| Patches are added using either patchadd (the recommended way) or the installpatch script that is supplied with each patch. As installpatch will soon be unsupported, we will deal exclusively with patchadd here. Parts of the patch installation are carried out using the nobody user and this needs to be able to create directories as required. To allow this to happen, Sun recommends that patch installs should always be carried out from /tmp and the user nobody should always have an entry in the password file. Patches can be installed with the "backout" option. This allows them to be removed should the system administrator wish, should a patch make a particular problem worse, for example, or not work with another one installed. Apart from the recommended patches, normally it is advisable to install as few as possible. The reason for this is that it's virtually impossible to check every combination of patching that can be applied to the system to ensure they all operate together. Consequently, indiscriminate patch loading can lead to some patches being installed that will break others that were previously working. Lots of patches, such as jumbo kernel patches, need to be installed in single-user mode (in fact, do this whenever possible) for a number of reasons: It allows the system to be as inactive as possible and it ensures that users cannot access any data while the change is occurring. Also, it may be that the patch replaces programs that would be running while in multi-user mode. Removing Old Revisions Should old patch revisions be removed before new ones are applied? This is a common question that unfortunately doesn't have an easy answer. However, a number of points can be taken into consideration to help with the decision. First, and perhaps most importantly, is that it isn't a problem if old patches remain on the system, since all the standard utilities will still continue to work and will always use the highest patch revision. Leaving patches intact is the least time-consuming way of dealing with old revisions, although this method may take up valuable disk space On the other hand, a big advantage with backing out the older patches is that all the files that were related to the patch will also be removed, which may free lots of disk space. For example, if we remove 105181-17, the following directories will disappear: Carrying out this task will make the system "neater," but it could also be very time-consuming for a large number of patches, which could be a major problem on a heavily used system. If this process were followed, the old patch should be removed before the new revision is applied. This allows the original files to be backed out (assuming they were saved) before being backed up again by the new revision. Some system administrators actually remove the old patch directories manually, while retaining the information in the pkginfo files. This is not recommended since it is very easy to break the system, causing programs such as patchrm to fail because there are no backout files. (Although programs such as pkgparam and showrev will still work, allowing an "audit trail" of patch installs.) In short, the decision to remove old patches ultimately rests with each system administrator and may depend on things such as company policies and allowable machine downtime. Installing Recommended Patches The two ways to install recommended patches are from the Sunsolve maintenance CD-ROM or the Sunsolve Web site. Both ways will allow the whole set to be installed easily. From the CD-ROM Installation from the CD-ROM is an easy process and is automated using a script named patchinstall. This is a menu-driven terminal interface that allows the user to select the patches to install. It provides a way of installing either particular patches or the recommended set by entering "suggested" when the user is requested for the patch ID. Patchinstall will first determine the version of the operating system and the architecture of the system, and from this information will build a filename formatted as follows: For example, a system running Solaris 5.6 on a SPARC will be referenced as .sunos.5.6.suggestedpatches, while an X86-based Solaris 2.5 system would be .sunos.5.5_x86.suggestedpatches. The file contains the list of current recommended patches needed for the particular system, and is used by patchinstall to determine which ones need to be installed. Patchinstall will then try and locate this file on the CD-ROM, read it, and start the installation. An example installation of recommended patches is shown below. It's also interesting to note that by default they won't have the backup option. If you want them to be backed up, then make sure you let patchinstall know when it asks! [View full width] hydrogen# cd /cdrom/cdrom0 hydrogen# ./patchinstall =========================================================== patchinstall - install a patch Copyright (c) 1993 Sun Microsystems, Inc. All Rights Reserved. Printed in the United States of America. 2550 Garcia Avenue, Mountain View, California, 94043-1100 U.S.A. Patches are distributed to SunService Contract Customers ONLY. Redistribution to  unauthorized parties is prohibited by the SunService Contract. Installation of all patches is not suggested as some patches may conflict with one another. Please make sure that the patch you are installing is necessary before actually installing the patch. =========================================================== During the installation, default answers will be provided inside brackets '[]' Pressing the <Return> key will select the default provided. Press <Ctrl-C> at any time to stop the installation. Continue with patch installation? [Y]y <Next screen> Installation of patches will use several temporary files, and may need several megabytes of space. Please enter the name of a directory that can be used for these temporary files (the directory must exist before running the installation!) Where should I store temporary files? [/tmp] <Next screen> The installation for Solaris 2.x patches provides the option of saving the original versions of the software being patched. Unfortunately, this occasionally will cause your /var/sadm/patch directory to grow too large. By default, this installation will NOT save your original versions of software. Would you like to save the original versions of the software? [no] <Next screen> Patches already installed: <Display list of patches on the system> Next you will be prompted for the patches you wish to install. If you would like to install the suggested patches, enter "suggested". Otherwise enter the patch id. To see a list of the patches you have entered, type a '?' <Return> To start the installation, press <Return> when prompted for a patch id. Patch to install (patchid, suggested, ?):suggested <Next screen> Patch installation setup: Temporary directory: /tmp Save old versions of files: FALSE Patches to install: suggested Is this correct? [y]y Installing suggested patches for release 5.6 Copying 106125-05 to /tmp x 106125-05, 0 bytes, 0 tape blocks <installation of patches continues> hydrogen#
