P. 1
HP-UX Patch Tutorial

HP-UX Patch Tutorial

|Views: 1.732|Likes:
Publicado porheinerhardt

More info:

Published by: heinerhardt on May 13, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less






  • Overview
  • Getting Help
  • Other Sources of Information
  • HP-UX Technical Documentation
  • HP Software Depot
  • Interex
  • HP-UX Administrators Mailing List
  • Other Web Resources
  • CHAPTER 2 Planning for Recovery
  • Recovery Planning and Patching
  • The Root Volume Group
  • Separating Volatile Data from Stable System Data
  • Preserving Configuration via NIS or DHCP
  • File System Guidelines
  • Ignite-UX
  • Plan for Reinstallation
  • Have a Wish List
  • CHAPTER 3 Acquiring Patches
  • The Patch Database
  • Searching for HP-UX Patches by Keywords
  • Searching by Patch IDs
  • Dependency Analysis and the Patch Database
  • HP Patch Bundles
  • Obtaining Patch Bundles from Software Depot
  • Support Plus Media
  • Custom Patch Manager
  • About CPM
  • Using CPM
  • Step 1: Collect Configuration Informations
  • Step 2: Perform Patch Analysis
  • Step 3: Conflict Analysis
  • Step 4: Package and Download Your Patches
  • Custom Patch Notification
  • The Fulfillment Server
  • Accessing the Fulfillment Server via ftp
  • Web Access to FFS
  • The FFS Directories
  • Downloading the patch
  • Patch Recommendation Ratings
  • About Patch Notes
  • Resolving Patch Conflicts
  • CHAPTER 4 Depot Management
  • Custom Depots
  • Benefits of Creating Depots
  • Types of Depots
  • HP-UX 10.X vs. 11.X Depots
  • Patch Depots
  • Periodic Patch Depot
  • Critical Fix Patch Depot
  • Patch Hubs
  • Creating a Patch Depot
  • Preparation Tasks
  • Copying Existing Depots
  • Combining Patch Depots
  • Removing Superseded Patches
  • Dependency Analysis for HP-UX 11.00
  • Depot Access
  • Dependency Analysis for HP-UX 11i
  • Depot Registration
  • Access Control Lists (swacls)
  • CHAPTER 5 Patch Installation
  • System Preparation
  • Back-ups Back-ups!
  • A Note on Change Management
  • System Activity
  • Patch Committal Prior to Depot Installation
  • Committed Patch Removal
  • Planning for System Reboot
  • When is a Reboot Needed?
  • Timing of the Reboot
  • Installation
  • Using the SD-UX Matching Operations
  • Installing to a Committed Patch State
  • Installing Support Plus Patch Bundles
  • Step 1: Mount the CD
  • Step 2: Check for Last-Minute Information
  • Step 3 (Optional): Set Up Sharing for Remote Systems
  • Step 4 (Optional): Set Up Hard Disk Access
  • Step 5: Install the Selected Bundles
  • Finishing Touches
  • Usage Tip
  • The swverify command
  • Checking the Logs
  • Appendix A Basic Patch Concepts
  • Patch Mechanics
  • Ancestors and Patches
  • Patch Supersession
  • Patch Rollback
  • Patch Commitment
  • Patch Dependencies
  • Dependency Types
  • Enforced Patch Dependencies
  • Viewing Dependency Information
  • The HP-UX Patch
  • Patch Status
  • The Critical Patch
  • Patch Identification
  • The Patch Shar File
  • Appendix B SD-UX Tools & Objects
  • The Basic SD-UX Object Types
  • The Fileset
  • The Product
  • The Bundle
  • The Depot
  • Patch Related Object Attributes
  • ancestor
  • applied_patches
  • applied_to
  • category_tag
  • is_patch
  • is_sparse
  • is_reboot
  • patch_state
  • readme
  • software_spec
  • state
  • supersedes
  • superseded_by
  • Introduction to the SD-UX Commands
  • The swinstall Command
  • Synopsis
  • Patch Related Command Line Arguments
  • Patch-Related Options
  • Examples
  • The swcopy Command
  • Patch Related Options
  • The swremove Command
  • The swlist Command
  • The swreg Command
  • The swmodify command
  • The swpackage command
  • The cleanup Command
  • The show_patches Command
  • Patch Related Command Line Argument:
  • Other Options and Aids to Using the SD-UX Commands
  • Software Specifications
  • Session Files
  • Setting Default Values for Command Options
  • Appendix C The Patch Text File

HP-UX Patch Management

A guide to patching HP-UX 11.X systems

5967-3578 June 2001 © 2001 Hewlett-Packard Company

The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty. A copy of the specific warranty terms applicable to your Hewlett-Packard product and replacement parts can be obtained from your local Sales and Service Office. Restricted Rights Legend. Use, duplication, or disclosure by the U.S. Government Department is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 for other agencies. HEWLETT-PACKARD COMPANY 3000 Hanover Street Palo Alto, California 94304 U.S.A. Copyright Notices. © 2001 Hewlett-Packard Company, all rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. Trademark Notices.
HP-UX is a registered trademark of the Hewlett-Packard Company. Motif, OSF/1, UNIX, the “X” device and The Open Group are registered trademarks of The Open Group in the US and other countries. Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Revision History.
January 2000, Preliminary Edition. December 2000, Edition 1, part no. B3782-90829. June 2001, Edition 1, new part number.

This guide’s printing date and part number indicate the current edition. The printing date changes when a new edition is printed. Minor corrections and updates incorporated at reprint do not cause the date to change. The part number changes when extensive technical changes are incorporated. New editions of this manual will incorporate all material updated since the previous edition. For the latest version, see the Patch Management sections of: http://docs.hp.com/os/11.00/ or http://docs.hp.com/os/11i/ For additional help with patching HP-UX systems, see: http://itrc.hp.com/ or http://software.hp.com/SUPPORT_PLUS/


Please direct comments regarding this guide to: Hewlett-Packard Company HP-UX Learning Products, MS 11 3404 East Harmony Road Fort Collins, Colorado, 80528-9599 You can also send your questions and comments to patchguide@hp.com. If appropriate, include page numbers and document revision with your comments.

HP-UX Patch Management



CHAPTER 1 Introduction 1 Overview 1 Getting Help 3 Other Sources of Information 3 HP-UX Technical Documentation 3 HP Software Depot 3 Interex 3 HP-UX Administrators Mailing List 4 Other Web Resources 4 CHAPTER 2 Planning for Recovery 5 Recovery Planning and Patching The Root Volume Group 5 5 Separating Volatile Data from Stable System Data 6 Preserving Configuration via NIS or DHCP 6 File System Guidelines 7 Ignite-UX 7 Plan for Reinstallation Have a Wish List 8 8 CHAPTER 3 Acquiring Patches 9 The Patch Database 10 Searching for HP-UX Patches by Keywords 11 Searching by Patch IDs 13 Dependency Analysis and the Patch Database 14 HP Patch Bundles 15 Obtaining Patch Bundles from Software Depot 15 Support Plus Media 15 Custom Patch Manager 18 About CPM 18 Using CPM 18 Step 1: Collect Configuration Informations 18 Step 2: Perform Patch Analysis 20 Step 3: Conflict Analysis 22 Step 4: Package and Download Your Patches 23 Custom Patch Notification 23 The Fulfillment Server 25 Accessing the Fulfillment Server via ftp 25 Web Access to FFS 25 The FFS Directories 27 Downloading the patch 27 Patch Recommendation Ratings About Patch Notes 29 Resolving Patch Conflicts 30 28 HP-UX Patch Management 5 .

X Depots 32 Patch Depots 32 Periodic Patch Depot 32 Critical Fix Patch Depot 32 Patch Hubs 33 Creating a Patch Depot 34 Preparation Tasks 34 Copying Existing Depots 34 Combining Patch Depots 34 Removing Superseded Patches 35 Dependency Analysis for HP-UX 11.X vs. 11.00 35 Dependency Analysis for HP-UX 11i 36 Depot Access 36 36 Depot Registration 36 Access Control Lists (swacls) CHAPTER 5 Patch Installation System Preparation 37 37 Back-ups Back-ups! 37 A Note on Change Management 37 System Activity 38 Patch Committal Prior to Depot Installation 38 Committed Patch Removal 39 Planning for System Reboot When is a Reboot Needed? Timing of the Reboot 41 41 41 Installation 41 Using the SD-UX Matching Operations 41 Installing to a Committed Patch State 43 Installing Support Plus Patch Bundles 43 Step 1: Mount the CD 43 Step 2: Check for Last-Minute Information 43 Step 3 (Optional): Set Up Sharing for Remote Systems Step 4 (Optional): Set Up Hard Disk Access 44 Step 5: Install the Selected Bundles 45 Usage Tip 46 44 Finishing Touches 46 The swverify command 46 Checking the Logs 46 6 .CHAPTER 4 Depot Management 31 Custom Depots 31 Benefits of Creating Depots 31 Types of Depots 32 HP-UX 10.

Appendix A Basic Patch Concepts 47 Patch Mechanics 47 Ancestors and Patches 47 Patch Supersession 48 Patch Rollback 48 Patch Commitment 49 Patch Dependencies 49 Dependency Types 50 Enforced Patch Dependencies 50 Viewing Dependency Information 51 The HP-UX Patch 51 Patch Status 51 The Critical Patch 52 Patch Identification 52 The Patch Shar File 53 Appendix B SD-UX Tools & Objects The Basic SD-UX Object Types 55 The Fileset 55 The Product 56 The Bundle 56 The Depot 56 55 Patch Related Object Attributes 56 ancestor 56 applied_patches 56 applied_to 56 category_tag 57 is_patch 57 is_sparse 57 is_reboot 57 patch_state 57 readme 58 software_spec 58 state 58 supersedes 58 superseded_by 58 Introduction to the SD-UX Commands The swinstall Command 59 59 Synopsis 59 Patch Related Command Line Arguments 59 Patch-Related Options 60 Examples 62 The swcopy Command 62 62 Synopsis 62 Patch Related Command Line Arguments Patch Related Options 63 Examples 64 The swremove Command 64 Synopsis 64 Patch Related Command Line Arguments 65 HP-UX Patch Management 7 .

Patch Related Options 65 Examples 66 The swlist Command 66 66 Synopsis 66 Patch Related Command Line Arguments Patch Related Options 68 Examples 68 The swreg Command 69 69 Synopsis 69 Patch Related Command Line Arguments Patch Related Options 69 Examples 69 The swmodify command 69 70 Synopsis 69 Patch Related Command Line Arguments Patch Related Options 70 Examples 70 The swpackage command 71 Synopsis 71 Patch Related Command Line Arguments 71 Patch Related Options 71 Examples 72 The cleanup Command 72 Synopsis 72 Patch Related Command Line Arguments 72 The show_patches Command 72 72 Synopsis 72 Patch Related Command Line Argument: Other Options and Aids to Using the SD-UX Commands Software Specifications 73 Session Files 73 Setting Default Values for Command Options 74 73 Appendix C The Patch Text File 75 8 .

Some sources may require certain levels of support while others are free.11. This chapter discusses the basic requirements and some options for system recovery. The current set of chapters and appendices are: • Chapter 2: Planning for Recovery The first rule of system management should be to expect the best. • Chapter 3: Acquiring Patches Patches are available from a wide variety of sources. The chapters provide information regarding the steps required to create and use patch depots. while supporting information is provided in the appendices. The first 11i release was introduced in December of 2000.X patching. • Chapter 5: Patch Installation Once a depot has been created. Overview This document is built around the concept of the patch depot.CHAPTER 1 Introduction HP-UX system patching is one of the most confusing areas for new system administrators. The 11. and patch management has its own motivations and methods. HP-UX Patch Management 1 . This chapter describes an array of patch sources and how they may be used to acquire patches. Planning for recovery can create a virtual “Undo” button that allows a system to return to a previous state. While some documentation exists.X operating systems include 11. this is the tag that you will see whenever you access the online resources and the patch text files addressed in this document. Patch depots are a mechanism through which systems can be managed as groups rather than as individual systems. but by limiting risk it can also provide the confidence needed to support a proactive patching methodology. a patch depot should be created to use them efficiently. • Chapter 4: Depot Management However patches are acquired. This document is intended to pull together all the technical information required to understand HP-UX 11. the types of patch depots and their use are covered. its contents must be installed on the target systems. but plan for the worst. each with different abilities. it is usually found piecemeal in the back sections of various manuals. Patching has its own terminology and tools.00 and 11i. Not only does it protect systems from the unexpected. This chapter describes the recommended steps to execute and verify patch installation. In this chapter. This release has a uname -r value of 11.

you can enter any of these three items in this syntax: ls [-u | -x] Enter Text in this bold. • Appendix B: SD-UX Tools & Objects While Software Distributor (SD) has a wealth of documentation available. This appendix lists all of the fields within the . Typographical Conventions This guide uses the following typographical conventions: Boldface Computer User input Important concepts defined for the first time appear in boldface. Patches have a terminology and operations all their own. The vertical bar | separates syntax items in a list of choices. Computer font indicates literal items displayed by the computer. enter: cd Italics Manual titles. For example. sans-serif font denotes keyboard keys and on-screen menu items. the sections that are of specific interest to patching are not always readily apparent. A notation of Ctrl-Q indicates that you should hold the Ctrl key down and press Q. you would substitute an actual directory name for directory_name in this command: cd directory_name [ ] and | Brackets [] enclose optional items in command syntax. This appendix provides a basic understanding of patch concepts. but remains the core documentation of each patch. For example.text file with a brief description. • Appendix C: The Patch Text File The patch text file can be found in a variety of locations. computer text indicates literal items that you type. For example: To change to your account’s home directory. This appendix provides SD information related only to patching.Overview • Appendix A: Basic Patch Concepts Patches are different from other types of HP-UX software. variables in commands and emphasized words appear in italics. 2 Introduction . For example: file not found Bold.

interex. Information on particular hardware platforms.hp. and electronic patch management services. guides.hp.com This source provides online access to HP-UX manuals. HP Software Depot http://software.hp. and software products is available for browsing.com The HP Software Depot. which is not a part of HP. HP-UX Patch Management 3 . Review the main page (http://www. Interex.org/tech/9000/index. Design and Implementation—guidance to manage changes to your IT environment Other Sources of Information HP-UX Technical Documentation All HP-UX technical documentation is available at: http://docs. HP-UX releases. Interex http://www. software management.org) to learn about the benefits of membership. or purchase. many products (such as Ignite-UX and the Support Plus patch bundles) are free. download. known as Interex. and white papers. which provides a variety of HP-UX software. contact HP’s IT Resource Center (ITRC): http://itrc. is also noted for the yearly Interworks and HPWorld trade shows and for regional users groups.interex. maintains this list of technical resources for HP-UX systems. While some require purchase.html The International Association of Hewlett-Packard Computing Professionals.Getting Help Getting Help For technical support.com Use the ITRC to: • Quickly access customized support tools • Make informed decisions with proactive information • Access a rich knowledge database to quickly self-solve problems • Submit hardware and software calls online • Identify and download patches quickly and accurately • Get one-stop access to software updates for your entitlements • Take advantage of ITRC resources across the IT life-cycle: — Forums—a community where you can collaborate and tackle IT questions with peers — Training—including online seminars and self-paced web-based training — Planning.

nl/htbin/hpsysadmin Another resource outside of HP is the HP-UX Administrators Mailing List.hp. France. and the UK. Germany. South Africa.dutchworks.hp.com/hpux/os/11i/ • HP-UX 11i features and news: http://unix.edu/ or http://hpux.nl and include the following command in the body of the message: subscribe hpux-admin-digest See also the Software Archive and Porting Centre for HP-UX at this URL: http://hpux.com/SD_AT_HP/ • European information: http://itrc.X manuals and white papers: http://docs.0/ http://docs.com/SUPPORT_PLUS/ • Latest hardware support tools (diagnostics) information. To join the list itself. Italy.com/products/IUX/ • Software Distributor (SD): http://software.com/ Select the link to the European site.cs.hp. send email to majordomo@dutchworks.utah.hp.com/operating/ • Latest Ignite-UX information: http://software.Other Sources of Information HP-UX Administrators Mailing List http://www.com/hpux/os/11.hp. Japan.edu/ Mirrored sites are available for Canada.wisc. 4 Introduction . Other Web Resources Additional help with HP-UX patching and related resources is available on the Web: • Support Plus information: http://software.cae.com/hpux/diag/ • Latest HP-UX 11.hp.hp. This URL provides an interface to the list archives dating back to 1995.hp. Netherlands. including STM and EMS Hardware Monitors: http://docs.

• • • The Root Volume Group The Logical Volume Manager (LVM) lets you subdivide a single disk or treat a group of disks as a single unit. The documentation for each patch lists all of the defects or enhancements that the patch addresses. Use more than one recovery technique to protect yourself from events such as a bad tapes or network failures. selecting a recovery technique. Recovery Planning and Patching • Establish a recovery plan and do all necessary pre-work. The physical volumes in a volume group form a pool of disk space which may be allocated to one or more logical volumes. You can use any naming convention that you wish. You can weigh the known cost of returning to an original system state against the documented conditions of a patch. and so on. This includes setting up the root volume group. usually named vg00). Use patches as a form of proactive maintenance. planning for system re-installation. A prudent system administrator manages risk by planning for system recovery. and keeping a “wish list” of changes you want to make to a system when it is down. To enable the recovery options discussed in this chapter. but volume groups are usually named as follows: • /dev/vg00 • /dev/vg01 • /dev/vg02. A volume group is a group of one or more physical volumes or disks. and change carries potential risk. This chapter presents an overview of recovery planning and techniques. Proactive maintenance—fixing known problems before they appear on a system—can reduce the cost of a system failure.CHAPTER 2 Planning for Recovery A patch introduces change into a system. you must properly set up the volume group that contains the core system (also known as the root volume group. These concepts also apply to users of whole-disk HFS root disks. HP-UX Patch Management 5 .

