Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Managing HP-UX Software With SD-UX: HP 9000 Computers > Chapter 8 Managing Patches

Patch Operations Summary
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This section summarizes how to use SD commands for patch management, including these activities:

  • Installation (command-line and interactive)

  • Copying

  • Listing

  • Removal

  • Rollback

  • Commit

  • Verification

  • Updating

Installing Patches

Installation of patch products follows the same rules as any other SD installation. The key difference is that patch filtering mechanisms let you select only the patches that meet specified criteria. Filtering mechanisms for patches are:

  • The category_tag attribute and corresponding category objects.

  • The patch_filter, patch_match_target, and autoselect_patches options.

When you install a patch, SD updates the applied_patches attribute of the fileset that has been patched and updates the INFO file information to include the patched file's attributes. Also (if the patch_save_files option is set to true), files to be altered by a patch are stored to the Installed Products Database (IPD).

When a patch is installed, by default it has the patch_state of applied. When the patch is committed (rollback files are removed) or it has been installed without saving rollback files, it has the state of committed. When the patch is superseded, the patch_state is set to superseded, and the superseded_by attribute is set to the software_specification of the superseding patch fileset.

Installing Patches in Same Session as Base Product

If you select a non-patch fileset for installation and patch filesets for that "base" fileset exist in the same source depot, all applicable patches are selected by default as long as the autoselect_patches option is set to its default value of "true." The following rules also apply:

  • Patch software selections are filtered as defined by the patch_filter option.

  • If more than one patch to a base fileset exists, patches to that fileset are examined to determine if any patches have been superseded by later versions. The "superseding" patch is installed and "superseded" patches are not selected.

  • You can also explicitly specify patches on the command line. See “Explicitly Specifying Patches” for more information.

Examples

The following examples demonstrate the use of patch options in command lines. Note that the autoselect_patches option defaults to "true".

The example below shows the default behavior for patch installation. All patches applying to the software being installed (in this case, X11) are selected by default:

swinstall -s sw_server X11

To select all applicable patches that include the category_tag "critical_patch" and install them along with the selected software:

swinstall -s sw_server \ -x patch_filter="*.*,c=critical_patch" X11

The following example installs a product and an explicitly defined patch.

swinstall -s sw_server \ -x autoselect_patches=false X11 PHSS-12345

Installing Patches After Base Product Installation

When you want to install patches after installation of the base product, you can select the patches explicitly or by matching the installed software using the patch_match_target option, which automatically determines the latest patches for a fileset.

Examples

To select all patches in the depot that correspond to currently installed software:

swinstall -s sw_server -x patch_match_target=true

To select all patches in the depot that correspond to currently installed software and that contain the category_tag "critical_patch":

swinstall -s sw_server -x patch_match_target=true \ -x patch_filter=" *.*,c=critical_patch"

Patch Filtering with Multiple Criteria

You can repeat a version qualifier (for "AND" criteria) and use the pipe symbol ("|") within qualifiers (for "OR" criteria). This is consistent with the current level-of-expression support in POSIX
standard software specifications.

Example

To install any patches that have the category_tag "critical" AND either the category_tag "test_level_4" OR the category_tag "hand_certified".

swinstall -s sw_server -x patch_match_target=true \ -x patch_filter="*.*,c=critical,\ c=test_level_4|hand_certified"

Explicitly Specifying Patches

You can explicitly specify and install a patch (without autoselection or matching the target) by specifying one or more software_specification operands.

Examples

To explicitly install a patch:

swinstall -x autoselect_patches=false PHCO_1234

CAUTION: Superseding patches will not override an explicit patch selection. Make sure that you do not select a patch that might later be superseded.
NOTE: Filtering does not apply to explicitly selected patches.

Patching Kernel and Library Files

To permit patching of kernel files or libraries (e.g. libc.a), SD uses an archive file type of "a". When loading a file of type "a", swinstall temporarily installs the .o file to the target path specified, integrates it into the archive specified by the archive_path attribute of the file, and then removes the .o file.

