Patch Manager incorporates PatchPro functionality to automate the patch management process. This process includes performing patch analyses on systems, then downloading and applying the resulting patches. This automation functionality was previously available for Solaris 2.6, Solaris 7, Solaris 8, and Solaris 9 as a separate PatchPro product and is now part of the standard Solaris 10 release.

PatchPro uses signed patches, which improves the security of Solaris patches by ensuring that they have not been modified.

Starting with Solaris 9, the smpatch command is available in two modes: local mode and remote mode. Local mode can only be run on the local system. This mode can be run while the system is in single-user or multiuser mode. Remote mode can be used to perform tasks on remote systems. Both local mode and remote mode can be used by users or roles that have the appropriate authorizations.

By default, local mode is run. In local mode, the Solaris WBEM services are not used, and none of the authentication options or those options referring to remote systems are available. The smpatch command in local mode runs faster than in remote mode.

If you specify any of the remote or authentication options (except for L), remote mode is used.

You can use the smpatch add command in local mode to apply patches while the system is in single-user mode. Apply patches in this way when the patches are associated with the singleuser patch property, or when you want to apply any patches to a quiet system.

Use only the smpatch add, smpatch order, and smpatch remove commands to manage patches when your system is running in single-user mode.

You can configure your patch management environment while the system is running in single-user mode by using the smpatch get, smpatch set, and smpatch unset commands.

Do not use the smpatch analyze, smpatch download, and smpatch update commands while the system is running in single-user mode. These commands depend on network services that are not available while the system is in single-user mode.

If you previously used the smpatch update command to update your system with patches, some of the patches might not have been applied. Such patches cannot be applied if they do not meet the policy for applying patches, and must be applied manually in single-user mode.

To apply the patches while the system is in single-user mode, use the smpatch add command with the x idlist= option to specify the list of patches to apply.

You can use the disallowed_patch_list file as input to the smpatch add command to apply the singleuser patches. This file, stored in the download directory , lists any patch that could not be applied by smpatch update while the system was in multiuser mode. For example:

# smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list

Patch Manager can create an ordered list of patches that you can save to a text file and use to perform patch operations.

You might use a patch list to apply the same set of patches to systems that have the same hardware and software configurations. Or, you might create a patch list file that contains all pertinent security patches and use the patch list to apply those security patches to one or more systems.

You can create a file that contains an ordered patch list by using the smpatch command in any of these ways:

If you modify a patch list and the patches are available on your system, use the smpatch order command to put the list in an order suitable for applying patches. Otherwise, use the smpatch analyze command, which also produces an ordered list of patches.

You can use patch lists as input to the smpatch add, smpatch analyze, smpatch download, smpatch order, and smpatch update commands.