Patch Manager is a new tool provided in Solaris 9 to assist you in managing patches on your system. Specifically, Patch Manager uses the smpatch utility to do the following:
Analyze your system to determine if patches need to be installed
Download patches
Install patches
Remove patches
The syntax for the smpatch utility is as follows:
smpatch subcommand <subcommand_option>
The smpatch requires you to enter a subcommand. Each subcommand has specific options, which are described in Table 12.6.
analyze | |
---|---|
OPTIONS FOR THE analyze SUBCOMMAND | |
-h | Displays the command’s usage statement. |
-n system_name | Specifies the system you want to analyze. |
download | |
---|---|
THE download SUBCOMMAND REQUIRES ONE OF THE FOLLOWING SUBCOMMAND OPTIONS | |
-i patch_id1 –i patch_id2 | Specifies the patch or patches patch_id2 . . . that you want to download. You can specify the -x idlist=patch_id_file operand instead of this option, or you can omit this argument in favor of he -n download_system option. |
-x idlist=patchlist_file | Specifies the file containing the list of patches you want to download. You can specify this operand instead of specifying the -i patch_id1 option. |
OPTIONAL SUBCOMMAND ARGUMENTS FOR THE download SUBCOMMAND | |
-n download_system | Specifies the machine on which you want to download the recommended patches. |
-d downloaddir | Specifies the directory where the patches are downloaded.This directory must have write permission and be accessible to the download_system . If you do not specify this option, the default patch spool directory (/var/sadm/spool) located on the download system is assumed. |
remove | |
---|---|
THE remove SUBCOMMAND REQUIRES THE FOLLOWING OPTIONS | |
-i patch_id | Specifies the patch you want to remove. |
AN OPTIONAL OPTION FOR THE remove SUBCOMMAND | |
-n systemname | Specifies the system on which you want to remove the recommended patches. |
The smpatch commands are located in /usr/sadm/bin and /opt/SUNWppro/ bin, so you need to add these to your path. Before you can start using smpatch, you need to download PatchPro the www.sun.com/PatchPro. Select the link provided at this URL to download the PatchPro application for Solaris 9. The file will download as a zipped file. Use the gunzip command to uncompress the downloaded file and then run the tar command to untar the PatchPro file. After you untar the file, follow the installation instructions described in the README file located in the PatchPro installation directory. Make sure you also follow the instructions in the README file for setting up Sun root certificates and patch signing certificates.
After you’ve installed and set up PatchPro, you are ready to analyze your system for patches. To use the analyze subcommand, the system needs to be connected to the Internet so that it can access the SunSolve site for patch information. To analyze a system, type the following:
smpatch analyze
You’ll be asked to enter a password, as follows:
Authenticating as user: root Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password ::
Enter the root password. Optionally, you can set up a role to perform this task. Roles are described in Chapter 17, “Role-Based Access Control.”
The system responds with this:
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from zeus Login to zeus as user root was successful. Download of com.sun.admin.patchmgr.cli.PatchMgrCli from zeus was successful. Assessing required patches for machine zeus. Please wait... 112958-01 SunOS 5.9: patch pci.so 112874-01 SunOS 5.9: buffer overflow in dbm_open 112955-01 SunOS 5.9: patch kernel/fs/autofs kernel/fs/sparcv9/autofs 113070-01 SunOS 5.9: ftp patch 112962-01 SunOS 5.9: patch libthread_db.so.1 112854-01 SunOS 5.9: icmp should be QNEXTLESS 113184-01 SunOS 5.9: Supplemental Kernel Update Patch for S9 FCS 113073-01 SunOS 5.9: ufs_log patch 112975-01 SunOS 5.9: patch /kernel/sys/kaio
The following example analyzes the system named zeus and downloads the assessed patches from the SunSolve Online database to the default patch spool directory.
/usr/sadm/bin/smpatch download Authenticating as user: root Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password ::
Enter the root password, and the system responds with the following:
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from zeus Login to zeus as user root was successful. Download of com.sun.admin.patchmgr.cli.PatchMgrCli from zeus was successful. Assessing required patches for machine zeus. Please wait... 112958-01 SunOS 5.9: patch pci.so 112874-01 SunOS 5.9: buffer overflow in dbm_open 112955-01 SunOS 5.9: patch kernel/fs/autofs kernel/fs/sparcv9/autofs 113070-01 SunOS 5.9: ftp patch 112962-01 SunOS 5.9: patch libthread_db.so.1 112854-01 SunOS 5.9: icmp should be QNEXTLESS 113184-01 SunOS 5.9: Supplemental Kernel Update Patch for S9 FCS 113073-01 SunOS 5.9: ufs_log patch Downloading the required patches for machine zeus ...
You might get the following message:
The following patches were not downloaded. Contact your Sun Microsystems support provider for more information. 112958-01 112955-01 113070-01 112962-01 112854-01 For downloaded patch(es) see /var/sadm/spool.
I’ve generated a list of the patches I downloaded and want to install onto this system. To install the patches in this list, I type the following:
smpatch add -x idlist=/var/sadm/spool/patchlist Authenticating as user: root Type /? for help, pressing <enter> accepts the default denoted by [ ] Please enter a string value for: password ::
Enter the root password, and the following displays:
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from zeus Login to zeus as user root was successful. Download of com.sun.admin.patchmgr.cli.PatchMgrCli from zeus was successful. [ Security Manager Alert ] A Tool loaded from zeus:898 wishes to read from the file located at /var/sadm/spool/patchlist. Do you wish to allow this action? [Y | n] :
Respond with Y and the system displays:
Do you wish to trust all actions by tools from this location? [Y | n] :
Respond with Y and the system displays:
Patch 113184-01, or a patch required by patch 113184-01, requires a system reboot after installation. Perform a reconfiguration reboot immediately after the installation. On machine zeus ... Installing patch 112785-05 Installing patch 112874-01 Installing patch 112875-01 Installing patch 113030-01 Installing patch 113068-01 Installing patch 113184-01