Patch Manager (smpatch)
Patch Manager is provided in Solaris 10 to assist you in managing patches on your system. Specifically, Patch Manager uses the /usr/sbin/smpatch utility to do the following:
The syntax for the smpatch utility is as follows:
smpatch subcommand <subcommand_option>
The smpatch requires you to enter a subcommand, which are outlined in Table 2.8
Table 2.8. smpatch SubcommandsSubcommand | Description |
---|
add | Applies one or more patches to one or more systems. You must specify at least one patch to apply. By default, patches are applied to the local system. This subcommand attempts to apply only the patches you specify. If you specify a patch that depends on another that has not been applied, the add command fails to apply the patch you specified. | analyze | Analyzes a system to generate a list of the appropriate patches. After analyzing the system, use the update subcommand or the download and add subcommands to download and apply the patches to your systems. The smpatch analyze command depends on network services that are not available while the system is in single-user mode. | download | Downloads patches from the Sun patch server to a system. You can optionally specify which patches to download. You can also specify the name of a system and download the appropriate patches to that system. | get | Lists one or more of the smpatch configuration parameter values. | order | Sorts a list of patches into an order that can be used to apply patches. | remove | Removes a single patch from a single system. | set | Sets the values of one or more configuration parameters. | unset | Resets one or more configuration parameters to the default values. | update | Updates a single local or remote system by applying appropriate patches. This subcommand analyzes the system and then downloads the appropriate patches from the Sun patch server to your system. After the availability of the patches has been confirmed, the patches are applied based on the patch policy. |
Each subcommand has specific options, which are described in Table 2.9.
Table 2.9. smpatch Subcommands and OptionsOption | Description |
---|
Subcommand Options Supported by the add Command | -ipatch_id1 -i patch_id2 | Specifies the patch or patches that you want to install. You can list one or several patches to install, or you can specify the -x option to specify a file that contains the list of patches. | -x mlist=patchlist_file | Use this option instead of the -i option when you have many patches to install. With this option, you specify a file (patchlist_file) that contains the list of patches you want to install. | Subcommand Options for the add Subcommand | -d <patchdir> | Specifies the directory where the patches are located. If you do not specify this option, the default patch spool directory (/var/sadm/spool) is assumed. The patch directory has the following syntax: system_name:/directory_path, where system_name is the name server containing the files and /directory_path is a fully qualified, shared directory. You can specify just the /directory_path if the directory is an NFS-mounted network directory or is located on the machine on which you want to install the patches. | -h | Displays information on how to use the command. | -n system_name1 - n system_name2 | Specifies the host or list of system_name2 ... systems on which you want to install the patches. You can specify the -x mlist=system_name_file operand instead of specifying this option. | -x mlist=systemlist_file | Specifies a file that contains the list of systems (machines) to which you want to install patches. You can specify the -n system_name1 option instead of specifying this operand. | Options for the analyze Subcommand | -h | Displays the command's usage statement. | -n system_name | Specifies the system you want to analyze. | The download Subcommand Requires One of the Following Subcommand Options | -I patch_id1 -i patch_id2 | Specifies the patch or patches patch_id2 ... that you want to download. You can specify the -x idlist=patch_id_file operand instead of this option, or you can omit this argument in favor of the -n download_system option. | -x idlist=patchlist_file | Specifies the file containing the list of patches you want to download. You can specify this operand instead of specifying the -i patch_id1 option. | Optional Subcommand Arguments for the download Subcommand | -n download_system | Specifies the machine on which you want to download the recommended patches. | -d downloaddir | Specifies the directory where the patches are downloaded. This directory must have write permission and be accessible to the download_system. If you do not specify this option, the default patch spool directory (/var/sadm/spool) located on the download system is assumed. | The remove Subcommand Requires the Following Options | -i patch_id | Specifies the patch you want to remove. | -n systemname | Specifies the system on which you want to remove the recommended patches. (Optional) |
To use the analyze subcommand, the system needs to be connected to the Internet so that it can access the SunSolve site for patch information. To analyze a system, login as root and type the following command:
The system responds with a list of patches:
120199-01 SunOS 5.10: sysidtool Patch
119145-02 SunOS 5.10: usr/snadm/lib Patch
119252-02 SunOS 5.10: System Administration Applications Patch
119315-02 SunOS 5.10: Solaris Management Applications Patch
119313-02 SunOS 5.10: WBEM Patch
119250-02 SunOS 5.10: usr/sbin/install.d/pfinstall Patch
119534-02 SunOS 5.10: Flash Archive Patch
119254-02 SunOS 5.10: Install and Patch Utilities Patch
119783-01 SunOS 5.10 : bind patch
119065-01 SunOS 5.10: fc-cache patch
119812-01 X11 6.6.2: Freetype patch
. . . <output has been truncated> . . .
The following example analyzes the system named zeus and downloads the assessed patches from the SunSolve Online database to the default patch spool directory:
/usr/sadm/bin/smpatch download
The system responds with the following:
120199-01 has been validated.
119145-02 has been validated.
119252-02 has been validated.
119315-02 has been validated.
119313-02 has been validated.
119250-02 has been validated.
119534-02 has been validated.
[Output has been truncated.]
The patches get downloaded to the /var/sadm/spool directory as jar files. Extract the files using jar xvf as described earlier in this chapter.
After extracting the jar file, install a patch from the download directory, by typing
The system responds with:
add patch 120469-01
Patch 120469-01 has been successfully installed.
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
120469-01
I've generated a list of the patches I downloaded and want to install onto this system. To install the patches in this list, I type the following:
smpatch add -x idlist=/var/sadm/spool/patchlist
The system responds with
add patch 120469-01
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
The following requested patches are already installed on the system
Requested to install patch 120469-01 is already installed on the system.
No patches to check dependency.
add patch 120292-01
Package SUNWmysqlS from patch 120292-01 is not installed on the system.
The original package SUNWmysqlS that 120292-01 is attempting to install to does \
not exist on this system.
wordlist too large
Patch 120292-01 failed to be copied to the pspool directory.
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
120292-01
add patch 120251-01
Patch 120251-01 has been successfully installed.
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
120251-01
add patch 120198-02
Patch 120198-02 has been successfully installed.
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
120198-02
|