--
-Gary Mills- -Unix Support- -U of M Academic Computing and Networking-
The results of running smpatch appears to depend on the phase of the moon,
the local barometric pressure, and the angle of your left arm with the
horizon.
Wait a while, it will be doing something different.
Why Sun ever released this sorry piece of crap is beyond me.
--
Jim Pennino
Remove .spam.sux to reply.
"Failure: Cannot connect to retrieve detectors: Server returned HTTP
response code: 403 for URL: https://getupdates.sun.com/solaris/"
Does a patch installed by smpatch break smpatch? How do I get Solaris to
scan for and install patches again?
-Yves
<ji...@specsol.spam.sux.com> wrote in message
news:dch2ps$59n$1...@mail.specsol.com...
It looks like patch 119107-03 adds the "Sun Update Connection Client,"
which changes the outbound site you connect to (getupdates.sun.com
versus updateserver.sun.com), and adjusts several additional properties
(comapare `smpatch get` between a new build and a freshly patched
system). The URI smpatch now uses to grab updates doesn't exist on
getupdates.sun.com, which seems to be the heart of the problem. I really
wish Sun would provide recommended patch bundles. The smpatch
infrastructure seems very very brittle, and breaks rather often
(especially when large scale changes like these are made!)! Recommended
bundles seem like the way to go IMHO!
Hahahaha ... amazingly, yum and up2date seem to work significantly
better than smpatch. Maybe Sun should look into using a third party
update system, and distributing signed patches through a set of global
mirrors. This has worked out really well for the Fedora project.
Aye, on the x86 systems the patch number varies but the results remain
the same. I have to admit that this approach makes me wonder about the
way this is headed. My x86 server utilizes zones, Sun clearly states in
their documentation *not* to use the Update Connection client if you're
using zones, and adds that the current version is a mere preview. The
final release will support zones.
So why am I now greeted with:
magi:/home/peter $ pfexec smpatch update
This operation is not supported by this application for systems with
local zones.
Is it safe for me to conclude that Sun releases preview versions in
their update patches ? This isn't exactly what I had in mind for a
server which is used for production; one of the main reasons I dumped
Linux was for reasons like this.
However, I can still backout of this patch if I want to. First I'm going
to take a look at the X client of the update client to see how well it
behaves.
--
Groetjes, Peter
.\\ PGP/GPG key: http://www.catslair.org/pubkey.asc
>All I get since the last time I ran "smpatch update" (i.e., this happened
>right after I installed some patches and wanted to install more patches
>because some of those reported with "smpatch analyze" were not downloaded)
>is:
>"Failure: Cannot connect to retrieve detectors: Server returned HTTP
>response code: 403 for URL: https://getupdates.sun.com/solaris/"
>Does a patch installed by smpatch break smpatch? How do I get Solaris to
>scan for and install patches again?
Unfortunately, a patch installed by smpatch makes it so that you first
need to run "updatemanager" and register.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.
The last update I saw from Sun Services (the people who run SunSolve
and produce the patch bundles) is that they are working on getting them
ready for Solaris 10. They had to do a bit of work on the install
scripts to make them work with zones among other things.
--
________________________________________________________________________
Alan Coopersmith * al...@alum.calberkeley.org * Alan.Coo...@Sun.COM
http://www.csua.berkeley.edu/~alanc/ * http://blogs.sun.com/alanc/
Working for, but definitely not speaking for, Sun Microsystems, Inc.
>So why am I now greeted with:
>magi:/home/peter $ pfexec smpatch update
>This operation is not supported by this application for systems with
>local zones.
There is serious concern within Sun also about this roll-out;
the security folks believe that the security patches should remain
available for free as in "free, anonymous, no registration required".
Let's say that we're working the issue; and certainly the fact that:
- per system registration using a GUI required
- no zone support
- various other serious bugs
should have been sufficient to prevent the roll-out of this
software.
Let's say that it's not just upsetting to our customers.
*applaud to that*
> Let's say that we're working the issue; and certainly the fact that:
> - per system registration using a GUI required
> - no zone support
> - various other serious bugs
>
> should have been sufficient to prevent the roll-out of this
> software.
Has the fact that updatemanager is not role-aware been noted?
It asks specifically for root. I've got a patching role which works very well
with smpatch (even the Update Connection version), using Solaris'
solaris.admin.patchmgr.* authorization.
> Let's say that it's not just upsetting to our customers.
If anybody has trusted smpatch so far as doing an 'smpatch update'
automatically, it must have been quite a surprise...
Laurent
I think that right now, the solution is more along the line of:
rm /var/sadm/patch/119108-03/prebackout
smpatch remove -i 119108-03
There is one error message while doing the backout, but it didn't seem to be a
problem.
Laurent
They will be as far as I know.
> Let's say that it's not just upsetting to our customers.
Hmmm... at this moment I'd be happy to make this work again. As far as
I can see I went into a dead-end street (the only way to solve this is
with a patch, yet I need an update before I'm able to install a patch
again) which may give a lot of cluebies a wrong impression of what
Solaris is all about.
Still, it does give a perfect example as to why it is so important to
know what you're doing before really diving head first into Solaris.
Having just updated to the new shiny patch manager GUI I was immediately
struck by the fact that it was NOT a new smc facility but a standalone
application. Curious.
OTOH, as yet I'm not seeing any of the operating problems that others have
reported. The config windows could do with a review so that it's obvious to
users without support contracts how to get the free service. Think of it as
a marketing exercise.
--
Geoff Lane
I'm not a Windows user, consequently I'm not
afraid of receiving email from total strangers.
AFAICT, smc is EOL'd, or at least on life support. Barely.
Known bugs, like the one that prevent the use of extended passwords, have been
known for months (years? it was already in Solaris 9), and nothing is done. It's
hard to tout the security features of better encrypted passwords, and not fix
the «official» admin GUI.
They did not even bother to change the Solaris logo in it for Solaris 10.
Laurent
> Still, it does give a perfect example as to why it is so important to
> know what you're doing before really diving head first into Solaris.
IIRC, you used to hang out on #linux on undernet ages ago and little has
changed since. This is not only an advocacy group. Please keep your
evangalism to who asks for it. Your posts remind me of a blatant newbie
"I-just-installed-OpenBSD-so-I-know-everything" attitude often found on
misc@openbsd.
A lot here have been using Solaris longer than you were installing SuSE
on your ^boxen^.
-Bruno
It seems as if all patches (even non R/S Solaris 10 patches) are now
available from patches.sun.com again as they were before.
Thanks, mp.
--
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna
Good news: Solaris 10 recommended patch clusters are now on SunSolve.
Bad news: They appear to be contract-customers-only. (I don't know if
that's intentional or another SunSolve/patch glitch.)
It's deliberate. As per the policy for Solaris 10 patches, many of the
patches in the recommended cluster are NOT freely available patches.
Scott
Does updatemanager have any genuine utility?
.
Fortunately, that's wrong. I just downloaded all patches listed
in 10_Recommended.README (SPARC) without problems and no authentication
from patches.sun.com. Not that I'm complaining - that's how it
should be (and stay) anyway.
Looking at the Solaris 10/SPARC patch cluster, I see that e.g.
119063-01 (from May 2005, fixing buffer overflow in libXpm) and
119115-08 (fixing a huge number of security issues in the Sun
provided mozilla) are missing. Is there a reason for that ?
Seems confusing and/or dangerous.
The missing desktop patches were an oversight that's being fixed.