P. 1
HP-UX Patch Tutorial

HP-UX Patch Tutorial

|Views: 1.732|Likes:
Publicado porheinerhardt

More info:

Published by: heinerhardt on May 13, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/09/2013

pdf

text

original

Sections

  • Overview
  • Getting Help
  • Other Sources of Information
  • HP-UX Technical Documentation
  • HP Software Depot
  • Interex
  • HP-UX Administrators Mailing List
  • Other Web Resources
  • CHAPTER 2 Planning for Recovery
  • Recovery Planning and Patching
  • The Root Volume Group
  • Separating Volatile Data from Stable System Data
  • Preserving Configuration via NIS or DHCP
  • File System Guidelines
  • Ignite-UX
  • Plan for Reinstallation
  • Have a Wish List
  • CHAPTER 3 Acquiring Patches
  • The Patch Database
  • Searching for HP-UX Patches by Keywords
  • Searching by Patch IDs
  • Dependency Analysis and the Patch Database
  • HP Patch Bundles
  • Obtaining Patch Bundles from Software Depot
  • Support Plus Media
  • Custom Patch Manager
  • About CPM
  • Using CPM
  • Step 1: Collect Configuration Informations
  • Step 2: Perform Patch Analysis
  • Step 3: Conflict Analysis
  • Step 4: Package and Download Your Patches
  • Custom Patch Notification
  • The Fulfillment Server
  • Accessing the Fulfillment Server via ftp
  • Web Access to FFS
  • The FFS Directories
  • Downloading the patch
  • Patch Recommendation Ratings
  • About Patch Notes
  • Resolving Patch Conflicts
  • CHAPTER 4 Depot Management
  • Custom Depots
  • Benefits of Creating Depots
  • Types of Depots
  • HP-UX 10.X vs. 11.X Depots
  • Patch Depots
  • Periodic Patch Depot
  • Critical Fix Patch Depot
  • Patch Hubs
  • Creating a Patch Depot
  • Preparation Tasks
  • Copying Existing Depots
  • Combining Patch Depots
  • Removing Superseded Patches
  • Dependency Analysis for HP-UX 11.00
  • Depot Access
  • Dependency Analysis for HP-UX 11i
  • Depot Registration
  • Access Control Lists (swacls)
  • CHAPTER 5 Patch Installation
  • System Preparation
  • Back-ups Back-ups!
  • A Note on Change Management
  • System Activity
  • Patch Committal Prior to Depot Installation
  • Committed Patch Removal
  • Planning for System Reboot
  • When is a Reboot Needed?
  • Timing of the Reboot
  • Installation
  • Using the SD-UX Matching Operations
  • Installing to a Committed Patch State
  • Installing Support Plus Patch Bundles
  • Step 1: Mount the CD
  • Step 2: Check for Last-Minute Information
  • Step 3 (Optional): Set Up Sharing for Remote Systems
  • Step 4 (Optional): Set Up Hard Disk Access
  • Step 5: Install the Selected Bundles
  • Finishing Touches
  • Usage Tip
  • The swverify command
  • Checking the Logs
  • Appendix A Basic Patch Concepts
  • Patch Mechanics
  • Ancestors and Patches
  • Patch Supersession
  • Patch Rollback
  • Patch Commitment
  • Patch Dependencies
  • Dependency Types
  • Enforced Patch Dependencies
  • Viewing Dependency Information
  • The HP-UX Patch
  • Patch Status
  • The Critical Patch
  • Patch Identification
  • The Patch Shar File
  • Appendix B SD-UX Tools & Objects
  • The Basic SD-UX Object Types
  • The Fileset
  • The Product
  • The Bundle
  • The Depot
  • Patch Related Object Attributes
  • ancestor
  • applied_patches
  • applied_to
  • category_tag
  • is_patch
  • is_sparse
  • is_reboot
  • patch_state
  • readme
  • software_spec
  • state
  • supersedes
  • superseded_by
  • Introduction to the SD-UX Commands
  • The swinstall Command
  • Synopsis
  • Patch Related Command Line Arguments
  • Patch-Related Options
  • Examples
  • The swcopy Command
  • Patch Related Options
  • The swremove Command
  • The swlist Command
  • The swreg Command
  • The swmodify command
  • The swpackage command
  • The cleanup Command
  • The show_patches Command
  • Patch Related Command Line Argument:
  • Other Options and Aids to Using the SD-UX Commands
  • Software Specifications
  • Session Files
  • Setting Default Values for Command Options
  • Appendix C The Patch Text File

HP-UX Patch Management

A guide to patching HP-UX 11.X systems

5967-3578 June 2001 © 2001 Hewlett-Packard Company

Notices
The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Warranty. A copy of the specific warranty terms applicable to your Hewlett-Packard product and replacement parts can be obtained from your local Sales and Service Office. Restricted Rights Legend. Use, duplication, or disclosure by the U.S. Government Department is subject to restrictions as set forth in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 for DOD agencies, and subparagraphs (c) (1) and (c) (2) of the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 for other agencies. HEWLETT-PACKARD COMPANY 3000 Hanover Street Palo Alto, California 94304 U.S.A. Copyright Notices. © 2001 Hewlett-Packard Company, all rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. Trademark Notices.
HP-UX is a registered trademark of the Hewlett-Packard Company. Motif, OSF/1, UNIX, the “X” device and The Open Group are registered trademarks of The Open Group in the US and other countries. Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.

Revision History.
January 2000, Preliminary Edition. December 2000, Edition 1, part no. B3782-90829. June 2001, Edition 1, new part number.

This guide’s printing date and part number indicate the current edition. The printing date changes when a new edition is printed. Minor corrections and updates incorporated at reprint do not cause the date to change. The part number changes when extensive technical changes are incorporated. New editions of this manual will incorporate all material updated since the previous edition. For the latest version, see the Patch Management sections of: http://docs.hp.com/os/11.00/ or http://docs.hp.com/os/11i/ For additional help with patching HP-UX systems, see: http://itrc.hp.com/ or http://software.hp.com/SUPPORT_PLUS/

2

Please direct comments regarding this guide to: Hewlett-Packard Company HP-UX Learning Products, MS 11 3404 East Harmony Road Fort Collins, Colorado, 80528-9599 You can also send your questions and comments to patchguide@hp.com. If appropriate, include page numbers and document revision with your comments.

HP-UX Patch Management

3

4

CHAPTER 1 Introduction 1 Overview 1 Getting Help 3 Other Sources of Information 3 HP-UX Technical Documentation 3 HP Software Depot 3 Interex 3 HP-UX Administrators Mailing List 4 Other Web Resources 4 CHAPTER 2 Planning for Recovery 5 Recovery Planning and Patching The Root Volume Group 5 5 Separating Volatile Data from Stable System Data 6 Preserving Configuration via NIS or DHCP 6 File System Guidelines 7 Ignite-UX 7 Plan for Reinstallation Have a Wish List 8 8 CHAPTER 3 Acquiring Patches 9 The Patch Database 10 Searching for HP-UX Patches by Keywords 11 Searching by Patch IDs 13 Dependency Analysis and the Patch Database 14 HP Patch Bundles 15 Obtaining Patch Bundles from Software Depot 15 Support Plus Media 15 Custom Patch Manager 18 About CPM 18 Using CPM 18 Step 1: Collect Configuration Informations 18 Step 2: Perform Patch Analysis 20 Step 3: Conflict Analysis 22 Step 4: Package and Download Your Patches 23 Custom Patch Notification 23 The Fulfillment Server 25 Accessing the Fulfillment Server via ftp 25 Web Access to FFS 25 The FFS Directories 27 Downloading the patch 27 Patch Recommendation Ratings About Patch Notes 29 Resolving Patch Conflicts 30 28 HP-UX Patch Management 5 .

X Depots 32 Patch Depots 32 Periodic Patch Depot 32 Critical Fix Patch Depot 32 Patch Hubs 33 Creating a Patch Depot 34 Preparation Tasks 34 Copying Existing Depots 34 Combining Patch Depots 34 Removing Superseded Patches 35 Dependency Analysis for HP-UX 11.CHAPTER 4 Depot Management 31 Custom Depots 31 Benefits of Creating Depots 31 Types of Depots 32 HP-UX 10.X vs.00 35 Dependency Analysis for HP-UX 11i 36 Depot Access 36 36 Depot Registration 36 Access Control Lists (swacls) CHAPTER 5 Patch Installation System Preparation 37 37 Back-ups Back-ups! 37 A Note on Change Management 37 System Activity 38 Patch Committal Prior to Depot Installation 38 Committed Patch Removal 39 Planning for System Reboot When is a Reboot Needed? Timing of the Reboot 41 41 41 Installation 41 Using the SD-UX Matching Operations 41 Installing to a Committed Patch State 43 Installing Support Plus Patch Bundles 43 Step 1: Mount the CD 43 Step 2: Check for Last-Minute Information 43 Step 3 (Optional): Set Up Sharing for Remote Systems Step 4 (Optional): Set Up Hard Disk Access 44 Step 5: Install the Selected Bundles 45 Usage Tip 46 44 Finishing Touches 46 The swverify command 46 Checking the Logs 46 6 . 11.

