smpatch broken again
Gary Mills
download' only downloads a few of them, saying `Patch does not exist.'
for the rest. Giving it a valid Sunsolve account and password does
not help. Has anyone figured out how to fix this one?
--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
ji...@specsol.spam.sux.com
The results of running smpatch appears to depend on the phase of the moon,
the local barometric pressure, and the angle of your left arm with the
horizon.
Wait a while, it will be doing something different.
Why Sun ever released this sorry piece of crap is beyond me.
--
Jim Pennino
Remove .spam.sux to reply.
Yves Konigshofer
right after I installed some patches and wanted to install more patches
because some of those reported with "smpatch analyze" were not downloaded)
is:
"Failure: Cannot connect to retrieve detectors: Server returned HTTP
response code: 403 for URL: https://getupdates.sun.com/solaris/"
Does a patch installed by smpatch break smpatch? How do I get Solaris to
scan for and install patches again?
-Yves
<ji...@specsol.spam.sux.com> wrote in message
news:dch2ps$59n$1...@mail.specsol.com...
Matty
It looks like patch 119107-03 adds the "Sun Update Connection Client,"
which changes the outbound site you connect to (getupdates.sun.com
versus updateserver.sun.com), and adjusts several additional properties
(comapare `smpatch get` between a new build and a freshly patched
system). The URI smpatch now uses to grab updates doesn't exist on
getupdates.sun.com, which seems to be the heart of the problem. I really
wish Sun would provide recommended patch bundles. The smpatch
infrastructure seems very very brittle, and breaks rather often
(especially when large scale changes like these are made!)! Recommended
bundles seem like the way to go IMHO!
Matty
> Gary Mills <mi...@mira.cc.umanitoba.ca> wrote:
>
>>Today, `smpatch analyze' lists a whole bunch of patches, but `smpatch
>>download' only downloads a few of them, saying `Patch does not exist.'
>>for the rest. Giving it a valid Sunsolve account and password does
>>not help. Has anyone figured out how to fix this one?
>
>
>
>>--
>>-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
>
>
> The results of running smpatch appears to depend on the phase of the moon,
> the local barometric pressure, and the angle of your left arm with the
> horizon.
Hahahaha ... amazingly, yum and up2date seem to work significantly
better than smpatch. Maybe Sun should look into using a third party
update system, and distributing signed patches through a set of global
mirrors. This has worked out really well for the Fedora project.
Lion-O
> which changes the outbound site you connect to (getupdates.sun.com
> versus updateserver.sun.com), and adjusts several additional
> properties (comapare `smpatch get` between a new build and a freshly
> patched system).
Aye, on the x86 systems the patch number varies but the results remain
the same. I have to admit that this approach makes me wonder about the
way this is headed. My x86 server utilizes zones, Sun clearly states in
their documentation *not* to use the Update Connection client if you're
using zones, and adds that the current version is a mere preview. The
final release will support zones.
So why am I now greeted with:
magi:/home/peter $ pfexec smpatch update
This operation is not supported by this application for systems with
local zones.
Is it safe for me to conclude that Sun releases preview versions in
their update patches ? This isn't exactly what I had in mind for a
server which is used for production; one of the main reasons I dumped
Linux was for reasons like this.
However, I can still backout of this patch if I want to. First I'm going
to take a look at the X client of the update client to see how well it
behaves.
--
Groetjes, Peter
.\\ PGP/GPG key: http://www.catslair.org/pubkey.asc
Casper H.S. Dik
>All I get since the last time I ran "smpatch update" (i.e., this happened
>right after I installed some patches and wanted to install more patches
>because some of those reported with "smpatch analyze" were not downloaded)
>is:
>"Failure: Cannot connect to retrieve detectors: Server returned HTTP
>response code: 403 for URL: https://getupdates.sun.com/solaris/"
>Does a patch installed by smpatch break smpatch? How do I get Solaris to
>scan for and install patches again?
Unfortunately, a patch installed by smpatch makes it so that you first
need to run "updatemanager" and register.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
Alan Coopersmith
|I really wish Sun would provide recommended patch bundles. The smpatch
|infrastructure seems very very brittle, and breaks rather often
|(especially when large scale changes like these are made!)! Recommended
|bundles seem like the way to go IMHO!
The last update I saw from Sun Services (the people who run SunSolve
and produce the patch bundles) is that they are working on getting them
ready for Solaris 10. They had to do a bit of work on the install
scripts to make them work with zones among other things.
--
________________________________________________________________________
Alan Coopersmith * al...@alum.calberkeley.org * Alan.Coo...@Sun.COM
http://www.csua.berkeley.edu/~alanc/ * http://blogs.sun.com/alanc/
Working for, but definitely not speaking for, Sun Microsystems, Inc.
Casper H.S. Dik
>So why am I now greeted with:
>magi:/home/peter $ pfexec smpatch update
>This operation is not supported by this application for systems with
>local zones.
There is serious concern within Sun also about this roll-out;
the security folks believe that the security patches should remain
available for free as in "free, anonymous, no registration required".
Let's say that we're working the issue; and certainly the fact that:
- per system registration using a GUI required
- no zone support
- various other serious bugs
should have been sufficient to prevent the roll-out of this
software.
Let's say that it's not just upsetting to our customers.
Laurent Blume
> There is serious concern within Sun also about this roll-out;
> the security folks believe that the security patches should remain
> available for free as in "free, anonymous, no registration required".
