smpatch(1M)
NAME
smpatch - download, apply, and remove patches
SYNOPSIS
/usr/sbin/smpatch add -i patch-id [auth-opts] [-i patch-id]
... [-d patch-dir] [-n system-name] ... [-x mlist=system-
list-file]
/usr/sbin/smpatch add -x idlist=patch-list-file [auth-opts]
[-d patch-dir] [-n system-name] ... [-x mlist=system-list-
file]
/usr/sbin/smpatch analyze [auth-opts] [-i patch-id] ... [-n
system-name] ... [-x idlist=patch-list-file]
/usr/sbin/smpatch download [auth-opts] [-i patch-id] ... [-d
patch-dir] [-n system-name] ... [-x idlist=patch-list-file]
/usr/sbin/smpatch get [auth-opts] [-n system-name] ...
[parameter-name...]
/usr/sbin/smpatch order -i patch-id [auth-opts] [-i patch-
id] ... [-d patch-dir] [-n system-name] ...
/usr/sbin/smpatch order -x idlist=patch-list-file [auth-
opts] [-d patch-dir] [-n system-name] ...
/usr/sbin/smpatch remove -i patch-id [auth-opts] [-n
system-name] ...
/usr/sbin/smpatch set [auth-opts] [-n system-name] ...
parameter-name=parameter-value...
/usr/sbin/smpatch unset [auth-opts] [-n system-name] ...
parameter-name...
/usr/sbin/smpatch update [auth-opts] [-i patch-id] ... [-d
patch-dir] [-n system-name] ... [-x idlist=patch-list-file]
DESCRIPTION
The smpatch command manages the patch process on a single
system or on multiple systems. Use this command to download,
apply, and remove patches. Also, use the smpatch command to
configure the patch management environment for your system.
The system on which you run Sun Patch Manager must be run-
ning at least Solaris 8 and have the Developer Software Sup-
port Group installed. If your system runs Solaris 8 or
Solaris 9, it must also have the Sun Patch Manager 2.0
software installed. If your system runs Solaris 10 and has
the Developer Software Support Group installed, the Sun
Patch Manager 2.0 software is included.
The smpatch analyze command determines the patches that are
appropriate for the systems you want to patch. The smpatch
command can download and apply patches that you specify on
the command line. Or, smpatch can download and apply patches
based on an analysis of one or more systems. Use the -i
option or the -x idlist= option to specify the particular
patches.
All of the systems on which you want to apply patches must
be running the same version of the Solaris Operating System,
have the same hardware architecture, and have the same
patches applied.
Note:
The list of patches that is generated by the analysis
is based on all of the available patches from the Sun
patch server. No explicit information about your host
system or its network configuration is transmitted to
Sun. Only a request for the Sun patch set is transmit-
ted. The patch set is scanned for patches that are
appropriate for this host system, the results are
displayed, and those patches are optionally downloaded.
The smpatch command supports the following subcommands:
add Applies one or more patches to one or more systems.
You must specify at least one patch to apply. By
default, patches are applied to the local system.
This subcommand attempts to apply only the patches you
specify. If you specify a patch that depends on
another that has not been applied, the add command
fails to apply the patch you specified.
This subcommand does not apply patches based on the
specified patch policy. To apply patches based on the
patch policy, use the update subcommand.
Use the -i or -x idlist= option to specify the patches
to apply. Note that all of the patches you specify,
and those on which they depend, must exist in the
download directory.
Use the -n or the -x mlist= option to specify the sys-
tems on which to apply patches.
Optionally use the -d option to specify an alternate
download directory.
If the patches on which the specified patches depend
are unavailable, run the smpatch download subcommand
to obtain the patches you need.
analyze
Analyzes a system to generate a list of the appropri-
ate patches.
After analyzing the system, use the update subcommand
or the download and add subcommands to download and
apply the patches to your systems.
The list of patches is written to standard output, so
you can redirect standard output to a file to create a
patch list.
If you supply a list of one or more patches, the list
is augmented with the patches on which those patches
depend. The list is also put in an order suitable for
applying patches.
Note:
The smpatch analyze command depends on network services
that are not available while the system is in single-
user mode.
download
Downloads patches from the Sun patch server to a sys-
tem. You can optionally specify which patches to down-
load. You can also specify the name of a system and
download the appropriate patches to that system.
Use the -i or -x idlist= option to specify the patches
to download.