Appendix A Basic Patch Concepts 47 Patch Mechanics 47 Ancestors and Patches 47 Patch Supersession 48 Patch Rollback 48 Patch Commitment 49 Patch Dependencies 49 Dependency Types 50 Enforced Patch Dependencies 50 Viewing Dependency Information 51 The HP-UX Patch 51 Patch Status 51 The Critical Patch 52 Patch Identification 52 The Patch Shar File 53 Appendix B SD-UX Tools & Objects The Basic SD-UX Object Types 55 The Fileset 55 The Product 56 The Bundle 56 The Depot 56 55 Patch Related Object Attributes 56 ancestor 56 applied_patches 56 applied_to 56 category_tag 57 is_patch 57 is_sparse 57 is_reboot 57 patch_state 57 readme 58 software_spec 58 state 58 supersedes 58 superseded_by 58 Introduction to the SD-UX Commands The swinstall Command 59 59 Synopsis 59 Patch Related Command Line Arguments 59 Patch-Related Options 60 Examples 62 The swcopy Command 62 62 Synopsis 62 Patch Related Command Line Arguments Patch Related Options 63 Examples 64 The swremove Command 64 Synopsis 64 Patch Related Command Line Arguments 65 HP-UX Patch Management 7 .

Patch Related Options 65 Examples 66 The swlist Command 66 66 Synopsis 66 Patch Related Command Line Arguments Patch Related Options 68 Examples 68 The swreg Command 69 69 Synopsis 69 Patch Related Command Line Arguments Patch Related Options 69 Examples 69 The swmodify command 69 70 Synopsis 69 Patch Related Command Line Arguments Patch Related Options 70 Examples 70 The swpackage command 71 Synopsis 71 Patch Related Command Line Arguments 71 Patch Related Options 71 Examples 72 The cleanup Command 72 Synopsis 72 Patch Related Command Line Arguments 72 The show_patches Command 72 72 Synopsis 72 Patch Related Command Line Argument: Other Options and Aids to Using the SD-UX Commands Software Specifications 73 Session Files 73 Setting Default Values for Command Options 74 73 Appendix C The Patch Text File 75 8 .

While some documentation exists. but by limiting risk it can also provide the confidence needed to support a proactive patching methodology. HP-UX Patch Management 1 . Not only does it protect systems from the unexpected. Planning for recovery can create a virtual “Undo” button that allows a system to return to a previous state. and patch management has its own motivations and methods. a patch depot should be created to use them efficiently. • Chapter 4: Depot Management However patches are acquired. this is the tag that you will see whenever you access the online resources and the patch text files addressed in this document. The first 11i release was introduced in December of 2000. it is usually found piecemeal in the back sections of various manuals.11. but plan for the worst. Some sources may require certain levels of support while others are free. This document is intended to pull together all the technical information required to understand HP-UX 11. The chapters provide information regarding the steps required to create and use patch depots. while supporting information is provided in the appendices. Overview This document is built around the concept of the patch depot.X patching. This chapter discusses the basic requirements and some options for system recovery. The current set of chapters and appendices are: • Chapter 2: Planning for Recovery The first rule of system management should be to expect the best. This chapter describes an array of patch sources and how they may be used to acquire patches.CHAPTER 1 Introduction HP-UX system patching is one of the most confusing areas for new system administrators. its contents must be installed on the target systems.X operating systems include 11. • Chapter 3: Acquiring Patches Patches are available from a wide variety of sources. Patching has its own terminology and tools. the types of patch depots and their use are covered. In this chapter. • Chapter 5: Patch Installation Once a depot has been created.00 and 11i. The 11. each with different abilities. This chapter describes the recommended steps to execute and verify patch installation. Patch depots are a mechanism through which systems can be managed as groups rather than as individual systems. This release has a uname -r value of 11.

A notation of Ctrl-Q indicates that you should hold the Ctrl key down and press Q. Typographical Conventions This guide uses the following typographical conventions: Boldface Computer User input Important concepts defined for the first time appear in boldface. the sections that are of specific interest to patching are not always readily apparent. you can enter any of these three items in this syntax: ls [-u | -x] Enter Text in this bold. Computer font indicates literal items displayed by the computer. enter: cd Italics Manual titles. you would substitute an actual directory name for directory_name in this command: cd directory_name [ ] and | Brackets [] enclose optional items in command syntax. This appendix lists all of the fields within the .Overview • Appendix A: Basic Patch Concepts Patches are different from other types of HP-UX software. • Appendix B: SD-UX Tools & Objects While Software Distributor (SD) has a wealth of documentation available. variables in commands and emphasized words appear in italics. For example. • Appendix C: The Patch Text File The patch text file can be found in a variety of locations. The vertical bar | separates syntax items in a list of choices. but remains the core documentation of each patch. sans-serif font denotes keyboard keys and on-screen menu items.text file with a brief description. For example. computer text indicates literal items that you type. For example: To change to your account’s home directory. This appendix provides SD information related only to patching. For example: file not found Bold. This appendix provides a basic understanding of patch concepts. 2 Introduction . Patches have a terminology and operations all their own.

Interex http://www. Interex. HP-UX Patch Management 3 .com Use the ITRC to: • Quickly access customized support tools • Make informed decisions with proactive information • Access a rich knowledge database to quickly self-solve problems • Submit hardware and software calls online • Identify and download patches quickly and accurately • Get one-stop access to software updates for your entitlements • Take advantage of ITRC resources across the IT life-cycle: — Forums—a community where you can collaborate and tackle IT questions with peers — Training—including online seminars and self-paced web-based training — Planning. HP Software Depot http://software. guides.org) to learn about the benefits of membership.hp. Review the main page (http://www. and electronic patch management services. is also noted for the yearly Interworks and HPWorld trade shows and for regional users groups. download.org/tech/9000/index. many products (such as Ignite-UX and the Support Plus patch bundles) are free. Design and Implementation—guidance to manage changes to your IT environment Other Sources of Information HP-UX Technical Documentation All HP-UX technical documentation is available at: http://docs. known as Interex.interex. which provides a variety of HP-UX software. contact HP’s IT Resource Center (ITRC): http://itrc. which is not a part of HP.hp. Information on particular hardware platforms. and software products is available for browsing.Getting Help Getting Help For technical support. maintains this list of technical resources for HP-UX systems. While some require purchase. software management.interex. or purchase.html The International Association of Hewlett-Packard Computing Professionals. HP-UX releases. and white papers.hp.com This source provides online access to HP-UX manuals.com The HP Software Depot.

hp.X manuals and white papers: http://docs. 4 Introduction .cs. Germany.edu/ Mirrored sites are available for Canada.nl and include the following command in the body of the message: subscribe hpux-admin-digest See also the Software Archive and Porting Centre for HP-UX at this URL: http://hpux.wisc.hp. including STM and EMS Hardware Monitors: http://docs. This URL provides an interface to the list archives dating back to 1995.com/hpux/diag/ • Latest HP-UX 11. South Africa.com/hpux/os/11i/ • HP-UX 11i features and news: http://unix.com/SUPPORT_PLUS/ • Latest hardware support tools (diagnostics) information. Italy.hp. To join the list itself.utah. Other Web Resources Additional help with HP-UX patching and related resources is available on the Web: • Support Plus information: http://software.hp.hp.com/products/IUX/ • Software Distributor (SD): http://software.Other Sources of Information HP-UX Administrators Mailing List http://www.nl/htbin/hpsysadmin Another resource outside of HP is the HP-UX Administrators Mailing List. Japan.hp.hp.com/operating/ • Latest Ignite-UX information: http://software.hp.edu/ or http://hpux.cae. and the UK.com/ Select the link to the European site. Netherlands. France.0/ http://docs. send email to majordomo@dutchworks.com/SD_AT_HP/ • European information: http://itrc.com/hpux/os/11.dutchworks.

