Use the smpatch command to perform most of the common patch management tasks described in the following table. See the smpatch ( 1M ) man page.
You can use the Sun Update Connection, System Edition software to manage patches and updates on your Solaris system. The Sun Update Connection software has the same functionality as the Sun Patch Manager 2.0 tools, with the addition of some new features and enhancements. For more information, see Chapter 16, Managing Software (Overview).
Task |
Description |
For Instructions |
---|---|---|
Analyze your system to determine the list of patches. |
You want to analyze your system to obtain the list of appropriate patches. Based on the analysis, you can update your system with one or more patches in the list. |
How to Analyze Your System to Obtain the List of Patches to Apply (Command Line) |
Automatically update your system with one or more patches in a single procedure. |
You want to automatically download and apply the patches that are appropriate for your system. The list of patches is determined by having Patch Manager analyze your system. |
How to Update Your System With Patches (Command Line) |
After you have determined the patches to apply and have downloaded them to your system, you can apply them. |
How to Apply Patches to Your System (Command Line) | |
|
Some patches should be applied while the system is in single-user mode
because they might cause the system to become unstable. Such patches are associated
with the |
How to Apply Patches to Your System (Command Line) |
|
Some patches are nonstandard and must be applied manually. |
How to Apply a Nonstandard Patch (Command Line) How to Download and Apply a Solaris Patch |
|
Determine whether the patches you want to apply depend on others being applied first. This task is optional. |
How to Resolve a List of Patches (Command Line) |
Remove patches from your system. |
You want to remove, or back out, patches that you applied to your system. |
How to Remove Patches From Your System (Command Line) |
View patch management tool log entries. This task is optional. |
View Patch Manager log entries in the system log file to identify problems with installing patch management tools or applying patches. |
How to View Patch Manager Log Entries (Command Line) |
Apply patches to an inactive boot environment on your system by using luupgrade. |
You want to use Solaris Live Upgrade to apply patches to a system that has more than one boot environment. |
How to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line) |
The following procedures and examples show how to run the local
mode smpatch command, which is run by default. To run the
remote mode version, use any of the authentication options (except for
L
)
or the remote options. See the
smpatch
(
1M
)
man
page.
How to Analyze Your System to Obtain the List of Patches to Apply (Command Line)
You can perform an analysis of your system to determine the list of appropriate patches. The list is in an order that can be used to apply patches. You can also supply a list of one or more patches as input to restrict the analysis to just those patches. In addition to performing the analysis, you can save the patch list for modification or later use.
The system analysis writes the list of patches to standard output, so you can save the contents of the patch list to a file by redirecting standard output to a file.
Each line in a patch list has two columns. The first column is the patch ID, and the second column is a synopsis of that patch.
If you supply a list of one or more patches to the smpatch analyze command, the list of patches is augmented with any patches that are required as dependencies.
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Perform a patch analysis of your system and optionally save the list of patches in a file.
To create a list of all the appropriate patches for your system, type:
# smpatch analyze
To create a list of particular patches for your system based on a patch list, type:
# smpatch analyze -x idlist=patch-list-file
To create a list of particular patches for your system, type:
# smpatch analyze -i patch-id
...
Example 22.3. Analyzing Your System to Obtain the List of Patches to Apply
The following example shows how to analyze a system to create a list
of all appropriate patches. The list is written to the /tmp/patch.all
file.
# smpatch analyze > /tmp/patch.all
The following example shows how to create a list of patches, plist
, modify it, and resolve the patch dependencies. The list is written
to the /tmp/patch.plist
file.
#smpatch analyze > plist
#vi plist
. . . #smpatch analyze -x idlist=plist > /tmp/patch.plist
The following example shows how to resolve patch dependencies for patch
112785-28 and write the resulting patch list to a file called /tmp/patch.out
. Patch 112785-28 depends on patch 113096-03. After running the smpatch analyze command, the patch.out
file
contains this ordered list: 113096-03 and 112785-28.
# smpatch analyze -i 112785-28 > /tmp/patch.out
How to Update Your System With Patches (Command Line)
An update of a system performs the entire patch management process in one step. First, the analysis determines the appropriate patches for your system. Next, those patches are downloaded to your system. Finally, the patches are applied to your system.