Use the -n option to analyze a remote system and to
determine which patches to download. The patches, and
those on which they depend, are downloaded from the
Sun patch server to the download directory of the sys-
tem you specified.
Note:
The smpatch download command depends on network ser-
vices that are not available while the system is in
single-user mode.
get Lists one or more of the smpatch configuration parame-
ter values. See ``Configuring Your Sun Patch Manage-
ment Environment.''
To see values for all parameters, run the smpatch get
command with no arguments. The output shows an entry
for all configuration parameters. Each entry appears
on a line by itself. Each entry includes three fields:
the parameter name, the value you have assigned it,
and its default value. The fields are separated by one
or more tab characters.
The following values have special meaning: - means
that no value is set, "" means that the value is the
null string, \- means that the value is -, and \""
means that the value is "" (two double quotes).
In addition to these special values, these special
characters might appear in the output: \t for a tab,
\n for a newline, and \\ for a backslash.
To see values for particular parameters, run the
smpatch get command with one or more parameter names.
The output lists one parameter value per line in the
order in which the parameter names are specified on
the command line.
order Sorts a list of patches into an order that can be used
to apply patches.
The list of patches is written to standard output, so
you can redirect standard output to a file to create a
patch list.
Use the -i or -x idlist= option to specify the patches
to order. Note that all of the patches you specify,
and those on which they depend, must exist in the
download directory.
remove
Removes a single patch from a single system.
Use the -i option to specify which patch to remove. Do
not use the -x idlist= option. Optionally, use the -n
option to specify the name of a system. Do not use the
-x mlist= option. By default, the patch is removed
from the local system.
If the patch that you want to remove is required by
one or more of the patches that have already been
applied to the system, the patch is not removed.
set Sets the values of one or more configuration parame-
ters. Nothing is written to standard output or stan-
dard error when you set parameters, even if a parame-
ter value you set is invalid. This command does not
validate the values you set.
unset Resets one or more configuration parameters to the
default values. You must specify at least one confi-
guration parameter.
update
Updates a single local or remote system by applying
appropriate patches. This subcommand analyzes the sys-
tem, then downloads the appropriate patches from the
Sun patch server to your system. After the availabil-
ity of the patches has been confirmed, the patches are
applied based on the patch policy.
By default, standard patches and those that have
rebootafter or reconfigafter properties are applied.
If a patch does not meet the policy for applying
patches, the patch is not applied. Instead, the ID of
the patch is written to a file in the download direc-
tory. After the patch ID is written to the file, Sun
Patch Manager continues to apply the other patches.
Later, you can use patchadd to manually apply any
patches listed in this file. The patches listed in the
file are still in the download directory.
Installation instructions for patches that require
special handling are included in the README file for
each patch.
Note:
The smpatch update command depends on network services
that are not available while the system is in single-
user mode.
Using Local Mode or Remote Mode
Starting with Solaris 9, the smpatch command is available in
two modes: local mode and remote mode. Local mode can be run
only on the local system and can be run by users who have
the appropriate authorizations. This mode can be run while
the system is in single-user mode. Remote mode can be used
to perform tasks on remote systems and can be run by users
or roles that have the appropriate authorizations.
By default, local mode is run. In local mode, the Solaris
WBEM services are not used, and none of the authentication
options or those options that refer to remote systems are
available. The command in local mode runs faster than in
remote mode.
If the Solaris WBEM services are running and you specify any
of the remote or authentication options, the command in
remote mode is used.
Note:
On Solaris 8 systems, the smpatch command only supports
local mode operations.
Specifying the Source of Patches
Your system must specify the source of patches to use. By
default, you obtain patches from the Sun patch server. How-
ever, you can also obtain patches from a patch server on
your intranet or from a local collection of patches on your
system.
You must specify the URL that points to the collection of
patches. By default, the Sun patch server is the source of
patches. The URL is:
https://updateserver.sun.com/solaris/
The URL must point to a patch server or to a collection of
patches that is available to the local system. The value of
this URL cannot be null.