If patch rollback is enabled (see “Patch Removal, Rollback, and Committal”), the original .o file is automatically extracted first and saved so that it can be replaced. Disk Space Analysis is performed as needed to account for these operations.

Patch Load Order

If you install patch filesets and normal filesets in the same session, then each patch fileset is considered to have an "implied prerequisite" on the fileset that it is patching, with respect to ordering. In other words, a product containing the patch fileset is installed (or copied into serial distributions) after installation of the one or more products that contain the patch "ancestors".

If a base fileset has the is_kernel attribute set to "true," then the fileset patching it must also have the is_kernel attribute set to "true" to be installed in the kernel phase of the execution. Otherwise, the patch is installed along with other non-kernel filesets.

If a bundle contains both normal and patch filesets, the filesets are installed in their normal order except that any base fileset must be installed before its patch or patches.

Copying Patches

For copying patches, swcopy usage of the autoselect_patches, patch_filter, and patch_match_target options corresponds to the usage in swinstall.

Examples

The following example copies X11 software from the default depot and copies all patches for this software at the same time. (Note that autoselect_patches is "true" by default.)

swcopy X11 @ hostA:/tmp/sw

The following example copies all software from the default depot and copies (at the same time and from the same depot) a filtered set of patches (category_tag="critical_patch") for the base software being copied. (Note that autoselect_patches is "true" by default.)

swcopy -x patch_filter="*.*,c=critical_patch" \ \* @ hostB:/tmp/newdepot

To copy all patches for the base filesets that are already present in the target depot, starting from a depot that contains patch and non-patch software:

swcopy -x patch_match_target=true \ @ hostC:/var/spool/sw

To copy a filtered set of patches for the base filesets that are already present in the target depot, starting from a depot that contains patches and that may contain non-patch software:

swcopy -x patch_match_target=true \ -x patch_filter="*.*,c=critical_patch" \ \* @ hostD:/var/spool/sw/sample.depot

Interactive Patch Management

The swinstall and swcopy GUIs lets you perform interactive patch installation and copying. (See Chapter 2 “Installing and Copying Software ” for complete details on using the swinstall/swcopy GUIs.)

The Manage Patch Selection... option in the Actions menu opens the Manage Patch Selection dialog. This dialog lets you:

  • Select from a list of patches available to install.

  • Select filters for patches.

  • Set other patch options.

Figure 8-1 Manage Patch Selection Dialog

Manage Patch Selection Dialog

The main object list contains a read-only list of available patch categories. The list contains the name of the category and a short description. You can use the list as an aid to selecting and filtering patches.

The following options are also available:

  • Automatically select patches for software to be installed
    (selection box)

    Sets the autoselect_patches option. (Default is "true".) You can use the Filter field with this option to specify a filter for the selection process.

  • Automatically select patches for software installed on the target (selection box)

    Sets the patch_match_target option. (Default is "false".) You can use the Filter button/specification field with this option to specify a filter for the selection process.

  • Filter (button/specification field)

    This field sets patch_filter option by letting you specify a patch filter for the automatic patch selection process. Patches for software to be installed are automatically marked as you enter the analysis phase of installation. Only patches that match the filter criteria are marked.

    Clicking on the Filter button displays a list of example filters that you can select from. To change the filters in the list, see “Editing the Patch Filter List”.

You can also set Save Patch Files for Rollback in the Options menu. This sets the patch_save_files option. (The default is "true".)

“Default Options” in this chapter for more information on patch options.

NOTE: As with all system options, the patch management options revert to their default values at the next session unless you save and re-use the session information. See “Managing Sessions - The File Menu ” for more information.

Editing the Patch Filter List

To change the default list of patch filters displayed by the swinstall and swcopy GUI read a default list of patch filters that you can use as selection criteria for patch software. The list is stored in:

/var/adm/sw/defaults.patchfilters


The system-wide default list of patch filters.

