Solaris 8 patching tips

Solaris 8 patching tips

This Content Component encountered an error

This is a Solaris Admin Tip for specialists involved in patching.

This tip is for those who either do not get the regular SunSolve CD's, or are in between the last distribution, and the current ones on the Website. You'll notice that there is a section on Recommended patches, and a section on PRODUCTS. The Recommended ones will have either an R flag, or an S flag (Security). The PRODUCT section will deal with add-on, or OEM products, such as NetBackup.

It is best to keep any of the PRODUCT ones separate, as these will nearly always require special pre and post install tasks, as in the associated README file. Some of the Recommended ones will be compressed TAR format, rather that .zip. It is best to keep these in a separate area too, as these are usually patching add-on or specialized areas, like StarOffice. Some of these need manual cp commands to patch, rather than the usual patchadd.

When you are happy that you have your set of latest patches in your directory, ensure that you have enough room for file inflation. Allow for a factor of 2 to 2.5. The just set up a quick do loop to unzip them, and remove the original *.zip set at the end to conserve space. It does not matter if you pass a patch already installed to patchadd, it will just ignore it. However, the revision dash numbers change, so be aware of that.

A good way to install these as a set ( or patch cluster in Sun terms), is to use the install_cluster script that is inside any expanded recommended patch set off an earlier SunSolve CD. You may have this already on disk from last time, for example, in 8_Recommended. Copy it over to your own patch library, and change the $SUPPLEMENT_NAME tag ( something easy like FREDS PATCHES, as it will take the paces out further down, and use that as a log file name). To make things run how you want, I would recommend you set up a patch_order file. If you don't, it will use the standard collated sort order by name (i.e. patch number). The safest option ( unless you have a recommendation of patch order for your specific site or problem, from Sun), is to use time/date order. For this, just do: ls -rt | grep 1 | grep .zip > patch_order. The first grep is just to ensure that you have valid patch files in the list, and the second is to ensure just zip types, not tar ones.

PLAYING SAFE:

Apart from the time/date order for patches above, Sun recommends that you go to single user mode for doing multiple patches. Also, do an lpshut, and if running any applications, like NetBackup, shutdown the daemons with the K77 script, or the kill script in the /opt/openv/netbakcup/bin/goodies directory. If this is a new installation, and you can easily re-install, and you do not want to litter /var or /opt with compressed backup files, you can add the "-nosave" option on the end of the install_cluster call. It is aware of this, and passes the option to patchadd. If you have plenty of room in /var and /opt, then do NOT use this option, in case a new patch you just got from Sun affects you in some way. The backout option can then be used , with patchadd -B. This is unlikely, as Sun seem to test quite well, and the patchadd coupled with the pkgadd environment affords good prerequisite checks, both at the product and patch level.


This was first published in April 2002

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close