Sun customers can access security patches and other recommended patches via the World Wide Web or anonymous FTP. You can download patches from the Sunsolve web site, which (as of this writing) is at http://sunsolve.sun.com. Sun customers who have purchased a service contract can access an extended set of patches and a complete database of patch information. (This information also is available via the World Wide Web or anonymous FTP, and it is regularly distributed on CD-ROM.)
Detailed information about how to install and remove a patch is provided in the Install.info file included with each patch. Each patch also contains a README file that contains specific information about the patch.
Patches come in three different formats. Solaris 9 patches come in ZIP format, such as 104945-02.zip. For Solaris 9 patches, use the unzip command to extract the patch files, as follows:
/usr/bin/unzip 104945-02.zip
For Solaris 2.6 and earlier operating environments, patches might come in compressed TAR format, such as 104945-02.tar.Z. Use the zcat command to decompress this type of patch file and the tar command to create the patch directories, as follows:
/usr/bin/zcat 104945-02.tar.Z | tar xvf –
Other Solaris patches might come as GZIP compressed TAR files, such as 102945-02.tar.gz. To extract a GZIP compressed TAR file, use the gzcat command to decompress and create the patch directories, as follows:
/usr/bin/gzcat 104945-02.tar.gz | tar xvf -
The patchadd command is used to install directory-format patches to a Solaris 9 system. It must be run as root. The syntax is as follows:
patchadd [ -d ] [ -u ] [ -B backout_dir ]
The patchadd command is described in Table 12.4.
Note
Additional options to the patchadd command can be found online in the Solaris system manual pages.
The following examples describe how to add patches to your system. A word of caution is in order before you install patches, however. It has been my personal experience—Murphy’s Law, you might say—that things can go wrong. Because you’re modifying the operating system with a patch, I highly recommend that you back up your file systems before loading patches. Although it can be a time-consuming and seemingly unnecessary task, I once encountered a power failure during a patch installation that completely corrupted my system. Another time, the patch installation script was defective, and the patch did not load properly. Without a backup, I would have had to reinstall the entire operating system.
The following example installs a patch to a standalone machine:
patchadd /var/spool/patch/104945-02
The following example installs multiple patches. The patchlist file specifies a file containing a list of patches to install:
patchadd -M /var/spool/patch patchlist
The following example displays the patches installed on a client system named client1:
patchadd -R /export/root/client1 –p
When you’re installing a patch, the patchadd command copies files from the patch directory to the local system’s disk. More specifically, patchadd does two things:
It determines the Solaris version number of the managing host and the target host.
It updates the patch package’s pkginfo file with information about patches made obsolete by the patch being installed, other patches required by this patch, and patches incompatible with this patch.
The patchadd command will not install a patch under the following conditions:
If the package is not fully installed on the host.
If the patch architecture differs from the system architecture.
If the patch version does not match the installed package version.
If an installed patch already exists with the same base code and a higher version number.
If the patch is incompatible with another, already-installed patch. (Each installed patch keeps this information in its pkginfo file.)
If the patch being installed requires another patch that is not installed.
Sometimes a patch does not work as planned and needs to be removed from the system. The utility used to remove, or “back out of,” a patch is the patchrm command, described in Table 12.5. Its syntax is as follows:
patchrm [ -f ] [ -B backout_dir ]
The following e xample removes a patch from a standalone system:
patchrm 104945-02
The patchrm command removes a Solaris 9 patch package and restores previously saved files—restoring the file system to its state before a patch was applied—unless any of the following four conditions exist:
The patch was installed with patchadd -d. (The -d option instructs patchadd not to save copies of files being updated or replaced.)
The patch has been made obsolete by a later patch.
The patch is required by another patch already installed on the system.
The patchrm command calls pkgadd to restore packages saved from the initial patch installation.