$HOME/.swdefaults.patchfilters


The user-specific default list of patch filters.

The list of patch filters is enclosed in braces {} and separated by white space (blank, tab, or newline). For example:

swinstall.patch_filter_choices={
*.*,c=enhancement
*.*,c=critical
}
swcopy.patch_filter_choices={
*.*,c=halts_system
}

Listing Patches

Software objects with the is_patch attribute set to "true" have the built-in, reserved category of patch. This lets you list available patches and patches with a certain name.

For example, to list all products and bundles in a depot that have the is_patch attribute set to true:

swlist -d -l product -l bundle -a software_spec \ *,c=patch

PH003-23245,r=1.0,a=,v= PH056-45545,r=1.0,a=,v= X11,r=5.00.01,a=FLUX,v=FLB

SD automatically updates the fileset attribute applied_patches to include any applied patches (because it is in the patch fileset's ancestor list).This includes patches that may not share the same product tag as the base filesets (ancestors) that they patch.

For example, to show patches to X11 filesets:

swlist -l fileset -a applied_patches X11

X11.Libraries PH056-45545.PH056-45545,r=1.0,a=FLUX,v=FLB

You can list the products and filesets to which a patch applies by listing the ancestor attribute. Also, you can generate a list of patches that a given patch superseded by listing the supersedes attribute of the patch fileset.

NOTE: You can also list patches with the swlist GUI (invoked by swlist -i).

Listing Available Patch Categories

You can use the -l category specification to list the categories of available patches for patches that are defined with category objects.

Examples

To list the categories defined for patches in the depot mounted at /CD:

swlist -d -l category @ /CD

critical_patch 	Patches that fix system hangs or data corruption S747_upgrade 				Patches to upgrade to an S747\
security_patch		Patches affecting system security

To list a particular attribute of a category object identified by the tag critical_patch:

swlist -a description -l category critical_patch

Patch Removal, Rollback, and Committal

To permit future "rollback" of a patch, use the patch_save_files option. This option (set to true by default) automatically saves any files replaced by a patch. You can then restore the original files if you later decide to remove the patch.

For example,

swinstall -s sw_server -x patch_save_files=true

Rollback files are saved to the directory:

/var/adm/sw/save/product_name/fileset_name/path

where product_name refers to the name of the patch that was applied.

The following rules govern patch removal and rollback:

  • Removal of the "base" fileset of a patch fileset using swremove removes all patches to that fileset. For example, if swinstall overwrites a particular base fileset in an update operation, all patches for that base are removed.

  • Files saved for rollback are also removed when the base fileset to which they apply is updated or removed from the system.

  • Removal of a patch automatically rolls back the saved files, unless:

    • The patch_save_files option was set to "false" when the patches were installed.

    • The base fileset is also removed or updated.

    • The patch_commit option (which removes the rollback files) was run against the patch. (This option is discussed below.)

  • An installed patch that has been superseded may not be rolled back unless the "superseding" patch is also rolled back.

  • SD performs disk space analysis (DSA) on the save area in the same way it performs DSA on regular file locations.

To save disk space when you are certain a patch operates correctly, you may wish to commit the patch by removing the rollback files saved by the patch_save_files option.

To commit a patch, invoke swmodify on the patch with the -x patch_commit=true option. (The default value is false.)

For example, to commit the patch PHLK_1234 and remove its corresponding rollback files:

swmodify -x patch_commit=true PHLK_1234

Verifying Patches

The verify operation on a normal fileset checks that the latest files are properly installed: when installing a patch, the ancestor fileset is updated to have the correct attributes of the patched files.

SD verifies patch filesets by checking that files in a patch are still properly installed (or in the depot correctly).

Updating Patched Software

Installation of a new version of a base fileset results in removal of all filesets that patch the base fileset that you are replacing, along with any files saved for potential rollback.



Patch-Related Features
  		 


Packaging Patch Software  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997 Hewlett-Packard Development Company, L.P.