You can use the following tools to manage patches and updates on your Solaris systems:
Sun Update Connection web application
Sun Update Manager application
The Sun Update Connection web application and the Sun Update Manager application are available, starting with the Solaris 10 1/06 and the Solaris Express 10/05 releases.
smpatch command-line interface
patchadd
Solaris Management Console Patches tool (GUI, starting with Solaris 9)
If you need to apply a patch to a diskless client system, see Patching Diskless Client OS Services.
The following table summarizes the availability of the Solaris patch management tools.
For Sun Update Connection tool, see the Sun Update Connection product documentation at .
|
Tool Availability |
Solaris 2.6 and Solaris 7 Patch Management Tools |
Sun Patch Manager 2.0 |
PatchPro Interactive or PatchPro Expert | |
|---|---|---|---|---|
|
How do I get this tool? |
Included with the Solaris release |
Download the tool from the Sun Download Center web site[a] |
Included with the Solaris 10 release ( Download the Solaris 8 or Solaris 9 version of the tool from the Sun Download Center web site[a] |
Run tool from the PatchPro web site[b] |
|
Solaris 2.6, Solaris 7, Solaris 8, Solaris 9, Solaris 10, and Solaris Express releases |
Solaris 2.6 and Solaris 7 releases |
Solaris 8, Solaris 9, and Solaris 10 releases |
Solaris 2.6, Solaris 7, Solaris 8, Solaris 9, and Solaris 10 releases | |
|
Applies signed patches? |
Starting with the Solaris 9 12/03 release – Yes, and automatically verifies the signed patch when it is downloaded |
Yes, and automatically verifies the signed patch when it is downloaded |
Yes, and automatically verifies the signed patch when it is downloaded |
No, these tools do not apply patches |
|
Applies unsigned patches? |
Yes |
No |
Yes, but the patches must be unzipped first |
No |
|
GUI available? |
No |
No |
Yes, these tools can only be run from the PatchPro web site[b] | |
|
Analyzes system to determine the appropriate patches and downloads signed or unsigned patches |
No |
Yes, signed patches only |
Yes, signed patches only |
Yes, unsigned patches only |
|
Local and remote system patch support |
Local |
Local |
Local and remote For Solaris 8 systems – Local |
No |
|
RBAC support? |
Yes |
No |
Yes |
No |
[a] The Sun Download Center web site is [b] The PatchPro web site is | ||||
Starting with the Solaris 9 release – A graphical user interface Patches tool in the Solaris Management Console (smc), is also available. The Patches tool enables you to analyze systems to determine the appropriate patches, view patch properties, download patches, apply patches to systems, and remove patches.
When you apply a patch, the patch tools call the pkgadd command to apply the patch packages from the patch directory to a local system's disk.
Do not run the pkgadd command directly to apply patches.
More specifically, the patch tools do the following:
Determine the Solaris version number of the managing host and the target host
Update the patch package's pkginfo file
with this information:
Patches that have been obsoleted by the patch being applied
Other patches that are required by this patch
Patches that are incompatible with this patch
While you apply patches, the patchadd command logs
information in the /var/sadm/patch/
patch-id
/log file.
In this Solaris release, improvements have been made to the patchadd
M command. When you use this command to
apply patches to your system, you are no longer required to specify patch
IDs in numeric order. If you use the patchadd
M command
without specifying a patch ID, all patches in the directory are installed
on the system. For more information about these changes, see the
patchadd
(
1M
)
.
The patchadd command cannot apply a patch under the following conditions:
The package is not fully installed on the system.
The patch package's architecture differs from the system's architecture.
The patch package's version does not match the installed package's version.
A patch with the same base code and a higher revision number has already been applied.
A patch that obsoletes this patch has already been applied.
The patch is incompatible with a patch that has already been
applied to the system. Each patch that has been applied keeps this information
in its pkginfo file.
The patch being applied depends on another patch that has not yet been applied.