Configuring Your Sun Patch Management Environment
You can use the smpatch set command to configure the patch
management environment for your system. Use these parame-
ters:
patchpro.patchset
Name of the patch patch set to use. The default name
is patchdb.
patchpro.download.directory
Path of the directory where downloaded patches are
stored and from which patches are applied. The default
location is /var/sadm/spool.
patchpro.backout.directory
Path of the directory where patch backout data is
saved. When a patch is removed, the data is retrieved
from this directory as well. By default, backout data
is saved in the package directories.
patchpro.patch.source
URL that points to the collection of patches. The
default URL is that of the Sun patch server,
https://updateserver.sun.com/solaris/.
patchpro.sun.user
The Sun user name that you use to obtain patches. You
obtain this user name by registering at
http://sunsolve.sun.com. By default, you are not per-
mitted to access contract patches.
patchpro.sun.passwd
Password used by your Sun user. No default password is
set. If you specify your Sun user, you must specify
the password.
patchpro.proxy.host
Host name of your web proxy. By default, no web proxy
is specified, and a direct connection to the Internet
is assumed.
patchpro.proxy.port
Port number used by your web proxy. By default, no web
proxy is specified, and a direct connection to the
Internet is assumed. The default port is 8080.
patchpro.proxy.user
Your user name used by your web proxy for authentica-
tion.
patchpro.proxy.passwd
Password used by your web proxy for authentication.
patchpro.install.types
Your policy for applying patches. The value is a list
of zero or more colon-separated patch properties that
are permitted to be applied by an update operation
(smpatch update).
By default, patches that have the standard, reboo-
tafter, and reconfigafter properties can be applied.
See ``Setting a Patch Policy.''
Setting a Patch Policy
Patches are classified as being standard or nonstandard. A
standard patch can be applied by smpatch update. Such a
patch is associated with the standard patch property. A non-
standard patch has one of the following characteristics:
o A patch that is associated with the rebootafter,
rebootimmediate, reconfigafter, reconfigimmediate, or
singleuser properties. Such a nonstandard patch can be
applied during an update operation if permitted by the
policy.
o A patch that is associated with the interactive pro-
perty. Such a patch cannot be applied by using the
smpatch command.
Use smpatch set to specify the types of patches that Solaris
Patch Manager can additionally apply during an update opera-
tion. Such patches might include those that require a reboot
and those that must be applied while the system is in
single-user mode. Specify the types of patches that can be
applied by using the following command:
# smpatch set patchpro.install.types=patch-property-list
patch-property-list is a colon-separated list of one or more
of the following patch properties:
interactive
A patch that cannot be applied by running the usual
patch management tools (pprosvc, smpatch, or
patchadd). Before this patch is applied, the user must
perform special actions. Such actions might include
checking the serial number of a disk drive, stopping a
critical daemon, or reading the patch's README file.
rebootafter
The effects of this patch are not visible until after
the system is rebooted.
rebootimmediate
When this patch is applied, the system becomes
unstable until the system is rebooted. An unstable
system is one in which the behavior is unpredictable
and data might be lost.
reconfigafter
The effects of this patch are not visible until after
a reconfiguration reboot (boot -r). See the boot(1M)
man page.
reconfigimmediate
When this patch is applied, the system becomes
unstable until the system gets a reconfiguration
reboot (boot -r). An unstable system is one in which
the behavior is unpredictable and data might be lost.
singleuser
Do not apply this patch while the system is in mul-
tiuser mode. You must apply this patch on a quiet sys-
tem with no network traffic and with extremely res-
tricted I/O activity.
standard
This patch can be applied while the system is in mul-
tiuser mode. The effects of the patch are visible as
soon as it is applied unless the application being
patched is running while the patch is applied. In this
case, the effects of the patch are visible after the
affected application is restarted.
OPTIONS
The smpatch command supports two kinds of options: authenti-
cation options and subcommand options.
Authentication Options
The smpatch authentication options, auth-opts, apply to all
of the subcommands.
If no authentication options are specified, certain defaults
are assumed and the user might be prompted for additional
information, such as a password for authentication purposes.
These authentication options are only available if the
Solaris Management Console and the Solaris WBEM services are
available on the local system. If the WBEM services are not
running on the local system, smpatch performs patch opera-
tions on the local system only. You can also ``force'' the
use of the local-mode smpatch command by using the -L
option.
The single letter options can also be specified by their
equivalent option words preceded by two hyphens. For exam-
ple, you can specify either -l or --rolepassword.
The following authentication options are supported:
-H | --hostname host-name:port
Specifies the host and port to which you want to con-
nect. If you do not specify a port, the system con-
nects to the default port, 898. If you do not specify
a host (host-name:port), the Solaris Management Con-
sole connects to the local host on port 898. You might
still have to choose a toolbox to load into the con-
sole. To override this behavior, use the smc -B com-
mand, or set your console preferences to load a home
toolbox by default.