Use more than one recovery technique to protect yourself from events such as a bad tapes or network failures. planning for system re-installation. You can use any naming convention that you wish. Use patches as a form of proactive maintenance. • • • The Root Volume Group The Logical Volume Manager (LVM) lets you subdivide a single disk or treat a group of disks as a single unit. HP-UX Patch Management 5 . A volume group is a group of one or more physical volumes or disks. usually named vg00). and keeping a “wish list” of changes you want to make to a system when it is down. but volume groups are usually named as follows: • /dev/vg00 • /dev/vg01 • /dev/vg02. To enable the recovery options discussed in this chapter. and so on. and change carries potential risk.CHAPTER 2 Planning for Recovery A patch introduces change into a system. The physical volumes in a volume group form a pool of disk space which may be allocated to one or more logical volumes. This includes setting up the root volume group. The documentation for each patch lists all of the defects or enhancements that the patch addresses. Proactive maintenance—fixing known problems before they appear on a system—can reduce the cost of a system failure. selecting a recovery technique. you must properly set up the volume group that contains the core system (also known as the root volume group. A prudent system administrator manages risk by planning for system recovery. This chapter presents an overview of recovery planning and techniques. Recovery Planning and Patching • Establish a recovery plan and do all necessary pre-work. You can weigh the known cost of returning to an original system state against the documented conditions of a patch. These concepts also apply to users of whole-disk HFS root disks.

NIS allows centralized management of common configuration files. An NIS master server holds master copies of the configuration files. To preserve the root volume group as a whole. The master server may distribute copies of the maps to NIS slave servers to provide load balancing and reliability. and /etc/services.The Root Volume Group By default. You may have other volume groups on your system for applications. like /etc/passwd. An NIS client gets configuration information from the master server or a slave server instead of from its local configuration files. You can then return to that image after a failure. you must place some restrictions on the root volume group: • Limit the size of the root volume group — Reduces the size of recovery images — Reduces the cost of disk mirroring • Do not place volatile data on the root volume group — Avoids loss of data when you restore the root volume image — Saves an additional recovery step • Keep all system data within the root volume group — Avoids unexpected recovery problems. make sure you have some kind of alternate recovery methods. This off-system storage of system information that changes frequently (such as networking configuration and password files).hp. Ignite-UX may not be able to save critical data if you have relocated parts of the directory structure. Preserving Configuration via NIS or DHCP Network Information Services (NIS) and Dynamic Host Configuration Protocol (DHCP) let you maintain data off of your system.com/ 6 Planning for Recovery . If you do break these rules. For example. /etc/hosts. see Installing and Administering NFS Services • For more information on DHCP. Separating Volatile Data from Stable System Data You can preserve a known system state by creating an image of the root volume group. can simplify restoration. or maps. • For more information on NFS. see the Ignite-UX Administration Guide and Installing and Administering Internet Services. vg00 is a special volume group known as the “root volume group” which typically contains the default boot disk and the majority of the HP-UX operating system. and other user and application data. These and related documents are available on http://docs. See also “File System Guidelines” on page 7 for more information TIP: Do not break these rules of data separation except to meet a specific need.

is expected to hold dynamic user data and should be isolated from both the root volume group and /usr. and /etc These directories contain the critical parts of the Core System required for booting. While not required to be included within the root volume group. • backup & recovery tool In the event that additional data will need to be restored from backup media. Ignite-UX is available free of charge.com/products/IUX The Ignite-UX Administration Guide provides complete information about using Ignite-UX. They must exist completely within the root volume group. time can be saved by including all of the backup and recovery software (such as Omniback) within the system image. This is often accomplished via NIS and the NFS automounter.hp. go to http://software.) • /home This directory.) • /opt and /var Only certain parts of /opt and /var (such as /var/adm/sw) can be considered to be part of the Core System.hp. • • • Chapter 2 tells you how to install and administer an Ignite-UX server. • /usr The /usr directory tree contains those elements of the Core System that support the post-boot system functionality.Ignite-UX File System Guidelines To best support recovery. (Ignite-UX will preserve these areas regardless of the parent volume group. (The Ignite-UX recovery tools will preserve the full contents of the volume group that includes the /usr directories. /stand. recovery. Chapter 3 tells you how to use configuration files to set up system recovery information. and duplication. Ignite-UX HP’s Ignite-UX is a set of tools for system installation. including: — make_tape_recovery(1M) — make_net_recovery(4) — Expert (manual) recovery procedure using Core media tools The Ignite-UX Administration Guide is also available on the Instant Information CD and at http://docs. Chapter 11 tells you how to use the Ignite-UX system recovery tools. To download the latest version and to browse Ignite-UX documentation. normally used to hold the login or home directory for each user. use these guidelines to organize your file system: • /. /sbin. /dev. it should not be placed within a volume group that includes volatile data.com HP-UX Patch Management 7 .

hp. you may want to adjust partitions if any filesystems such as /var are too small. you can accomplish some performance optimizations—such as adding another SCSI controller or replacing an older root disk with a larger. • Ignite-UX: Can you use Ignite-UX to reinstall? Ignite-UX lets you use multiple network depots and archives of system “golden” images together as a part of a single installation.Plan for Reinstallation Plan for Reinstallation Complete reinstallation of a system should not be your preferred method for system recovery. Consider these questions when creating a plan: • Your most critical systems: — Can you reinstall those systems right now? — How long would reinstallation take? • Media Library: — Where are the tapes and CDs required to rebuild the system? — If your media is kept in a central library. can you identify the person currently using the media that you need? — Do you have an index that lists which systems require a given set of media? (Remember to account for systems and peripherals that require a specific patch level!) • Network Depots: Are your installation media too slow to quickly recover your critical systems quickly? A network depot has faster performance. faster model—at a relatively small incremental cost. use the opportunity to change the number and size of logical volumes. For example: • File System Layout If your recovery method requires you to recreate the root volume group. HPs GlancePlus can help identify opportunities for kernel tuning.hp. To identify performance bottlenecks caused by slow hardware. Do you need to reinstall multiple systems? Network depots let multiple systems share installation information. • Hardware Modifications Time will limit the extent of the hardware changes you can make during a system outage. For more information. For example. see the HP Software Depot (http://software. but sometimes you have no other options. Keep a “wish list” of desired changes so you can take advantage of a failure. • Kernel Tuning Consider tuning any kernel parameters that you can alter only by rebooting the system. Have a Wish List When you are forced to perform a system recovery. use performance tools such as HPs GlancePlus.com/products/). 8 Planning for Recovery . you may want to use the opportunity to make some system changes that you can’t make at any other time. while media works best for single systems at a time.com) and HP OpenView (http://openview.

Click on the link a support agreement to your user id link.com 2. HP-UX Patch Management 9 .CHAPTER 3 Acquiring Patches These are the primary sources for acquiring patches: • The patch database from the ITRC (ITRC) (page 10). Follow the screen instructions. Click on the my profile link. Some services are available at no cost. To sign up to use the ITRC: 1. Click on the register now! link. • HP patch bundles from Support Plus media or Software Depot (page 15) • Custom selection from the ITRC (page 18) • The ITRC Patch Fulfillment Server (FFS) (page 25) HP’s ITRC is a web-based support environment. c. To sign up for additional services: a. HP provides proactive patch analysis in which HP monitors and selects the correct patches for your systems. (Optional) For those with the higher levels of system support. b. others are available only if you have an HP support agreement. Go to the ITRC web site at: http://itrc. Please consult your local HP sales representative for more information about additional services. 3.hp.

Click on the hp-ux link. 3. The main ITRC page appears. The log-in screen appears. The patch database main page appears (Figure 1). 6. 7. Click on the individual patches link. Go to the ITRC web site: http://itrc.hp. Click on the log-in link. 2. This document discusses two ways of finding HP-UX patches from the search page: • Searching by keyword • Entering specific patch names Patch Database Main Screen FIGURE 1.com Click on the log in link. The patch database search page appears (Figure 2). To access the database: 1.The Patch Database The Patch Database Use the patch database as your primary mechanism for searching for and acquiring individual patches. 5. Click on the maintenance and support link. Enter your user name and password. 4. 10 Acquiring Patches .

The Patch Database Searching for HP-UX Patches by Keywords To conduct a keyword search: FIGURE 2. Select Search by Keyword from the pop-up menu. Expressions inside parentheses ( ) b. 3. — An all UPPERCASE or all lowercase search string yields a case-insensitive search. Select the hardware by clicking on a radio button (for example. HP-UX Patch Management 11 . NOT. OR — Expressions are processed from left to right.20). AND c. — The precedence of boolean operators in a search are: a. Patch Database HP-UX Search Screen (search by keyword) 1. 4. Select an OS from the pop-up menu (for example. Expressions inside parentheses are evaluated following the same order of precedence. — A mixed case search string yields a case-sensitive search. Select a search criteria: • all words • any word • exact phrase • boolean — Boolean search results are limited to 200 results. Enter one or more keywords in the text field. Series 700). 5. 10. 2.