Separating Volatile Data from Stable System Data You can preserve a known system state by creating an image of the root volume group. For example. These and related documents are available on http://docs. You can then return to that image after a failure. and other user and application data. vg00 is a special volume group known as the “root volume group” which typically contains the default boot disk and the majority of the HP-UX operating system.hp.com/ 6 Planning for Recovery . make sure you have some kind of alternate recovery methods. See also “File System Guidelines” on page 7 for more information TIP: Do not break these rules of data separation except to meet a specific need. An NIS master server holds master copies of the configuration files. can simplify restoration. Preserving Configuration via NIS or DHCP Network Information Services (NIS) and Dynamic Host Configuration Protocol (DHCP) let you maintain data off of your system. you must place some restrictions on the root volume group: • Limit the size of the root volume group — Reduces the size of recovery images — Reduces the cost of disk mirroring • Do not place volatile data on the root volume group — Avoids loss of data when you restore the root volume image — Saves an additional recovery step • Keep all system data within the root volume group — Avoids unexpected recovery problems. If you do break these rules. like /etc/passwd. /etc/hosts. or maps. The master server may distribute copies of the maps to NIS slave servers to provide load balancing and reliability. see the Ignite-UX Administration Guide and Installing and Administering Internet Services. To preserve the root volume group as a whole. You may have other volume groups on your system for applications. An NIS client gets configuration information from the master server or a slave server instead of from its local configuration files. Ignite-UX may not be able to save critical data if you have relocated parts of the directory structure. • For more information on NFS. This off-system storage of system information that changes frequently (such as networking configuration and password files). NIS allows centralized management of common configuration files. and /etc/services.The Root Volume Group By default. see Installing and Administering NFS Services • For more information on DHCP.

• /usr The /usr directory tree contains those elements of the Core System that support the post-boot system functionality. including: — make_tape_recovery(1M) — make_net_recovery(4) — Expert (manual) recovery procedure using Core media tools The Ignite-UX Administration Guide is also available on the Instant Information CD and at http://docs.) • /home This directory. (Ignite-UX will preserve these areas regardless of the parent volume group. They must exist completely within the root volume group. While not required to be included within the root volume group. Ignite-UX is available free of charge. • • • Chapter 2 tells you how to install and administer an Ignite-UX server. use these guidelines to organize your file system: • /. Chapter 11 tells you how to use the Ignite-UX system recovery tools. and /etc These directories contain the critical parts of the Core System required for booting. time can be saved by including all of the backup and recovery software (such as Omniback) within the system image.com HP-UX Patch Management 7 . • backup & recovery tool In the event that additional data will need to be restored from backup media. is expected to hold dynamic user data and should be isolated from both the root volume group and /usr. To download the latest version and to browse Ignite-UX documentation. recovery. go to http://software.Ignite-UX File System Guidelines To best support recovery. This is often accomplished via NIS and the NFS automounter. /sbin. Chapter 3 tells you how to use configuration files to set up system recovery information.hp. /stand.com/products/IUX The Ignite-UX Administration Guide provides complete information about using Ignite-UX. Ignite-UX HP’s Ignite-UX is a set of tools for system installation. (The Ignite-UX recovery tools will preserve the full contents of the volume group that includes the /usr directories. it should not be placed within a volume group that includes volatile data.) • /opt and /var Only certain parts of /opt and /var (such as /var/adm/sw) can be considered to be part of the Core System.hp. and duplication. normally used to hold the login or home directory for each user. /dev.

8 Planning for Recovery . Do you need to reinstall multiple systems? Network depots let multiple systems share installation information. use the opportunity to change the number and size of logical volumes. use performance tools such as HPs GlancePlus. while media works best for single systems at a time. HPs GlancePlus can help identify opportunities for kernel tuning. For example. • Kernel Tuning Consider tuning any kernel parameters that you can alter only by rebooting the system. For example: • File System Layout If your recovery method requires you to recreate the root volume group. For more information. you may want to adjust partitions if any filesystems such as /var are too small.Plan for Reinstallation Plan for Reinstallation Complete reinstallation of a system should not be your preferred method for system recovery. can you identify the person currently using the media that you need? — Do you have an index that lists which systems require a given set of media? (Remember to account for systems and peripherals that require a specific patch level!) • Network Depots: Are your installation media too slow to quickly recover your critical systems quickly? A network depot has faster performance.com/products/). see the HP Software Depot (http://software. you may want to use the opportunity to make some system changes that you can’t make at any other time. Have a Wish List When you are forced to perform a system recovery. but sometimes you have no other options. To identify performance bottlenecks caused by slow hardware. • Ignite-UX: Can you use Ignite-UX to reinstall? Ignite-UX lets you use multiple network depots and archives of system “golden” images together as a part of a single installation. Keep a “wish list” of desired changes so you can take advantage of a failure.com) and HP OpenView (http://openview. you can accomplish some performance optimizations—such as adding another SCSI controller or replacing an older root disk with a larger.hp. Consider these questions when creating a plan: • Your most critical systems: — Can you reinstall those systems right now? — How long would reinstallation take? • Media Library: — Where are the tapes and CDs required to rebuild the system? — If your media is kept in a central library.hp. faster model—at a relatively small incremental cost. • Hardware Modifications Time will limit the extent of the hardware changes you can make during a system outage.

Some services are available at no cost. b.hp. To sign up for additional services: a. Click on the register now! link. HP provides proactive patch analysis in which HP monitors and selects the correct patches for your systems. HP-UX Patch Management 9 . 3. Click on the my profile link. c.com 2. others are available only if you have an HP support agreement. Click on the link a support agreement to your user id link. • HP patch bundles from Support Plus media or Software Depot (page 15) • Custom selection from the ITRC (page 18) • The ITRC Patch Fulfillment Server (FFS) (page 25) HP’s ITRC is a web-based support environment. Follow the screen instructions. Please consult your local HP sales representative for more information about additional services. Go to the ITRC web site at: http://itrc. To sign up to use the ITRC: 1.CHAPTER 3 Acquiring Patches These are the primary sources for acquiring patches: • The patch database from the ITRC (ITRC) (page 10). (Optional) For those with the higher levels of system support.

5. Go to the ITRC web site: http://itrc.The Patch Database The Patch Database Use the patch database as your primary mechanism for searching for and acquiring individual patches. 6. The main ITRC page appears. 2. Enter your user name and password. This document discusses two ways of finding HP-UX patches from the search page: • Searching by keyword • Entering specific patch names Patch Database Main Screen FIGURE 1. To access the database: 1.hp.com Click on the log in link. Click on the log-in link. 3. The log-in screen appears. The patch database main page appears (Figure 1). 7. Click on the hp-ux link. 4. The patch database search page appears (Figure 2). Click on the individual patches link. 10 Acquiring Patches . Click on the maintenance and support link.

Expressions inside parentheses ( ) b. Select the hardware by clicking on a radio button (for example. OR — Expressions are processed from left to right. Enter one or more keywords in the text field. 5. Expressions inside parentheses are evaluated following the same order of precedence. Series 700). Select an OS from the pop-up menu (for example. HP-UX Patch Management 11 . Select a search criteria: • all words • any word • exact phrase • boolean — Boolean search results are limited to 200 results. — The precedence of boolean operators in a search are: a.The Patch Database Searching for HP-UX Patches by Keywords To conduct a keyword search: FIGURE 2. — An all UPPERCASE or all lowercase search string yields a case-insensitive search. Patch Database HP-UX Search Screen (search by keyword) 1. AND c. 2.20). 4. — A mixed case search string yields a case-sensitive search. 3. NOT. Select Search by Keyword from the pop-up menu. 10.

which documents the patch.”) FIGURE 3.The Patch Database 6. Click SEARCH. (See Appendix C .” Listed are the patch name. “The Patch Text File. size in bytes. Selected Patch List Automatically selected dependencies 12 Acquiring Patches . Each patch name is a clickable hyperlink to the patch text file. Patch Search Results--The Candidate Patch List FIGURE 4. Figure 3 shows the results of a keyword search on “LVM” and “mirrored. and a one line description of each patch.

Click on the DOWNLOAD button beside each listed patch to save it to your system. Click on the check box next to the patch to select it. 4. Series 700). 3. Click on the DOWNLOAD button beside each listed patch to save it to your system. 10. Click SEARCH. A list of all your selected patches appears along with any dependent patches (see “Dependency Analysis and the Patch Database” on page 14). 6. Select the hardware by clicking on a radio button (for example. Click Add to Selected Patch List when you have made all your selections. A list of all your selected patches appears along with any dependent patches (Figure 4).The Patch Database To download a patch from the search results: 1. 2. 5.20). 3. Select an OS from the pop-up menu (for example. See also “Dependency Analysis and the Patch Database” on page 14. Enter one or more patch ID numbers in the text field. HP-UX Patch Management 13 . Searching by Patch IDs To search by patch ID from the patch database search screen (Figure 2): 1. 2. (You can also use the Select All or Deselect All buttons. Select Search by Patch IDs from the pop-up menu.

Patch Description (PHSS_21980) 14 Acquiring Patches .) This analysis takes superseding and recalled patches into account. you had to manually check each patch text file for dependency information.The Patch Database Dependency Analysis and the Patch Database When you select a group of patches. (Previously. (This is because a patch may support more than one architecture and HP-UX release.) To find out about dependencies for an individual patch: 1. Display the patch description (Figure 5). FIGURE 5. 2. This automatic dependency analysis does not occur when you search for a single patch. the patch database automatically analyzes their dependencies and lists any other patch that you require. Select the dependencies link.

hp. The support contract restrictions related to the actual media do not apply to electronic access.00 HWE bundles enable new hardware or enhance OS performance. These can be downloaded from Software Depot. The contents of each Support Plus release is freely available from Software Depot.hp.software. ACE software also corrects any critical or serious defects discovered since the original system release. This patch software enables new hardware and fixes known defects. the bundles are available within Software Depot earlier than on media.com) is an online store that provides you with instant access to HP software for free trial or purchase. special needs dictate the creation of a unique patch bundle (for example.software. Software Depot provides a number of patch products. These bundles are subjected to stringent levels of testing to assure a high level of reliability and are periodically updated. For more information.HP Patch Bundles HP Patch Bundles HP provides pre-packaged bundles of patches designed to be installed as a unit.software. HP-UX Patch Management 15 . (Although you can download the software for free. Each ACE release extends HPUX to support new hardware and software features for HP workstations. you may have to register with Software Depot first. Obtaining Patch Bundles from Software Depot The HP Software Depot (http://www. reliability. Support Plus Media HP-UX Support Plus CDs deliver diagnostics and HP-UX system patches to you on a quarterly basis. See: http://www.com/ACE • Hardware Enablement (HWE) for 11. These patch products are generally available at no charge and are found in the enhancement releases area of Software Depot. or functionality. You can obtain HP patch bundles from the HP Software Depot on the web or (if included in your support contract) from the quarterly Support Plus media. but physical media is only available to customers with an HP-UX Software Support contract. HP unified the ACE and HWE bundles to form the HWEnable11i bundle. For more information on Support Plus see “Support Plus Media” on page 15 and: http://www. Some products available at this time include Ignite-UX and Software Distributor. • Product Updates Some HP-UX products release a new version rather than a patch. see: http://www.com/products/HWE • Unified ACE/Hardware Extensions (HWE) For HP-UX 11i. which support both workstations and servers. • Specialty Patch Bundles Occasionally.hp. Y2K defects or support for the European currency).com/SUPPORT_PLUS • Additional Core Enhancements (ACE) An ACE bundle is a collection of enhancements to the HP-UX Operating System. As an added benefit.hp.) • Support Plus Bundles The patch bundles and diagnostic utilities of the Support Plus CDs are also provided for free download from Software Depot.software.

which contains defect fixes for core OS files. and key third-party application providers. and successful completion of tests by the HP Enterprise Patch Test Center. which contains defect fixes for the Operating Environment applications. which contains: — Gold Base patch bundle. • Gold Quality Pack depot. and the Instant Capacity on Demand (iCOD) client product. EMS hardware monitors. including current patches for all Core Operating System (OS) software. The GR bundles have recommended HP-UX patches with the highest confidence ratings based on patch distribution and age. 16 Acquiring Patches . and the Instant Capacity on Demand (iCOD) client product. • Quality Pack (QPK) bundle for workstations. EMS Kernel Resource Monitor.HP Patch Bundles Requesting Support Plus CD-ROMs HP notifies these customers when each Support Plus release becomes available. These patches may match or supersede patches found in other HP-UX patch bundles.g. Predictive Support. The Gold Quality Pack depot contain those patches recommended by HP Support. ODE (off-line diagnostics). HP products. Bundles in this depot are subjected to stringent levels of testing to assure a high level of reliability and are updated every six months. including Support Tool Manager (STM) for online diagnostics.00: • Diagnostics (OnlineDiag). ODE (off-line diagnostics). — Gold Applications patch bundle. including hardware enablement and critical patches. including all recommended. EMS Kernel Resource Monitor. EMS hardware monitors. B9073AA bundle) As needed Quarterly Quarterly As needed • Diagnostics. • General Release (GR) patches. The notification letter includes a request form for physical media. GR and QPK bundles) and after installation of applications (e. Networking driver products). including hardware monitors You should install: Diagnostic bundle: OnlineDiag Updated: Quarterly Install selected defect-fix patches Quality Pack (QPK) bundle: QPK1100 for the Core OS. • Hardware enablement patch bundle. including Support Tool Manager (STM) for online diagnostics. If you want to: Update or install all the latest diagnostic tools. and third-party defect-fix patches for selected Core OS and other products. or (HP strongly recommends that you important third party applications include the latest Quality Pack as part of the OS environment for end-user systems. You should install this bundle after other patch bundles (e. required for new systems and add-on hardware. Support Plus Patch Bundles for 11.) General Release (GR) bundle: Bring all Core OS software to current patch level without custom XSWGR1100 patch selection Install critical patches or enable new add-on hardware Prepare your server to use new iCOD functionality Support Plus Patch Bundles for 11i: Hardware/Critical (HWCR) bundle: XSWHWCR1100 iCOD Client Product (from the OnlineDiag depot. Use this table to determine which bundle you need to install. HP application groups.g. • Hardware/critical (HWCR) patches. stable.

HP Patch Bundles

(If you have used Support Plus on HP-UX 10.20 or 11.00: the Gold bundles replace the Quality Pack and GR bundles, combining the best features of both.) Use the following table to determine which bundle you need to install. If you want to: Update or install diagnostics and hardware monitors required for supported hardware You should install: Diagnostic bundle: OnlineDiag Updated: Quarterly

Install defect fixes for the core OS Gold Base bundle: or the network or graphics drivers GOLDBASE11i included on the OE Install defect fixes for HP-UX OE application software Enable new hardware or add-on hardware Prepare your server to use new iCOD functionality

Every six months

Gold Applications bundle: GOLDAPPS11i Every six months Hardware Enablement bundle: HWEnable11i iCOD Client Product (from the OnlineDiag depot, B9073AA bundle) Quarterly As needed

(The GOLDQPK11i depot contains the GOLDAPPS11i and GOLDBASE11i bundles.) Getting More Information For detailed information about Support Plus bundles and installation instructions, see the Support Plus User’s Guide. You can obtain this guide from these sources: • The HP documentation web site: http://docs.hp.com/hpux/os/10.x/ • • The HP Instant Information CD The Support Plus CD in the file: /cdrom/USRGUIDE.PDF

HP-UX Patch Management


Custom Patch Manager

Custom Patch Manager
The HP ITRC offers custom solutions for getting patches or informing you about them: Custom Patch Manager (CPM) and Custom Patch Notification. Both services require the phone-in level of support agreement or above and may not be available in all geographic locations. (You can also use CPM on a pay-per-use basis. Consult the ITRC for details.)

About CPM
Custom Patch Manager (CPM) is a tool for selecting and downloading patches that are appropriate for a target system. • CPM patches and patch information are updated daily.This lets you update the collection script and perform an analysis on a regular schedule. For example, you can perform a monthly check for new critical patches, which could help identify a system risk before it is seen in production machines. Automatic dependency and conflict analysis, which reduces the need for lengthy review of the patch documentation.

Using CPM
To access CPM:
1. 2. 3.

Go to the ITRC web site (http://itrc.hp.com) and log in. Click on the maintenance/support link. This takes you to the maintenance and support page. Click on the customized patch bundles (custom patch manager) link. This takes you to the custom patch manager main page (Figure 6). (If your profile indicates you do not have the appropriate support agreement, a pay-per-use notice appears. Click on BUY NOW and fill out the payment form to continue.)

Step 1: Collect Configuration Informations
This step requires that you download the cpm_collect.sh script. This shell script collects the names and revisions of all the products installed on your system. HP recommends that you download the script on a regular basis to ensure you have the latest version of the script. To use the script: 1. Click on the Collect Configurations link on the main CPM page. This displays the system information collection page. 2. Follow the instructions in the “collect system configuration” section to download and execute the script on the system you want to patch (Figure 7). The script requires no special privileges and creates a data file using the name of the system followed by a .fs suffix. 3. Follow the instructions in the “upload results to IT resource center” section to return the data file to the ITRC via ftp: • • The ftp system to use is identified on the same ITRC page used to download the collection script. Use your ITRC user name and password to log in.