-L Forces the smpatch command to use local mode, which
does not rely on Solaris WBEM services. On Solaris 8
systems, this option does not do anything.
This option is mutually exclusive with the other
authentication options.
-l | --rolepassword role-password
Specifies the password for role-name. If you specify
role-name but do not specify role-password, you are
prompted to supply role-password. Because passwords
specified on the command line can be seen by any user
on the system, this option is considered to be
insecure.
-p | --password password
Specifies the password for user-name. If you do not
specify a password, you are prompted to supply one.
Because passwords specified on the command line can be
seen by any user on the system, this option is con-
sidered to be insecure.
-r | --rolename role-name
Specifies a role name for authentication. If this
option is not specified, no role is assumed.
-u | --username user-name
Specifies the user name for authentication. If you do
not specify this option, the user identity running the
console process is assumed.
Subcommand Options
The following options pertain to the smpatch subcommands:
-d patch-dir
Specifies an alternate download directory in which
patches are downloaded and from which they are
applied.
The default download directory is /var/sadm/spool.
The directory must be writable by root and be publicly
readable.
patch-dir uses one of the following forms:
o For remote mode, specify host-name:/patch-dir,
where /patch-dir is a fully qualified, shared
directory.
o For local mode, specify /patch-dir, which is a
fully qualified, shared directory.
This option is supported by the add, download, order,
and update subcommands.
-h Displays information about the command-line options
for the specified subcommand. This option is mutually
exclusive with all other options.
-i patch-id
Specifies the ID of a patch.
You can specify more than one patch ID by using the -i
option for each patch. Or, you can use the -x idlist=
option to point to a list of patch IDs. The -i option
and the -x idlist= option are mutually exclusive.
When using the remove subcommand, you can specify
exactly one patch ID.
This option is supported by the add, analyze, down-
load, order, remove, and update subcommands.
-n system-name
Specifies the name of the system on which to manage
patches.
When using the add subcommand, you can specify more
than one system by using the -n option for each sys-
tem. When using the analyze, download, remove, and
update subcommands, you can only specify a single sys-
tem.
To specify more than one system for the smpatch add
command, use the -x mlist= option. This option enables
you to specify a list of systems instead of using the
-n option to specify each system. The -n option and
the -x mlist= option are mutually exclusive.
If you do not specify this option, the system is
assumed to be the one specified by the -H option.
This option is supported only if the Solaris Manage-
ment Console and the Solaris WBEM services are running
on the local system and any system that is specified
by this option.
This option is supported by the add, analyze, down-
load, get, order, remove, set, unset, and update sub-
commands.
-x idlist=patch-list-file
Specifies the name of a file, patch-list-file, that
contains a list of patches to download or apply.
Each patch ID in the file must be terminated by a new-
line character. The file name you specify must be a
full path name.
You can use the -i option to specify a list of patch
IDs instead of using the -x idlist= option. The -i
option and the -x idlist= are mutually exclusive.
This option is supported by the add, analyze, down-
load, order, and update subcommands.
-x mlist=system-list-file
Specifies the name of a file, system-list-file, that
contains a list of systems on which to manage patches.
Each system name must be terminated by a newline char-
acter. The file name you specify must be a full path
name.
You can use the -n option to specify a list of systems
instead of using the -x mlist= option. The -n option
and the -x mlist= option are mutually exclusive.
This option is supported only if the Solaris Manage-
ment Console and the Solaris WBEM services are running
on the local system and any system that is specified
in system-list-file.
This option is supported by the add subcommand.
EXAMPLES
Example 1: Analyzing Your System to Obtain the List of
Appropriate Patches for the Local System
# smpatch analyze
Shows how to analyze your system to obtain the list of
appropriate patches. After the analysis, you can download
and apply the patches to your system.
Example 2: Analyzing Your System to Obtain the List of
Appropriate Patches for Another System
# smpatch analyze -n lab1
Shows how to analyze a different system, lab1, to obtain the
list of appropriate patches. After the analysis, you can
download and apply the patches to that system.
Example 3: Applying Patches to Multiple Systems
# smpatch add -i 102893-01 -i 106895-09 -i 106527-05 \
-d fileserver:/files/patches/s9 -n lab1 -n lab2
Applies patches 102893-01, 106895-09, and 106527-05 to the
systems lab1 and lab2. The patches are located in the
/files/patches/s9 directory on the system named fileserver.
