Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Partly installed patches

35 views
Skip to first unread message

Martin Paul

unread,
May 4, 2006, 9:03:19 AM5/4/06
to
The patch system in Solaris has an inherent deficiency. If packages are
added to a Solaris installation after patches have been installed, files
in this new package may be left unpatched. There's no easy way to find
out whether a system is affected with any system command.

I'm attaching a script which identifies these issues. I'd be interested
in the results on other systems. If it comes up empty, everything is fine.
If it shows lines like "Package SUNWjfbw is missing 114555-31" then you
might want to re-install the named patch. Please report your findings
here or by e-mail. If needed, I'll add the functionality to detect those
partly installed patches to pca.

Here's the script:

#!/bin/sh
#
# pip - shows partly installed patches on Solaris. Run as root.

arch=`arch -k | sed 's/sun4//'`

for patch in `ls /var/sadm/patch`
do
if test ! -r /var/sadm/patch/$patch/log
then
echo "Can't open /var/sadm/patch/$patch/log. Run as root."
exit 1
fi
pkgs=`grep '^PKG=' /var/sadm/patch/$patch/log | sed 's/PKG=\(.*\)/\1/'`
for pkg in $pkgs
do
t=`echo $pkg | grep "\."`
if test "$t" != ""
then
t=`echo $pkg | cut -d. -f2`
test "$t" != "$arch" && continue
fi
test -d /var/sadm/pkg/$pkg || continue
t=`grep PATCH_INFO_$i=Installed /var/sadm/pkg/$pkg/pkginfo`
test "$t" = "" && echo "Package $pkg is missing $patch"
done
done

mp.
--
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna

Thomas Maier-Komor

unread,
May 4, 2006, 9:52:09 AM5/4/06
to
Martin Paul wrote:
> The patch system in Solaris has an inherent deficiency. If packages are
> added to a Solaris installation after patches have been installed, files
> in this new package may be left unpatched. There's no easy way to find
> out whether a system is affected with any system command.
>
> I'm attaching a script which identifies these issues. I'd be interested
> in the results on other systems. If it comes up empty, everything is fine.
> If it shows lines like "Package SUNWjfbw is missing 114555-31" then you
> might want to re-install the named patch. Please report your findings
> here or by e-mail. If needed, I'll add the functionality to detect those
> partly installed patches to pca.
>
> Here's the script:
[snip]
> mp.

Hi Martin,

on three Solaris 10/sparc machines I get:
Package SUNWpsvrr is missing 119788-02
Package SUNWpsvru is missing 119788-02

one Solaris 10/x86 shows:
Package SUNWpsvrr is missing 119789-02
Package SUNWpsvru is missing 119789-02
Package SUNWcbreg is missing 120336-02
Package SUNWcupdatemgru is missing 120336-02
Package SUNWdbreg is missing 120336-02
Package SUNWdupdatemgru is missing 120336-02
Package SUNWebreg is missing 120336-02
Package SUNWeupdatemgru is missing 120336-02
Package SUNWfbreg is missing 120336-02
Package SUNWfupdatemgru is missing 120336-02
Package SUNWhbreg is missing 120336-02
Package SUNWhupdatemgru is missing 120336-02
Package SUNWibreg is missing 120336-02
Package SUNWiupdatemgru is missing 120336-02
Package SUNWjbreg is missing 120336-02
Package SUNWjupdatemgru is missing 120336-02
Package SUNWkbreg is missing 120336-02
Package SUNWkupdatemgru is missing 120336-02
Package SUNWsbreg is missing 120336-02
Package SUNWsupdatemgru is missing 120336-02

one Solaris 9/sparc machine doesn't list any errors.

