the Policy for Applying Patches (Command Line).

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Update the system with patches in one of the following ways:

    If you specify particular patches by using the -i or -x idlist= options, the list is augmented with patches on which they depend before the update occurs.

    Note –

    Any patches that cannot be applied to the system are listed in a patch list file called disallowed_patch_list, which is located in the download directory. You can use this file as input to the smpatch add command.

    For example, you might bring your system to single-user mode and apply the patches listed in the disallowed_patch_list file by typing the following:


    # init S
# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list

    See How to Apply Patches to Your System (Command Line) for more information.

Example 5–4 Updating Your System With Patches

The following example shows how to update a system with patch 112622-12 and 112771-17.


# smpatch update -i 112622-12 -i 112771-17

The following example shows how to update a system by using a list of patches, named plist, as input. It then shows how to create a patch list and modify it to contain only the patches that you want to apply to your system. Then, you use the smpatch update command to apply the patches and update the system.

  1. Create a list of patches by performing an analysis.

  2. Edit the patch list to include only the patches that you want to apply.

  3. Run the smpatch update command to apply the patches.

    For example:


    # smpatch analyze > plist
.
.
.
# vi plist
.
.
.
# smpatch update -x idlist=plist
.
.
.

ProcedureHow to Apply Patches to Your System (Command Line)

You can use the smpatch add command to apply one or more downloaded patches to your system.

You can use the local mode version of the smpatch command to apply one or more downloaded patches while your system is in single-user mode or in multiuser mode.

Caution – Caution –

The smpatch add command ignores the policy for applying patches and does not resolve dependencies when applying patches.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Apply the downloaded patches to your system.

    • To apply all patches listed in a file, type:


      # smpatch add -x idlist=patch-list-file

    • To apply particular patches, type:


      # smpatch add -i patch-id -i patch-id ...

    • To apply particular patches that have the singleuser property, you must first bring the system to single-user mode. Type:


      # init S
# smpatch add -i patch-id -i patch-id ...

    • To apply the list of patches that could not be applied by the smpatch update command, you must first bring the system to single-user mode. Type:


      # init S
# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list
Example 5–5 Applying Patches to Your System

ProcedureHow to Apply a Nonstandard Patch (Command Line)

You cannot use smpatch to apply nonstandard patches that have the interactive property set. To apply the patch, review the information in the Special Installation Instructions section of the patch's README file.

  1. Become superuser.

  2. In the download directory, find the nonstandard patch that you want to apply.


    # cd /var/sadm/spool; ls

  3. To access the patch README file, do one of the following:

    • View the patch README file from the Sun patch server at http://sunsolve.sun.com.

    • To extract the patch README file from the JAR archive, do the following:

      1. Identify the name of the README file, for example:


        # /usr/j2se/bin/jar tvf 107058-01.jar | grep README
1440 Sat Apr 06 08:50:08 MST 2002 107058-01/README.107058-01

      2. Extract the README file.


        # /usr/j2se/bin/jar xvf 107058-01.jar 107058-01/README.107058-01
extracted: 107058-01/README.107058-01

      3. View the README file.


        # more 107058-01/README.107058-01

  4. Follow the instructions in the Special Installation Instructions section of the README file to apply the patch.

ProcedureHow to Resolve a List of Patches (Command Line)

Sometimes a patch depends on another patch, that is, the first patch cannot be applied to the system until the other patch is applied. The first patch is said to have a dependency on the second patch.

If you specify a list of patches to apply, you can resolve the list for patch dependencies. The resulting list might include additional patches that you must apply before applying the patches you specified.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Resolve the list of patches.

    • Resolve a list of patches specified one at a time on the command line.


      # smpatch analyze -i patch-id -i patch-id ...

    • Resolve a list of patches specified in a file.


      # smpatch analyze -x idlist=patch-list-file
Example 5–6 Resolving a List of Patches

The following example shows how to resolve patch dependencies for patch 112785-28 and write the resulting patch list to a file called /tmp/patch.out. Patch 112785-28 depends on patch 113096-03. After running the smpatch analyze command, the patch.out file contains this ordered list: 113096-03 and 112785-28.


# smpatch analyze -i 112785-28 > /tmp/patch.out

The following example shows how to take a modified list of patches, plist, and resolve the patch dependencies. The list is written to the /tmp/patch.plist file.