• Once connected, place the data file in the incoming subdirectory on the ftp server. (This directory is subject to space limitations.)


Acquiring Patches

Custom Patch Manager


CPM main page


Executing the cpm_collect.sh script

patchsvr> ./cpm_collect.sh Copyright (c) Hewlett-Packard 1995-1998. cpm_collect.sh version: A.03.04 This script will collect information about filesets and installed patches from your system in the file /tmp/patchsvr.fs for subsequent transfer to Hewlett-Packard. Do you wish to continue, [Y] or N ?y removing /tmp/patchsvr.fs Creating list of patches in /tmp/patchsvr.fs... Creating list of products and filesets in /tmp/patchsvr.fs... The file /tmp/patchsvr.fs has been created. All Rights Reserved.

HP-UX Patch Management


Custom Patch Manager

Step 2: Perform Patch Analysis
In this step, you analyze your system configuration information to determine what patches you need.
1. 2. 3. 4.

After you have uploaded the configuration information (Step 1), return to the custom patch manager main page. Click on the Perform Patch Analysis link. This displays a list of the current configuration files found within the incoming directory. Click on the radio button beside the appropriate configuration file in the list. (Optional) Use the search and filter options at the bottom of the page to reduce the number of patches displayed. Options include: • • • • • • • • Descriptive search Boolean search Critical patches only Fileset filtering Command patches Kernel patches Network patches Subsystem patches


Click on the tips for setting filters and searching link for more information about using these search options. Click on the DISPLAY CANDIDATE PATCHES button. This displays the candidate patch list (Figure 8). (The search and filter options appear above list. Using these options regenerates the display to show only the patches that match the filter or search criteria.)

Candidate Patch List


Acquiring Patches

A link to the description of the corresponding latest patch. — If the recommended column is blank. (Click the Add button to add the patch to your list and go to the selected patch list. This list includes additional information on reboot requirements. dependencies. — Always use the recommended patch unless the latest patch explicitly fixes a problem on your system. Individual Patch Details (PHCO_21040) 8. This patch may have a lower patch rating than the recommended patch. You can also use the select all recommended or select all latest buttons at the bottom of the list.) HP-UX Patch Management 21 . • 6.) FIGURE 9. 7. Click the ADD TO SELECTED PATCH LIST button to display the selected patch list (Figure 10). Select one or more patches from the candidate list by clicking on the check box next to the patch listing.Custom Patch Manager The candidate patch list displays: • • • • A brief description of the patch The date it was installed on your system A link to a full description of an installed patch A link to the description of the corresponding HP-recommended patch. HP does not have a patch that is better than the patch (if any) that is already on your system. and patch age. (Optional) Click on the patch name to display detailed information on the patch (Figure 8). deselect the check box beside the patch and click the REMOVE button. size. (To remove a patch from the list.

(Optional) Follow the links from the conflicts display to get more information about how to resolve the conflict or to view other patches. CPM analyzes the selected patches for conflicts. Selected Patch List Step 3: Conflict Analysis In this step. Results of Conflict Analysis 22 Acquiring Patches . This examines your list of patches for conflicts and displays the results (Figure 11). Click on the Analyze button below the selected patch list. You can add or remove patches from your list if necessary. (This step is optional but highly recommended. FIGURE 11.) 1. See “Resolving Patch Conflicts” on page 30 for additional information.Custom Patch Manager FIGURE 10. 2.

Weekly reports are sent out on Sundays. This generates a script and places it in the outgoing subdirectory for your account on one of the FTP servers. Monthly reports are generated on the last day of each month. After you have selected all patches.sh script and uploading the results as described in “Custom Patch Manager” on page 18. You have the ability to specify which fields are displayed in the report by selecting the Patch Report Fields. (This tool differs from the ITRC Support Information Digests by using configuration files and filters to narrow down the list of patches about which you are notified and by customizing the report contents. The selected patches are transferred individually to your system. select the custom patch notification link from the custom patch manager main page (Figure 6 on page 19). HP-UX Patch Management 23 . You may create up to 10 notification profiles Profile names may only contain alphanumeric characters (a-z. Configuration Files. •To use a current configuration file. A-Z. • You can add new configuration files by downloading the cpm_collect. 2. click the Package button. 0-9. simply select the radio button next to the configuration file on which you want your notifications to be based. select the User Info link at the top of the screen. Follow the instructions delivered with your script to run the script on your HP-UX system.Custom Patch Manager Step 4: Package and Download Your Patches 1. so changing it affects all e-mails you receive from the ITRC.) To set up Custom Patch Notification. log in to the ITRC. You can also specify what patch text fields are displayed when you view your on-line report. • You can have only one ITRC e-mail address. Profiles are processed weekly or monthly. These fields can be changed and the report re-loaded if you want to view the same report with different filters set. You may also select one or more filters for your notification list.) The script is a shell script that extract scripts and provides instructions for downloading your selected patches. To get more information about a new patch. Preferences. and the underscore). or for different patch categories. One of the scripts delivered in the shell archive is used to place all of these patches into a common depot for future installation. Reports. This notification includes applicable patch names and one-line descriptions. Profiles. (CPM directs you to the appropriate server. by keywords. • • • • • • A profile may be based off either a Custom Patch Manager configuration file or a platform and OS revision. The preference screen lets you verify the e-mail address to which your notifications are sent. go to the Custom Patch Manager main page. Profiles specify the kinds of reports you want to receive. The first character of name must be a letter. such as filtering for critical patches. Custom Patch Notification Custom Patch Notification is a an optional feature of Custom Patch Manager that provides you with weekly or monthly e-mail notification of newly posted patches that apply to your system. You can specify whether you want to receive your reports on a weekly or monthly basis. • • • Reports are not cumulative from week to week or month to month. NOTE: Custom Patch Notification does not work with depot configuration files. • To modify this address. You receive an e-mail if the ITRC has posted new patches that apply to any of your profiles. and view the full reports on the Custom Patch Notification main screen.

CPM notifies you of all patches tagged as Critical AND all Command patches OR all Kernel patches that fit your profile. type: uname -m To determine the OS revision. B. 9000/855) and OS revision (e. Network. 24 Acquiring Patches .. •Custom Patch Notification can filter patch notification lists based on these categories: — Critical: Lists all patches tagged as critical by the HP (independent of the actual patch categories listed below) — Command — Kernel — Network — Subsystem • • • • All HP-UX patches are included in one of the four patch categories (Command.g. if you pick the Critical. you need to click the Reset button to clear the configuration file table so only the platform and revision fields are filled in. Selecting a category options and the Critical filter acts as a logical AND operator. type: uname -r (If you go from a configuration based profile to a profile based on platform and OS revision.Custom Patch Manager • You can also specify configuration by platform (e. you are notified of all Command patches or all Kernel patches that fit your profile. Selecting more than one category acts as a logical OR operation. For example. Subsystem).. Use the uname(1) command on your system to determine what values to enter in these fields: To determine the platform.) Filters.10. Kernel.g. 9000/735. CPM does not let you deselect all categories.20) for a profile. For example. if you pick the Command and Kernel options. Kernel and Command filters.

• The FFS server limits the total number of simultaneous ftp connections. Web Access to FFS You can also access the FFS from your web browser. You do not need an ITRC account. Simply enter an ftp address as you would a URL (Figure 13). The password used is the user’s e-mail address. although you can also use FFS via the web. entering ftp://us-ffs.hp. the FFS offers these advantages • You can access patches from any system that supports the ftp command and has direct access to the Internet.external. Because the FFS server limits the total number of simultaneous ftp connections. (No web server is required. and you web browser must re-establish the connection each time you change directories or download files. Disadvantages: • Does not work well for finding groups of related patches.hp. You can perform multiple downloads without having to re-establish a connection each time. • Works well for finding and downloading a known patch. Accessing the Fulfillment Server via ftp Figure 12 shows how to use the /usr/bin/ftp command on an HP-UX system to connect to the Americas/Asia/Pacific FFS system.The Fulfillment Server The Fulfillment Server The fulfillment server (FFS) is the patch repository used by the patch database.external.com (Americas and Asia/Pacific) • ftp://europe-ffs. However.com into your browser creates an anonymous ftp connection to the Americas/Asia/Pacific FFS system. Two FFS systems are currently available: • ftp://us-ffs. For example.hp. direct ftp access has an advantage over web ftp access. You can use ftp to directly access all patches on the FFS. Note that the response supplied for the name prompt is anonymous.) • Access is anonymous.external. HP-UX Patch Management 25 . • Disadvantage: FFS limits the total number of simultaneous ftp connections. You may have to make several attempts if the server is busy. • Advantage: you can browse the FFS directories graphically.com (Europe) HP recommends that you use the other techniques discussed in this chapter as your primary patch acquisition method.

MPE/iX.external. 220220-Welcome to the HP Electronic Support Center ftp server 220------------------------------------------------------220220-You are user 0. Name (us-ffs. send email to: 220220support_feedback@us-ffs.external.com:username): anonymous 331 Guest login ok.com.The Fulfillment Server FIGURE 12.hp. ftp> FIGURE 13. and there is a limit of 200 simultaneous accesses.hp.hp. and other platforms.hp.4.external. Establishing an anonymous FTP session patchsvr(103)-> ftp us-ffs.external. w/CNS fixes (277) Wed Jun 24 18:02:04 PDT 1998) ready. Connecting to the Fulfillment Server via Netscape 26 Acquiring Patches . Password:username@hp.com 220220 hpcc933 FTP server (Version wu-2. log in with your 220-HP ESC User ID and password to deposit or retrieve your files. send your complete e-mail address as password. Using binary mode to transfer files.com 230 Guest login ok. 220220-If you have questions. HP ASL. Remote system type is UNIX.com Connected to hpcc933. access restrictions apply. 220220-Log in as user "anonymous" (using your e-mail address as your password) 220-to retrieve available patches for HP-UX. 220220-If you are a user of other HP ESC services.

and I/O cards. patches for Series 700 workstations on HP-UX 10. Use them only if you must revert to an earlier version of a patch to resolve a specific problem. in which patch_name is the file you wish to download. (Optional) Enter bi to specify a binary transfer. See Appendix . (The shar archive may deliver 8-bit binary data. — hp-ux_patch_sums. 11. • /export/patches (data files) This directory does not deliver any patches. Copy to Folder. • /firmware_patches/hp (Firmware patches for HP Hardware) This directory contains patches that supply firmware updates to HP hardware. Fibre Channel.) • To download by your web browser: 1. Subdirectories exist for firmware specifically for CPUs. graphics cards. but is encoded to contain only 7-bit characters. • /superseded_patches/ (Patches that have been superseded by newer patches) This directory contains patches that have been replaced by newer patches. Right-click on the patch link and select the appropriate save option from the pop-up menu (Save Link As. Patch directories contain the full shar(1) archive and the patch text file. including: — hp-ux_obs_patch_list.. 3. 2.. s800.X). Click on the file you want to download. For example. — hp-ux_patch_matrix. and s700_800) and the version of HP-UX supported (10.. which lists all patches that address known security issues for each release.20 are found in the /hp-ux_patches/s700/10. which contains a full list of every patch that has been superseded with the name of the active superseding patch. The text file contains the patch location within the FFS hierarchy as the Path Name field. This downloads the shar file of the patch to your system or displays a dialog to select a location to which to download. Use the get patch_name command to download specific files. Patches common to both architectures are found under s700_800. for Internet Explorer).. which contains the checksum for the . for Netscape.X subdirectory. “Patch Text File Fields.) 2.depot file of all HP-UX patches.The Fulfillment Server The FFS Directories These are some of the more useful FFS directories for HP-UX patching: • /hp-ux_patches/ARCHITECTURE/OS_RELEASE/ (HP-UX patches) All active HP-UX patches are grouped by architecture (s700. but provides useful data files.” on page 132 for more information on the text file. When files of this type are transferred through other systems such as personal computers they may be treated as text and undergo a translation step. Downloading the patch • To download by ftp: 1.X. Unpack the shar file by typing sh filename HP-UX Patch Management 27 . (Use mget for downloading multiple files.

HP recommends that you defer fixing the problem until more is known about the risk of the patch. No unwanted side effects were discovered.) 2 3 R In the interest of timeliness. May 1. The patches displayed in the candidate patch list (Figure 3 on page 12) are the best available patches. Read the patch description to determine why it was recalled. Not all patches undergo this testing. re-check it after one of the quarterly dates below to determine if it has passed further testing and the status has changed. These are the most recently released patches having the highest HP Rating. The patch’s HP Rating is then updated accordingly as HP’s confidence in the patch increases. August 1. the lower the risk of side-effects and the more suitable the patch is for mission critical environments. HP has verified that the patch will install and de-install in its target environments. Patches undergo testing for promotion to an HP Rating of 3 on a quarterly basis. Table 1: HP Rating HP rating Description 1 Functional testing by HP to verify that a patch fixes the problem that it purports to fix. Having said that. Also. The Rating of a patch may be updated from 1 to 2 on a daily basis. If the patch has a rating of 1. Patches are assigned a rating of 1 upon initial release.and performance-tested by HP in simulated customer missioncritical environments using common application stacks. The HP Rating of a qualifying patch is upgraded to 3 on or shortly after. only defer installing the patch if the problem is not critical or in the case that you can not tolerate any risk to your system. If you defer installing a patch because it is “Not yet HP Recommended”. Patch is known to introduce another problem and has been recalled. HP releases a patch after it meets HP’s minimum patch quality standards. (Not every recalled patch causes problems for every customer.Patch Recommendation Ratings Patch Recommendation Ratings The “best” of the currently available patches covers a broad spectrum. HP rates patches along a three-point scale as shown below. 28 Acquiring Patches . and November 1. February 1. Subsequently. It is no longer recommended by HP. Patch has been stress. Patch has been installed in a certain number of customer environments with no problems reported. patches undergo testing both in customer environments and within HP. The higher the rating.

“Fixes critical problem” or “Reboot required after installation”). Patches are assigned an HP Rating of 1. it purposely takes time to meet the higher standards. Click on the one line patch description to view the patch details to determine why it was recalled. HP-UX Patch Management 29 . but also may contain some element of risk. However. HP recommends waiting for a patch to gain a higher HP Rating. As a matter of course. • Recalled A patch may be labeled as recalled when it is known to introduce another problem. Most notes are self-explanatory (such as. and any impact to your environment. Patches with ratings of 2 or 3 are denoted by the term “HP Recommended” in the Notes field. 2. These patches may fix the problem. These are displayed in the Notes section of patch lists. it has a dependency that requires the installation of a product that needs to be purchased separately. for instance. The patch database recommends a replacement patch when you search by patch ID and find a recalled patch. the higher the rating becomes. As patches advance on the patch confidence scale. Whenever the patch database suggests a patch that is not yet recommended by HP. or 3 based on how many quality standards they meet. patches are assigned an HP Rating of 1 and are labeled “Not yet HP Recommended”. Upon their initial release. you must make an informed assessment of these trade-offs based on your own situation.About Patch Notes About Patch Notes Patches may include descriptive notes to help you determine the status or risk of a patch. These patches are available to give you the option of obtaining a fix sooner if you can tolerate some risk to fix a critical problem. • Patch not available A patch might be unavailable if. not every recalled patch causes problems for every customer. Other notes include: • Not yet HP recommended All patches adhere to certain HP quality standards. If you are not facing a critical problem.