All standard patches are applied by an update. You can configure your system to apply some nonstandard patches by changing the default policy for applying patches. To change the policy for your system, see How to Change the Policy for Applying Patches (Command Line).
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Update the system with patches in one of the following ways:
To update your system with all appropriate patches, type:
# smpatch update
To update your system with all patches listed in a file, first create a patch list (see How to Analyze Your System to Obtain the List of Patches to Apply (Command Line)), then type:
# smpatch update -x idlist=patch-list-file
To update your system with particular patches, type:
# smpatch update -i patch-id
-i patch-id
...
If you specify particular patches by using the
i
or
x idlist=
options, the list is augmented with patches on which they
depend before the update occurs.
Any patches that cannot be applied to the system are listed in
a patch list file called disallowed_patch_list
, which
is located in the download directory. You can use this file as input to the smpatch add command.
For example, you might bring your system to single-user
mode and apply the patches listed in the disallowed_patch_list
file
by typing the following:
#init S
#smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list
See How to Apply Patches to Your System (Command Line) for more information.
Example 22.4. Updating Your System With Patches
The following example shows how to update a system with patch 112622-12 and 112771-17.
# smpatch update -i 112622-12 -i 112771-17
The following example shows how to update a system by using a list of
patches, named plist
, as input. It then shows how to
create a patch list and modify it to contain only the patches that you want
to apply to your system. Then, use the smpatch update command
to apply the patches and update the system.
Create a list of patches by performing an analysis.
Edit the patch list to include only the patches that you want to apply.
Run the smpatch update command to apply the patches.
For example:
#smpatch analyze > plist
. . . #vi plist
. . . #smpatch update -x idlist=plist
. . .
How to Apply Patches to Your System (Command Line)
You can use the smpatch add command to apply one or more downloaded patches to your system.
You can use the local mode version of the smpatch command to apply one or more downloaded patches while your system is in single-user mode or in multiuser mode.
The smpatch add command ignores the policy for applying patches and does not resolve dependencies when applying patches.
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Apply the downloaded patches to your system.
To apply all patches listed in a file, type:
# smpatch add -x idlist=patch-list-file
To apply particular patches, type:
# smpatch add -i patch-id
-i patch-id
...
To apply particular patches that have the singleuser
property,
you must first bring the system to single-user mode. Type:
#init S
#smpatch add -i
patch-id
-ipatch-id
...
To apply the list of patches that could not be applied by the smpatch update command, you must first bring the system to single-user mode. Type:
#init S
#smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list
Example 22.5. Applying Patches to Your System
The following example shows how to apply the patches listed
in the file plist
while the system is in single-user
mode.
Requesting System Maintenance Mode SINGLE USER MODE Root password for system maintenance (control-d to bypass):xxxxxxx
single-user privilege assigned to /dev/console. Entering System Maintenance Mode Entering System Maintenance Mode . . . #smpatch add -x idlist=plist
The following example shows how to apply patch 112662-12 while the system is in single-user mode.
Requesting System Maintenance Mode SINGLE USER MODE Root password for system maintenance (control-d to bypass):xxxxxxx
single-user privilege assigned to /dev/console. Entering System Maintenance Mode Entering System Maintenance Mode . . . #smpatch add -i 112662-12
How to Apply a Nonstandard Patch (Command Line)
You cannot use smpatch to apply nonstandard patches
that have the interactive
property set. To apply the patch,
review the information in the Special Installation Instructions section of
the patch's README file.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services .
In the download directory, find the nonstandard patch that you want to apply.
# cd /var/sadm/spool; ls
To access the patch README file, do one of the following:
Follow the instructions in the Special Installation Instructions section of the README file to apply the patch.
How to Resolve a List of Patches (Command Line)
Sometimes a patch depends on another patch, that is, the first patch cannot be applied to the system until the other patch is applied. The first patch is said to have a dependency on the second patch.
If you specify a list of patches to apply, you can resolve the list for patch dependencies. The resulting list might include additional patches that you must apply before applying the patches you specified.
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Resolve the list of patches.
Resolve a list of patches specified one at a time on the command line.
# smpatch analyze -i patch-id
-i patch-id
...
Resolve a list of patches specified in a file.