# smpatch analyze -x idlist=plist > /tmp/patch.plist

ProcedureHow to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line)

A patch list that is created by the smpatch command can be used by luupgrade to apply patches to an inactive boot environment. You can also use the luupgrade command to remove patches from an inactive boot environment based on showrev information. See the luupgrade(1M) and showrev(1M) man pages.

Note –

This procedure assumes that you have created a second boot environment that is a duplicate of the active boot environment. See the lumake(1M) man page for information about creating boot environments.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Perform a patch analysis on the active boot environment to obtain the list of appropriate patches to apply to the inactive boot environment, and remove the synopsis for each patch entry.


    # smpatch analyze | sed 's/ .*//' > patch-list-file

    The modified file will be a list of patches, one patch ID per line.

  3. Download the patches from a patch list to your system.


    # smpatch download -x idlist=patch-list-file

  4. Apply patches from a patch list to the inactive boot environment.


    # luupgrade -t -n BE-name -s dir-name `cat patch-list-file`

    You must specify the name of the inactive boot environment to update, BE-name, and the directory where the patches are stored, dir-name.

  5. (Optional) To remove a patch from the inactive boot environment, use the following command:


    # luupgrade -T -n BE-name patch-id

    You must specify the name of the inactive boot environment to update, BE-name, and the patch to be removed, patch-id.

Example 5–7 Using luupgrade to Apply a List of Patches to an Inactive Boot Environment

ProcedureHow to Remove Patches From Your System (Command Line)

You can remove only one patch at a time.

If you want to remove more than one patch, use the browser interface. See How to Remove Patches From Your System (Web Browser).

If your system has more than one boot environment, you can use the luupgrade command to remove a list of patches from an inactive boot environment. See How to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line).

Caution – Caution –

Do not remove the Sun Patch Manager 2.0 WBEM patch (117680-01 for x86 and 117679-01 for SPARC) from a system, or Patch Manager will not work properly.

  1. Identify the patch that you want to remove.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  3. Remove the patch from your system.


    # smpatch remove -i patch-id

ProcedureHow to View Patch Manager Log Entries (Command Line)

Patch Manager writes to the system log file /var/adm/messages.

  1. Choose which method to use to see information about a failed installation of a patch.

    • /var/adm/messages Identifies problems that are found when applying a patch to a system by using Patch Manager.

    • Solaris WBEM log – To view this log from the command line, use the smlog view command. See the smlog(1M) man page.

  2. View log entries from the appropriate log file.

Tuning Your Patch Management Environment by Using the Command-Line Interface (Task Map)

The following table identifies the optional tasks that you might perform when you tune the patch management environment for your system.

Use the smpatch command to tune your patch management environment. For the list of configuration parameters you can set, see Setting Patch Manager Configuration Parameters and the smpatch(1M) man page.

If you want to use the browser interface to tune your patch management environment, see Tuning Your Patch Management Environment by Using the Browser Interface (Task Map).

Task 

Description 

For Instructions 

(Optional) Obtain configuration information about your patch management environment. 

View the configuration of your patch management environment, which might help you diagnose problems. 

How to View the Configuration Settings for Your Patch Management Environment (Command Line)

(Optional) Change the policy for applying patches for your system. 

Patch Manager can update your system with standard patches automatically. If you want to update your system with some types of nonstandard patches, you must change your policy for applying patches. 

By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties are applied by an update operation.

How to Change the Policy for Applying Patches (Command Line)

(Optional) Change the patch set to use for system analysis. 

Patch Manager bases analyses on all available Sun patches. If you want to apply only patches from a different patch set, such as the Recommended Patch Cluster, you must change the patch set. 

How to Change the Patch Set (Command Line)

(Optional) Set different directory locations. 

You might want to specify a different location for the download directory or the backout directory if the default locations are not large enough. 

How to Change Directory Locations (Command Line)

(Optional) Reset configuration parameters to the default values. 

You might want to reset configuration parameters to the default values. 

Note that some configuration parameters have an empty default value. 

How to Reset Configuration Parameters to the Default Values (Command Line)

Note –

The following procedures and examples show how to run the local mode smpatch command, which is run by default. To run the remote mode version, use any of the authentication options (except for -L) or the remote options. See the smpatch(1M) man page.

ProcedureHow to View the Configuration Settings for Your Patch Management Environment (Command Line)

You can check the configuration settings of your patch management environment to help diagnose problems or to understand your system's patch-related settings.

