sun.com   |  docs.sun.com
How To Buy  |   My Sun  |   Worldwide Sites
        
 
Sun Microsystems Logo
 Products & Services
 		 Support & Training
 
 
System Administration Guide: Basic Administration 

Previous Previous     Contents     Index     Next Next
Chapter 24

Managing Solaris Patches (Overview)

Patch management involves listing or adding Solaris patches from a system running the Solaris release. Patch management might also involve removing unwanted or faulty patches. Removing patches is also called backing out patches.

This is a list of the overview information in this chapter.

For step-by-step instructions on adding a patch to your system, see Managing Patches in the Solaris Environment (Road Map).

For information on adding patches to diskless client systems, see Patching Diskless Client OS Services.

Note - Overview information about using the smpatch command with PatchPro has been removed from this guide. For information about using the smpatch command with PatchPro, see Signed Patches Administration Guide for PatchPro 2.2.

What Is a Patch?

A patch is a collection of files and directories that replace or update existing files and directories that are preventing proper execution of the existing software. The existing software is derived from a specified package format, which conforms to the Application Binary Interface. For details about packages, see Chapter 22, Managing Software (Overview).

You can manage patches on your system with the patchadd command. For step-by-step instructions on adding an unsigned patch to your system, see Managing Unsigned Solaris Patches (Task Map).

What Is a Signed Patch?

A signed patch is a patch with a digital signature. A patch with a valid digital signature ensures that the patch has not been modified after the signature was applied to the patch. Using signed patches is a more secure method of downloading or adding patches because the patches include a digital signature that can be verified before the patch is added to your system.

Patches that are available for the Solaris 2.6, 7, 8, and 9 releases include a digital signature. Patches without a digital signature, or unsigned patches, are also available, but eventually, all patches will be signed patches. A valid digital signature ensures that the patch has not been modified since the signature was applied.

Signed patches are stored in Java archive format (JAR) files and are available from the SunSolve OnlineSM web site.

In previous Solaris releases, you could use the smpatch command with PatchPro to add signed patches to your system. For step-by-step instructions on using the smpatch command, see "Managing Signed Patches by Using Solaris Patch Management Tools (Tasks)" in Signed Patches Administration Guide for PatchPro 2.2.

In this Solaris release, you can use the patchadd command to add signed patches to your system. For step-by-step instructions on using the patchadd command, see Adding Signed Patches With patchadd Command (Task Map).

For additional overview information about signed patches, see Signed Packages and Patches.

Accessing Solaris Patches

All Sun customers can access patches through the SunSolve OnlineSM web site. The following table describes the various ways to access Solaris patches.

Table 24-1 Ways to Access Solaris Patches

Customer Type

Description

SunSpectrum contract customer

You have access to the SunSolve database of patches and patch information. They are available from the SunSolve Online web site or by using anonymous ftp.

These patches are updated nightly.

Not a SunSpectrum contract customer

You have access to a general set of security patches and other recommended patches. These patches are available through SunSolve Online.

You can access Solaris patches from a web site or by using anonymous ftp.

To access patches from a web site, you need a system that is:

  • Connected to the Internet

  • Capable of running a web browser such as the Netscape™ software.

To access patches by anonymous ftp, you need a system that is:

  • Connected to the Internet

  • Capable of running the ftp program

Access patches from the SunSolve OnlineSM web site by using the following URL: 

http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/patch-access

You can install either a patch cluster of recommended patches or individual patches that are freely available. Patch reports are also available.

Solaris Patch Numbering

Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number. For example, patch 108528-10 is a patch ID for the SunOS 5.8 kernel update patch.

Tools for Managing Solaris Patches

The following table summarizes Solaris patch management features.

Feature

patchadd/patchrm Commands

Solaris 2.6, 7, and 8 Patch Management Tools

Solaris 9 Patch Management Tools

PatchPro Interactive or PatchPro Expert

How do I get this tool?

Bundled in Solaris release (SUNWswmt)

Must download tool from http://www.sun.com/PatchPro

Must download tool from http://www.sun.com/PatchPro

Run tool from http://www.sun.com/PatchPro

Solaris release availability

Solaris 2.6, 7, 8, and 9 releases

Solaris 2.6, 7, and 8

Solaris 9

Solaris 2.6, 7, 8, and 9

Adds signed patches?

Yes, and automatically verifies the signed patch when it is downloaded

Yes, and automatically verifies the signed patch when it is downloaded

Yes, and automatically verifies the signed patch when it is downloaded

No

Adds unsigned patches?

Yes

No

Yes, but the patches must be unzipped first

Yes, but the patches must be unzipped first

GUI available?

No

No

Yes

No

Analyzes system for required patches and downloads signed or unsigned patches

No

Yes, both signed and unsigned patches

Yes, both signed and unsigned patches

Yes, unsigned patches only

Local and remote system patch support

Local

Local

Local and Remote

No

RBAC support?

Yes

No

Yes

No

Detailed information about how to install and back out a patch is provided in the patchadd(1M) and patchrm(1M) man pages. Each patch also contains a README file that contains information about the patch.

Selecting the Best Method for Adding Signed Patches

After you have installed a patch management tool, you can use several different methods of downloading or adding a signed patch or patches to your system. Use the following table to determine which method is best for your needs.

Command or Tool

Description

For More Information

patchadd

Starting in the Solaris 9 12/03 release - Use this command to add signed patches to your system after your have set up your package keystore.

patchadd(1M)

smpatch update

Solaris 2.6, Solaris 7, Solaris 8, and at least Solaris 9 4/03 - Use this command to identify the recommended patches and automatically download and apply the patches to your system. Notice that this command will not apply a patch that has the interactive property set.

smpatch(1M)

smpatch analyze

Use this command to identify required patches and display a list of required patch IDs for your system. Then, you could use the smpatch download and smpatch add commands to download and add the patches to your system.

smpatch(1M)

smpatch download and smpatch add

Use these commands to download and apply one or more patches to your system. These commands also download and apply any prerequisite patches.

"Downloading and Applying Signed Patches to a Solaris System (Task Map)" in Signed Patches Administration Guide for PatchPro 2.2

ftp and smpatch add

Use the ftp command to transfer a patch or patches to your system. Then, use the smpatch add command to add the patch or patches to your system.

"Downloading and Applying Signed Patches to a Solaris System (Task Map)" in Signed Patches Administration Guide for PatchPro 2.2

Solaris Management Console Patches Tool

For Solaris 9 systems only - Use this tool when you want the convenience of a GUI tool to manage signed patches.

Solaris Management Console online help

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2004 Sun Microsystems