Software install and patching across different UNIX systems

This post provides brief differences in the commands used for Software Installation and Patch management of the most common versions of UNIX (Solaris, AIX, Red Hat Linux and HP-UX).
Software Installation
SolarisAIXRHELHP-UX
Install pkgadd -d pkgfile installp -a [-c] FileSet rpm -i file swinstall -s depot software
Update pkgadd -d pkgfile installp -a FileSet rpm -U file swinstall -s depot software
List pkginfo lslpp -L all rpm -q swlist -l product
Remove pkgrm package installp -i FileSet rpm -u swinstall
Patch Management
SolarisAIXRHELHP-UX
Patches patchadd installp rpm -q -a swlist -l product
List Patches showrev -p lslpp -L all rpm -q -a swlist -l product
Patch Check patchdiag
PatchPro
compare_report up2date
yum
security_patch_check

Additional Notes

Sun’s patchdiag is only available to SunSpectrum service contract customers. Non-contract customers can only download individual patches and the maintenance updates (patch clusters) from Sun’s Patch Support Portal, however administrators can sign up for the free patch notification service (also available from HP and IBM) in order to stay informed of any new patches affecting their installed systems. Sun’s Support Portal now has a new tool available, PatchPro, which requires a SunSolve account. PatchPro is capable of generating lists of (signed) patches needed to update the system, downloading the required patches and installing them. The download process includes checking the digital signatures of the patches for validation. PatchPro can also be run from automation scripts (e.g. from cron) further simplifying patch management on Solaris systems.

compare_report for AIX is available on a default system installation (part of the bos.rte.install fileset), and can compare installed filesets with filesets available from IBM’s Fix Delivery Center. The generated report file can then be uploaded to the Fix Delivery Center in order to generate a set of patches to be downloaded to bring the system to the latest maintenance level.

Under RHEL individual patches can be downloaded for free for one of the Community supported editions (e.g. Fedora Core) which official Redhat distributions usually track. For official Red Hat releases, the Red Hat Network allows the registration of a System Profile for each Red Hat Linux machine that needs to be updated and eases the determination of which patches need to be applied. In Red Hat Enterprise Linux 5, up2date has been replaced by yum. Yum establishes repositories and is an automatic updater and package installer/remover for rpm systems, making it easier to maintain groups of systems.

security_patch_check for HP-UX is available from HP’s Software Depot, and it can download a patchlist to compare with the installed patches and generate lists in verbose or machine readable formats for download from HP’s patch download site. The patches still have to be downloaded manually from HP’s ITRC site but can be packaged into a single depot before applying them. A premium service is also available, the Custom Patch Manager, which allows the upload of the system configuration for comparison and the generation of a custom patch bundle.