The configuration settings output shows an entry for all configuration parameters. Each entry appears on a line by itself.

When you list all settings, each entry includes three fields: the parameter name, the value you have assigned, and its default value. The fields are separated by one or more tab characters.

The following values have special meaning:

In addition to these special values, these special characters might appear in the output:

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. List the configuration settings for your patch management environment.

    • To list all settings, type:


      # smpatch get

    • To list the values for one or more parameters, type:


      # smpatch get parameter-name...
Example 5–8 Viewing Configuration Settings for Your Patch Management Environment

The following example shows how to list all the configuration settings for your patch management environment.


# smpatch get
patchpro.backout.directory  -      ""
patchpro.download.directory -      /var/sadm/spool
patchpro.install.types      -      rebootafter:reconfigafter:standard
patchpro.patch.source       -      https://updateserver.sun.com/solaris/
patchpro.patchset           -      patchdb
patchpro.proxy.host         -      ""
patchpro.proxy.passwd       ****   ****
patchpro.proxy.port         -      8080
patchpro.proxy.user         -      ""
patchpro.sun.passwd         ****   ****
patchpro.sun.user           -      ""

The following example shows how to list the configuration settings for the patchpro.download.directory and patchpro.patchset parameters.


# smpatch get patchpro.download.directory patchpro.patchset
/var/sadm/spool
patchdb

ProcedureHow to Change the Policy for Applying Patches (Command Line)

If you want to configure your system to apply some nonstandard patches during an update operation, you must change the policy for applying patches.

By default, only patches that are associated with the standard, rebootafter, or reconfigafter properties can be applied by an update operation.

Caution – Caution –

If you change your policy from the default, Sun makes no guarantees that the patches apply correctly to your system or that your system will function properly.

For more information about the policy for applying patches, see Customizing the Policy for Applying Patches.

  1. Determine the types of nonstandard patch properties that you want to apply during an update.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  3. Specify the new policy.


    # smpatch set patchpro.install.types=patch-property

    patch-property is a list of patch properties each separated by a colon (:). For the list of valid patch properties, see Customizing the Policy for Applying Patches.

Example 5–9 Changing the Policy for Applying Patches

This example shows how to set the policy for a system. The new policy also includes patches that require that the system be rebooted immediately for the patch to take effect.


# smpatch set \
patchpro.install.types=standard:rebootafter:reconfigafter:rebootimmediate

ProcedureHow to Change the Patch Set (Command Line)

You can choose to analyze your system based on different sets of Sun patches, such as the Recommended Patch Cluster. By default, you use the patch set All Available Patches.

As of June 2005, the only patch sets available from Sun are All Available Patches and Recommended Patch Cluster.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Specify the patch set to use.

    • To base your analysis on all patches, type:


      # smpatch set patchpro.patchset=patchdb

    • To base your analysis on recommended patches, type:


      # smpatch set patchpro.patchset=recommended

    • To base your analysis on another patch set, type:


      # smpatch set patchpro.patchset=patch-set

ProcedureHow to Change Directory Locations (Command Line)

Patch Manager is configured to use these default locations for storing patch-related data:

If you run out of available disk space in the default locations, specify different locations for these directories.

Note –

If you specify a different directory, you must manually create that directory before performing any patch operations.

  1. Determine the new locations for the directories.

  2. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  3. Specify a new directory, dir-name, for any of the patch-related directories.

    • To specify a different download directory, type:


      # smpatch set patchpro.download.directory=dir-name

      For example, dir-name is /export/patches.

    • To specify a different backout directory, type:


      # smpatch set patchpro.backout.directory=dir-name

      For example, dir-name is /export/patches/backout.

ProcedureHow to Reset Configuration Parameters to the Default Values (Command Line)

You must reset parameter values explicitly. You cannot use the smpatch command to reset all parameter values at once.

  1. Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.* authorization.

    The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Reset a configuration parameter for your patch management environment to its default value.


    # smpatch unset parameter-name...
Example 5–10 Resetting Configuration Parameters to the Default Values

The following example shows how to configure a system to obtain patches from the Sun patch server instead of from a different patch source.


# smpatch unset patchpro.patch.source

The following example shows how to reset the patch download directory and the backout directory locations to the default values.


# smpatch unset patchpro.download.directory patchpro.backout.directory