(See Appendix C . Figure 3 shows the results of a keyword search on “LVM” and “mirrored.” Listed are the patch name. “The Patch Text File. and a one line description of each patch. Click SEARCH. Each patch name is a clickable hyperlink to the patch text file.”) FIGURE 3.The Patch Database 6. Patch Search Results--The Candidate Patch List FIGURE 4. size in bytes. which documents the patch. Selected Patch List Automatically selected dependencies 12 Acquiring Patches .

2. Click Add to Selected Patch List when you have made all your selections. 3. A list of all your selected patches appears along with any dependent patches (Figure 4). Series 700).The Patch Database To download a patch from the search results: 1. 5. Click on the check box next to the patch to select it. Click on the DOWNLOAD button beside each listed patch to save it to your system. Click SEARCH. Select Search by Patch IDs from the pop-up menu.20). 6. 2. 10. 3. See also “Dependency Analysis and the Patch Database” on page 14. Click on the DOWNLOAD button beside each listed patch to save it to your system. Select the hardware by clicking on a radio button (for example. Enter one or more patch ID numbers in the text field. (You can also use the Select All or Deselect All buttons. A list of all your selected patches appears along with any dependent patches (see “Dependency Analysis and the Patch Database” on page 14). 4. Searching by Patch IDs To search by patch ID from the patch database search screen (Figure 2): 1. HP-UX Patch Management 13 . Select an OS from the pop-up menu (for example.

The Patch Database Dependency Analysis and the Patch Database When you select a group of patches. you had to manually check each patch text file for dependency information. (This is because a patch may support more than one architecture and HP-UX release. Display the patch description (Figure 5). This automatic dependency analysis does not occur when you search for a single patch. 2. Patch Description (PHSS_21980) 14 Acquiring Patches . the patch database automatically analyzes their dependencies and lists any other patch that you require.) This analysis takes superseding and recalled patches into account. Select the dependencies link. (Previously.) To find out about dependencies for an individual patch: 1. FIGURE 5.

The support contract restrictions related to the actual media do not apply to electronic access. Some products available at this time include Ignite-UX and Software Distributor. Software Depot provides a number of patch products. Y2K defects or support for the European currency). See: http://www. You can obtain HP patch bundles from the HP Software Depot on the web or (if included in your support contract) from the quarterly Support Plus media.software. Each ACE release extends HPUX to support new hardware and software features for HP workstations. or functionality.com/ACE • Hardware Enablement (HWE) for 11. reliability. • Product Updates Some HP-UX products release a new version rather than a patch. HP unified the ACE and HWE bundles to form the HWEnable11i bundle.software.software.00 HWE bundles enable new hardware or enhance OS performance. This patch software enables new hardware and fixes known defects.hp. but physical media is only available to customers with an HP-UX Software Support contract. The contents of each Support Plus release is freely available from Software Depot.) • Support Plus Bundles The patch bundles and diagnostic utilities of the Support Plus CDs are also provided for free download from Software Depot. see: http://www. For more information on Support Plus see “Support Plus Media” on page 15 and: http://www. special needs dictate the creation of a unique patch bundle (for example.software. Obtaining Patch Bundles from Software Depot The HP Software Depot (http://www. As an added benefit.hp.com/SUPPORT_PLUS • Additional Core Enhancements (ACE) An ACE bundle is a collection of enhancements to the HP-UX Operating System. which support both workstations and servers. • Specialty Patch Bundles Occasionally.com) is an online store that provides you with instant access to HP software for free trial or purchase.HP Patch Bundles HP Patch Bundles HP provides pre-packaged bundles of patches designed to be installed as a unit. the bundles are available within Software Depot earlier than on media.hp. HP-UX Patch Management 15 . Support Plus Media HP-UX Support Plus CDs deliver diagnostics and HP-UX system patches to you on a quarterly basis. These bundles are subjected to stringent levels of testing to assure a high level of reliability and are periodically updated.hp. you may have to register with Software Depot first. ACE software also corrects any critical or serious defects discovered since the original system release. These can be downloaded from Software Depot. (Although you can download the software for free. For more information. These patch products are generally available at no charge and are found in the enhancement releases area of Software Depot.com/products/HWE • Unified ACE/Hardware Extensions (HWE) For HP-UX 11i.

ODE (off-line diagnostics). which contains defect fixes for core OS files.g. — Gold Applications patch bundle. required for new systems and add-on hardware. including all recommended. • Hardware/critical (HWCR) patches. The notification letter includes a request form for physical media. including Support Tool Manager (STM) for online diagnostics. and the Instant Capacity on Demand (iCOD) client product. GR and QPK bundles) and after installation of applications (e. and successful completion of tests by the HP Enterprise Patch Test Center. which contains: — Gold Base patch bundle. You should install this bundle after other patch bundles (e. stable. EMS Kernel Resource Monitor. ODE (off-line diagnostics). • Hardware enablement patch bundle. 16 Acquiring Patches . • Quality Pack (QPK) bundle for workstations. The GR bundles have recommended HP-UX patches with the highest confidence ratings based on patch distribution and age. If you want to: Update or install all the latest diagnostic tools. EMS hardware monitors. and key third-party application providers. which contains defect fixes for the Operating Environment applications. including hardware monitors You should install: Diagnostic bundle: OnlineDiag Updated: Quarterly Install selected defect-fix patches Quality Pack (QPK) bundle: QPK1100 for the Core OS. EMS hardware monitors. including Support Tool Manager (STM) for online diagnostics. Networking driver products). HP application groups. or (HP strongly recommends that you important third party applications include the latest Quality Pack as part of the OS environment for end-user systems. and the Instant Capacity on Demand (iCOD) client product. Predictive Support. • General Release (GR) patches.00: • Diagnostics (OnlineDiag). These patches may match or supersede patches found in other HP-UX patch bundles. and third-party defect-fix patches for selected Core OS and other products. Support Plus Patch Bundles for 11.HP Patch Bundles Requesting Support Plus CD-ROMs HP notifies these customers when each Support Plus release becomes available.) General Release (GR) bundle: Bring all Core OS software to current patch level without custom XSWGR1100 patch selection Install critical patches or enable new add-on hardware Prepare your server to use new iCOD functionality Support Plus Patch Bundles for 11i: Hardware/Critical (HWCR) bundle: XSWHWCR1100 iCOD Client Product (from the OnlineDiag depot. including hardware enablement and critical patches. HP products. The Gold Quality Pack depot contain those patches recommended by HP Support. including current patches for all Core Operating System (OS) software. Use this table to determine which bundle you need to install. • Gold Quality Pack depot. Bundles in this depot are subjected to stringent levels of testing to assure a high level of reliability and are updated every six months.g. B9073AA bundle) As needed Quarterly Quarterly As needed • Diagnostics. EMS Kernel Resource Monitor.

HP Patch Bundles

(If you have used Support Plus on HP-UX 10.20 or 11.00: the Gold bundles replace the Quality Pack and GR bundles, combining the best features of both.) Use the following table to determine which bundle you need to install. If you want to: Update or install diagnostics and hardware monitors required for supported hardware You should install: Diagnostic bundle: OnlineDiag Updated: Quarterly

Install defect fixes for the core OS Gold Base bundle: or the network or graphics drivers GOLDBASE11i included on the OE Install defect fixes for HP-UX OE application software Enable new hardware or add-on hardware Prepare your server to use new iCOD functionality

Every six months

Gold Applications bundle: GOLDAPPS11i Every six months Hardware Enablement bundle: HWEnable11i iCOD Client Product (from the OnlineDiag depot, B9073AA bundle) Quarterly As needed

(The GOLDQPK11i depot contains the GOLDAPPS11i and GOLDBASE11i bundles.) Getting More Information For detailed information about Support Plus bundles and installation instructions, see the Support Plus User’s Guide. You can obtain this guide from these sources: • The HP documentation web site: http://docs.hp.com/hpux/os/10.x/ • • The HP Instant Information CD The Support Plus CD in the file: /cdrom/USRGUIDE.PDF

HP-UX Patch Management

17

Custom Patch Manager

Custom Patch Manager
The HP ITRC offers custom solutions for getting patches or informing you about them: Custom Patch Manager (CPM) and Custom Patch Notification. Both services require the phone-in level of support agreement or above and may not be available in all geographic locations. (You can also use CPM on a pay-per-use basis. Consult the ITRC for details.)

About CPM
Custom Patch Manager (CPM) is a tool for selecting and downloading patches that are appropriate for a target system. • CPM patches and patch information are updated daily.This lets you update the collection script and perform an analysis on a regular schedule. For example, you can perform a monthly check for new critical patches, which could help identify a system risk before it is seen in production machines. Automatic dependency and conflict analysis, which reduces the need for lengthy review of the patch documentation.