Cheers,
Tom

Thomas Maier-Komor

unread,
May 4, 2006, 9:56:40 AM5/4/06
to
Thomas Maier-Komor wrote:
> Martin Paul wrote:
>> The patch system in Solaris has an inherent deficiency. If packages are
>> added to a Solaris installation after patches have been installed, files
>> in this new package may be left unpatched. There's no easy way to find
>> out whether a system is affected with any system command.
>>
>> I'm attaching a script which identifies these issues. I'd be interested
>> in the results on other systems. If it comes up empty, everything is fine.
>> If it shows lines like "Package SUNWjfbw is missing 114555-31" then you
>> might want to re-install the named patch. Please report your findings
>> here or by e-mail. If needed, I'll add the functionality to detect those
>> partly installed patches to pca.
>>
>> Here's the script:
> [snip]
>> mp.
>
> Hi Martin,
>
> on three Solaris 10/sparc machines I get:
> Package SUNWpsvrr is missing 119788-02
> Package SUNWpsvru is missing 119788-02
>

I just tried backing it out and reinstalling it. But I get:

Executing prebackout script...
This patch should not be removed.
It was used to install Sun Update connection.
If you still want to remove it, please remove:
/var/sadm/patch/119788-02/prebackout
prebackout script exited with return code 1.
Patchrm is exiting.

The infamous Update Connection doesn't really seem to like admins who do
work on their own. Any idea how to deal with this?

Tom

Martin Paul

unread,
May 4, 2006, 10:26:28 AM5/4/06
to
Thomas Maier-Komor <tho...@maier-komor.de> wrote:
>>
>> on three Solaris 10/sparc machines I get:
>> Package SUNWpsvrr is missing 119788-02
>> Package SUNWpsvru is missing 119788-02

That looks like a false error. Patches 119788/119789 add these packages,
but the patch id is not listed in the pkginfo files of the packages.
This confuses patchadd, too, which will happily re-install the patch.
Afterwards, the error from pip is gone, too. I don't think that it's
actually necessary to re-install the patch, though.

> The infamous Update Connection doesn't really seem to like admins who do
> work on their own. Any idea how to deal with this?

If the SUC warns you of doing something, I wouldn't do it. It often breaks
under normal usage anyway, so I wouldn't take any further risks :)

Thomas Maier-Komor

unread,
May 4, 2006, 10:49:56 AM5/4/06
to
Martin Paul wrote:
> Thomas Maier-Komor <tho...@maier-komor.de> wrote:
>>> on three Solaris 10/sparc machines I get:
>>> Package SUNWpsvrr is missing 119788-02
>>> Package SUNWpsvru is missing 119788-02
>
> That looks like a false error. Patches 119788/119789 add these packages,
> but the patch id is not listed in the pkginfo files of the packages.
> This confuses patchadd, too, which will happily re-install the patch.
> Afterwards, the error from pip is gone, too. I don't think that it's
> actually necessary to re-install the patch, though.
>

OK.

>> The infamous Update Connection doesn't really seem to like admins who do
>> work on their own. Any idea how to deal with this?
>
> If the SUC warns you of doing something, I wouldn't do it. It often breaks
> under normal usage anyway, so I wouldn't take any further risks :)
>

Me too. Especially if everything seems to be running fine...

Was there any specific patch or situation, which motivated you writing
this script? Are there any patches that are known to show the detected
symptoms and cause problems?

gerryt@

unread,
May 5, 2006, 12:55:12 AM5/5/06
to

Martin Paul wrote:
> The patch system in Solaris has an inherent deficiency. If packages are
> added to a Solaris installation after patches have been installed, files
> in this new package may be left unpatched. There's no easy way to find
> out whether a system is affected with any system command.
>
> I'm attaching a script which identifies these issues. I'd be interested
> in the results on other systems. If it comes up empty, everything is fine.
> If it shows lines like "Package SUNWjfbw is missing 114555-31" then you
> might want to re-install the named patch. Please report your findings
> here or by e-mail. If needed, I'll add the functionality to detect those
> partly installed patches to pca.

Quite a few packages claim to be missing 120335-02
according to pip on my Solaris 10 SPARC workstation.

