Patch Check Advanced
Tags: SolarisI tried out the wizzy new Solaris patch GUI (updatemanager) a while back to see whether it was actually usable, and I had issues with it. First of all it was really, really, slow when it had to analyze the currently installed patches. Like it was so slow, you couldn’t tell whether it was hung or not. So today I figured I’d try out a perl script that I ran across called pca. It’s called Patch Check Advanced. Because it’s a relatively simple perl script, I think it will have a much better chance of running consistently on the Solaris 8, 9 and 10 boxes we have around here. I just installed Sun Studio 11 on my Sparc machine (running a fairly ancient Nevada build, 41). Of course, I didn’t have the patience to download a half a gigabyte over the internet, so I scrounged up a copy on our network and used that.
You can run pca as a non-root user to examine the current state of the machine, and then su to root and have it automatically update your Sun Studio installation. You can use it to list only the Sun Studio patches. It’s a little weird because the pca script lists patches by default, and it says that the “-l” option is the default. But I got a different list of patches between doing “pca” and doing “pca -l”. It turns out the x86 patches will be filtered out by “pca”, but won’t be filtered out by “pca -l”. So I selected the Sparc patches by using the patch description. It turns out that Sun Studio patches are now named consistently so SPARC patch start with “Sun Studio 11:” and x86 patches start with “Sun Studio 11_x86:” So to list all the latest Sun Studio patches on a Solaris machine, I used this command:
% pca -l '/Sun Studio 11:/' Download xref-file to /var/tmp/patchdiag.xref: done Using /var/tmp/patchdiag.xref from Nov/21/06 Host: steppe (SunOS 5.11/snv_41/sparc/sun4u) Patch IR CR RSB Age Synopsis ------ -- - -- --- --- ------------------------------------------------------- 120760 -- < 11 --- 6 Sun Studio 11: Compiler Common patch for Sun C C++ F77 F95 120761 -- < 02 --- 145 Sun Studio 11: Patch for Performance Analyzer Tools 121015 -- < 03 --- 14 Sun Studio 11: Patch for Sun C 5.8 compiler 121017 -- < 06 --- 14 Sun Studio 11: Patch for Sun C++ 5.8 compiler 121021 -- < 05 --- 36 Sun Studio 11: Patch for Fortran 95 Dynamic Libraries 121019 -- < 03 --- 71 Sun Studio 11: Patch for Fortran 95 8.2 Compiler 121023 -- < 03 --- 6 Sun Studio 11: Patch for Sun dbx 7.5 Debugger 121623 -- < 02 --- 145 Sun Studio 11: Patch for RHEL4 and SuSE9 Linux Performance Analyze 122135 -- < 02 --- 43 Sun Studio 11: Patch for Sun Performance Library 122142 -- < 02 --- 6 Sun Studio 11: Patch for dbx GUI plug-in and CPP modules
From this list you can see one Linux patch (which is just a freshened RPM, not really a “patch”). I don’t think the sunsolve patch index data has a field to identify non-Solaris patches. We should probably add that so that tools can skip such patches. You can see from “– < 11” part that pca is telling me I don’t have any patches installed and that hence my current revision level is less than (<) the revision available from sunsolve. Here is what it looked like after I updated:
bash # pca -l '/Sun Studio 11:/' Download xref-file to /var/tmp/patchdiag.xref: done Using /var/tmp/patchdiag.xref from Nov/21/06 Host: steppe (SunOS 5.11/snv_41/sparc/sun4u) Patch IR CR RSB Age Synopsis ------ -- - -- --- --- ------------------------------------------------------- 120760 11 = 11 --- 6 Sun Studio 11: Compiler Common patch for Sun C C++ F77 F95 120761 02 = 02 --- 145 Sun Studio 11: Patch for Performance Analyzer Tools 121015 03 = 03 --- 14 Sun Studio 11: Patch for Sun C 5.8 compiler 121017 06 = 06 --- 14 Sun Studio 11: Patch for Sun C++ 5.8 compiler 121019 03 = 03 --- 71 Sun Studio 11: Patch for Fortran 95 8.2 Compiler 121021 05 = 05 --- 36 Sun Studio 11: Patch for Fortran 95 Dynamic Libraries 121023 03 = 03 --- 6 Sun Studio 11: Patch for Sun dbx 7.5 Debugger 121623 -- < 02 --- 145 Sun Studio 11: Patch for RHEL4 and SuSE9 Linux Performance Analyze 122135 02 = 02 --- 43 Sun Studio 11: Patch for Sun Performance Library 122142 02 = 02 --- 6 Sun Studio 11: Patch for dbx GUI plug-in and CPP modules
As you can see, the Linux patch didn’t get installed, but it’s still listed.
To update my Sun Studio installation, I used this command:
# pca -G -i '/Sun Studio 11:/'
Don’t forget to add the -G option on Solaris 10. This just passes -G to the patchadd command happening under the covers. It’s necessary with Sun Studio patches on Solaris 10 because of a bug relating to zones. I thought I would have to configure my sunsolve name/password in there somewhere, but it seemed to work anyway. I’ve probably wired those settings into a config file someplace and forgot about them. I know I configured the updatemanager with that information, so maybe the pca script is using a Solaris utility that’s layered on top of some other utility that knows my name/password.
I’ve been thinking about the patch management issue for a while. As far as I’m concerned Linux has us totally beat in this area. The majority of software that’s “part” of a Linux system isn’t installed by default, and you just choose it from a GUI to download and install it. Updates are handled with the same infrastructure. On the other hand Solaris has all sorts of wonderful network based install/maintenance tools (Live Upgrade, etc) geared towards enterprise users. Those things have absolutely no bearing on my life whatsoever. I need something trivial and ubiquitous and point-and-shoot.
Aside: Computer companies have always gone out of business from the bottom up. I hope Sun doesn’t use all our wonderful Enterprise features as an excuse to ignore the desktop and small-business users of the world. The mainframe computer companies in the 80’s had their users taken away by PC’s that were “good enough” for small Mom and Pop businesses. Of course, when Mom and Pop want to upgrade, they would naturally request new features from the PC vendor, instead of hiring an IT consultant and “going enterprise”. It’s sort of like that picture of a fish eating a littler fish, and simultaneously being eaten by a bigger fish, only the market is complex enough that it’s more like a circle. In the computer biz everyone frantically trys to out-innovate each other. As long as Sun’s chasing more than we’re being chased, I think we’re okay. (I don’t mean ‘chasing’ as in playing catch-up, I mean chasing, like trying to take someone else’s market away from them by building new stuff) Anway, I get worried whenever I see a company concentrating on “enterprise” customers and ignoring all the little guys who will become enterprise customers in 5 years time.
Large established companies that are willing to try a revolutionary new technology seem few and far between, if you’ve got hot new ideas to show around, you want to start with the hobbyists and the little guys out there. That’s the lesson I’ve learned from watching Linux.