Using CPM
To access CPM:
1. 2. 3.

Go to the ITRC web site (http://itrc.hp.com) and log in. Click on the maintenance/support link. This takes you to the maintenance and support page. Click on the customized patch bundles (custom patch manager) link. This takes you to the custom patch manager main page (Figure 6). (If your profile indicates you do not have the appropriate support agreement, a pay-per-use notice appears. Click on BUY NOW and fill out the payment form to continue.)

Step 1: Collect Configuration Informations
This step requires that you download the cpm_collect.sh script. This shell script collects the names and revisions of all the products installed on your system. HP recommends that you download the script on a regular basis to ensure you have the latest version of the script. To use the script: 1. Click on the Collect Configurations link on the main CPM page. This displays the system information collection page. 2. Follow the instructions in the “collect system configuration” section to download and execute the script on the system you want to patch (Figure 7). The script requires no special privileges and creates a data file using the name of the system followed by a .fs suffix. 3. Follow the instructions in the “upload results to IT resource center” section to return the data file to the ITRC via ftp: • • The ftp system to use is identified on the same ITRC page used to download the collection script. Use your ITRC user name and password to log in.

• Once connected, place the data file in the incoming subdirectory on the ftp server. (This directory is subject to space limitations.)

18

Acquiring Patches

Custom Patch Manager

FIGURE 6.

CPM main page

FIGURE 7.

Executing the cpm_collect.sh script

patchsvr> ./cpm_collect.sh Copyright (c) Hewlett-Packard 1995-1998. cpm_collect.sh version: A.03.04 This script will collect information about filesets and installed patches from your system in the file /tmp/patchsvr.fs for subsequent transfer to Hewlett-Packard. Do you wish to continue, [Y] or N ?y removing /tmp/patchsvr.fs Creating list of patches in /tmp/patchsvr.fs... Creating list of products and filesets in /tmp/patchsvr.fs... The file /tmp/patchsvr.fs has been created. All Rights Reserved.

HP-UX Patch Management

19

Custom Patch Manager

Step 2: Perform Patch Analysis
In this step, you analyze your system configuration information to determine what patches you need.
1. 2. 3. 4.

After you have uploaded the configuration information (Step 1), return to the custom patch manager main page. Click on the Perform Patch Analysis link. This displays a list of the current configuration files found within the incoming directory. Click on the radio button beside the appropriate configuration file in the list. (Optional) Use the search and filter options at the bottom of the page to reduce the number of patches displayed. Options include: • • • • • • • • Descriptive search Boolean search Critical patches only Fileset filtering Command patches Kernel patches Network patches Subsystem patches

5.

Click on the tips for setting filters and searching link for more information about using these search options. Click on the DISPLAY CANDIDATE PATCHES button. This displays the candidate patch list (Figure 8). (The search and filter options appear above list. Using these options regenerates the display to show only the patches that match the filter or search criteria.)
FIGURE 8.

Candidate Patch List

20

Acquiring Patches

Custom Patch Manager The candidate patch list displays: • • • • A brief description of the patch The date it was installed on your system A link to a full description of an installed patch A link to the description of the corresponding HP-recommended patch. Individual Patch Details (PHCO_21040) 8. This patch may have a lower patch rating than the recommended patch.) FIGURE 9. This list includes additional information on reboot requirements. size. A link to the description of the corresponding latest patch. 7. deselect the check box beside the patch and click the REMOVE button. and patch age. Click the ADD TO SELECTED PATCH LIST button to display the selected patch list (Figure 10). Select one or more patches from the candidate list by clicking on the check box next to the patch listing. — Always use the recommended patch unless the latest patch explicitly fixes a problem on your system. HP does not have a patch that is better than the patch (if any) that is already on your system. dependencies. (Click the Add button to add the patch to your list and go to the selected patch list. (To remove a patch from the list. You can also use the select all recommended or select all latest buttons at the bottom of the list. • 6.) HP-UX Patch Management 21 . (Optional) Click on the patch name to display detailed information on the patch (Figure 8). — If the recommended column is blank.

Selected Patch List Step 3: Conflict Analysis In this step. FIGURE 11. CPM analyzes the selected patches for conflicts. (This step is optional but highly recommended. (Optional) Follow the links from the conflicts display to get more information about how to resolve the conflict or to view other patches. See “Resolving Patch Conflicts” on page 30 for additional information. This examines your list of patches for conflicts and displays the results (Figure 11). You can add or remove patches from your list if necessary. Click on the Analyze button below the selected patch list.) 1.Custom Patch Manager FIGURE 10. 2. Results of Conflict Analysis 22 Acquiring Patches .

Profiles. Preferences. so changing it affects all e-mails you receive from the ITRC. The preference screen lets you verify the e-mail address to which your notifications are sent. (This tool differs from the ITRC Support Information Digests by using configuration files and filters to narrow down the list of patches about which you are notified and by customizing the report contents. You can specify whether you want to receive your reports on a weekly or monthly basis. To get more information about a new patch. and view the full reports on the Custom Patch Notification main screen. by keywords. • • • • • • A profile may be based off either a Custom Patch Manager configuration file or a platform and OS revision. Profiles specify the kinds of reports you want to receive. •To use a current configuration file. NOTE: Custom Patch Notification does not work with depot configuration files. The selected patches are transferred individually to your system. This generates a script and places it in the outgoing subdirectory for your account on one of the FTP servers. • To modify this address. select the User Info link at the top of the screen. • You can have only one ITRC e-mail address. Profiles are processed weekly or monthly. 0-9. After you have selected all patches. Configuration Files. simply select the radio button next to the configuration file on which you want your notifications to be based. click the Package button. log in to the ITRC. This notification includes applicable patch names and one-line descriptions. and the underscore). You have the ability to specify which fields are displayed in the report by selecting the Patch Report Fields. 2. or for different patch categories. You can also specify what patch text fields are displayed when you view your on-line report. Monthly reports are generated on the last day of each month. such as filtering for critical patches. Custom Patch Notification Custom Patch Notification is a an optional feature of Custom Patch Manager that provides you with weekly or monthly e-mail notification of newly posted patches that apply to your system. You may create up to 10 notification profiles Profile names may only contain alphanumeric characters (a-z. select the custom patch notification link from the custom patch manager main page (Figure 6 on page 19). These fields can be changed and the report re-loaded if you want to view the same report with different filters set.Custom Patch Manager Step 4: Package and Download Your Patches 1.) The script is a shell script that extract scripts and provides instructions for downloading your selected patches. • You can add new configuration files by downloading the cpm_collect. A-Z. The first character of name must be a letter. One of the scripts delivered in the shell archive is used to place all of these patches into a common depot for future installation. Follow the instructions delivered with your script to run the script on your HP-UX system. • • • Reports are not cumulative from week to week or month to month. HP-UX Patch Management 23 . Reports. You may also select one or more filters for your notification list.sh script and uploading the results as described in “Custom Patch Manager” on page 18. Weekly reports are sent out on Sundays. go to the Custom Patch Manager main page.) To set up Custom Patch Notification. You receive an e-mail if the ITRC has posted new patches that apply to any of your profiles. (CPM directs you to the appropriate server.

10. For example. 9000/855) and OS revision (e. you need to click the Reset button to clear the configuration file table so only the platform and revision fields are filled in. B.Custom Patch Manager • You can also specify configuration by platform (e. Selecting more than one category acts as a logical OR operation. 24 Acquiring Patches .20) for a profile. type: uname -m To determine the OS revision. if you pick the Command and Kernel options. you are notified of all Command patches or all Kernel patches that fit your profile.) Filters. For example. •Custom Patch Notification can filter patch notification lists based on these categories: — Critical: Lists all patches tagged as critical by the HP (independent of the actual patch categories listed below) — Command — Kernel — Network — Subsystem • • • • All HP-UX patches are included in one of the four patch categories (Command. Use the uname(1) command on your system to determine what values to enter in these fields: To determine the platform. Selecting a category options and the Critical filter acts as a logical AND operator.. Kernel. CPM notifies you of all patches tagged as Critical AND all Command patches OR all Kernel patches that fit your profile. type: uname -r (If you go from a configuration based profile to a profile based on platform and OS revision.g.g. if you pick the Critical. 9000/735.. CPM does not let you deselect all categories. Subsystem). Network. Kernel and Command filters.

