Checking for patch dependencies on Solaris 10 hosts

I’ve been debugging an odd issue with an 8 link (nxge interfaces) aggregation on a Solaris 10 host. When this issue rears its ugly head, one or more of the interfaces in the aggregation go offline. I’m still trying to track down if this is a Cisco or a Solaris issue, and have been patching the server to make sure all of the drivers are current. When I applied the latest aggr and nxge patches, I noticed that these patches required four additional patches:

Required Patches: 127127-11 137137-09 139555-08 141444-09 (or greater)

To see if these patches were applied, I fired up my old friend awk:

$ showrev -p | nawk ‘$2 ~ /127127/ { print $2}’

$ showrev -p | nawk ‘$2 ~ /137137/ { print $2}’

$ showrev -p | nawk ‘$2 ~ /139555/ { print $2}’

$ showrev -p | nawk ‘$2 ~ /141444/ { print $2}’

All of the patches I needed were indeed applied, so I was able to apply the nxge and aggr patches without issue. For those that are interested, I learned that standalone interface patches are not included with the latest patch bundle. Driver patches are only included in the patch bundle when they are rolled into a kernel update. This was news to me.

Cleaning up failed package installations

While attempting to install a Sun package this week, I encountered the following error:

$ pkgadd -d . MYpackage

## Waiting for up to <300> seconds for package administration commands to become available (another user is administering packages on zone <zoneA>)


1 package was not processed!

After a bit of truss’ing, I noticed that the pkgadd commands were checking for the existence of files with the name<DYNAMICALLY_GENERATED_STRING> in /tmp. Based on a cursory inspection of the package utility source code, it appears these files are used as lock files to prevent multiple package commands from running at the same time. Since this was the only package installation running on the system, I logged into the zone and removed the stale lock file:

$ zlogin zoneA

$ rm /tmp/

Once I removed this file, the package installed like a champ! Nice!

Locating files on Solaris servers with pkgchk

Most Linux and BSD distributions ship with the locate utility, which allows you to quickly find files on a system:

$ locate pvcreate

While not quite as thorough as locate, the Solaris pkgchk utility has a “-P” option that provides similar capabilities:

$ pkgchk -l -P metastat | grep Pathname
Pathname: /sbin/metastat
Pathname: /usr/sbin/metastat
Pathname: /usr/share/man/man1m/metastat.1m


Figuring out which package a Solaris utility belongs to

While reading through some old notes this weekend, I came across a page I created eons ago about managing Solaris packages. If you want to find out the file modes, the user and group ownership and the package a file belongs to, you can run the pkgchk utility with the “-l” and “-p” options and the name of a file to check:

$ pkgchk -l -p /usr/sfw/bin/snmpget

Pathname: /usr/sfw/bin/snmpget
Type: regular file
Expected mode: 0755
Expected owner: root
Expected group: bin
Expected file size (bytes): 20372
Expected sum(1) of contents: 48443
Expected last modification: Sep 20 17:41:36 2007
Referenced by the following packages:
Current status: installed

Pkgchk is a nifty utility!

Getting patches to install on Solaris 10 systems

There have been a number of threads in zones-discuss relating to Solaris 10 patching. Most of the feedback came from folks who ran into issues related to delayed activation patching, or patching zones that run on ZFS file system. Running zones on ZFS file systems is not currently supported by Sun, but it appears installing the latest version of 119254 or 119255 will help address a number of issues related to running zones on ZFS file systems. I am posting this here for future reference, and in an effort to help others who may be stumbling into issues applying patches to their Solaris 10 hosts.