Table of Contents
Task |
Description |
For Instructions |
---|---|---|
1. (Optional) Set up the package keystore. |
If you plan to apply signed patches to your system, you must first import Sun's Root CA certificate into your package keystore. |
How to Import a Trusted Certificate to Your Package Keystore |
2. (Optional) Specify a web proxy. |
If your system is behind a firewall with a web proxy, you must specify the web proxy to obtain patches from the Sun patch server. |
How to Specify a Web Proxy |
3. Download and apply a patch. |
You can download and apply a patch to your system by using the patchadd command. |
How to Download and Apply a Solaris Patch |
4. (Optional) Display information about patches that have been applied to your system. |
If you want information about the patches that have already been applied to your system, use the patchadd, showrev, or pkgparam command. |
How to Display Information About Solaris Patches |
5. (Optional) Remove a patch from your system. |
If necessary, remove a patch from your system by using the patchrm command. |
How to Remove a Solaris Patch by Using the patchrm Command |
How to Import a Trusted Certificate to Your Package Keystore
To apply signed patches to your system by using the patchadd command, you must add Sun's Root CA certificate, at the very least, to verify the signature of your signed patch. You can import this certificate from the Java keystore to the package keystore.
Become superuser or assume an equivalent role.
Export the Root CA certificate from the Java keystore to a temporary file.
For example:
# keytool -export -storepass changeit -alias gtecybertrustca \
-keystore gtecybertrustca -keystore /usr/j2se/jre/lib/security/cacerts \
-file /tmp/root.crt
Certificate stored in file </tmp/root.crt>
export
Exports the trusted certificate.
storepass
storepass
Specifies the password that protects the integrity of the Java keystore.
alias
gtecybertrustca
Identifies the alias of the trusted certificate.
keystore
certfile
Specifies the name and location of the keystore file.
file
filename
Identifies the file in which to hold the exported certificate.
Import the Root CA certificate from the temporary file to the package keystore.
For example:
#pkgadm addcert -t -f der /tmp/root.crt
Enter Keystore Password:storepass
Keystore Alias: GTE CyberTrust Root Common Name: GTE CyberTrust Root Certificate Type: Trusted Certificate Issuer Common Name: GTE CyberTrust Root Validity Dates: <Feb 23 23:01:00 2004 GMT>-<Feb 23 23:59:00 ... MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91... Are you sure you want to trust this certificate?yes
Trusting certificate <GTE CyberTrust Root> Type a Keystore protection Password. Press ENTER for no protection password (not recommended): For Verification: Type a Keystore protection Password. Press ENTER for no protection password (not recommended): Certificate(s) from </tmp/root.crt> are now trusted
t
Indicates that the certificate is a trusted CA certificate. The command output includes the certificate details, which you are asked to verify.
f
format
Specifies the format of the certificate or private key. When
importing a certificate, it must be encoded using either the PEM (pem
)
or binary DER (der
) format.
certfile
Specifies the file that contains the certificate.
Display the certificate information.
#pkgadm listcert
Enter Keystore Password:storepass
Keystore Alias: GTE CyberTrust Root Common Name: GTE CyberTrust Root Certificate Type: Trusted Certificate Issuer Common Name: GTE CyberTrust Root Validity Dates: <Feb 23 23:01:00 2004 GMT>-<Feb 23 23:59:00 2006 GMT> MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91: BC:65:A6:89:64
Remove the temporary file.
# rm /tmp/root.crt
How to Specify a Web Proxy
If your system is behind a firewall with a web proxy, you must specify the web proxy to use patchadd to apply a patch.
Become superuser or assume an equivalent role.
Use one of the following methods to specify a web proxy:
Specify the web proxy by using the http_proxy
, HTTPPROXY
, or HTTPPROXYPORT
environment variable.
For example:
#setenv http_proxy http:
//mycache.domain:8080
Or, specify one of the following:
#setenv HTTPPROXY
mycache.domain
#setenv HTTPPROXYPORT
8080
Specify the web proxy on the patchadd command line.
For example:
# patchadd -x mycache.domain:8080 \
-M http://www.sun.com/solaris/patches/latest 101223-02 102323-02
How to Download and Apply a Solaris Patch
Use this procedure to download either a signed or an unsigned Solaris patch and then apply it to your system.
If you want to apply signed patches, you must first set up the package keystore.
Gain access to the system in one of these ways:
Determine whether to download a specific patch or a patch cluster, then do one of the following:
Type the patch number (patch-id
)
in the Find Patch search field, then click Find Patch.
Entering patch-id
downloads the latest patch revision.
If
this patch is freely available, the patch README appears. If this patch is
not freely available, an ACCESS DENIED
message appears.
Note that patch numbers for SPARC based and x86 based systems are different. The patch IDs are listed in the patch README. Ensure that you apply the patch that matches your system architecture.
Select the Recommended Patch Cluster that matches the Solaris release that is running on the system that you want to patch.
Download the patch.
To download a copy of the signed patch, click the Download
Signed Patch (n
bytes) HTTPS button or the FTP
button.
To download an unsigned patch, click the Download Patch (n
bytes) HTTP button or the FTP button.
When the patch or patches are successfully downloaded, close the web browser.
Change to the directory that contains the downloaded patch.
Become superuser or assume an equivalent role.
(Unsigned patch) If you downloaded an unsigned patch, unzip the patch.
# unzip patch-id
Apply the signed or unsigned patch.
If you downloaded a signed patch, apply it.
For example:
# patchadd /tmp/111879-01.jar
If you downloaded an unsigned patch, apply it.
For example:
# patchadd /tmp/111879-01
Verify that the patch has been successfully applied.
For example:
# patchadd -p | grep 111879
Patch: 111879-01 Obsoletes: Requires: Incompatibles: Packages: SUNWwsr
How to Display Information About Solaris Patches
Before applying patches, you might want to know more about patches that have been previously applied. The following commands provide useful information about patches that are already applied to a system.
patchadd -p or showrev -p
Shows all patches that have been applied to the system.
pkgparam pkgid
PATCHLIST
Shows all patches that have been applied to
the package identified by pkgid, for example, SUNWadmap
.
patchadd -S Solaris-OS
p
Shows all the /usr
patches that
have been applied to an OS server.
Use one of the following patchadd command lines to display information about patches that have been applied to your system.
To obtain information about all patches that have been applied to your system, type:
$ patchadd -p
To verify whether a particular patch has been applied to your system, type, for example:
$ patchadd -p | grep 111879