Once this has completed, the system can be rebooted for the patches to take effect. Running patchadd should confirm the patches have been installed correctly. From the Web Site First, we need to find the correct patch cluster and download it. We can do this at one of Sun's Sunsolve sites (sunsolve.sun.com, Sunsolve.sun.co.uk, and other mirror sites). Again, this will be related to both the Solaris version and the architecture of the machine. When it has been downloaded, you will have a file containing all the required patches. As explained earlier, it is recommended that the installation is carried out from within /tmp, so that's where we'll download our cluster to: hydrogen# cd /tmp <download recommended patches from Sun site> hydrogen# ls -l 2_6_Recommended_tar.Z -rwxrwxr-x root other 1 36694000 2_6_Recommended_tar.Z hydrogen# The patch cluster is supplied as a compressed tar file, so we now need to decompress and un-tar the file. hydrogen# zcat 2_6_Recommended_tar.Z | uncompress - | tar xf hydrogen# This will leave us with a directory, in this case named 2.6_Recommended, that contains a series of patch directories and all the ancillary files that are required for the install: hydrogen# ls -l 2_6* total 212 drwxr-xr-x 12 root root 512 Dec 17 09:38 105181-17 drwxr-xr-x 4 root root 512 Dec 17 09:38 105210-25 <lines removed for clarity> hydrogen# An install script named install_cluster is provided, so we'll run that now to start the installation: [View full width] hydrogen# ./install_cluster Patch cluster install script for Solaris 2.6 Recommended *WARNING* SYSTEMS WITH LIMITED DISK SPACE SHOULD *NOT* INSTALL PATCHES: With or without using the save option, the patch installation process will still require some amount of disk space for installation and administrative tasks in the /, /usr, /var, or /opt partitions where patches are typically installed. The exact amount of space will depend on the machine's architecture, software packages already installed, and the difference in the patched objects size. To be safe, it is not recommended that a patch cluster be installed on a system with less than 4 MBytes of available space in each of these partitions. Running out of disk space during installation may result in only partially loaded patches. Check and be sure adequate disk space is available before continuing. Are you ready to continue with install? [y/n]: y Determining if sufficient save space exists... Sufficient save space exists, continuing... Installing patches located in /tmp/2.6_Recommended Using patch_order file for patch installation sequence Installing 106125-08... <patch installation continues> hydrogen#
Once this has completed, running patchadd will again confirm that all the required patches have been installed. Adding Individual Patches On occasions, it may be necessary to install a small number of patches. Usually this will be to fix a known problem that has occurred on the system. The first step is to get a copy of the patch itself. This may come from a number of sources; it may be downloaded from the Sunsolve Web site, loaded from a copy of the Sunsolve CD-ROM, or perhaps sent via email by a Sun support engineer. We'll use patch 105181 from the Sunsolve CD-ROM for our example. Although we could use the patchinstall script (similar to the way we did for the recommended patch cluster), we'll do it manually to show the whole process. Remember to do this in single-user mode if at all possible. First, we need to copy the file from the CD-ROM into our install directory, which will be /tmp: hydrogen# cd /cdrom/cdrom0/files hydrogen# cp 105181* /tmp hydrogen# cd /tmp hydrogen# In this case the patch is a gzip compressed tar file, so we need to decompress and un-tar it. Always remember to copy the compressed tar file to the install location before extracting it so as not to forget to copy the hidden .diPatch file, and to make sure the correct permissions on the extracted files are retained. We can use the gzip utilities supplied on the CD-ROM to uncompress the file: hydrogen# /cdrom/cdrom0/gzip/bin/svr4/gzcat 105181-03.tar.gz|tar xf - hydrogen# ls -ld 105181* drwxr-xr-x 11 root root 707 Sep 16 1998 105181-03 -r--r--r-- 1 root other 3674621 Jan 3 13:15 105181-03.tar.gz hydrogen# We'll follow the recommendation that all patches are installed with the backout option. Although this uses up more space, it ensures that the system can be recovered in the most efficient fashion should it be required. Let's start the patch install: [View full width] hydrogen# patchadd 105181-03 Checking installed patches... Executing prepatch script... If possible, perform patch installation in single user mode. If this can not be done, we recommend having the system in as quiet a state as possible: no users logged on, no user jobs running. Do you wish to continue this installation {yes or no} [yes]? (by default, installation will continue in 60 seconds) Verifying sufficient filesystem capacity (dry run method)... Installing patch packages... Patch number 105181-03 has been successfully installed. See /var/sadm/patch/105181-03/log for details Patch packages installed: SUNWcsr hydrogen#
There are times when we may not want to retain the backout data; for example, this machine may be one that has been fully tested with the patches we are installing. To install and not save backout data we would run patchadd with slightly different options, as shown below: hydrogen# patchadd -d 105181-03 hydrogen# Loading Multiple Patches If we have a number of patches that are needed to fix a problem, it is often easier to load them all at the same time, rather than through numerous calls to patchadd. This can be accomplished by calling patchadd with the directory that contains the patches and either a list of patches or a file that contains the list of them. For example, assuming we had 101580-02, 102300-05, and 104500-01 to install and they were located in /tmp/patches, we could run the following command: hydrogen# patchadd -M /tmp/patches 101580-02 102300-05 104500-01 hydrogen# Alternatively we could create a file that contains the patches and install as shown below: hydrogen# cat /tmp/listToInstall 101580-02 102300-05 104500-01 hydrogen# patchadd -M /tmp/patches /tmp/listToInstall hydrogen# | 