One example - and there are many:
Package SUNWsupdatemgru is missing 120335-02

patchadd -p |grep 120335

Patch: 120335-02 Obsoletes: Requires: 119107-05 Incompatibles:
Packages: SUNWpprou
Patch: 120335-04 Obsoletes: Requires: 121453-01 Incompatibles:
Packages: SUNWpprou SUNWcbreg SUNWdbreg SUNWebreg SUNWfbreg SUNWhbreg
SUNWibreg SUNWjbreg SUNWkbreg SUNWsbreg SUNWcupdatemgru SUNWdupdatemgru
SUNWeupdatemgru SUNWfupdatemgru SUNWhupdatemgru SUNWiupdatemgru
SUNWjupdatemgru SUNWkupdatemgru SUNWsupdatemgru

Heres more:
Package SUNWglrt is missing 113886-34
Package SUNWgldoc is missing 113886-35

patchadd -p |grep 113886
Patch: 113886-27 Obsoletes: Requires: Incompatibles: Packages:
SUNWglrtu SUNWglsrz SUNWgldp SUNWglsr
Patch: 113886-32 Obsoletes: Requires: Incompatibles: Packages:
SUNWglrtu SUNWglsrz SUNWgldp SUNWglsr
Patch: 113886-34 Obsoletes: Requires: Incompatibles: Packages:
SUNWglrtu SUNWglsrz SUNWgldp SUNWglsr
Patch: 113886-35 Obsoletes: Requires: Incompatibles: Packages:
SUNWglrtu SUNWglsrz SUNWgldp SUNWglsr

So I have these latest patches installed in both cases but maybe "t" in
pip
isnt quite t yet ...?

Martin Paul

unread,
May 5, 2006, 3:17:25 AM5/5/06
to
Thomas Maier-Komor <tho...@maier-komor.de> wrote:
> Was there any specific patch or situation, which motivated you writing
> this script? Are there any patches that are known to show the detected
> symptoms and cause problems?

The one I hit was 114555 (XVR-600 and XVR-1200 patch for Solaris 9). With
Solaris 9 9/05, you get SUNWjfbmn installed with either the developer
or entire cluster. This package contains the man page for the driver,
while the driver itself is included in SUNWjfb*, which don't get installed
automatically if no such graphics adapter is present.

So 114555 will install nicely with just SUNWjfbmn installed, and when
later adding the other SUNWjfb* packages (because you added an XVR-600),
you must re-install patch 114555 to get the actual driver patched, too.

I don't know if this is more of an academic problem or a real-world
issue, that's why I came up with the script and asked here. I think
that it mainly affects machines which have been installed with one of
the smaller clusters (end user or minimal), patched, and had additional
packages added later (e.g. to add developer support).

I was reminded of the problem by a consultant who told me that customers
using pca asked for a feature to only install patches if *all* packages
listed in the patch are installed, as this would circumvent partly
installed patches (not a real solution, BTW, as probably no kernel patch
could be installed like that).

Martin Paul

unread,
May 5, 2006, 4:35:24 AM5/5/06
to
gerryt@ <ger...@vcn.bc.ca> wrote:
> Quite a few packages claim to be missing 120335-02
> according to pip on my Solaris 10 SPARC workstation.
>
> One example - and there are many:
> Package SUNWsupdatemgru is missing 120335-02

The SUC patches tend to bring in new packages instead of just patching
existing patches (just look at the README for 119107). pip is too
primitive to handle this correctly. Sorry if this causes confusion.

I still think that it was a bad decision to allow patches to install
new packages at all. Addition of new packages should be restricted
to (update) releases of Solaris.

> Heres more:


> Package SUNWgldoc is missing 113886-35

This might actually be one of the things that pip is supposed to detect.
Have you by chance added the opengl runtime to the system, then
installed 113886-35, and later added SUNWgldoc (which is a separate
download ?). It's not a real problem, as only doc files are affected.
Still, you'll have unpatched files on your systems although the latest
patch is installed.

Look at /usr/openwin/share/man/man3gl/glreadvideopixelssun.3gl and
/usr/openwin/share/src/GL/docs/SolImpPerfGuide1.3.pdf before and
after re-installing 113886-35 (patchadd 113886-35 is enough, it deals
with re-installs by itself).

0 new messages