Click on the patch name to view its details. • Structural Conflict: A structural conflict indicates that both patches will replace the same software file on your system. If you do not find information about an alternate patch. If appropriate. add the patch to your selected patch list. you should verify the revisions and install one or both of the patches as needed. A structural conflict may not exclude the selected patch. Review its description and any superseded patches listed. If you don’t want the patch. usually explained in the Warning/Description field or the final patch listed under Predecessor patches. Add the recommended alternate patch. 30 Acquiring Patches . You must choose between the new patch and the existing one. remove the conflicting patch from your selected patch list and perform another analysis. Analyze for conflicts again to verify that the conflict is resolved. This is a rare occurrence that when encountered can lead to unexpected behavior when a patch is effectively partially superseded. This kind of conflict may be common. 3. 3. but it will generally imply special handling. Analyze for conflicts again to verify that the conflict is resolved. 4. • Recalled A Recalled patch has been removed from distribution. 2. de-select and remove it from your selected patch list. To resolve dependency conflicts with selected patches: 1. Look for a recommended alternate patch. If you choose to leave the existing patch installed.Resolving Patch Conflicts Resolving Patch Conflicts These are the possible conflicts that can come up during an analysis and how to resolve them: • Behavioral conflict: A behavioral conflicts generally means a selected patch should not be installed with a patch installed on your system. If two selected patches conflict. For example. Check the revision numbers descriptions When two patches have structural conflicts. View the details for each patch to decide which you want. 5. Continue checking the ITRC to check for updates. To find an alternate patch: 1. you may select critical patches that have dependencies on noncritical patches. it might still be in development. • Dependency Conflict: A selected patch or a patch already on your system requires another patch to be installed with it. Click on the dependent patch. Generally. you should select the patch with the highest rating unless a newer patch fixes a specific problem. view the details for each patch and decide between them. 2.

a centralized team can define and support a standardized configuration to be used by many administrators. For more information on registering depots. • Streamlined Installation When software is acquired as multiple depots and/or media. and are a powerful tool for managing software. or maybe it is just far enough away to be annoying. It is not uncommon to want to administer a system without ever seeing it. For patches that cause kernel rebuilds. tape. By defining a depot. Benefits of Creating Depots There are many reasons to create customized depots. the work of defining and testing a new configuration of software can be centrally managed. While the mechanics of system administration remain. the combined depot would result in a single reboot regardless of the number of patches installed. HP-UX Patch Management 31 . combining all software into a single depot allows for a single installation session to load everything. • Separation of Patch Management From System Management Patch management requires a number of unique skills and is an ongoing task. or network that is used as a software source for the swinstall installation utility. • Remote Administration It may be that the system is in a remote location. By creating registered depots. Custom Depots A depot is a software container present on disk. see “The swreg Command” on page 69. Adding the overhead of patch management to system administrators limits the number of systems that each can control.CHAPTER 4 Depot Management Depot management is a method used to simplify systems management by defining a common reservoir of software to be shared by a group of systems. Custom depots can be constructed in a number of different ways. CD-ROM. installations can take place without the need to mount media.

it is much better suited to parallel access.X have been identified. Several problems related to serving depots for HP-UX 10. with 10.X systems. and it is recommended for HP-UX 11.X Depots Beginning with HP-UX 11.8 on an HP-UX 11. When the term depot is used in this document. it can be assumed that a directory depot is implied unless specified otherwise.X system to provide software for use on HP-UX 10.0. as well as infrastructure. data will be lost and the depot corrupted. There are many arguments against changing such a depot after it has been released. Patch Depots Patch selection. If an HP-UX 11. Critical Fix Patch Depot When a periodic patch depot has been created. Creating dedicated patch depots is a great way to avoid duplicating this effort. A tape depot is a single data file that is accessed in a serial manner. A directory depot contains each packaged file.X depot is copied to an HP-UX 10. The format is specifically designed to support software delivery on tape media but it can be stored on other types of media as well. as distinct files in a directory hierarchy.X vs. this type of depot is recommended when creating a depot to be accessed from remote systems. It is possible to use depots of layout_version=0. Several different kinds of patch depots are valuable: Periodic Patch Depot A periodic patch depot is created to define the current recommended patch level. It may be done quarterly to match the availability of the Support Plus media. Both styles are common and while the basic function of each is identical there are advantages to each in certain situations. patching was significantly enhanced by extending the abilities of the SD-UX tools. Once created. 11. The best example of this is the . While this format is not readily transferable like the tape depot. The critical aspects of such a depot are that they have been tested on the target configuration. 32 Depot Management . “Acquiring Patches.8 and 11.X system or layout_version=0. and monitoring are some of the more difficult administrative tasks required for HP-UX systems. analysis.” on page 9). production systems need only install with an matching operation to load the required patches.depot file delivered within any patch shell archive from the Patch Database or Fulfillment Server (see Chapter 3.0. Tape media is also a convenient method to allow a depot to be transferred over a network without using the swcopy command.X depots marked by 1. Periodic depots are generated on a regular basis that will vary according to the needs of a user. Also known as a network depot. and no dependencies are missing.X depots identified by the value 0. monthly to ensure a more timely inclusion of critical fixes.8 depot. or just in advance of any scheduled system downtime to take advantage of the opportunity. The layout_version attribute is used to differentiate between the old and new. it often represents a significant investment in testing and analysis.X from HP-UX 11. The price of these new abilities was to introduce several new attributes to the objects. but it is also true that there is always the possibility that a system will encounter a problem requiring a new patch. HP-UX 10.00 that you install patch PHCO_20078 (or current replacement) before creating the depots.Patch Depots Types of Depots There are two types of depots: directory and tape.

or as a local resource to ensure local access to any needed patch. it is not uncommon to desire a “kitchen sink” depot that contains every patch that may ever be needed. The advantage of category tags over patch bundles or software/session files is that they may be used with the patch_filter and a matching operation to avoid the problems of explicit selection. but numerous issues exist. This can be particularly useful when working with bundle wrappers. or created using the Ignite-UX make_bundles command or externally available tools such as those available through the Interex Users Group (see the paper. Creating Custom Patch Bundles by Dominguez & Scott in the Interworks 1998 proceedings or at http://www. For example. alternate mechanisms may be used to define subsets of the full patch hub. Providing direct access to a patch hub can be done. dependencies of the patches in the depot should also be included. The swmodify command can be used to add an arbitrary category tag to existing patches. Patch Hubs While not recommended for general use.org). The swmodify command is used to create new category tags. category tags are attributes that can be used to mark a patch. Such a bundle can be explicitly selected for installation. as well as a starting point for the next version of the periodic depot. This responsibility is handled by the SD-UX tools in 11i. • Category Tags Introduced to patches in HP-UX 11. such as the lack of a working mechanism to delete them.Patch Depots In these environments. HP-UX Patch Management 33 . See Chapter 6. It is recommended that a patch hub is unregistered or be given restricted access (see “Depot Access” on page 36). • Software/Session Files Software and session files can be used to select patches for installation (with swinstall) or to copy (with swcopy) from a patch hub. • Patch Bundles Patch bundles may be acquired from HP directly.*.list issue the command: swmodify -a category_tag=P2000_Q1 -f P2000_Q1. For more information. swinstall -s /hub -x patch_match_target=true -x patch_filter=*. Both a software file (specified with the -f option) and a session file (specified with the -C option) provide a mechanism to explicitly select a set of software. As with the periodic depots.00.00 the user still has the responsibility of including all dependencies. it may be advisable to place a newer patch in both the periodic and the critical fix depot. For 11. Depending on the severity or probability of a given failure. “Patch Installation” for more on this topic.list @ /hub Category tags had some initial problems.interex. Such a patch hub is no longer suitable for general use and the result of an matching operation does not produce a defined or necessarily tested environment. It may be used as a method to conserve disk space.c=P2000_Q1 selects all of the patches in the /hub depot that include the category tag P2000_Q1. This problem was corrected with patch PHC)_22526. This depot can be used to update any system that encounters a known failure. see“The swinstall Command” on page 59 and the“The swcopy Command” on page 62. but provides the system administrator with a variety of ways to perform an incorrect operation that could leave a system in an unknown state. after listing all selected patch filesets in the file P2000_Q1. If the risks are understood and are acceptable. it may be useful to create a depot that contains fixes to known problems in the current environment. To define the P2000_Q1 category used above. Session files provide the additional ability to specify options in addition to the software list.

This may result in the depot containing patches and their replacements together. Combining Patch Depots You may want to combine patch depots so that you can perform a single install and reboot for a given session. • Naming a depot One of the features of the interactive user interfaces is the ability to select from a list of available depots on a system. location within the network should be considered. /depots/order_db/Y2000Q1 might contain the periodic patch bundle for the first quarter of the year 2000 to be used on systems hosting the order entry database. the superseded patches will never be used and are a waste of disk space. The following example shows how a depot on the default tape drive could be copied as /depots/testdepot to the current system while ensuring that all files are compressed: swcopy -s /dev/rmt/0m -x compress_files=true \*. 34 Depot Management . and if the depot usage is expected to be high the performance of the disk devices and interface cards must be taken into account. or to a tape depot via the swpackage command. creating mirror depots may be a valuable option. creating the right environment today can help support any changes the future may bring. the more time and energy should be devoted to preparation. If the final form of the depot will require more than a single swcopy. Disk space must be available. If groups of remote systems are accessible only via a congested or expensive link. A depot can be copied to a directory depot using the swcopy command. For example. each is simply copied in turn. the depot should be made inaccessible during the creation process. If the availability of the depot is critical. and depots involved. This can be done by setting the option register_new_depot to false during the initial swcopy session. it is automatically registered. • Compression Depots are created in an uncompressed state by default. high availability storage solutions such as disk arrays or mirroring should be considered. The more individuals. it is time to create a depot to house them. It is particularly useful to specify a depot path that identifies the contents if several different depots and/or depot revisions are present.\* @ /depots/testdepot The swcopy command is described in more detail within the swcopy(1m) man page or in “The swcopy Command” on page 62. • Depot Access When a depot is created using swcopy. Preparation Tasks There are a number of issues to consider before a depot is put into production. • Disk Considerations Depot operations can involve a significant amount of disk activity. While an installation using such a depot should be successful. • Network Considerations Not only should the performance of the networking interfaces be taken into account. Copying Existing Depots All packaged software exists in a depot. As this document will not address the creation of a patch. systems. Even if you are the only person that will use the depots. it can be assumed that an initial depot is always available.Creating a Patch Depot Creating a Patch Depot Once the decision has been made to create a patch depot and the patches have been selected and acquired. When multiple patch depots are combined. Both the performance of the server and the impact on others are to be addressed. Both disk space and network bandwidth can be conserved by setting the swcopy option compress_files to true.

they are listed. you may occasionally have to perform the analysis manually. Dependency Analysis for HP-UX 11.00 Although the patch database and the SD-UX tools perform automatic dependency analysis. this would be done via: /usr/sbin/cleanup -d /depots/testdepot If any superseded patches are found. The supersession chains are each in a vertical column. This section describes how to analyze dependencies. When given the -d option and the full path to a depot. For example. See “The cleanup Command” on page 72 for more information.00 systems. and you are prompted before the command removes them. Search the patch database for any dependent patches. with the older patches on the bottom. Example of Inter-Patch Dependencies PHNE_18972 PHNE_19899 Patch Dependency Supersession Chain PHNE_17662 PHNE_17051 PHNE_17017 For example. two supersession chains are shown that have a mutual dependency. superseded patches can be removed from a depot via the cleanup utility (delivered by patch PHCO_19550 or current replacement). In Figure 14.Creating a Patch Depot Removing Superseded Patches For HP-UX 11. searching for PHNE_17017 shows that the patch is recalled and is not available. suppose that you need a critical fix found in patch PHNE_17051. the PHNE_17051 file lists a dependency on PHNE_17017. but it has been superseded by PHNE_19899. For example. 1. 2. FIGURE 14. HP-UX Patch Management 35 . Read the PHNE_17051 text file. cleanup will remove any superseded patches within the depot. For testdepot created above. A patch dependency is indicated by a dashed arrow pointing from a patch to the patch it is dependent on.

2. or the depot not being prepared for production. This means that the SD-UX commands for installing and copying patches automatically include patch dependencies. swinstall or swcopy detect the patch dependency on another patch and automatically include the dependent patch in the install or copy operation. You must go through the dependency analysis as outlined above. which you already selected. This could be due to entitlements.20 and 11. You then need to follow the analysis outlined in “Dependency Analysis for HP-UX 11.text file or the patch database) shows that PHNE_18972 has replaced PHNE_17051. Chapter 3. PHNE 18972 also has a dependency on PHNE_17662. When unregistered. even if you only selected one of them. or example. Access Control Lists (swacls) If complex access control is required.text file for PHNE_19899 shows a dependency on PHNE_18972. geography. For a full description of swacl. Dependency Analysis for HP-UX 11i The 10. (This capability results from the requirement that every patch with a dependency enforces or records that dependency in its product specification file. and you can install patches PHNE_18972 and PHNE_19899 onto the system. The rights can be further divided by the type of access granted. The patch contains a manual_dependency tag.00 process of manually analyzing patch dependencies is time-consuming and cumbersome.) For example. Registration tasks are done using the swreg command (see “The swreg Command” on page 69).com/. 36 Depot Management . For this reason.00” above.Depot Access 3. suppose that you need a critical fix found in patch PHNE_17051. a depot remains accessible on its own system without being visible to remote systems. These are the possible scenarios for 11i patch analysis: 1. depot registration and access control lists. HP enabled “enforced dependency” functionality for the HP-UX 11i release. This tag indicates that the patch has one or more dependencies that cannot be resolved by SD-UX. For example. Check the dependency information for any superseding patches. Depot Access It may be desirable to restrict access to depots. consult the swacl(1m) man page or the SD-UX documentation available from http://docs. You copy or install a patch from a depot that does not contain the dependent patches. Two mechanisms exist to restrict access. the . Even though you did not install the original patch (PHNE_17051).hp. swcopy or swinstall would automatically copy or install PHNE_18972 and PHNE_19899 together. Depot Registration A registered depot is visible and accessible to remote systems. “Acquiring Patches” has more information about using the patch database and dependency analysis. At this point. For patch depots. this is usually sufficient for most needs. the cumulative nature of HPUX patches ensures that the replacement patches include the needed functionality. Access rights can be specified for individual products within a depot and given to individual users on specific systems. 3. if all the patches in Figure 14 are in the same depot. no unresolved dependencies remain. PHNE_17662 itself has been replaced by PHNE_19899. See “Enforced Patch Dependencies” on page 50 for more information. The Supersedes field (in the patch . The patch and all of its dependencies are in the depot from which you are installing or copying your patch. the swacl command provides the ability to restrict access to a high level of granularity. training.

If there is any question regarding the stability or reproducibility of the user data it must be resolved before proceeding. Some of the aspects of such a process include: HP-UX Patch Management 37 . this is not meant to infer that data is not important. In a large environment it may be beneficial to create a formal change control process for critical systems. While not the only method available. there is more to be done to prepare for any system modification. it can be easy for confusion to lead to mistakes and/or complicate analysis of system failures. it provides a general checklist of tasks that can be used as a starting point for a local process. software failures and operator error are not hindered in their destructive ability. A Note on Change Management When working with multiple systems and system administrators.CHAPTER 5 Patch Installation This chapter describes a basic process for performing the installation of patches onto an HP-UX system. While the risks may be small. While disk arrays and mirroring provide terrific protection from hardware failures. the costs can be huge. Back-ups Back-ups! While this document only addresses issues involving system software. Computer systems are complex environments and system administrators are often driven by constant and critical interruptions. It is assumed that prior to installation the following tasks have been completed: • A current system recovery image has been completed • Patches have been selected and acquired • The installation depot contains all dependencies System Preparation Even when the depot is ready.

you may inadvertently remove patches that were installed on the system before the bundle installation. such as a Support Plus patch bundle. Patches should also never be committed without an immediate need such as reclaim- 38 Patch Installation . Both the initial state prior to the installation and the final state upon completion should be supported and stable environments. Applications that are not critical should be halted. Scripts may kill and restart daemons. However if you don’t perform a committal before the installation of the new patches. One method that can be used to avoid these issues is to perform a system-wide commitment of all patches prior to the installation of the new set. Experience and recovery planning should be your guide. the individual responsible for executing the change can quickly be identified. system files. it becomes necessary to return to the initial state by removing the new patches. System Activity The Software Distributor tools rely on the Distributed Computing Environment (DCE) and networking support for even the most basic functions. Commands and libraries may not match the currently running kernel. The recommended method for performing a system-wide patch committal is to use the SD-UX swmodify command. This is not meant to indicate that updates should take place on active systems from beginning to end. The system will be between supportable configurations. The installation of large numbers of patches might create unwanted side effects on your system. and the current patch level becomes a low-water mark. and commands are gradually changed. These are multi-user states that are usually associated with active systems. An attempt to remove all active patches can only delete those that are newly delivered. For example. but to the system being left in a partially installed and corrupted state. Remember that the risk is not only to the failure of an application. libraries. Patch Committal Prior to Depot Installation When installing a large number of patches. The committed patches cannot be removed. While less valuable in smaller operations. If this is the case. This can result in the removal of a patch that fulfills a dependency. • Change Review and Approval By requiring a period of review and authorization. This image can be used to return to the uncommitted state. senior administrators and management can provide guidance and ensure that business needs are not controlled by technical decisions. and no new processing should be started. • Centralized Change Database By keeping change records on a central system. it is not uncommon for some of the patches to already be present or superseded on the target system. during the installation process. This causes the initial patched state to become the minimum system environment. However. they are not lost when a system failure is encountered. to commit all patches on your system: swmodify -x patch_commit=true \* Before you commit patches. For this reason. HP strongly recommends that you create a recovery image. The database can be constructed to provide access to the experience of other administrators as well as visibility of upcoming changes to system users. By requiring a formal handoff to any new owners.System Preparation • Clear Ownership of each Change The submitter of a change request becomes the initial owner of a task. most documentation has recommended that the system be in run-level (init) 2 or higher. a growing data center should consider implementing a change control process before it is needed.

you must perform an analysis to ensure that the final set of patches will function correctly. (See Chapter 2. Perform a dependency analysis.11.SPT2-DVRSCSI-Passthru.52. create a recovery image. this would mean copying PHKL_21989 into the recovery depot and removing PHKL_22759. can fix the problem. Failure to perform this analysis for all patches to be removed may cause unpredictable results.SPT2-DVR.C-INC. staying as close as possible to the patches already on the system. ProgSupport.00. and SCSIPassthru products.00. 4.CORE2-KRN OS-Core. PHKL_21989.11.v=HP PHKL_22759. For example. No newer patches are acceptable. The best way to do this is to manage your patch depots in such a way that you can re-install a committed patch’s ancestor patches.. # # Target: phsvr703:/ # # PHKL_22759 PHKL_22759.) Create a recovery depot that contains the original products as well as all required patches.11.v=HP PHKL_22759.2) installed with all patches committed and that you need to remove PHKL_22759.. suppose that a system has the XSWGR1100 bundle (revision 11. Selected re-installation and IPD modification can be a complex and risky operation. such as an Ignite-UX recovery tape or network image. See “Committed Patch Removal” and “Patch Commitment” on page 49 for more information. Removing any patch might cause another patch to lose a required dependency.. 2.00” on page 35 or “Dependency Analysis for HP-UX 11i” on page 36 for more information.v=HP PHKL_22759.fr=B. “Planning for Recovery”. using the swinstall preview mode: swinstall -p -s /var/tmp/REBUILD_DEPOT -x autoreboot=true \ -x autoselect_patches=true -x reinstall=true \ -x reinstall_files=true OS-Core ProgSupport SCSI-Passthru HP-UX Patch Management 39 .System Preparation ing disk space or preparing for the installation of a new bundle.v=HP From the swlist output.C-INC ProgSupport.fr=B. # Contacting target "phsvr703". (See “Dependency Analysis for HP-UX 11. 5. Use the swlist command to determine all ancestors of patches to be changed (because you need to reload all of the filesets modified by the patch): swlist -l fileset -a ancestor PHKL_22759 # Initializing.00. To ensure that you can return your system to its current state.KERN2-RUN OS-Core. 3.11. you determine that you need to reload the OS-Core.. The depot should include all patches desired for the final system.fr=B. Therefore.There are also disadvantages. You must re-install the patched products to provide the older versions of files or manage your patch depots in such a way that you can re-install a committed patch’s ancestor patches. Committed Patch Removal The primary disadvantage of system-wide patch committal is that you cannot as easily roll back the committed patches. In the example.CORE2-KRN.00.fr=B.KERN2-RUN. but an older patch. All are confirmed to be in the depot. The remaining patches are those delivered in the XSWGR1100 bundle.00. To remove the committed patch and reinstall PHKL_21989: 1.) Reload the ancestor patches.

