I like to keep my Solaris systems up to date with the the latest Operating System and application patches, and try to patch my systems monthly if time permits. If I am patching a production system, I always use recommend patch bundles that have been tested in a non-production environment. If I am patching QE or development machines, I like to use the automated patch features built into the Solaris smpatch(1m) utility. This makes patching a breeze, and ensures that all relevant patches are applied to the server.
While performing a routine patch update with smpatch(1m) this weekend, I encountered the following error message:
$ smpatch update -L
This operation is not supported by this application for systems with
local zones.
I have used smpatch(1m) numerous times, and have never encountered this specific error. This led me to believe that new functionality was recently added, or a bug had been introduced during the last patch update. A quick check of Sunsolve verified that this error was due to a bug in smpatch(1m), and the bug report indicated that a patch was not available. As with any software fix, it could take a while to produce a patch for this issue, so I decided to create a work-around in the interm.
The first step in my work-around uses the ‘smpatch analyze’ output to get the list of patches to apply:
$ smpatch analyze | awk '{print 1}' |more
119828-03
118890-01
119580-01
120844-01
119573-01
118371-04
[ ..... ]
The analyze operation will check the current patch levels against a master database at getupdates.sun.com. If smpatch(1m) determines that a patch is out of date, it will be displayed in the output. Each patch identifer produced by the analyze option can be downloaded to the local disk drive with smpatch(1m)‘s download option. Smpatch(1m) will place the downloaded files in “/var/sadm/spoolâ€? by default, but allows you to change this default behavior with the “-dâ€? (directory location to store files) option:
$ smpatch download -d /var/tmp -i 119145-05
com.sun.patchpro.util.Percentage@8ddb93
119145-05 has been validated.
This example uses smpatch(1m)‘s “-i” (patch identifier) option to download one of the patches produced by the analyze operation. If you would prefer to download all of the patches that are produced during the analyze operation, you can pass a file with a list of patch identifiers to smpatch(1m)‘s “-x” (list of patches to download) option:
$ smpatch download -d /var/tmp -x idlist=/var/tmp/patch.list
Once the patch(es) finish downloading, the unzip(1) utility can be used to uncompress and extract the archive:
$ cd /var/tmp && unzip -q /var/tmp/119145-05.jar
Once unzip(1) finishes extracting the archive, the patchadd(1m) utility can be used to apply the patch:
$ patchadd 119145-05
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for installation.
Done!
Approved patches will be installed in this order:
119145-05
Preparing checklist for local zone check...
Checking local zones...
Booting local zone oracle for patch check...
## waiting for zone <oracle> to enter single user mode...
## waiting for zone <oracle> to enter single user mode...
## waiting for zone <oracle> to enter single user mode...
## waiting for zone <oracle> to enter single user mode...
Restoring state for local zone oracle...
Booting local zone build for patch check...
## waiting for zone <build> to enter single user mode...
## waiting for zone <build> to enter single user mode...
## waiting for zone <build> to enter single user mode...
## waiting for zone <build> to enter single user mode...
Restoring state for local zone build...
This patch passes the local zone check.
119145-05
Summary for zones:
Zone oracle
Rejected patches:
None.
Patches that passed the dependency check:
119145-05
Zone build
Rejected patches:
None.
Patches that passed the dependency check:
119145-05
Zone irc
Rejected patches:
None.
Patches that passed the dependency check:
119145-05
Patching global zone
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 119145-05 has been successfully installed.
See /var/sadm/patch/119145-05/log for details
Patch packages installed:
SUNWadmc
Done!
Patching local zones...
Patching zone oracle
Booting local zone oracle for patching...
## waiting for zone <oracle> to enter single user mode...
## waiting for zone <oracle> to enter single user mode...
## waiting for zone <oracle> to enter single user mode...
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 119145-05 has been successfully installed.
See /var/sadm/patch/119145-05/log for details
Patch packages installed:
SUNWadmc
Done!
Restoring state for local zone oracle...
Patching zone build
Booting local zone build for patching...
## waiting for zone <build> to enter single user mode...
## waiting for zone <build> to enter single user mode...
## waiting for zone <build> to enter single user mode...
Adding patches...
Checking installed patches...
Verifying sufficient filesystem capacity (dry run method)...
Installing patch packages...
Patch 119145-05 has been successfully installed.
See /var/sadm/patch/119145-05/log for details
Patch packages installed:
SUNWadmc
Done!
Restoring state for local zone build...
Once the patch installation process completes, you can remove the patch and META-INF files in the work directory:
$ rm -rf /var/tmp/119145-05.jar /var/tmp/119145-05 /var/tmp/META-INF
I am not real sure how long smpatch(1m) will be broken, so I created autopatch to ease the patch process in the interm. Please review the script and test it in a non-production environment prior to use. If you run into any issues with autopatch, post a comment to let me know what issues you encountered (I have used it on several systems, and have yet to encounter any issues).