# smpatch analyze -x idlist=patch-list-file
Example 22.6. Resolving a List of Patches
The following example shows how to resolve patch dependencies for patch
112785-28 and write the resulting patch list to a file called /tmp/patch.out
. Patch 112785-28 depends on patch 113096-03. After running the smpatch analyze command, the patch.out
file
contains this ordered list: 113096-03 and 112785-28.
# smpatch analyze -i 112785-28 > /tmp/patch.out
The following example shows how to take a modified list of patches, plist
, and resolve the patch dependencies. The list is written
to the /tmp/patch.plist
file.
# smpatch analyze -x idlist=plist > /tmp/patch.plist
How to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line)
A patch list that is created by the smpatch command can be used by luupgrade to apply patches to an inactive boot environment. You can also use the luupgrade command to remove patches from an inactive boot environment based on showrev information. See the luupgrade ( 1M ) and showrev ( 1M ) man pages.
This procedure assumes that you have created a second boot environment that is a duplicate of the active boot environment. See the lumake ( 1M ) man page for information about creating boot environments.
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Perform a patch analysis on the active boot environment to obtain the list of appropriate patches to apply to the inactive boot environment, and remove the synopsis for each patch entry.
# smpatch analyze | sed 's/ .*//' > patch-list-file
The modified file will be a list of patches, one patch ID per line.
Download the patches from a patch list to your system.
# smpatch download -x idlist=patch-list-file
Apply patches from a patch list to the inactive boot environment.
# luupgrade -t -n BE-name
-s dir-name
`cat patch-list-file
`
You must specify the name of the inactive boot environment to update, BE-name
, and the directory where the patches are stored, dir-name
.
(Optional) To remove a patch from the inactive boot environment, use the following command:
# luupgrade -T -n BE-name
patch-id
You must specify the name of the inactive boot environment to update, BE-name
, and the patch to be removed, patch-id
.
Example 22.7. Using luupgrade to Apply a List of Patches to an Inactive Boot Environment
The following example shows how to use Patch Manager and Solaris
Live Upgrade commands to apply a list of patches to an inactive boot environment.
For this example, a duplicate boot environment, be2
, of
the active boot environment has been created.
First, use the smpatch analyze and sed commands to analyze the
active boot environment and create a patch list, plist
,
that includes one patch ID per line. The sed command removes
the synopsis from each patch entry. Use the smpatch download command
to download the patches in the list. Then, use the luupgrade command
to apply the list of patches to the inactive boot environment of the system.
The inactive boot environment is called be2
, and the directory
where the patches reside is /var/sadm/spool
on the active
boot environment.
#smpatch analyze | sed 's/ .*//' > plist
. . . #smpatch download -x idlist=plist
. . . #luupgrade -t -n be2 -s /var/sadm/spool `cat plist`
. . .
The following example shows how to use Patch Manager and the
Solaris Live Upgrade commands to remove a patch from an inactive boot environment.
For this example, a duplicate boot environment, be2
, of
the active boot environment has been created.
Use the luupgrade command to remove patch 107058-01 from the inactive boot environment
of the system, be2
.
# luupgrade -T -n be2 107058-01
.
.
.
How to Remove Patches From Your System (Command Line)
You can remove only one patch at a time.
If your system has more than one boot environment, you can use the luupgrade command to remove a list of patches from an inactive boot environment. See How to Use luupgrade to Apply a List of Patches to an Inactive Boot Environment (Command Line).
Identify the patch that you want to remove.
Become an appropriately authorized user or assume a role that includes the Software Installation profile or the solaris.admin.patchmgr.*
authorization.
The System Administrator profile includes the appropriate profiles. To create the role and assign the role to a user, see Configuring RBAC in System Administration Guide: Security Services .
Remove the patch from your system.
# smpatch remove -i patch-id
How to View Patch Manager Log Entries (Command Line)
Patch Manager writes to the system log file /var/adm/messages
.
Choose which method to use to see information about a failed installation of a patch.
/var/adm/messages
– Identifies problems that are found when applying a patch to a
system by using Patch Manager.
Solaris WBEM log – To view this log from the command line, use the smlog view command. See the smlog ( 1M ) man page.
View log entries from the appropriate log file.