Web Access to FFS You can also access the FFS from your web browser.external. However.) • Access is anonymous.com (Americas and Asia/Pacific) • ftp://europe-ffs.hp.hp. and you web browser must re-establish the connection each time you change directories or download files.The Fulfillment Server The Fulfillment Server The fulfillment server (FFS) is the patch repository used by the patch database.external. Accessing the Fulfillment Server via ftp Figure 12 shows how to use the /usr/bin/ftp command on an HP-UX system to connect to the Americas/Asia/Pacific FFS system. • Disadvantage: FFS limits the total number of simultaneous ftp connections. Disadvantages: • Does not work well for finding groups of related patches. You do not need an ITRC account.hp.com into your browser creates an anonymous ftp connection to the Americas/Asia/Pacific FFS system. entering ftp://us-ffs. You can perform multiple downloads without having to re-establish a connection each time. Two FFS systems are currently available: • ftp://us-ffs. For example. The password used is the user’s e-mail address. • Advantage: you can browse the FFS directories graphically. HP-UX Patch Management 25 . direct ftp access has an advantage over web ftp access. Note that the response supplied for the name prompt is anonymous. You can use ftp to directly access all patches on the FFS. (No web server is required.external. Simply enter an ftp address as you would a URL (Figure 13). Because the FFS server limits the total number of simultaneous ftp connections. although you can also use FFS via the web.com (Europe) HP recommends that you use the other techniques discussed in this chapter as your primary patch acquisition method. You may have to make several attempts if the server is busy. • The FFS server limits the total number of simultaneous ftp connections. the FFS offers these advantages • You can access patches from any system that supports the ftp command and has direct access to the Internet. • Works well for finding and downloading a known patch.

external. HP ASL. ftp> FIGURE 13. log in with your 220-HP ESC User ID and password to deposit or retrieve your files. send your complete e-mail address as password.external. 220220-Log in as user "anonymous" (using your e-mail address as your password) 220-to retrieve available patches for HP-UX. 220220-If you have questions.external.com:username): anonymous 331 Guest login ok.hp.com. access restrictions apply. and other platforms. w/CNS fixes (277) Wed Jun 24 18:02:04 PDT 1998) ready. Password:username@hp. send email to: 220220support_feedback@us-ffs.hp. and there is a limit of 200 simultaneous accesses. Name (us-ffs. Using binary mode to transfer files.The Fulfillment Server FIGURE 12. Establishing an anonymous FTP session patchsvr(103)-> ftp us-ffs.com Connected to hpcc933.4.com 220220 hpcc933 FTP server (Version wu-2.hp. 220220-Welcome to the HP Electronic Support Center ftp server 220------------------------------------------------------220220-You are user 0. MPE/iX.hp. Connecting to the Fulfillment Server via Netscape 26 Acquiring Patches . Remote system type is UNIX.external. 220220-If you are a user of other HP ESC services.com 230 Guest login ok.

3. but provides useful data files.” on page 132 for more information on the text file. which lists all patches that address known security issues for each release. and I/O cards. for Netscape. • /firmware_patches/hp (Firmware patches for HP Hardware) This directory contains patches that supply firmware updates to HP hardware. Patches common to both architectures are found under s700_800. • /export/patches (data files) This directory does not deliver any patches. Use the get patch_name command to download specific files.depot file of all HP-UX patches. Unpack the shar file by typing sh filename HP-UX Patch Management 27 .. Fibre Channel.) • To download by your web browser: 1. (The shar archive may deliver 8-bit binary data. • /superseded_patches/ (Patches that have been superseded by newer patches) This directory contains patches that have been replaced by newer patches. Subdirectories exist for firmware specifically for CPUs. Downloading the patch • To download by ftp: 1. Use them only if you must revert to an earlier version of a patch to resolve a specific problem. in which patch_name is the file you wish to download. This downloads the shar file of the patch to your system or displays a dialog to select a location to which to download. Right-click on the patch link and select the appropriate save option from the pop-up menu (Save Link As. For example.. graphics cards. 11. Patch directories contain the full shar(1) archive and the patch text file.X). The text file contains the patch location within the FFS hierarchy as the Path Name field. (Use mget for downloading multiple files. for Internet Explorer). s800. See Appendix .. but is encoded to contain only 7-bit characters.X. (Optional) Enter bi to specify a binary transfer.. Click on the file you want to download. When files of this type are transferred through other systems such as personal computers they may be treated as text and undergo a translation step. — hp-ux_patch_matrix. including: — hp-ux_obs_patch_list.) 2. — hp-ux_patch_sums. which contains a full list of every patch that has been superseded with the name of the active superseding patch. patches for Series 700 workstations on HP-UX 10.The Fulfillment Server The FFS Directories These are some of the more useful FFS directories for HP-UX patching: • /hp-ux_patches/ARCHITECTURE/OS_RELEASE/ (HP-UX patches) All active HP-UX patches are grouped by architecture (s700. which contains the checksum for the .X subdirectory. “Patch Text File Fields. and s700_800) and the version of HP-UX supported (10. 2. Copy to Folder.20 are found in the /hp-ux_patches/s700/10.

and performance-tested by HP in simulated customer missioncritical environments using common application stacks. Having said that. HP recommends that you defer fixing the problem until more is known about the risk of the patch. Patches are assigned a rating of 1 upon initial release. HP rates patches along a three-point scale as shown below. HP releases a patch after it meets HP’s minimum patch quality standards. The Rating of a patch may be updated from 1 to 2 on a daily basis. and November 1. patches undergo testing both in customer environments and within HP. These are the most recently released patches having the highest HP Rating. the lower the risk of side-effects and the more suitable the patch is for mission critical environments. Patch is known to introduce another problem and has been recalled.Patch Recommendation Ratings Patch Recommendation Ratings The “best” of the currently available patches covers a broad spectrum. The HP Rating of a qualifying patch is upgraded to 3 on or shortly after. The higher the rating. The patches displayed in the candidate patch list (Figure 3 on page 12) are the best available patches. HP has verified that the patch will install and de-install in its target environments. Subsequently. August 1. Patches undergo testing for promotion to an HP Rating of 3 on a quarterly basis. February 1. It is no longer recommended by HP. Read the patch description to determine why it was recalled. only defer installing the patch if the problem is not critical or in the case that you can not tolerate any risk to your system. No unwanted side effects were discovered. re-check it after one of the quarterly dates below to determine if it has passed further testing and the status has changed. Patch has been installed in a certain number of customer environments with no problems reported. If you defer installing a patch because it is “Not yet HP Recommended”. Patch has been stress. 28 Acquiring Patches . If the patch has a rating of 1. (Not every recalled patch causes problems for every customer.) 2 3 R In the interest of timeliness. The patch’s HP Rating is then updated accordingly as HP’s confidence in the patch increases. Not all patches undergo this testing. Table 1: HP Rating HP rating Description 1 Functional testing by HP to verify that a patch fixes the problem that it purports to fix. May 1. Also.

it has a dependency that requires the installation of a product that needs to be purchased separately. HP-UX Patch Management 29 . As patches advance on the patch confidence scale. The patch database recommends a replacement patch when you search by patch ID and find a recalled patch. Most notes are self-explanatory (such as. Upon their initial release. for instance. Other notes include: • Not yet HP recommended All patches adhere to certain HP quality standards. • Patch not available A patch might be unavailable if. • Recalled A patch may be labeled as recalled when it is known to introduce another problem. Patches with ratings of 2 or 3 are denoted by the term “HP Recommended” in the Notes field. the higher the rating becomes. patches are assigned an HP Rating of 1 and are labeled “Not yet HP Recommended”. you must make an informed assessment of these trade-offs based on your own situation. These are displayed in the Notes section of patch lists. Whenever the patch database suggests a patch that is not yet recommended by HP. it purposely takes time to meet the higher standards. As a matter of course. These patches may fix the problem. However. If you are not facing a critical problem. and any impact to your environment.About Patch Notes About Patch Notes Patches may include descriptive notes to help you determine the status or risk of a patch. These patches are available to give you the option of obtaining a fix sooner if you can tolerate some risk to fix a critical problem. not every recalled patch causes problems for every customer. Click on the one line patch description to view the patch details to determine why it was recalled. “Fixes critical problem” or “Reboot required after installation”). but also may contain some element of risk. Patches are assigned an HP Rating of 1. HP recommends waiting for a patch to gain a higher HP Rating. 2. or 3 based on how many quality standards they meet.

