Applying Solaris patches
Sunsoft regularly release patches for the Solaris OS - normally to fix reported bugs or security vunerabilities. They are an easy way of keeping the OS up to date without having to recompile everything - which is useful given that Sun no longer ship a compiler with Solaris. (Patches are a little like the Redhat Package Manager if you ever mess with Linux) If you ever run into problems and call Sun first thing they will send you is a list of patches you should have installed.
You can get the patches from Sunsolve
A patch ID uniquely identifies every release patch. A patch ID looks like xxxxxx-yy e.g. 106542-12 is the twelfth release of a kernel update for Solaris 2.7 x86
showrev -p shows
the patches installed. Use showrev -p |grep patchid to search
for the ones you are after.
Before installation
the patchadd command must be
run as root
patchadd -p shows
list of currently installed patches
patchadd -d installs patch WITHOUT keeping a copy
of the old patched files VERY DANGEROUS
patchadd -u unconditionally installs patch e.g. suppresses
error messages
to install a single patch
patchadd /var/spool/patch/104945-02
to install multiple patches
patchadd -M /var/spool/patch/105982-01
134903-03 108645-01
or you can put the files into a file and run
patchadd -M /var/spool/patch list_of_patches
Other useful advice
Patch clusters
Adding lots of individual patches every week as they are released to every system is a nightmare. Generally most system administrators only add individual patches if they are having a particular problem that they hope a patch will fix or are exposed to a particular security problem that a patch fixes.
In addition installing patches is one of the few occasions when a Solaris machine has to be re-booted so people are loathe to do it frequently. Sun recognises this and so at regular intervals releases clusters of the most recommended patches in one big tar ball and an installation script to install them all so that you can install them all and in a sequence deemed correct by Sun.
The installation script is normally as simple as ./install_cluster and will check sufficient disk space is available before running. The cluster installation script uses the patchadd save switch so that the original files being replaced are saved so that you can revert back an individual patch from the cluster if you need to.
After installation
Test all the services that should have started from the etc/rc.d scripts. Start by hand any services that are not started by the etc/rc.d scripts. Because Solaris machines a re rarely re-booted this is when you remember that you added IP routes to solve a problem that have now been flushed out, that test application that you started from the command line is now in production and you didn't write an RC script for it.
Checking the log files is important because patches have a habit of over writing configuration files. e.g patch 107710-06 replaces your /etc/snmp/conf/snmpd.conf at which point alarms are going to be sounding if you are running network management.
Removing patches
If it all goes wrong and you need to remove
a patch use patchrm.
This assumes you used the save option when installing the patches (as recommended).
e.g.
to remove a single patch patchrm 104562-03 forces the removal
patchrm -f
