What Is a Patch

In its simplest form, you can think of a patch as a collection of files and directories that replace or update existing files and directories that are preventing proper execution of the software. The existing software is derived from a specified package format, which conforms to the Application Binary Interface. (For details about packages, see Chapter 17, "Overview of Software Administration.")

Tools For Managing Patches

There are two utilities for managing patches:

• installpatch - use to install directory-format patches to a Solaris system
• backoutpatch - use to remove patches installed on a Solaris system. This script restores the file system to its state before a patch was applied.

Detailed information about how to install and back out a patch is provided in the README file that comes with every patch.

Before installing patches, you might also want to know more about patches that have previously been installed. Table 24-1 shows commands that provide useful information about patches already installed on a system.

Table 24-1

Command	Function
showrev -p	Shows all patches applied to a system.
pkgparam pkgid PATCHLIST	Shows all patches applied to the package identified by pkgid.
pkgparam pkgid PATCH_INFO_patch-number	Shows the installation date and name of the host from which the patch was applied. pkgid is the name of the package: for example, SUNWadmap.

Patch Distribution

All Sun customers can access security patches and other recommended patches via the World-Wide Web or anonymous ftp. Sun customers who have purchased a service contract can access an extended set of patches and a complete database of patch information. This information is available via the World-Wide Web, anonymous ftp, and it is regularly distributed on a CD (See Table 24-2.

Table 24-2

If You Are ...	Then ...
A Sun Service customer	You have access to the SunSolve database of patches and patch information. These are available via the world-wide-web or anonymous ftp, as described in "Patch Access Via the World-Wide Web" on page 382 and "Patch Access Via ftp" on page 382. These patches are updated nightly. You also receive a patch CD every 6 to 8 weeks.
Not a Sun Service customer	You have access to a general set of security patches and other recommended patches. These are available via the world-wide-web or anonymous ftp, as described in "Patch Access Via the World-Wide Web" on page 382 and "Patch Access Via ftp" on page 382.

What You Need to Access Sun Patches

You can access Sun patches via the World-Wide Web or anonymous ftp. If you have purchased a Sun service contract, you will also be able to get patches from the patch CD that is regularly distributed.

To access patches on the world-wide web, you need a machine that is:

• Connected to the Internet
• Capable of running Web browsing software such as Mosaic or Netscape

To access patches via anonymous ftp, you need a machine that is:

• Connected to the Internet
• Capable of running the ftp program

Patch Access Via the World-Wide Web

To access patches via the world-wide web, use this uniform resource locator (URL):

http://www.sun.com/

After reaching the Sun home page, click on the Sales and Service button and navigate your way to the SunSolve patch database.

The patch database for publicly available patches are labeled "Public patch access." The patch database for the comprehensive set of patches and patch information available to contract customers is labeled "Contract customer patch access." You will be prompted for a password to access this contract customer database.

You can also access publicly available patches using this URL:

http://sunsite.unc.edu/

Patch Access Via ftp

To access patches via ftp, you can use ftp to connect to either the sunsolve1.sun.com (provided by Sun Service) or sunsite.unc.edu (maintained by the University of North Carolina). When ftp prompts you for a login, enter anonymous as the login name. Use your complete email address when prompted for a password. After you have connected, you can find publicly available patches in the /pubs/patches directory.

---

Note - To transfer patches, you will need to change the ftp transfer mode to binary. To do this, enter bin at the ftp prompt.

---

Patch Numbering

Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number. For example, patch 101977-02 is a Solaris 2.4 patch to correct the lockd daemon.

What Happens When You Add a Patch

When you add a patch, the installpatch script copies files from the patch directory to a local system's disk. More specifically, installpatch:

• Determines the Solaris version number of the managing host and the target host.
• Updates the patch's pkginfo file with information about patches obsoleted by the patch being installed, other patches required by this patches, patches incompatible with this patch.

During the patch installation, installpatch keeps a log of the patch installation in /tmp/log_patch-number

The installpatch script will not install a patch under the following conditions:

• The package is not fully installed on the host.
• There is already an installed patch with the same base code and a higher version number.
• The patch is incompatible with another, already installed patch. (Each installed patch keeps this information in its pkginfo file.)

What Happens When You Remove a Patch

When you back out a patch, backoutpatch restores all files modified by that patch, unless:

• The patch was installed with installpatch -d (which instructs installpatch not to save copies of files being updated or replaced).
• The patch has been obsoleted by a later patch.

The backoutpatch script calls pkgadd to restore packages that were saved from the initial patch installation.

During the patch installation, backoutpatch keeps a log of the patch installation in /tmp/log_patch-number.