Example 4: Applying Patches by Using a Patch List File
# smpatch add -x idlist=/tmp/patch/patch_file \
-d /net/fileserver/export/patchspool/Solaris9 -n lab1 -n lab2
Applies the patches specified in the file
/tmp/patch/patch_file to the systems lab1 and lab2. The
patches are located in the NFS-mounted directory named
/net/fileserver/export/patchspool/Solaris9.
Example 5: Applying Patches by Using a Patch List File and a
System List File
# smpatch add -x idlist=/tmp/patch/patch_file \
-x mlist=/tmp/patch/sys_file
Applies the patches listed in the file /tmp/patch/patch_file
to the systems listed in the file /tmp/patch/sys_file. The
patches are located in the default /var/sadm/spool directory
on the local system.
Example 6: Analyzing a System and Downloading Patches From
the Sun Patch Server
# smpatch download -n lab1
Analyzes the lab1 system and downloads the appropriate
patches from the Sun patch server to the download directory.
Example 7: Downloading Patches From the Sun Patch Server
# smpatch download -i 102893-01 -i 106895-09 -d /files/patches/s9
Downloads the 102893-01 and 106895-09 patches from the Sun
patch server to the /files/patches/s9 directory.
Example 8: Listing All Configuration Parameter Values
# smpatch get -p password
Loading Tool: com.sun.admin.patchmgr.cli.PatchMgrCli from mars
Login to mars as user root was successful.
Download of com.sun.admin.patchmgr.cli.PatchMgrCli from mars was successful.
On machine mars:
patchpro.backout.directory - ""
patchpro.download.directory - /var/sadm/spool
patchpro.install.types - rebootafter:reconfigafter:standard
patchpro.patch.source - https://updateserver.sun.com/solaris/
patchpro.patchset - patchdb
patchpro.proxy.host - ""
patchpro.proxy.passwd **** ****
patchpro.proxy.port - 8080
patchpro.proxy.user - ""
patchpro.sun.passwd **** ****
patchpro.sun.user - ""
Lists the configuration settings for the system.
Example 9: Listing One or More Configuration Parameter
Values
# smpatch get -L patchpro.patch.source patchpro.download.directory
https://updateserver.sun.com/solaris/
/var/sadm/spool
Uses smpatch in local mode to list the values of the
patchpro.patch.source and the patchpro.download.directory
parameters.
Example 10: Reordering a List of Patches
# smpatch order -x idlist=/tmp/plist
Reorders the patch list called /tmp/plist in an order that
is suitable for applying the patches.
Example 11: Removing a Patch
# smpatch remove -i 102893-01
Removes patch 102893-01.
Example 12: Specifying the Patch Policy
# smpatch set \
patchpro.install.types=standard:singleuser:reconfigafter:rebootafter
Specifies the patch policy for your system. The following
types of patches are allowed to be applied to your system:
o Standard patches
o Patches that must be applied in single-user mode
o Patches that require that the system undergo a recon-
figuration reboot after they have been applied
o Patches that require that the system undergo a reboot
after they have been applied
Example 13: Changing the Download Directory Location
# smpatch set patchpro.download.directory=/export/home/patches
Example 14: Configuring Your System to Obtain Contract
Patches
# smpatch set patchpro.sun.user=myuser \
patchpro.sun.passwd=mypasswd
Permits you to obtain the contract patches as myuser.
Example 15: Specifying a Local Web Proxy
# smpatch set patchpro.proxy.host=webaccess.corp.net.com \
patchpro.proxy.port=8080
Specifies the host name, webaccess.corp.net.com, and port,
8080, of the local web proxy.
Example 16: Resetting a Configuration Parameter Value
# smpatch unset patchpro.patch.source
Resets the value of the patchpro.patch.source parameter to
its default value, which is the URL that points to the Sun
patch server.
Example 17: Updating Your System
# smpatch update -L
Analyzes your local system, determines the appropriate
patches, downloads those patches to the download directory,
and applies those patches.
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environ-
ment variable, which affects the execution of the smpatch
command. The default value of this variable is /usr/java.
See the smc(1M) man page.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 Invalid command syntax. A usage message displays.
2 An error occurred while executing the command. An
error message displays.
ATTRIBUTES
See the attributes(5) man page for descriptions of the fol-
lowing attributes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmga |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
boot(1M), patchadd(1M), patchrm(1M), patchsvr(1M), smc(1M),
attributes(5), environ(5)
Solaris Administration Guide: Basic Administration
Man(1) output converted with
man2html