40 Patch Installation .r=B. Whenever possible. For the example. use a test system to verify impacts and changes before you change any production environment systems. This is because there is either an "/etc/lvmtab" file which contains lvm configuration information on the system.Core. TIP: Whenever possible. most of which is transient use only. the actual usage of /var/adm/sw may increase and cause swinstall to fail.r=B.11. Installing the example products causes swinstall to expect the size of /usr to increase by more than 100 Mbytes. In either case. data will be lost without LVM.LVM-RUN must be selected in order to ensure that all disks will be accessible after the new kernel is put into place.11.11. Unless you are installing patches into a committed state. 7. ERROR: The "checkinstall" script for "OS-Core. (If necessary) check the log files if errors occur. You can avoid this error setting the enforce_dsa option to false. Use this option with extreme caution.CORE-KRN. TIP: Reloading of products and patches may cause SD-UX to issue a disk space analysis (DSA) error.r=B. which turns off automatic dependency checking and increases the risk of error.LVM-KRN and LVM. * The software "OS-Core. TIP: SD-UX affords you a greater level of safety and error checking when you work at the product level.CORE2-KRN. Because the disk space used by the reloaded products and patches merely replaces existing disk space.00" for fileset "OS-Core. Preview the installation again.00" cannot be successfully resolved.CORE-KRN. TIP: Patches may include checkinstall scripts that do not support dependency checking and other patch management features. use the swinstall program’s preview mode (include a -p in the command line) to analyze the install before trying to perform it.System Preparation 6.CORE-KRN" gave a global error return (exit code "11"). Theses messages tell you that you need to include the LVM product. but this requires that you change the default behavior of additional SD-UX options including autoselect_dependencies and enforce_dependencies.00" has previous analysis errors. 8. The corequisite "OS. You can replace individual filesets to remove committed patches and restore ancestors level. or the command "/etc/sdsadmin" indicates that there is a multiple disk software disk striping (SDS) array on the system (or cluster). but the actual increase never exceeds of 10 Mbytes. this time with the addition of the LVM product: swinstall -p -s /var/tmp/REBUILD_DEPOT -x autoreboot=true \ -x autoselect_patches=true -x reinstall=true \ -x reinstall_files=true OS-Core ProgSupport SCSI-Passthru LVM Run the same command without the -p option to perform the actual installation. the following error is listed: ERROR: The filesets LVM.

• SD-UX had no way to determine whether some patches in a depot were superseded by other patches. and some are mentioned in this document. Unless a special need exists. While solutions for the future are under investigation. There are complex methods of patch installation. This was an improvement over manual selection of patches but there were several problems: • The match_target option applied to both patches and non-patch software in the same depot and there was no way to ensure that the patches and non-patch software would be installed in the correct order.X releases. The patches in a local depot (/MyDepot) can be checked with the following: swlist -d -l fileset -a is_reboot *. the autoreboot option instructs swinstall to reboot the system whenever it is required. This complicated the process of software updates and required that patches be kept in a separate depot. Patches that were superseded had to be manually removed from a depot. the only method currently available to restart an HP-UX kernel is to shut down and restart the system. Installation The previous work outlined in this document was concentrated in creating the depots and with the preparation complete the installation should be simple and quick. avoid using these complex methods unnecessarily.c=patch @ /MyDepot | grep true Timing of the Reboot In “System Preparation” on page 37. This also made it impossible to install both the product and its patch(es) in a single step. The CLI will not allow an installation that will require a system reboot to begin unless an override option (-x autoreboot=true) is specified. the fact that the system is in an unknown state until the installation process completes is discussed. While useful for automated and unattended installations. but how can you tell? A flag is recorded both within the patch documentation as well as a fileset attribute within the patch itself. the interactive versions of the swinstall command will display a dialog that announces the required reboot. If specified. Most kernel (PHKL) and many networking (PHNE) patches require that the kernel be rebuilt and restarted. patches were generally selected and installed using the match_target option of swinstall. • All patches in the source depot that corresponded to software on the target system were selected.*. The goal is to have all systems at a common level with the least amount of overhead. It should now be made clear that this ambiguous condition exists until any required system reboot and configuration steps are completed. Despite this and the cautions regarding system activity.Planning for System Reboot Planning for System Reboot The core of the HP-UX operating system is known as the kernel. Any filesets with this attribute set to true will reboot the system if loaded. HP-UX Patch Management 41 . When is a Reboot Needed? Each patch “knows” if it will require a system reboot to install on a system. but it should also not be unecessarily delayed. it does not allow any time or warning before the system is halted. This becomes an issue when the swinstall command line interface (CLI) is used. A depot can be checked for patches requiring a reboot by using the swlist command to display the is_reboot attribute of the patch filesets. There was no way to filter them according to their type or level of severity. In addition. it is certain that at times users and applications will remain active during an install and need to be prepared before a reboot can occur. Not only is a reboot often required. Using the SD-UX Matching Operations In the HP-UX 10.

If you want to install from a depot of patches.Installation With HP-UX 11. there are exceptions to this enforcement. This is most often used to install the proper set of patches from a patch bundle.00 must not have external dependencies. However. the command: swinstall -s /mydepot MYPRODUCT by default also selects and installs any patches applying to MYPRODUCT that also exist in the source depot. For example. it only selects those patches which have that tag so if the dependency does not contain it. when patch_filter is used to select patches which contain the myTag category tag. they will not be handled by SD-UX. the match_target option was changed to select only non-patch software. See “Enforced Patch Dependencies” on page 50 for detailed information on the manual_dependencies tag. you must go through and do a manual dependency analysis. always check for the manual_dependencies tag which indicates that although the patch has one or more dependencies. The following command installs patches from a depot which correspond to currently installed software products: swinstall -s /mydepot -x patch_match_target=true -x autoreboot=true Finally. the patch_match_target option can be used to select those patches which correspond to any product installed on the system. For 11i. Most patches contain dependency information within their PSF in the form of corequisites or prerequisites.00. It must be emphasized that as with depots. When installing from a depot. any subset generated through a patch_filter operation in 11. Three new selection options were added to improve management of patches: -x autoselect_patches=true|false -x patch_match_target=true|false -x patch_filter=<selection> (default=true) (default=false) (default="*. you have additional control over patches selected when using either autoselect_patches or patch_match_target through the use of the patch_filter option. they will be selected and installed with the software. Non-patch software can be identified through the is_patch attribute described in “Patch Related Object Attributes” on page 56. For example. Each patch contains tags (the category_tag attribute) which characterize the patch. Note that in HP-UX 11. 42 Patch Installation . See “Dependency Analysis for HP-UX 11.00” on page 35 for a detailed explanation of analysis. This simplifies the process and protects the system from careless activity. If patches that apply to the software selected (by a swinstall or swcopy command) are present in the source depot. they can be applied during the initial installation or update of the software. it does not select the dependencies for those patches. to install only patches with a category_tag of myTag that apply to a system: swinstall -s /mydepot -x patch_match_target=true -x autoreboot=true \ -x patch_filter="*. patch_filter automatically selects the patches which contain myTag as a category tag in addition to their dependencies. The benefit to the user is that a separate swinstall session is not required to install patches to a product.*") The autoselect_patches option is used when installing software. In other words. the match_target option has been modified so that it applies only to non-patch software.*.c=myTag" The patch_filter option can also be applied in conjunction with the autoselect_patches option to control which patches are selected when software is initially installed.X. This functionality has been enabled in 11i through the use of requisite tags.

they are not all at the top level of the CD. If it is desired that the patches be installed directly into a committed state. to define /cdrom as the mount point. Installing Support Plus Patch Bundles Follow this procedure to install patch bundles from the Support Plus CD. Put the appropriate Support Plus CD into the drive. the cleanup utility (delivered via patch PHCO_22044 or current replacement) provides a simple interface consistent with the version provided on HP-UX 10. see “HP Patch Bundles” on page 31 and the Support Plus User’s Guide. For example: ls /cdrom 6. 4.) Step 1: Mount the CD 1. switch it on. You can now access the CD via the mount-point directory.com/ Select the Maintenance and Support page. Before proceeding.X releases. 2. the swinstall option -x patch_save_files=false may be used.Installing Support Plus Patch Bundles Installing to a Committed Patch State Patch commitment may take place during patch installation. Open a terminal window and become root on your system. The file name will be something similar to /dev/dsk/c1t2d0. use the name you found using ioscan in Step 5 above.00.com. Mount the CD drive to the mount-point directory: mount -r /dev/dsk/c1t2d0 /cdrom If the CD drive’s device-file name is not c1t2d0. then select the appropriate patching tools. (From the GUI. (Note that the Support Plus CD has depots contained in subdirectories. Wait for the busy light to stop blinking. If the CD drive is external. enter: mkdir /cdrom 5. If necessary. The cleanup command is discussed in more detail in “The cleanup Command” on page 72.hp. or after the fact. If necessary. HP-UX Patch Management 43 . Step 2: Check for Last-Minute Information Support Plus often contains last-minute information.hp. For 11.) There are two different methods that may be used to commit patches after they have been installed. 7. identify the drive device file: ioscan -fnC disk This command lists all recognized CD drives and their associated device files. 3. define a new directory as the mount point for the CD drive. HP strongly recommends that you read the documentation for each bundle or patch you wish to load. deselect the Actions-->Save files replaced by patch for later rollback. and the swmodify command allows the patch commitment to be managed down to the fileset level with the patch_commit=true option. There are several important sources of information: • Check the HP IT Resource Center for information about recommended patches: http://itrc. For example. For complete information on Support Plus. available on the Support Plus CD and at http://docs.

These files contain hyperlinks to the patch text files. notes about problems in current and previous releases.com/SUPPORT_PLUS/ • • Refer to the Read Before Installing document that accompanies the Support Plus CD.readme. to register the HWEnable11i depot. use: swcopy -s /cdrom/HWEnable11i \* @ /var/tmp/MyDepot Patch Installation 44 . The hyperlinks from the HTML bundle readme files to the patch text files will work as long as the HTML files reside in the same directory as the TEXT_FILES subdirectory.x depots from HP-UX 10. Install the bundles (see “Step 5: Install the Selected Bundles” on page 45). Some information is in Adobe® Portable Document Format (PDF) files. changes since the last release. a list of patches (and their dependencies) in the bundle. Step 4 (Optional): Set Up Hard Disk Access If more than two systems must access the depot.html (for 11i) • Diagnostic products have readme files and additional information in the /cdrom/DIAGNOSTICS directory. (Patch text files are also included with individual patches that you retrieve from HP.com TIP To simplify sharing of patch information.hp. Register the depot: swreg -l depot /cdrom/HWEnable11i 2. You can enter a URL into a web browser to view these files directly from the CD.20 systems. you must register a depot on the Support Plus CD using the swreg command.adobe. This file contains additional installation instructions. This short document contains up-to-date information about known problems with patches in recent Support Plus releases. or if you cannot dedicate the CD drive to the Support Plus CD. assuming the Support Plus CD is mounted to /cdrom: 1. HP recommends that you copy the patch depots to a hard disk using the swcopy command.readme (for 11i) • Each patch has an accompanying text file in the /cdrom/TEXT_FILES directory. If you mounted the CD on the system that is the target for the patch or diagnostic installation. Each patch bundle has its own readme file.) You can print or view these directly from the CD. Step 3 (Optional): Set Up Sharing for Remote Systems To enable direct access from one or two other systems. For example: more /cdrom/HWEnable11i. For example. A free version of the Adobe Acrobat® Reader is available at: http://www. with the CD mounted at /cdrom. 3. For example. and a listing of disk space usage. You can print or view these files directly from the CD.Installing Support Plus Patch Bundles • Refer to the Support Plus web site for additional information: http://software.txt • Each bundle readme file is also available in HTML format. For example: file:/cdrom/HWEnable11i. Disable remote access by unregistering the depot before unmounting the CD: swreg -u -l depot /cdrom/HWEnable11i NOTE: You cannot access or register 11. This file provides detailed information about the patch. proceed to “Step 5: Install the Selected Bundles” on page 45. you may wish to copy the documentation files onto your own system. For example: more /cdrom/TEXT_FILES/PHSS_22540.

Installing Support Plus Patch Bundles This command copies the contents of the HWEnable11i depot to the local system under the /var/tmp/MyDepot directory. this requires additional analysis of the readme files to ensure you do not overlook software dependencies. you install the bundle using the matching operations of the swinstall command. HP recommends the following tasks for all systems: 1. you should plan the installation for an appropriate time and announce a system outage to the users ahead of time. an unexpected condition was encountered and you may need to enter additional information or take other action. Create a system backup. it is prudent to limit system activity during any installation. To ensure greatest reliability. Although you can select individual patches from the bundles. One recovery technique is to use HP’s Ignite-UX tools (provided on HP-UX 11i Operating Environment CD1) to create recovery images. to install from a CD mounted and registered on the system grendel: swinstall -s grendel:/cdrom/HWEnable11i \ -x patch_match_target=true -x autoreboot=true You can use the swinstall command’s preview mode (-p option) to get an idea of what to expect for the bundle you want to install.x). an unexpected condition was encountered. For example: swinstall -p -s grendel:/cdrom/HWEnable11i \ -x patch_match_target=true -x autoreboot=true NOTE: If the swinstall interactive user interface appears. For example. Notes • • HP recommends that you do not merge depots created on different versions of HP-UX. Also. 11. Plan for system down time. 3. Install the patch bundles. and intended for use as a unit. The bundle readme files may contain additional installation instructions and other important information. Step 5: Install the Selected Bundles The bundles on the Support Plus CD are built. Although you should already have reviewed the patch documentation. Therefore. tested. See “Step 2: Check for Last-Minute Information” on page 43. Support Plus bundles commonly include patches that require a system reboot. If the swcopy interactive user interface appears. 4. The new depot is automatically registered for use by remote systems. Review the documentation. HP recommends that both the host system and depot should have the same major HP-UX version (for example. HP recommends that after you have selected a bundle for installation (see “HP Patch Bundles” on page 15). You should implement a recovery plan as an insurance policy against a system failure. Some amount of risk is involved in any system modification. Even though the swinstall command used for installing the bundles requires that the system has networking enabled. it is wise to recheck the readme files before installing. HP-UX Patch Management 45 . Also. 2. You may need to enter additional information or take other action.

/var/spool/sw/swagent. The swverify command can be used to verify a patch bundle or even a single patch. For example: swlist -d -l bundle @ 11isys:/cdrom/HWEnable11i/GOLDAPPS11i # Initializing..log beneath the depot directory (for example. If you experience problems with one of the SD-UX commands. For depot operations. where task is the name of the command. This log is located at /var/adm/sw/swagent. it includes the output from installation scripts. WARNING: Ignoring unknown keyword "hp_mfg" at line 142. swverify checks software states. file existence and integrity. These verify the actions taken and begin the preparations as the next cycle begins. the swagent log is a good place to look for more information.00 system to list bundles on an HP-UX 11i system may generate warnings. WARNING: Ignoring unknown keyword "hp_mfg" at line 229. but it is recommended that a wildcard be used to verify all products and patches on the system. and swremove.. which would not be in the command log file for swinstall. a few final steps are required.log. When verifying installed software.. For example. swcopy. This log file is much more complete. The cleanup command can also help you manage SD-UX log files. 46 Patch Installation .) A swagent process performs the actual operations for each of the many SD-UX commands. dependency relationships. WARNING: Ignoring unknown keyword "hp_mfg" at line 64. swagent logs messages to the file swagent. (You can specify a different logfile by modifying the logfile option. The swverify command is provided as a method to compare the data within the IPD with the actual system directories and files.log. Finishing Touches Once the installation has completed.Finishing Touches Usage Tip Using the swlist command on an HP-UX 11. This can be done using: swverify \* Checking the Logs Each SD-UX command logs messages to /var/adm/sw/sw<task>. See “Cleanup Command” on page 22 or “The cleanup Command” on page 72.. See the SD-UX manual for more information.log). This contains a terse summary of command activity. The swverify command Software Distributor maintains a database of software that it controls known as the Installed Products Database or IPD. including swinstall. # Contacting target "hpfclc1".