de-select and remove it from your selected patch list. 2. Add the recommended alternate patch. If you do not find information about an alternate patch. To resolve dependency conflicts with selected patches: 1. you should select the patch with the highest rating unless a newer patch fixes a specific problem. but it will generally imply special handling. • Structural Conflict: A structural conflict indicates that both patches will replace the same software file on your system. • Dependency Conflict: A selected patch or a patch already on your system requires another patch to be installed with it. Check the revision numbers descriptions When two patches have structural conflicts. view the details for each patch and decide between them. If you choose to leave the existing patch installed. If you don’t want the patch. you may select critical patches that have dependencies on noncritical patches.Resolving Patch Conflicts Resolving Patch Conflicts These are the possible conflicts that can come up during an analysis and how to resolve them: • Behavioral conflict: A behavioral conflicts generally means a selected patch should not be installed with a patch installed on your system. remove the conflicting patch from your selected patch list and perform another analysis. Click on the dependent patch. 30 Acquiring Patches . Review its description and any superseded patches listed. 3. To find an alternate patch: 1. add the patch to your selected patch list. Continue checking the ITRC to check for updates. it might still be in development. Analyze for conflicts again to verify that the conflict is resolved. If two selected patches conflict. This is a rare occurrence that when encountered can lead to unexpected behavior when a patch is effectively partially superseded. For example. you should verify the revisions and install one or both of the patches as needed. • Recalled A Recalled patch has been removed from distribution. A structural conflict may not exclude the selected patch. 2. 4. usually explained in the Warning/Description field or the final patch listed under Predecessor patches. Click on the patch name to view its details. This kind of conflict may be common. Generally. Analyze for conflicts again to verify that the conflict is resolved. 5. You must choose between the new patch and the existing one. Look for a recommended alternate patch. If appropriate. View the details for each patch to decide which you want. 3.

Benefits of Creating Depots There are many reasons to create customized depots. By defining a depot. see “The swreg Command” on page 69. • Separation of Patch Management From System Management Patch management requires a number of unique skills and is an ongoing task. Custom Depots A depot is a software container present on disk. • Remote Administration It may be that the system is in a remote location. For patches that cause kernel rebuilds. • Streamlined Installation When software is acquired as multiple depots and/or media.CHAPTER 4 Depot Management Depot management is a method used to simplify systems management by defining a common reservoir of software to be shared by a group of systems. the work of defining and testing a new configuration of software can be centrally managed. the combined depot would result in a single reboot regardless of the number of patches installed. It is not uncommon to want to administer a system without ever seeing it. CD-ROM. Custom depots can be constructed in a number of different ways. or maybe it is just far enough away to be annoying. By creating registered depots. installations can take place without the need to mount media. or network that is used as a software source for the swinstall installation utility. For more information on registering depots. HP-UX Patch Management 31 . a centralized team can define and support a standardized configuration to be used by many administrators. Adding the overhead of patch management to system administrators limits the number of systems that each can control. combining all software into a single depot allows for a single installation session to load everything. While the mechanics of system administration remain. and are a powerful tool for managing software. tape.

Patch Depots Patch selection. It may be done quarterly to match the availability of the Support Plus media. Creating dedicated patch depots is a great way to avoid duplicating this effort. it is much better suited to parallel access. Critical Fix Patch Depot When a periodic patch depot has been created. There are many arguments against changing such a depot after it has been released. HP-UX 10. Also known as a network depot. Periodic depots are generated on a regular basis that will vary according to the needs of a user. “Acquiring Patches. Tape media is also a convenient method to allow a depot to be transferred over a network without using the swcopy command.X depots marked by 1. and no dependencies are missing. Several problems related to serving depots for HP-UX 10. A tape depot is a single data file that is accessed in a serial manner. The layout_version attribute is used to differentiate between the old and new. and it is recommended for HP-UX 11.depot file delivered within any patch shell archive from the Patch Database or Fulfillment Server (see Chapter 3. with 10. and monitoring are some of the more difficult administrative tasks required for HP-UX systems. 11. 32 Depot Management .X from HP-UX 11. as well as infrastructure. While this format is not readily transferable like the tape depot.X vs. When the term depot is used in this document.8 and 11.X system to provide software for use on HP-UX 10. analysis.” on page 9). as distinct files in a directory hierarchy. monthly to ensure a more timely inclusion of critical fixes. it can be assumed that a directory depot is implied unless specified otherwise.8 on an HP-UX 11.00 that you install patch PHCO_20078 (or current replacement) before creating the depots. A directory depot contains each packaged file.X depots identified by the value 0. It is possible to use depots of layout_version=0. this type of depot is recommended when creating a depot to be accessed from remote systems.0. Several different kinds of patch depots are valuable: Periodic Patch Depot A periodic patch depot is created to define the current recommended patch level. but it is also true that there is always the possibility that a system will encounter a problem requiring a new patch. The critical aspects of such a depot are that they have been tested on the target configuration.X Depots Beginning with HP-UX 11. or just in advance of any scheduled system downtime to take advantage of the opportunity. Once created. The price of these new abilities was to introduce several new attributes to the objects. production systems need only install with an matching operation to load the required patches.X system or layout_version=0.X have been identified. The format is specifically designed to support software delivery on tape media but it can be stored on other types of media as well. patching was significantly enhanced by extending the abilities of the SD-UX tools.0.8 depot. Both styles are common and while the basic function of each is identical there are advantages to each in certain situations.X systems. it often represents a significant investment in testing and analysis.Patch Depots Types of Depots There are two types of depots: directory and tape. data will be lost and the depot corrupted. The best example of this is the .X depot is copied to an HP-UX 10. If an HP-UX 11.

00. or created using the Ignite-UX make_bundles command or externally available tools such as those available through the Interex Users Group (see the paper. Both a software file (specified with the -f option) and a session file (specified with the -C option) provide a mechanism to explicitly select a set of software.list @ /hub Category tags had some initial problems. As with the periodic depots. This responsibility is handled by the SD-UX tools in 11i. Depending on the severity or probability of a given failure.interex. The swmodify command can be used to add an arbitrary category tag to existing patches. it may be advisable to place a newer patch in both the periodic and the critical fix depot. alternate mechanisms may be used to define subsets of the full patch hub. “Patch Installation” for more on this topic. but numerous issues exist. • Patch Bundles Patch bundles may be acquired from HP directly. To define the P2000_Q1 category used above. or as a local resource to ensure local access to any needed patch. swinstall -s /hub -x patch_match_target=true -x patch_filter=*. it is not uncommon to desire a “kitchen sink” depot that contains every patch that may ever be needed. Session files provide the additional ability to specify options in addition to the software list. after listing all selected patch filesets in the file P2000_Q1. Such a patch hub is no longer suitable for general use and the result of an matching operation does not produce a defined or necessarily tested environment. • Category Tags Introduced to patches in HP-UX 11.Patch Depots In these environments. Such a bundle can be explicitly selected for installation.00 the user still has the responsibility of including all dependencies. It is recommended that a patch hub is unregistered or be given restricted access (see “Depot Access” on page 36). For more information. This depot can be used to update any system that encounters a known failure. This problem was corrected with patch PHC)_22526.list issue the command: swmodify -a category_tag=P2000_Q1 -f P2000_Q1.c=P2000_Q1 selects all of the patches in the /hub depot that include the category tag P2000_Q1. as well as a starting point for the next version of the periodic depot.org). category tags are attributes that can be used to mark a patch. Patch Hubs While not recommended for general use. dependencies of the patches in the depot should also be included. see“The swinstall Command” on page 59 and the“The swcopy Command” on page 62. The swmodify command is used to create new category tags. such as the lack of a working mechanism to delete them. Creating Custom Patch Bundles by Dominguez & Scott in the Interworks 1998 proceedings or at http://www. It may be used as a method to conserve disk space. For 11. • Software/Session Files Software and session files can be used to select patches for installation (with swinstall) or to copy (with swcopy) from a patch hub. If the risks are understood and are acceptable. but provides the system administrator with a variety of ways to perform an incorrect operation that could leave a system in an unknown state. For example. This can be particularly useful when working with bundle wrappers. it may be useful to create a depot that contains fixes to known problems in the current environment.*. The advantage of category tags over patch bundles or software/session files is that they may be used with the patch_filter and a matching operation to avoid the problems of explicit selection. See Chapter 6. Providing direct access to a patch hub can be done. HP-UX Patch Management 33 .