*applaud to that*
> Let's say that we're working the issue; and certainly the fact that:
> - per system registration using a GUI required
> - no zone support
> - various other serious bugs
>
> should have been sufficient to prevent the roll-out of this
> software.
Has the fact that updatemanager is not role-aware been noted?
It asks specifically for root. I've got a patching role which works very well
with smpatch (even the Update Connection version), using Solaris'
solaris.admin.patchmgr.* authorization.
> Let's say that it's not just upsetting to our customers.
If anybody has trusted smpatch so far as doing an 'smpatch update'
automatically, it must have been quite a surprise...
Laurent
Laurent Blume
> Unfortunately, a patch installed by smpatch makes it so that you first
> need to run "updatemanager" and register.
I think that right now, the solution is more along the line of:
rm /var/sadm/patch/119108-03/prebackout
smpatch remove -i 119108-03
There is one error message while doing the backout, but it didn't seem to be a
problem.
Laurent
Lion-O
>>This operation is not supported by this application for systems with
>>local zones.
>
> There is serious concern within Sun also about this roll-out;
> the security folks believe that the security patches should remain
> available for free as in "free, anonymous, no registration required".
They will be as far as I know.
> Let's say that it's not just upsetting to our customers.
Hmmm... at this moment I'd be happy to make this work again. As far as
I can see I went into a dead-end street (the only way to solve this is
with a patch, yet I need an update before I'm able to install a patch
again) which may give a lot of cluebies a wrong impression of what
Solaris is all about.
Still, it does give a perfect example as to why it is so important to
know what you're doing before really diving head first into Solaris.
Geoff Lane
> Has the fact that updatemanager is not role-aware been noted?
Having just updated to the new shiny patch manager GUI I was immediately
struck by the fact that it was NOT a new smc facility but a standalone
application. Curious.
OTOH, as yet I'm not seeing any of the operating problems that others have
reported. The config windows could do with a review so that it's obvious to
users without support contracts how to get the free service. Think of it as
a marketing exercise.
--
Geoff Lane
I'm not a Windows user, consequently I'm not
afraid of receiving email from total strangers.
Laurent Blume
> Having just updated to the new shiny patch manager GUI I was immediately
> struck by the fact that it was NOT a new smc facility but a standalone
> application. Curious.
AFAICT, smc is EOL'd, or at least on life support. Barely.
Known bugs, like the one that prevent the use of extended passwords, have been
known for months (years? it was already in Solaris 9), and nothing is done. It's
hard to tout the security features of better encrypted passwords, and not fix
the «official» admin GUI.
They did not even bother to change the Solaris logo in it for Solaris 10.
Laurent
Bruno Delbono
> Still, it does give a perfect example as to why it is so important to
> know what you're doing before really diving head first into Solaris.
IIRC, you used to hang out on #linux on undernet ages ago and little has
changed since. This is not only an advocacy group. Please keep your
evangalism to who asks for it. Your posts remind me of a blatant newbie
"I-just-installed-OpenBSD-so-I-know-everything" attitude often found on
misc@openbsd.
A lot here have been using Solaris longer than you were installing SuSE
on your ^boxen^.
-Bruno
Martin Paul
> There is serious concern within Sun also about this roll-out;
> the security folks believe that the security patches should remain
> available for free as in "free, anonymous, no registration required".
It seems as if all patches (even non R/S Solaris 10 patches) are now
available from patches.sun.com again as they were before.
Thanks, mp.
--
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna
Alan Coopersmith
|Matty <mat...@daemons.net> writes in comp.unix.solaris:
||I really wish Sun would provide recommended patch bundles. The smpatch
||infrastructure seems very very brittle, and breaks rather often
||(especially when large scale changes like these are made!)! Recommended
||bundles seem like the way to go IMHO!
|
|The last update I saw from Sun Services (the people who run SunSolve
|and produce the patch bundles) is that they are working on getting them
|ready for Solaris 10. They had to do a bit of work on the install
|scripts to make them work with zones among other things.
Good news: Solaris 10 recommended patch clusters are now on SunSolve.
Bad news: They appear to be contract-customers-only. (I don't know if
that's intentional or another SunSolve/patch glitch.)
Scott Howard
> Good news: Solaris 10 recommended patch clusters are now on SunSolve.
>
> Bad news: They appear to be contract-customers-only. (I don't know if
> that's intentional or another SunSolve/patch glitch.)
It's deliberate. As per the policy for Solaris 10 patches, many of the
patches in the recommended cluster are NOT freely available patches.
Scott
greek_phi...@hotmail.com
Does updatemanager have any genuine utility?
.
Martin Paul
Fortunately, that's wrong. I just downloaded all patches listed
in 10_Recommended.README (SPARC) without problems and no authentication
from patches.sun.com. Not that I'm complaining - that's how it
should be (and stay) anyway.
Looking at the Solaris 10/SPARC patch cluster, I see that e.g.
119063-01 (from May 2005, fixing buffer overflow in libXpm) and
119115-08 (fixing a huge number of security issues in the Sun
provided mozilla) are missing. Is there a reason for that ?
Seems confusing and/or dangerous.
Alan Coopersmith
|Looking at the Solaris 10/SPARC patch cluster, I see that e.g.
|119063-01 (from May 2005, fixing buffer overflow in libXpm) and
|119115-08 (fixing a huge number of security issues in the Sun
|provided mozilla) are missing. Is there a reason for that ?
The missing desktop patches were an oversight that's being fixed.