If Prod. This appendix defines the basic patch terminology and concepts. It may deliver defect fixes.Appendix A Basic Patch Concepts Patch management differs in many ways from standard forms of software management. A patch may be loaded in reaction to a system failure. it would rely on external tools or people that do have an understanding. and in some cases new functionality.FSD is loaded at a later date. it is possible for several patches to modify a single product or for a single patch to modify several products. and will not load PHCO_0100. While it is possible to create a support solution without an understanding of these concepts. HP-UX Patch Management 47 . For HP-UX 11. a fileset is created for each ancestor fileset. in practice ancestors are managed between grouping of files known as filesets (see Appendix B. performance enhancements. Working with groups of files. This fileset is given the same name as that ancestor. When PHCO_0100 is installed. Patch Mechanics Ancestors and Patches Ancestry is one of the basic concepts of patch operations. For a patch that delivers a new version of a single file.FSD is not present.FSD. The importance of this can be seen through a simple thought experiment of loading PHCO_0100 onto a system that has Prod installed without fileset FSD. The specific details regarding execution are left to the following chapters. the ancestor delivered the original version of that file. the patch can be installed again. While the concept of ancestry can be applied to a single file. with only the PHCO_0100. Figure 15 provides a simple example of the four filesets of product Prod being modified by the patch PHCO_0100. This indicates that the FSD fileset was not needed by that system. or to proactively avoid encountering a known problem in the future. A patch is an incremental change to the released software. The ancestor of a patch is defined as the preexisting software that is being modified or replaced.FSD fileset actually being processed. “SD-UX Tools & Objects”).X patches. the system will determine that fileset Prod. Certain terms and actions exist solely within the patch space.

One of the key differences is the ability to perform patch rollback to restore the pre-patched behavior. these saved files are restored. the presence of a superseding patch will prevent the installation of any preceding patch.FSB One Patch Multiple Filesets Product Prod Prod. When a patch is loaded onto a system. When this happens. the version delivered with the original product (v1. HP-UX 11. FIGURE 16. Patch Supersession Chain PROD. both having a of revision 1.FS supersession chain of Figure 16.X Patch and Ancestors Patch PHCO_0100 PHCO_0100.FSA PHCO_0100. is initially patched by PHCO_1000. Patch Rollback The installation of a patch differs from the installation of a product in several ways.FSD PHCO_0100. it remains on the system. This means that any individual patch supplied by HP must completely contain all aspects of any preceding patch. 48 .FSD Patch Supersession Patches for HP-UX products are required to be cumulative.0.FSC Prod. Figure 17 shows the save areas for the Prod. Since patches are designed to be cumulative. Only the top patch of the chain is in the active (applied) state.o and bar. but as each superseded patch returns to the active state it becomes a candidate for removal in future sessions. A series of patches. Only the active member of a supersession chain can be removed. This patch is superseded by PHCO_2000 which is superseded in turn by PHCO_3000.o.FSC PHCO_0100.Patch Mechanics FIGURE 15.0) is stored in a save area associated with PHCO_1000. it delivers a new version of foo.FS fileset contains the relocatable object files foo. When a patch is superseded. The newer patch is said to supersede all earlier patches. the patch numbers increase along a patch supersession chain. but is not active. The Prod. it is not required to have all patches in a supersession chain installed.FSB Prod. In fact. an earlier patch could replace files with earlier or outdated versions. In general. When PHCO_1000 is loaded. forms a supersession chain (Figure 16). If this were not the case. each replacing the previous patch.FS PHCO_1000 PHCO_2000 PHCO_3000 The SD-UX-packaged product Prod.FSA Prod.o. the default behavior is to save copies of all files patched prior to loading the new versions. If the patch is removed.

o.1 bar. a patch may require changes in other areas of the system.o. and the existing files on the system are preserved in a save area associated with PHCO_3000.o that was delivered by PHCO_1000.o. As can be seen in the diagram.0 foo.text file field(s) used will be noted as appropriate for each type. Because patches are cumulative. even though it did not change.FS foo.r=1.2 bar.FS to the original state.Patch Dependencies FIGURE 17. Also. (See Appendix C. The versions of foo. It requires disk space that may be needed for other applications or data. the files found within its save area are restored to the system. The disk space used to support patch rollback may be reclaimed through patch commitment.1 bar. “The Patch Text File” for more information.o. As a cumulative patch.o. the associated save area is deleted and the patch cannot be directly removed. it is important that the areas affected by a single patch are limited. a patch may document a dependency against patches responsible for these other areas.r=1.r=1. if any patch in a supersession chain is committed. When a patch is committed to the system.1 PHCO_3000 foo.1 foo. and the save area disk space for those patches is also reclaimed.o that are on the system before loading PHCO_2000 are then stored in the save area.2 PROD. Patch Dependencies To become fully active. cumulative patching ensures that the amount of change delivered by a patch will increase during the life of a supersession chain. and patch PHCO_2000 again becomes the active patch.o.0 foo. it must also deliver the version of foo.r=1. Patch Rollback PHCO_1000 PHCO_2000 foo.o.r=1.r=1. eventually returning Prod. Finally.o. reinstalling the committed patch will not restore the rollback ability. Each patch could be removed in turn.) HP-UX Patch Management 49 .1 When PHCO_2000 is loaded. If patch PHCO_3000 is removed from the system.r=1.o.0 Patch Save Area foo. any prior patches lose the ability to be restored. patch PHCO_3000 delivers new version of both files. How? Because the information lost is of the state prior to the installation of the patch. Patch Commitment The rollback mechanism is not without cost. it delivers a new version of bar.o. and in some cases multiple copies of the same file will be preserved.r=1.0 bar.o.1 bar.r=1. The product remains patched until updated to a new version or removed from the system.r=1. The different types of dependencies are documented in the text file or readme attribute of each patch.o.r=1. The. In these cases.o.r=1.o and bar.

but the dependency must be loaded first for the requirement to be satisfied. Manual dependencies are indicated by the manual_dependency category tag and are listed in the PDep or Other Dependency field of the patch text file or readme attribute. In 11. SD-UX can register and automatically manage required patch levels. This analysis is done by the SD-UX tools through some additional attributes within patches and by enforcing the registration of patch dependencies within each patch. there are some cases where special types of dependencies may be encountered. their supersessions and their dependencies and then install the appropriate patches.Patch Dependencies Dependency Types While the dependencies of a patch are generally quite simple. These include optional dependencies that are required under specific circumstances or hardware dependencies below the system level.) As long as the desired patch and its dependencies are loaded on the depot. Enforced Patch Dependencies The ability to manage patch dependencies was not included in the original design of the SD-UX. • Other Dependencies There are dependencies that cannot be described in a simple manner.00. All such miscellaneous dependencies are explained in the Other Dependencies field. if a patch has a dependency on a superseded patch. These are documented in the Patch Dependencies field and/or the Special Installation Instructions field. A dependency that is not directly enforceable by SD-UX (although patch scripts can provide indirect enforcement). there is no way for SD-UX to recognize that the latest patch in the supersession chain has to be loaded. swinstall and swcopy will analyze the patches. Standard dependencies are documented in the Patch Dependencies field. • Ordered Dependency An ordered dependency is an installation-time software dependency without any exceptions or conditions. An example would be that the commands in PHCO_1000 cannot be used without the kernel support of patch PHKL_1234. However in 11i. (See “Viewing Dependency Information” on page 51. 50 . Three types of dependencies are used in HP-UX 11i: Table 2: HP-UX 11i Dependency Handling Dependency Type Description Corequisite Prerequisite Manual dependency A standard dependency listed in the PDep field of the patch text file and automatically enforced by SD-UX. otherwise known as a line-in-the-sand patch. An ordered dependency listed in the PDep field of the patch text file and automatically enforced by SD-UX. The contents of these patches may be modified by subsequent patches but they are not meant to be superseded. • Hardware Dependency Certain patches are only applicable to specific system models. • Standard Dependency The standard dependency is an execution-time software dependency without any exceptions or conditions. The ability to automatically resolve superseded dependencies for patches was not implemented because of time constraints. SD-UX tools acquired the ability to manage patches natively (without scripts) and thus static dependencies.00. In 11. These system-level dependencies are documented in the Hardware Dependencies field. This is why SD-UX can resolve static dependencies: they don’t run the risk of being superseded. Static dependencies are those which involve a consolidated patch.

the requirement of requisite registration is waived. • General Release A status of General Release indicates a patch that is approved for widespread use and is the active member of the supersession chain. 11. The ITRC data. The following patch states are used by all patches that should be available to customers. it will contain all known fixes to date for the target software. When this happens. If not then proceed with the copy or installation. This section examines some of these properties.text file is described in detail in Appendix C. HP-UX Patch Management 51 . • Special Installation Instructions—this field often includes explanatory text for patches listed in the Other Dependencies field. or in some cases extends the original functionality. For example: swlist -d -l product -a readme PHKL_23400 @ /MyDepot The HP-UX Patch An HP-UX patch is a partial delivery of software that fixes defects found in the original. If the patch is multi-release then (since 11. This is the manual_dependencies tag. • Other Dependencies—patches listed in this field are conditional dependencies but are not detected by the patch database.text file reflects the initial state of the patch due to the static nature of the file. provide the current patch state. The current release state. the patch will contain a category tag which states that the user must manually resolve any dependencies. if the dependency relationship is more complex than the grammar for requisites can support. can be found within the . The following command checks for this tag in the patches within depot /MyDepot: swlist -d -l product *. Patch Status Almost every patch created is intended for general release to all customers. you must consult the following fields in the patch text file: • Pdep—patches listed in this field are not enforceable but can be detected and listed by the patch database. and in particular the Patch Database itself.The HP-UX Patch Two situations may result in unregistered dependencies.00” on page 35. In addition. then for each of those patches.X patches include internal readme files that you can view with the swlist command. known as the patch status. Each patch includes a set of properties that are documented in an associated text file.text file and is also displayed when viewing patches within the ITRC. but the patch may transition into different release states. Any value other than those listed here denotes a patch that should be restricted and used only with full understanding and great caution. Viewing Dependency Information To review patches with manual dependencies. you must perform a manual dependency analysis such as the one outlined in “Dependency Analysis for HP-UX 11. The data within the .00 cannot handle the new functionality) the patch will not register its dependencies. the. You should check for this tag every time that you want to install from a bundle or depot to make sure that there are no external dependencies.c=manual_dependencies @ /MyDepot If this command yields some patch names. As the newest available patch. “The Patch Text File”. Also.

or system hang. and not the probability that it will be encountered. While there may still be compelling reasons to install such a patch (such as a performance enhancement).The HP-UX Patch • Special Release A special release patch is an active patch that was not intended for use by all customers. The Critical Patch While each patch is created to improve upon the original version of the ancestor software. Applicable to both General and Special Release patches. The currently defined patch types are: PHCO PHKL PHNE PHSS Commands and libraries Kernel Networking All other HP-UX subsystems 52 . The numeric field. it enters the superseded state. Patches are marked as being critical in response to the severity of a failure. • Critical The patch delivers a new fix for a critical failure. but delivers critical content that was introduced within a patch that has been superseded within the same patch chain. Patches cannot be partially recalled. each system administrator should review the issues documented in the recall notice with the value of the current patch fixes and cost of system change. As with superseded patches. A patch can be classified into one of three categories: • Not critical No part of the patch addresses a critical failure. certain patches address issues of the highest priority and are considered critical. a patch may be recalled and removed from general distribution. The severity of the defect is such that the patch should be evaluated for applicability to local systems and environments. called the patch number. • General/Special Recalled Under certain conditions. is unique for a patch regardless of patch type. you may choose to proactively load a critical patch to avoid a possible failure. there is no reason to take any immediate action. Even if you take a very conservative approach to changing your system. the correct action for a specific system may vary. Patch Identification An HP-UX patch name consists of a four-character type identifier followed by an underscore followed by a four or five digit numeric field. • General/Special Superseded When an active patch is replaced by a newer version. Examples of conditions that cause a patch to be marked critical include data loss. • Not critical. system panic. The known qualities of an older patch may have greater value than the non-critical improvements. Patches may be created as special release if a set of customers require nonstandard behavior or configuration-specific change that would cause problems for others. patch supersession should not be considered in a negative manner. but supersedes a critical patch The patch does not contain critical fixes. they may not be critical. data corruption. While the newer patch should contain additional fixes. and while the generic recommendation will be to remove and replace the patch.

The HP-UX Patch This naming convention is not recognized by the SD-UX software management tools. see “Patch Related Object Attributes” on page 56. and the list of files contained within the patch. HP-UX 11. special installation instructions (if any).depot file is an SD-UX tape-style depot containing the actual patch. These sources are described in more detail in chapter 3. These are the . HP-UX Patch Management 53 . The .text file is the complete documentation for the patch.X patches are also marked through the is_patch and is_sparse attributes and the patch category tag. including descriptions of the symptoms and defects repaired by the patch. When exercised by the shell. Shell archives are a useful and portable method to package groups of files for transfer between Unix-based systems. The Patch Shar File The shar(1) utility is used to produce a shell archive file. For more information on these and other attributes. When a patch is acquired individually from the Patch Database within the ITRC or from the Fulfillment Server (FFS). dependencies.text files. it is packaged as a shell archive. “Acquiring Patches”.depot and . the patch shell archive will recreate two files within the current working directory. The .

The HP-UX Patch 54 .

you should avoid selecting patches at the fileset level. SD-UX is included with the HP-UX Operating System and by default manages software on the local host only. This appendix does not present a comprehensive view of SD-UX. Many patch operations involve some aspects of the SD-UX tools. Consult the SD-UX manual for more information.Appendix B SD-UX Tools & Objects This appendix provides an overview of Software Distributor commands for HP-UX (SD-UX-UX) commands and concepts as they apply to patching.hp.com. grouped into a manageable unit. This appendix does not discuss SD-UX remote operations or installations involving alternate roots. but you need only a small subset of SD-UX functionality for patching operations.00) • Software Distributor Administration Guide (for 11i) These manuals are available at http://docs. Selecting patches by fileset level may cause a fix to be only partially applied. You can also enable SD-UX to install and manage software simultaneously on multiple remote hosts from a central controller. A fileset may include scripts that control installation and removal. consult the SD-UX manuals: • Managing HP-UX Software with SD-UX (for 11. In general. It describes a unique subset of the files that make up a product. HP-UX Patch Management 55 . This section gives you a simplified view of the object types that relate to patches. and patch filesets are delivered only within a patch product. SD-UX functionality that is not appropriate for patching is not discussed. patches are created and managed at the product level. The Basic SD-UX Object Types Software Distributor uses a variety of object types. The Fileset A fileset is one or more related files. Therefore. You can find formal definitions in the SD-UX manual or the sd(4) man page. even though SD-UX permits this kind of selection. For in-depth information.

You can view SD-UX object attributes with the swlist command. • Indicates the fileset that this fileset modifies. each modifying a different fileset found on the HP-UX 11.fr=B.11.fr=B. serial file that contains products or bundles. HP provides several types of standard patch bundles.00.X patches that require customization include SD-UX control scripts at the product level.VXFS-BASE-KRN. The Bundle A bundle encapsulates products and filesets into a single software object. The Depot A depot is a directory that contains software products or bundles that are available for direct or remote installation.fr=B.00. See “HP Patch Bundles” on page 15 for more information. which contains three filesets. • Lists all of the patch filesets that have modified this fileset. ancestor • Applies to filesets. (See “Software Specifications” on page 73 for more information on software_spec.v=HP JournalFS. • The following example shows patch PHKL_18543.) 56 . More than one bundle can contain the same software objects.11. applied_to • Applies to patch filesets.VXFS-BASE-KRN PHKL_18543. Bundles provide a convenient way to group software objects together for easy selection.g.C-INC. A depot can also be a distribution media (e.v=HP JournalFS.00 release. Attributes control aspects of patch behavior and define patch properties and relationships. HP-UX 11.C-INC PHKL_18543.VXFS-PRG ProgSupport.Patch Related Object Attributes The Product An HP-UX patch is structured as a single SD-UX product that contains one or more filesets. The patch-related attributes are described below. swlist -l fileset -a ancestor PHKL_18543 # PHKL_18543 PHKL_18543. • Contains the software_spec of the ancestor fileset that this patch fileset modified when it was installed.v=HP applied_patches • Applies to base (non-patch) filesets. A bundle can be thought of as a virtual “configuration” of software. See “The swlist Command” on page 66 for more information. You can change the contents of a depot. Patch Related Object Attributes Each of the objects described in “The Basic SD-UX Object Types” has a set of properties known as attributes.. CD or tape) or a single.00.VXFS-PRG.11.

