Patching Solaris with Sun Patch Manager 2

On occasions you may need to patch a Solaris system with more up-to-date patches rather than waiting for the next release of the recommended Solaris patch clusters. This is possible using third-party scripts like PCA or with Sun's recommended Solaris Patch Manager 2 (smpatch) utility.

In this article we will focus on patching Solaris with Sun Patch Manager 2. If you would like to look at PCA review my article Patching Solaris with PCA

Sun Patch Manager 2 is available for Solaris 8 and Solaris 9 Operating Environments. For the Solaris 10 OE, you are recommended to use the Solaris 10 Update Manager

Downloading and Installing SPM2

• Download SPM2 from http://www.sun.com/software/solaris/patch_manager/.
• Unpack the ZIP file and install

  # unzip pm2.0_s8_sparc.zip
  # cd Patch_Manager_2.0
  # ./pmsetup

Running smpatch

Once SPM2 is installed, we can perform the following:

• Create a list of all the appropriate patches for your system,

  # smpatch analyze > /tmp/plist

Create a list of particular patches for your system based on the patch list

# smpatch analyze -x idlist=/tmp/plist > /tmp/patch.list

• Download patches based on the patch list

  # smpatch download -x idlist=/tmp/patch.list

• Apply the system patches based on the patch list

  # smpatch add -x idlist=/tmp/patch.list

Patch classifications

Patch updates are classified as being standard or nonstandard. A standard update can be applied by smpatch update. Such an update is associated with the standard update property. smpatch applies standard updates immediately. These updates require no system restart. A nonstandard update has one of the following characteristics:

• An update that is associated with the rebootafter, rebootimmediate, reconfigafter, reconfigimmediate, or singleuser properties. Such a nonstandard update can be applied automatically during a system shutdown if permitted by the policy.
• An update that is associated with the interactive property. Such an update cannot be applied by using automated installation mechanisms like smpatch update. When you attempt to apply one of these updates using smpatch update, the update will be downloaded but not installed. You must examine the update's README file and perform whatever manual steps it describes. Typically, you are instructed to apply the update manually using patchadd or smpatch add.

With smpatch you can only install patches classed as standard patches. If you need to install other patches along side the standard patches, we can perform the following:

• Firstly, installed the standard patch set

  # smpatch update

• Enter single-user mode

  # init S

• Install the disallowed patches

  # smpatch add -x idlist=/var/sadm/spool/disallowed_patch_list

• Reboot the system back into multi-user mode

  # init 6

Sun Microsystems have just announced end-of-life support for Sun Patch Manager 2 (04-Sep-2007) and you are now advised to the Sun Update Manager.

Further reading:

• Patch Manager Cancellation Web Page
• Sun Update Manager Wiki