I have written repeatedly about the problems with the Solaris patch tools, and decided to test out the pca utility after Chris and Frank recommended it so highly. Pca is not only an awesome patching tool, but it blows away everything that is currently offered by Sun (pca has yet to throw Java exceptions and die in mysterious ways). To see what I mean, all you need to do is run pca with the help option:
$ pca -h
Usage: bin/pca [OPTION] .. [OPERAND] ..
Operands:
patch group: missing, installed, all, unbundled, bad
Add r, s or rs at the end to list Recommended,
Security or Recommended/Security patches only.
patch ID: 123456, 123456-78
patch file: 123456-78.zip, 123456-78.tar.Z
file name: patchlist.txt
pattern: /dtmail/
Options:
-l List patches
-L List patches, produce HTML output
-d Download patches
-i Install patches
-I Pretend to install patches
-x Download patch cross-reference file
-y Do not check for updated patch cross-reference file
-X dir Set location of patches cross-reference file
-P dir Set patch download directory
-R dir Set alternative root directory
Install only patches which do not require a reboot-k Make patchadd not back up files to be patched
-G Make patchadd modify packages in the current zone only
-a Ask for SunSolve authentication data interactively
-H Don't display descriptive headers
-r id Display patch README
-f dir Read uname/showrev/pkginfo output from files in dir
-h Display this help
-V Display debug output
-v Display version information
Pca has several modes of operation. It can list patches that are outdated on your system, retrieve patches from Sunsolve, and most importantly it can be used to install individual patches and groups of patches on a server. To list patches that are available for a server, pca can be run with the “-l” option (or “-L” if you want HTML reports):
$ pca -l
Retrieving xref-file to /var/tmp/patchdiag.xref ... done
Using /var/tmp/patchdiag.xref from Jul/14/06
Host: neutron (SunOS 5.10/i386/i86pc)
Patch IR CR RSB Age Synopsis
------ -- - -- --- --- -------------------------------------------------------
117464 01 < 02 --- 2 SunOS 5.10_x86: passwdutil Patch
119131 21 < 22 R-- 4 SunOS 5.10_x86: Sun Fibre Channel Device Drivers
119214 07 < 09 RSB 2 NSS_NSPR_JSS 3.11.2_x86: NSPR 4.6.2 / NSS 3.11.2 / JSS 4.2.4
119471 05 < 06 --- 5 SunOS 5.10_x86: Sun Enterprise Network Array firmware and utilitie
119686 06 < 07 --- 2 SunOS 5.10_x86: lib/svc/bin/svc.startd Patch
120037 03 < 05 --- 2 SunOS 5.10_x86: libldap patch
120053 02 < 03 --- 2 SunOS 5.10_x86: pam library patch
120200 04 < 05 --- 3 SunOS 5.10_x86: sysidtool Patch
121003 02 < 03 --- 2 SunOS 5.10_x86: pax patch
121005 01 < 02 RS- 2 SunOS 5.10_x86: sh patch
121011 01 < 02 --- 2 SunOS 5.10_x86: rpc.metad patch
123327 -- < 01 --- 5 SunOS 5.10_x86: tail patch
123521 -- < 01 --- 2 SunOS 5.10_x86: dirname & basename patch
123525 -- < 01 --- 2 SunOS 5.10_x86: psrinfo patch
The first column lists the patchid, the second column lists the version of the patch installed, the fourth column lists the updated version of the patch that is available on Sunsolve, and the fifth column indicates if the patch addresses a security or reliability problem. To install patches with pca, you can run pca with the “-i” option to install all available patches, or you can install individual patches by passing the patchid(s) to “-i”:
$ pca -i 121005 119214
Retrieving xref-file to /var/tmp/patchdiag.xref ... done
Using /var/tmp/patchdiag.xref from Jul/14/06
Downloading patches to /home/matty
------------------------------------------------------------------------------
Retrieving 119214-09 (1/2) ... done
Retrieving 121005-02 (2/2) ... done
Summary: 2 total, 2 successful, 0 failed
Installing patches
------------------------------------------------------------------------------
Installing 119214-09 (1/2) ... done
Installing 121005-02 (2/2) ... done
Summary: 2 total, 2 successful, 0 skipped, 0 failed
This is a super useful piece of software, and I wish Sun would include something similar in Solaris (smpatch is not the answer!).