Patch Related Object Attributes category_tag • Applies to filesets or products. A patch in the applied state has not been committed or superseded. • When set to true. In HP-UX 11. In 11i. committed: A committed patch cannot be removed from the system. and others may be created by customers with the swmodify command. is_sparse • Applies to patch filesets. A committed patch is applied but not superseded. install patch PHCO_22526. • Provides a label for a fileset or product. superseded: A patch in the superseded state has been replaced by a newer member of its supersession chain. patch filesets exist in one of three conditions. A committed fileset is also in either the applied or superseded state (which state applies cannot be determined from the patch_state field). Not committed. To obtain this state in 11. is_reboot • Applies to filesets. committed: A committed patch cannot be directly removed from the system. superseded: Has been replaced by a newer member of its supersession chain. • In addition to the state attribute (also described in this section).00. A patch in the superseded state may or may not have been committed. patch_state • Applies to patch filesets.00 systems. is_patch indicates that the object is a patch. • When set to true. This ensures that a patch fileset cannot be explicitly selected when not appropriate. is_reboot indicates that installation of the fileset will cause the system to reboot. A category_tag can be used as a selection mechanism (see “Patch Hubs” on page 33). Several tags are defined during patch creation. This attribute gets rid of the ambiguity created by the committed attribute above. is_patch • Applies to both patch products and filesets. which records the installation states of software. The is_patch attribute is required for patches to be managed via the autoselect_patches or patch_match_target options of swinstall and swcopy. HP-UX Patch Management 57 . committed/superseded: A committed/superseded patch is committed and superseded. You may install PHCO_22526 to obtain the committed/superseded state described below. is_sparse indicates that the current fileset is incomplete and cannot be loaded in the absence of the fileset’s ancestor. • When set to true. the patch_state attribute records the condition of patches. depending on the order of the patch operation: applied: An applied patch contains the software that is currently active on the system and is the most recent member of its supersession chain (of one or more patches) to have been loaded. patch filesets exist in one of four conditions: applied: Same as above.

corrupt: Indicates that errors detected in the execution phase of a swcopy or swinstall process left the software in an unknown state and that the software should not be used. HP recommends that you move all patches left in the installed state to the configured state with the swconfig command. Note that all superseded filesets are included. It can be used by a swinstall or swcopy session using the depot as the source. superseded_by • Applies to patch filesets. See “Software Specifications” on page 73 for more information. Although not every patch requires configuration. or filesets. • A fileset’s state attribute (also used for non-patch software) provides useful information about the installation state of software. The transient state differs from the corrupt state in that SD-UX did not detect the failure when it initially occurred. This attribute is only set for installed patch filesets. • The readme attribute of an HP-UX patch contains the text file.Patch Related Object Attributes readme • Applied to products. (Note that 11. • Records the software specification of the fileset that superseded the fileset on a given system. Some attributes are stored in the IPD only): installed (IPD only): The software was successfully installed but not configured. software_spec • Applies to bundles. The software_spec contains the object name and any version or architecture information. The swconfig command is not discussed in this tutorial. available (depot only): The software is ready for access. An SD-UX operation leaves a fileset in one of the following states and records it in the fileset’s state attribute. supersedes • Applies to patch filesets. products. configured (IPD only): The product was successfully installed AND configured. transient: Indicates that swinstall or swcopy was killed or aborted during the execution phase leaving the software in an unknown and incomplete state. but the ordering of the superseded filesets may not match the order of the supersession chain itself. consult the swconfig(1m) man page or the SD-UX manual for more information. 58 . state • Applies to filesets. and never in software depots. No further operations are required. or fileset. • Lists all prior filesets that a patch fileset supersedes.X SD-UX-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. product. SD-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. • The software_spec attribute (short for software specification) contains the fully qualified identifier for the bundle.

HP recommends that you use only the options discussed below. swcopy . Additional concepts for using the SD-UX commands are discussed in “Other Options and Aids to Using the SD-UX Commands” on page 73. the automatic matching options(autoselect_patches. Previews the install operation without performing the actual installation. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked.registers or unregisters depots or roots. swinstall. This option affects only standard output and not the log files.modifies software product information in a target root or depot. • swinstall has numerous options that you should not use for patching because they lack dependency support. a graphical user interface is invoked.installs and configures software products. All SD-UX commands run from the command line. The swinstall Command The swinstall command is used to load patch software from a source depot and onto a target system.copies software products for subsequent installation or distribution. The GUI starts by default if you enter swinstall without any software_selections. [software_selections] Patch Related Command Line Arguments -i Use an interactive user interface. Preview mode is not enabled by default. patch_match_target) should be the preferred method for installing patches. swlist . TIPS: • Because many patches aren’t designed for individual installation. -p -v HP-UX Patch Management 59 .Introduction to the SD-UX Commands Introduction to the SD-UX Commands This appendix discusses the SD-UX commands that relate to patching. Synopsis swinstall [-i] [-p] [-v] [-s source] [-x option=value]. swreg ... swremove . The following list shows the commands. swpackage . swcopy. ordered by those most commonly used: • • • • • • • swinstall .displays information about software products.packages software products into a depot (directory or tape). swremove.unconfigures and removes software products. If the environment variable DISPLAY is set to a valid X windows display. swmodify . and swlist have an optional GUI mode. Requests verbose mode.

Since all 11i patch dependencies will be enforced by SDUX. those that do employ them are enforcing critical requirements of content and load order. For the full set of available options. Sets the specified command option to the value given. those that do employ them to enforce critical requirements of content and load order. This option should not be set to false unless directed by an HP Support Engineer. default values are shown. While few 11. All 11i patches will contain enforced dependencies except for those that meet strict exception rules.0 patches exist with dependencies enforced by the SD-UX tools. if the dependency is not present on the target system and is not selected for installation from the source depot. When software is selected for installation with an SD-UX-enforced dependency. As a result. that software will automatically be selected for installation if present in the source depot and autoselect_dependencies is set to true. this option becomes even more important and helpful. manual patch dependency analysis. autoselect_reference_bundles=true None When set to true. See “Setting Default Values for Command Options” on page 74 for more information. autoselect_patches=true Actions→Manage Patch Selection→Automatically select patches for software to be installed When loading a software product. consult the swinstall(1m) man page or refer to the SD-UX manual. any bundle wrappers within the source depot that contain software selected for installation will be automatically selected if the is_reference attribute is set to true. Note that this does not mean all of the software listed in the wrapper will be selected. option=default value Description autoreboot=false autoselect_dependencies=true Menu Path in Interactive Interface None (GUI waits for permission to reboot) Actions→→Autoselect dependencies Enables an automatic reboot upon completion of the software installation. it is especially important that this option is taken advantage of in selecting patches and avoiding unwanted configurations. (when marking software) When software is selected for installation with an SD-UX-enforced dependency.The swinstall Command -s source -x option=value Specifies the depot (source) containing the software to be installed. Patch related command options are specified below. any patches within the same depot for that product will automatically be selected for installation. This option should not be set to false unless directed by an HP Support Engineer. only the bundle wrapper itself. installation will only proceed if enforce_dependencies is set to false. Where appropriate. See “Software Specifications” on page 73 for more information software_selections Patch-Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). overriding any other values for that option. 60 . eliminating lengthy. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies.00 patches exist with dependencies enforced by the SD-UX tools. While few 11. One or more software specifications.

While on HP-UX 10. match_target=false Actions→Match What Target Has Selects all software within the source depot with an ancestor attribute that matches a fileset currently on the target system.X releases to provide this functionality. swinstall skips files that would be installed to a remote (NFS) file system (or that are already there). HP-UX Patch Management 61 .” on page 5 for notes on other options. patch_filter=software_specification Actions→Manage Patch Selection→Filter The patch_filter option can be used to specify a subset of software available to load. Setting this option to false removes this restriction. This option should not be used unless directed by an HP Support Engineer. the remote files are installed. This option is not yet recommended for general use in 11. the patch_match_target option is the preferred method for HP-UX 11. By default. While a convenient way to control disk usage. When set to true and superuser has write permission on the remote file system. mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. filesets will be reinstalled. If set to true. patch_save_files=true Options→Change Options→Save files replaced by patch for later rollback If set to false. this option can be used for 11.00 patch selection when combined with user-defined category tags. Specify the device file of the tape drive to be used as the default. patches are loaded directly to the committed state and cannot be rolled back. It is also an especially powerful tool for depot management in 11i since dependencies are dealt with correctly. reinstall=false Options→Change Options→Reinstall filesets even if the same revision exists Prevents SD-UX from re-installing (overwriting) an existing revision of a fileset. See Chapter 2. patch_match_target=false Actions→Manage Patch Selection→Automatically select patches for software installed on the target Select all patches within the source depot that modify the existing system software. source_cdrom=/SD-UX_CDROM source_tape=/dev/rmt/0m write_remote_files=false None (default cannot be changed within GUI) None (default cannot be changed within GUI) None Specify the device file of the CD-ROM to be used as the default. “Planning for Recovery. These scripts may issue errors to protect the system from incorrect patch usage. Prevents installation of files to a target that exists on a remote (NFS) file system.0 as no provision is made for dependencies.The swinstall Command enforce_scripts=true Options→Change Options→Enforce script failures Each patch may have several installation scripts associated with it.X systems this option was used to select patches within a depot that applied to the target system. this option is not recommended unless alternative recovery mechanisms are available. This is the recommended method to install patches from a managed depot (such as those provided by HP). However. swinstall requires that all filesystems listed in the systems /etc/fstab file are mounted prior to installation.

For example: swinstall -p -s grendel:/cdrom/XSWGR1100 \ -x patch_match_target=true -x autoreboot=true The swcopy Command The swcopy command copies software from one depot to another. For example. Preview mode is not enabled by default. Requests verbose mode. Specifies the depot (source) containing the software to be copied. a graphical user interface is invoked. This option affects only standard output and not the log files. If you specify a host with the directory. This can be particularly useful if software exists in several depots. or internet address. If the environment variable DISPLAY is set to a valid X windows display. Note that the swcopy command automatically registers (enables remote access to) any depot that it creates. See “Software Specifications” on page 73 for more information The absolute path name (directory location) to which you want the software_selections to be copied. (See “The swreg Command” on page 69 for more information. -p -v -s source -x option=value software_selections target_selections 62 . Sets the specified option to the value given.The swcopy Command Examples • Install from a CD mounted and registered on the system grendel: swinstall -s grendel:/cdrom/XSWGR1100 \ -x patch_match_target=true -x autoreboot=true • Use the swinstall command’s preview mode (-p option) to get an idea of what to expect for the bundle you want to install. Previews the copy operation without performing the actual copy. you can copy all of the contents of individual patches into a single depot from which the group can be loaded in a single session and with a single reboot (if needed). Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked. the syntax is host:/directory where the host name can be a name. You do not need to use the swreg command on depots created by swcopy. The GUI starts by default if you enter swcopy without any software_selections. overriding any other values for that option.) Synopsis swcopy [-i] [-p] [-v] [-s source] [-x option=value] [software_selections] [@ target_selection] Patch Related Command Line Arguments -i Use an interactive user interface. domain name. See “Setting Default Values for Command Options” on page 74 for more information. Patch related options are specified below. One or more software specifications.

that other software will automatically be selected to be copied if present in the source depot and autoselect_dependencies is set to true. consult the swcopy(1m) man page or refer to the SD-UX manual. Note that this does not mean all of the software listed in the wrapper will be selected.00 patches currently exist with dependencies enforced by the SD-UX tools. any bundle wrappers within the source depot that contain software selected for copying will be automatically selected if the is_reference attribute set to true. only the bundle wrapper itself. option=default value Description autoselect_dependencies=true Menu Path in Interactive Interface Actions→Autoselect dependencies (when marking software) When software is selected for copying with a registered dependency on other software. Setting this option to false removes this restriction. This option should not be set to false unless directed by an HP Support Engineer. files are uncompressed before swcopy puts them into the target depot. When software to be copied has an SD-UX-enforced dependency. source_tape=/dev/rmt/0m uncompress_files=false None (default cannot be changed within GUI) Options→Change Options→Uncompress files after transfer Specifies the device file of the tape drive to be used as the default. default values are shown. This will conserve disk space and can enhance performance on slower networks (50 Kilobytes/second or less). autoselect_reference_bundles=true None (default cannot be changed within GUI) When set to true. The majority of 11i patches have SD-UX-enforced dependencies.The swcopy Command Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). For the full set of available options. those that do employ them to enforce critical requirements of content and load order. mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. reinstall=false Options→Change Options→Recopy filesets even if the same revision exists Prevents SD-UX from overwriting an existing revision of a fileset. compress_files=false Options→Change Options→Compress files during transfer Setting this option to true causes swcopy to compress file before transfer to the target depot. making this option very useful. swcopy requires that all filesystems listed in the systems /etc/fstab file are mounted prior to installation. Where appropriate. if that dependency is not present on the target system and is not marked for copying from the source depot the copy will only proceed if enforce_dependencies is set to false. although it may not improve fast networks. When set to true. While few 11. filesets will be recopied. . HP-UX Patch Management 63 . See also the compress_files option. If set to true. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies.

Note that swremove has several limitations when used for patch operations: • You cannot use swremove to remove committed patches. swcopy skips files that would be copied to an NFS file system (or that are already there).8 \* @ /depots/oldsys The swremove Command The swremove command deletes software that has been installed on your system.X style depot from the system oldsys to an HP-UX 11. When set to true and superuser has write permission on the remote file system.X system. swcopy -s /cdrom/XSWGR1100 \* @ /var/tmp/MyDepot • Invoke an interactive session. files are copied to remote systems. • swremove may not always be your first and best solution for error recovery. • You should not use swremove to remove patch information that remains in the IPD after installing a new version of HP-UX. copy the contents of the XSWGR1100 depot to the local system under the /var/tmp/MyDepot directory. In HP-UX 11i you cannot remove a patch that is required by another patch. using the default depot at hostX as the source: swcopy -i -s hostX • Copy all patches in current directory to the depot /hub/patches (assuming root shell is /sbin/sh): for PATCHDEPOT in *. • Removal of a patch bundle does not automatically return you to the patch state prior to loading that bundle.depot do swcopy -s $PATCHDEPOT \* @ /hub/patches done • Copy a HP-UX 10. Examples • With the CD mounted at /cdrom.00 system and you use swremove to remove a patch. • If you are on an 11. Make sure your other recovery methods are not more appropriate before you use this command. The swremove command will fail if the unwanted patch fulfills a dependency. swcopy -s oldsys:/depot -x layout_version=0. It also removes software from depots.The swremove Command write_remote_files=false None Prevents copying of files to a target that exists on a remote (NFS) file system. you must make sure you didn’t “break” any software dependencies. Synopsis swremove [-i] [-d] [-p] [-v] [-x option=value] [software_selections] [ @ target] 64 . By default. If the patch was needed to fulfill a documented dependency then patches to satisfy the dependency must be activated via rollback or installation. see “The cleanup Command” on page 72.

HP-UX Patch Management 65 . enforce_scripts=true Options→Change Options→Enforce script failures Each patch may have several removal scripts associated with it. See “Setting Default Values for Command Options” on page 74 for more information. Requests verbose mode. consult the swremove(1m) man page or refer to the SD-UX manual. One or more software specifications. this option is very useful in maintaining patch integrity and system stability. option=default value Description autoselect_reference_bundles=true Menu Path in Interactive Interface None If true. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies.00 patches currently exist with dependencies enforced by the SD-UX tools. Preview mode is not enabled by default. Patch related command options are specified below. This option should not be used unless directed by an HP Support Engineer. . Previews the remove operation without performing the actual removal. since all 11i patches enforce dependencies. When software selected for removal has a registered dependency. the bundles will not be automatically removed. Do not set this option to false unless directed to do so by an HP Support Engineer. the target is assumed to be the system itself. However. default values are shown. These scripts may issue errors to protect the system from incorrect patch usage. If not specified. See “Software Specifications” on page 73 for more information The depot from which software is to be removed. bundles that have the is_reference attribute set to true will be automatically removed when the last of its contents is removed. While few 11. a graphical user interface is invoked. -d -p -v -x option=value software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). If false. The GUI starts by default if you enter swremove without any software_selections. removal only proceeds if enforce_dependencies is set to false. if the dependency is not present on the target system or also selected for removal from the source depot. This option affects only standard output and not the log files. If the environment variable DISPLAY is set to a valid X windows display. Where appropriate. Operate on a depot rather than installed software. Verbose mode is enabled by default. Sets the specified command option to the value given.The swremove Command Patch Related Command Line Arguments -i Use an interactive user interface. For the full set of available options. those that do employ them to enforce critical requirements of content and removal order. overriding any other values for that option. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked.

Synopsis swlist [-i] [-d] [-v] [-a attribute] [-l level] [-s source] [software_selections] [ @ target] Patch Related Command Line Arguments -i Invokes a GUI interface that lets you perform interactive software selections. SD-UX requires that all filesystems listed in the systems /etc/fstab file are mounted prior to removal. See what software is in a depot. The attributes are listed in the format: -d -v keyword value If one or more -a options are specified. then list the selected attributes in the above format. You must specify -i to invoke the GUI. • Remove all contents of the depot. then list all the attributes for an object. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked.) is essential to removing the wrapper only): swremove XSWHWCR1100. swremove skips files that would be removed from an NFS file system. 66 . Lists software depots instead of software currently installed on the target system. When set to true and superuser has write permission on the remote file system. /depots/MyDepot: swremove -d \* @ /depots/MyDepot The swlist Command The swlist command provides information on software installed on a system or located in a depot. See what depots are available on remote systems. leaving any contents present (Note that the trailing period (. it never starts by default. If the environment variable DISPLAY is set to a valid X windows display. Check attributes of software. If no -a options are specified. a graphical user interface is invoked. write_remote_files=false None (default cannot be changed within GUI) Prevents removal of files from a target that exists on a remote (NFS) file system. Browse the patch documentation. Examples • Remove only the bundle wrapper XSWHWCR1100 from the system.The swlist Command mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. Setting this option to false removes this restriction. By default. one attribute per line. files are removed from remote systems. More specifically: • • • • • See what’s installed on a system.

Specifies the detail of the swlist output.fileset format) with the associated revision and description. You can also specify the sources as target depots and list them using the -d option. A comment (marked by a leading # character) precedes each block giving the name. • product List all products with revision and description for each. Each file is preceded by the product and fileset that is the registered owner of that file. The values used include: -s source software_selections target -l level • file List all files recorded in the IPD. As is the case with their respective levels. revision. If not specified. the bundles and products are listed with revision and one-line description. • depot List all registered depots on the target system. followed by the associated description and current patch_state. This is an alternative way to list a source depot. One or more software specifications. While this option may be specified multiple times. The listing is sorted by ancestor. the ordering of the arguments does not control the format of the list.The swlist Command -a attribute The named attribute is included in the listing when defined at the specified level. • patch List all patch filesets using the full software specification. and description of the product or fileset to be listed. See “Software Specifications” on page 73 for more information The depot to be listed. Specifies the software source to list. • fileset List all filesets recorded in the IPD (in product. revision. the target is assumed to be the system itself. HP-UX Patch Management 67 . The listing may be limited in scope by the software_selections specification. A comment (marked by a leading # character) precedes each block giving the name. swlist displays all bundles within the depot followed by any products not contained within a bundle. • default (no level specified) When no level is specified. and description of the product. • bundle List all bundles with revision and description for each. • category List all category tags currently defined within the target depot. and all products and filesets are listed as a comment showing revision and description before any patch fileset that apply to it.

option=default value Menu Path in Interactive Interface The swlist command lists the contents of the IPD. whether or not they are superseded.00 swlist functionality can be turned on in an 11i system (all patches in the IPD are listed). In 11i.The swlist Command Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). swlist lists all patches in the IPD. However.00 system. default values are shown.c=patch @ grendel:/var/MyDepot • List the filesets modified by installed patch PHSS_8675 swlist -a ancestor PHSS_8675 • List all of the files delivered within patch PHCO_12140 after downloading from the ITRC: swlist -d -l file @ /tmp/PHCO_12140. swlist only lists those patches which are active on the system. to get the 11i functionality on an 11. consult the swlist(1m) man page or refer to the SD-UX manual. In 11. 68 . For the full set of available options.show_superseded_patches=false must be added to the /var/adm/sw/ defaults file. show_superseded_patches=false Examples • List all patches in the depot /var/MyDepot on the system grendel: swlist -d -l product *. By setting this option to true the 11.00 systems.depot • List all patches that have modified the LVM product swlist -l patch LVM • Display the documentation for all patches containing critical functionality swlist -a readme -l product *. Where appropriate. patch PHCO_22526 must be installed and swlist.c=critical • List all category tags defined in the depot /var/MyDepot on the system grendel swlist -d -l category @ grendel:/var/MyDepot Also see “Software Specifications” on page 73 for more examples.

While other levels of SD-UX objects may be modified by swreg. WARNING: With the exception of committing patches and creating category tags. Unregistration of a depot can be a convenient way to limit access during development. the swmodify command lets you change the contents of these files via the command line. Although you cannot edit the IPD or catalog files directly. This option affects only standard output and not the log files. -u -v objects Patch Related Options None. (Note that unregistered depots are still available locally.The swreg Command The swreg Command The swreg command registers or unregisters an existing depot. the swmodify command is not recommended for general usage. Causes swreg to unregister the specified objects instead of registering them. Specifies the path to the object[s] to be registered or unregistered. Improper alteration of the information in the IPD could cause unexpected behavior during subsequent patching or system updates and leave your system in an unsupportable state. Examples • Register the patch depot XSWGR1100: swreg -l depot /cdrom/XSWGR1100 • Disable remote access by unregistering the depot XSWGR1100 (local access is still enabled): swreg -u -l depot /cdrom/XSWGR1100 The swmodify command SD-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. they are not within the scope of this tutorial. Synopsis swmodify [-d] [-p] [-v] ]-a attribute[=value]] [-x option=value] [software_selections] [ @ target] HP-UX Patch Management 69 . Requests verbose mode. consult the swreg(1m) man page or the SD-UX manual. (For the full set of available options. it can be accessed from remote systems.) Synopsis swreg -l depot [-u] [-v] [objects] Patch Related Command Line Arguments -l depot Perform operations on depots. When a depot is registered.

Multiple -a options can be specified. modify. consult the swmodify(1m) man page or refer to the SD-UX manual Menu Path in Interactive Interface Commits a patch by removing files saved for patch rollback. the target is assumed to be the system itself. -d -p -v -x option=value Perform modifications on a depot. you cannot remove the patch unless you remove the associated base software that the patch modified. Where appropriate. overriding any other values for that option. The given target must be a depot. When set to true. The default value is false. For the full set of available options. then delete the attribute from the given software_selections (or delete the value from the set of values currently defined for the attribute). software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). Requests verbose mode. See “Software Specifications” on page 73 for more information The depot to be modified. default values are shown. Patch related command options are specified below. This option affects only standard output and not the log files. Previews the modify operation without modifying anything. If the -u option is specified. See “Setting Default Values for Command Options” on page 74 for more information. If not specified. Otherwise add/modify the attribute for each software_selection by setting it to the given value. this option removes the saved files for the patches specified in the software selections for the command. Preview mode is not enabled by default. Once you have run this option on a patch. Sets the specified command option to the value given. One or more software specifications.The swmodify command Patch Related Command Line Arguments -a attribute[=value] Add. Each attribute modification will be applied to every software_selection. option=default value patch_commit=false Examples • Commit the patch PHKL_1234 and remove its corresponding rollback files: swmodify -x patch_commit=true PHKL_1234 • Mark all patches in the depot /depots/newpatches with a new category tag to indicate that they have been approved: swmodify -a category=approved \* @ /depots/newpatches 70 . or delete the value of the given attribute.

This creates smaller depots. The tape can be used in the absence of networking support. default values are shown.8. Where appropriate. Either method can be used to transport the contents of a depot to another system for local access. The device file must exist so that swpackage can determine if the media is a DDS tape or a disk file. overriding any other values for that option. If you are creating a distribution tape. Refer to the swpackage(1m) manpage or the SD-UX manual for more information. Defines the type of distribution to create. Sets the specified command option to the value given. An existing directory depot (which already contains products) to be used as the source.0 (default) and 0. Without this operand. and the tape depot could be provided via ftp(1). /var/spool/sw is used as the default depot directory. This option affects only standard output and not the log files. Without this operand. this command allows the transfer of software onto a tape or into a tape depot which can then be used as a software source. See “Setting Default Values for Command Options” on page 74 for more information. this operand defines the location of the directory. Preview mode is not enabled by default. Synopsis swpackage [-p] [-v] [-s directory] [-x option=value] [software_selections] [@ target] Patch Related Command Line Arguments -p -v -s directory -x option=value Previews the package operation without performing the actual packaging.0 Menu Path in Interactive Interface Setting this option to true causes swpackage to compress files before packaging them. One or more software specifications. swpackage uses the device file /dev/swtape. software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). For the full set of available options. target_type=directory HP-UX Patch Management 71 . option=default value compress_files=false layout_version=1. Supported values are 1. Patch related command options are specified below. Requests verbose mode.The swpackage command The swpackage command While primarily used to create depots from source files. Specifies the POSIX layout version to which the SD-UX commands conform when writing distributions. The recognized types are directory and tape. this operand names the device file on which to write the tar archive. consult the swpackage(1m) man page or refer to the SD-UX manual. See “Software Specifications” on page 73 for more information If you are creating a distribution depot (directory).

Synopsis show_patches [-a] [-s] [-l product|fileset] Patch Related Command Line Argument: default -a -s -l level If no options are specified.X. 72 . Notify the user of cleanup tasks and request confirmation before actually removing any patch information. The cleanup command is not delivered with HP-UX. but as a patch. Active patches are those which have not been superseded by newer patches on the system. The cleanup utility also allows patches to be committed across the entire system. These patches are removed from the IPD so that they are no longer displayed in the output of the swlist command. Currently available as patch PHCO_19550. Superseded patches are those that have been replaced by newer patches on the system. -d The show_patches Command The show_patches utility displays active and superseded patches in a formatted output. Display the superseded patches on the system.log. Determine which patches in the software depot have been superseded by patches also available from the depot. Determine which patches that are included in the Installed Product Database are 10. show_patches displays the active patches at the SD-UX product level.X patches that are remnants from an upgrade to HP-UX 11. The utility uses the SD-UX patch attributes patch_state and superseded_by to determine which patches are active and which are superseded. It is used to remove any patches for earlier releases from the Installed Product Database after updating to a newer version of HP-UX. which may be easier to interpret than the output of the swlist command. Display the active patches on the system. Display the patch information at the SD-UX product or fileset level.The cleanup Command Examples • Re-package the entire contents of the depot /var/spool/sw onto the tape at /dev/rmt/0m: swpackage -s /var/spool/sw -x target_type=tape @ /dev/rmt/0m The cleanup Command The cleanup command provides functions useful when dealing with HP-UX patches. It is also used to remove patches from a software depot if they have been superseded by patches also available in the same depot. The cleanup command logs all information to /var/adm/cleanup. Synopsis cleanup [-n|-p] -i cleanup [-n|-p] -d <depot> Patch Related Command Line Arguments -p -n -i Preview the cleanup task but do not actually remove any patch information. These superseded patches will be removed from the software depot.

a=HP-UX_B.11.a=HP-UX_B. you usually only need to refer to a patch or bundle name.fileset]][. From an interactive session.00_32 PHKL_18543.00_32/64.a=HP-UX_B.r=1.C-INC PHKL_18543.fa=HP-UX_B. You can also save session information from interactive or command-line sessions.11.l=/.product[.00_32/64 PHKL_18543.v=HP.a=HP-UX_B.00_32/64.l=/.11.11.r=1. If you select a product. and filesets can be specified only within a product.v=HP. and target hosts are saved before command execution actually commences.a=arch][.11.last.0.11.CORE-KRN.Other Options and Aids to Using the SD-UX Commands Other Options and Aids to Using the SD-UX Commands Software Specifications When an SD-UX command can be supplied a software selection. The software specification for the patch product appears in the output as a comment.v=HP.version] bundle[.11.r=1.00_32/64.00_32 PHKL_18543.0.0.VXFS-ADV-KRN. Each invocation of an SD-UX command defines a session.l=/.fa=HP-UX_B.VXFS-PRG PHKL_18543.v=HP PHKL_18543. save session information by executing swinstall or swcopy with the -C session__file option. If you do not specify a directory.0. A session file uses the same syntax as the defaults files (see “Setting Default Values for Command Options” on page 74). If you explicitly select a bundle.C-INC.v=HP.l=/. You can specify an absolute path for a session file.a=HP-UX_B.v=HP.version] where the version has the form: [r=revision][. source information.r=1. software selections. This file is overwritten on each invocation.a=HP-UX_B.00_32/64.0.a=HP-UX_B.v=HP.VXFS-BASE-KRN.fa=HP-UX_B.fileset][.00_32/64.00_32/64. For patch operations.c=category] (The version may also have a l=location component that applies only to installed software and refers to software installed to a location other than the default product directory. Each session is saved to the file $HOME/.11.00_32 PHKL_18543.sw/sessions/{command}. The software specification takes one of the following formats: product[.fa=HP-UX_B. You can use the swlist command to display this information.fa=HP-UX_B. A software specification must name either a product or a bundle.00_32/64 Session Files Session files let you save your work from a command session.0. A software specification is a unique identifier for an SD-UX software object.VXFS-PRG. This lets you re. the default location for a session file is $HOME/.v=vendor][.sw/sessions/. product.KERN2-RUN PHKL_18543.11.) The software_spec attribute contains the full software specification for any bundle. all filesets within that product are also selected. # swlist -l fileset -a software_spec PHKL_18543 # PHKL_18543 PHKL_18543.11.r=1. or patch (see “Patch Related Object Attributes” on page 56).r=1.KERN2-RUN.CORE2-KRN.11.11. HP-UX Patch Management 73 .00_32/64.l=/.r=1. you can save session information into a file at any time by selecting the Save Session or Save Session As option from the File menu. all products within the bundle are also selected. From a command-line session.r=1.0.a=HP-UX_B.VXFS-ADV-KRN PHKL_18543.11.l=/.11.00_32/64. The following example shows how swlist can create a list of the software specifications for a patch at the fileset level.11.00_32/64 PHKL_18543.fa=HP-UX_B. The invocation options.fa=HP-UX_B.v=HP.00_32 PHKL_18543. the selection is comprised of one or more software specifications.CORE2-KRN PHKL_18543.l=/.execute the command even if the session ends before proper completion.0.CORE-KRN PHKL_18543.VXFS-BASE-KRN PHKL_18543.l=/.

type: /usr/sbin/swagentd -r 74 . They can also be changed using the GUI Options Editor. Option values in /var/adm/sw/defaults file affect all users in a system.defaults is only usable as a template for copying to other option files. Option values in your personal $HOME/. or command line changes. Setting Default Values for Command Options SD-UX commands have extensive options that alter command behavior. use the Recall Session option from the File menu. Options in the defaults file are read as part of command initialization. For system-wide policy setting. Option values changed on the command line affect only that activity. after changing daemon options. that individual users may override these values with their own $HOME/. 2. Likewise. 4.Other Options and Aids to Using the SD-UX Commands To re-execute a saved session from an interactive session. default values. use the /var/adm/sw/defaults file. NOTE: Use of session files is not recommended with swremove because the session file could include software selections that you do not want included in the removal operation. The /usr/lib/sw/sys.defaults file is a template that lists and explains each option. however. Option values in /usr/lib/sw/sys. Keep in mind. specify the session file as the argument for the -S session__file option of swinstall or swcopy. all other allowable values. any command line options or parameters that you specify when you invoke swinstall or swcopy take precedence over the values in the session file.sw/defaults file. the daemon must be restarted for these options to be recognized.defaults). 5. Option values in a session file affect activities only for that session and revert when that session is completed. Note that when you re-execute a session file. the values in the session file take precedence over values in the system defaults file.]option=value These rules govern the way the defaults work: 1. To re-execute a session from a command-line. Because the daemon is already running. These values can also be overridden by specifying an options file with the -X option_file command-line option or with one or more -x option=value options directly on the command line.sw. Values in these option files are specified using this syntax: [command. 3. session files. Altering option values and storing them in a defaults file can help when you want the SD-UX command to behave the same way each time the command is invoked. and the resulting system behavior for each. To restart the daemon.sw/defaults file affect only you and not the entire system. These options are listed as comments that you can copy into the system defaults file (/var/adm/sw/defaults) or your personal defaults file ($HOME/.

all other subsystems: X11. NE . KL .general HP-UX commands.kernel patches. Starbase.Appendix C The Patch Text File The Patch Text File Fields Patch Name The name of the patch. and depot files as well as the patch product and (in HP-UX 10. Creation Date The date that the patch was created.network specific patches.X releases) the patch fileset.an HP-UX subsystem patch name. Patch Description A one-line description that describes this cumulative patch. This identifier is used for the patch shar. xx = area patched: CO . SS . yyyyy = a unique number Example: PHSS_14014 . HP-UX Patch Management 75 . Format is: PHxx_yyyy where: PH = Patch HP-UX. etc. text.

com). • SP = Special Release site-specific patches for installation at one specific customer or set of customers. Path Name The path name is the patch’s storage location on the HP Electronic Support Center ftp server (ftp://us-ffs. and dependency requirements. The current choices for supported releases are: /hp-ux_patches/s700_800/11. Causes a major application to fail such that the system’s operation is severely impacted. Causes data loss or corruption.hp.external. where: • GR = General Release patch should be installed on all systems meeting the OS. the value in this field is N/A.The Patch Text File Fields Post Date The date that the patch was posted for general distribution.OS Releases The hardware platforms and HP-UX OS releases on which this patch can be installed.e. If the patch is for the core operating system. and other non-GR patches. A problem is critical if it: • • • • Causes the system (OS/kernel) to fail/crash/panic. Products This field lists the product name and all product revisions to which this patch applies if it is a patch for an optional product. Automatic Reboot? Yes/No (whether or not this patch requires a reboot after installation). Status This is the support status of the patch. product. i. either GR or SP. This flags the Critical status of this patch and all superseded patches. Filesets This is a list of all the filesets which contain one or more files included in this patch. a non-core operating system product.X/PHxx_yyyy 76 . Delivers a fix related to processing dates in the year 2000 and beyond. A patch is considered critical if it fixes a critical problem or it supersedes a patch fixing a critical problem. Critical Yes/No followed by text. Hardware Platforms .

o). An SR is a formal request from a customer to have a defect resolved or a feature added to HP software. what(1) Output The output from what(1) for each file or library object file listed in the Patch Files field. Defect Description A detailed description of the defect that specifically addresses the explicit conditions which caused the problem (if known). Patch Dependencies All patches that must be installed to insure proper operation of this patch. If the patch replaces an object module in a library. SR All Service Request (SR) numbers addressed by this patch and all its predecessors. Other Dependencies Any non-patch and non-hardware dependencies that may exist. and thereby. verify that the patch is installed. HP-UX Patch Management 77 .The Patch Text File Fields Symptoms The external symptoms of the problem.o in the library /usr/conf/lib/libhp-ux. the full path of the library is listed with the object module following in parentheses.13 $ Patch Conflicts All known patch conflicts. if a patch replaces the object module vers.a(vers. For example. The what string is a way to identify the software version. specifically what a user would experience. Patch Files The full installed path name of all files in this patch.a the path listed would be /usr/conf/lib/libhp-ux. Hardware Dependencies Specific system models to which this patch is limited. Example: $Revision: 1. Also include methods to verify if the patch needs to be installed. both on a file basis as well as on a behavioral basis. and how to reproduce the problem (if known). Supersedes A list of all patches replaced by this patch.

The Patch Text File Fields Equivalent Patches All equivalent patches for other hardware platforms and OS releases not including this patch. Special Installation Instructions Any special instructions not included in those mentioned above. 78 . Patch Package Size The SD depot size in Kilobytes. These instructions have been included in this tutorial. Installation Instructions The standard installation instructions common to all patches.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->