This may result in the depot containing patches and their replacements together. For example. it is automatically registered. • Compression Depots are created in an uncompressed state by default. systems.Creating a Patch Depot Creating a Patch Depot Once the decision has been made to create a patch depot and the patches have been selected and acquired. If groups of remote systems are accessible only via a congested or expensive link. /depots/order_db/Y2000Q1 might contain the periodic patch bundle for the first quarter of the year 2000 to be used on systems hosting the order entry database. the superseded patches will never be used and are a waste of disk space. • Depot Access When a depot is created using swcopy. Both disk space and network bandwidth can be conserved by setting the swcopy option compress_files to true. Combining Patch Depots You may want to combine patch depots so that you can perform a single install and reboot for a given session. 34 Depot Management . • Naming a depot One of the features of the interactive user interfaces is the ability to select from a list of available depots on a system. each is simply copied in turn. • Network Considerations Not only should the performance of the networking interfaces be taken into account. the more time and energy should be devoted to preparation. While an installation using such a depot should be successful. and if the depot usage is expected to be high the performance of the disk devices and interface cards must be taken into account. Both the performance of the server and the impact on others are to be addressed. and depots involved. Disk space must be available. When multiple patch depots are combined. It is particularly useful to specify a depot path that identifies the contents if several different depots and/or depot revisions are present. Preparation Tasks There are a number of issues to consider before a depot is put into production. The following example shows how a depot on the default tape drive could be copied as /depots/testdepot to the current system while ensuring that all files are compressed: swcopy -s /dev/rmt/0m -x compress_files=true \*. The more individuals. it can be assumed that an initial depot is always available. Even if you are the only person that will use the depots. location within the network should be considered.\* @ /depots/testdepot The swcopy command is described in more detail within the swcopy(1m) man page or in “The swcopy Command” on page 62. If the availability of the depot is critical. the depot should be made inaccessible during the creation process. As this document will not address the creation of a patch. This can be done by setting the option register_new_depot to false during the initial swcopy session. or to a tape depot via the swpackage command. creating the right environment today can help support any changes the future may bring. • Disk Considerations Depot operations can involve a significant amount of disk activity. high availability storage solutions such as disk arrays or mirroring should be considered. A depot can be copied to a directory depot using the swcopy command. If the final form of the depot will require more than a single swcopy. it is time to create a depot to house them. creating mirror depots may be a valuable option. Copying Existing Depots All packaged software exists in a depot.

two supersession chains are shown that have a mutual dependency.00 systems. For testdepot created above. In Figure 14. When given the -d option and the full path to a depot. the PHNE_17051 file lists a dependency on PHNE_17017. superseded patches can be removed from a depot via the cleanup utility (delivered by patch PHCO_19550 or current replacement). The supersession chains are each in a vertical column. See “The cleanup Command” on page 72 for more information. Example of Inter-Patch Dependencies PHNE_18972 PHNE_19899 Patch Dependency Supersession Chain PHNE_17662 PHNE_17051 PHNE_17017 For example. 2. they are listed. cleanup will remove any superseded patches within the depot. and you are prompted before the command removes them. A patch dependency is indicated by a dashed arrow pointing from a patch to the patch it is dependent on. For example. Search the patch database for any dependent patches. searching for PHNE_17017 shows that the patch is recalled and is not available. This section describes how to analyze dependencies. you may occasionally have to perform the analysis manually. this would be done via: /usr/sbin/cleanup -d /depots/testdepot If any superseded patches are found. but it has been superseded by PHNE_19899. FIGURE 14. 1.Creating a Patch Depot Removing Superseded Patches For HP-UX 11. HP-UX Patch Management 35 . suppose that you need a critical fix found in patch PHNE_17051.00 Although the patch database and the SD-UX tools perform automatic dependency analysis. with the older patches on the bottom. Read the PHNE_17051 text file. Dependency Analysis for HP-UX 11. For example.

3. Access rights can be specified for individual products within a depot and given to individual users on specific systems. At this point.00 process of manually analyzing patch dependencies is time-consuming and cumbersome. For patch depots. the . a depot remains accessible on its own system without being visible to remote systems. See “Enforced Patch Dependencies” on page 50 for more information. Depot Registration A registered depot is visible and accessible to remote systems.hp. geography. This tag indicates that the patch has one or more dependencies that cannot be resolved by SD-UX. Check the dependency information for any superseding patches. 2. even if you only selected one of them. The patch and all of its dependencies are in the depot from which you are installing or copying your patch.00” above. PHNE_17662 itself has been replaced by PHNE_19899. training. This could be due to entitlements. swinstall or swcopy detect the patch dependency on another patch and automatically include the dependent patch in the install or copy operation. depot registration and access control lists. 36 Depot Management . which you already selected. Depot Access It may be desirable to restrict access to depots. For this reason. Registration tasks are done using the swreg command (see “The swreg Command” on page 69). the swacl command provides the ability to restrict access to a high level of granularity. You copy or install a patch from a depot that does not contain the dependent patches. if all the patches in Figure 14 are in the same depot. “Acquiring Patches” has more information about using the patch database and dependency analysis. (This capability results from the requirement that every patch with a dependency enforces or records that dependency in its product specification file. When unregistered. this is usually sufficient for most needs.com/. suppose that you need a critical fix found in patch PHNE_17051. The rights can be further divided by the type of access granted. and you can install patches PHNE_18972 and PHNE_19899 onto the system. The Supersedes field (in the patch . Access Control Lists (swacls) If complex access control is required. or the depot not being prepared for production. no unresolved dependencies remain.Depot Access 3. HP enabled “enforced dependency” functionality for the HP-UX 11i release. You must go through the dependency analysis as outlined above. PHNE 18972 also has a dependency on PHNE_17662. or example. Dependency Analysis for HP-UX 11i The 10.) For example. the cumulative nature of HPUX patches ensures that the replacement patches include the needed functionality. These are the possible scenarios for 11i patch analysis: 1. Two mechanisms exist to restrict access. swcopy or swinstall would automatically copy or install PHNE_18972 and PHNE_19899 together. For example. For a full description of swacl. The patch contains a manual_dependency tag. Even though you did not install the original patch (PHNE_17051).text file or the patch database) shows that PHNE_18972 has replaced PHNE_17051. This means that the SD-UX commands for installing and copying patches automatically include patch dependencies. Chapter 3. You then need to follow the analysis outlined in “Dependency Analysis for HP-UX 11. consult the swacl(1m) man page or the SD-UX documentation available from http://docs.20 and 11.text file for PHNE_19899 shows a dependency on PHNE_18972.

there is more to be done to prepare for any system modification. Back-ups Back-ups! While this document only addresses issues involving system software. While the risks may be small. Some of the aspects of such a process include: HP-UX Patch Management 37 . It is assumed that prior to installation the following tasks have been completed: • A current system recovery image has been completed • Patches have been selected and acquired • The installation depot contains all dependencies System Preparation Even when the depot is ready. this is not meant to infer that data is not important. While disk arrays and mirroring provide terrific protection from hardware failures. Computer systems are complex environments and system administrators are often driven by constant and critical interruptions. A Note on Change Management When working with multiple systems and system administrators.CHAPTER 5 Patch Installation This chapter describes a basic process for performing the installation of patches onto an HP-UX system. software failures and operator error are not hindered in their destructive ability. the costs can be huge. it provides a general checklist of tasks that can be used as a starting point for a local process. If there is any question regarding the stability or reproducibility of the user data it must be resolved before proceeding. it can be easy for confusion to lead to mistakes and/or complicate analysis of system failures. While not the only method available. In a large environment it may be beneficial to create a formal change control process for critical systems.

they are not lost when a system failure is encountered. Patches should also never be committed without an immediate need such as reclaim- 38 Patch Installation . most documentation has recommended that the system be in run-level (init) 2 or higher. If this is the case. This can result in the removal of a patch that fulfills a dependency. you may inadvertently remove patches that were installed on the system before the bundle installation. HP strongly recommends that you create a recovery image. during the installation process. Patch Committal Prior to Depot Installation When installing a large number of patches. and the current patch level becomes a low-water mark. This is not meant to indicate that updates should take place on active systems from beginning to end. However. The committed patches cannot be removed. System Activity The Software Distributor tools rely on the Distributed Computing Environment (DCE) and networking support for even the most basic functions. For this reason. senior administrators and management can provide guidance and ensure that business needs are not controlled by technical decisions. By requiring a formal handoff to any new owners. This causes the initial patched state to become the minimum system environment. it is not uncommon for some of the patches to already be present or superseded on the target system. Both the initial state prior to the installation and the final state upon completion should be supported and stable environments. but to the system being left in a partially installed and corrupted state. system files. and no new processing should be started. Experience and recovery planning should be your guide. The system will be between supportable configurations. to commit all patches on your system: swmodify -x patch_commit=true \* Before you commit patches. The recommended method for performing a system-wide patch committal is to use the SD-UX swmodify command. However if you don’t perform a committal before the installation of the new patches. The installation of large numbers of patches might create unwanted side effects on your system.System Preparation • Clear Ownership of each Change The submitter of a change request becomes the initial owner of a task. Scripts may kill and restart daemons. An attempt to remove all active patches can only delete those that are newly delivered. • Change Review and Approval By requiring a period of review and authorization. One method that can be used to avoid these issues is to perform a system-wide commitment of all patches prior to the installation of the new set. These are multi-user states that are usually associated with active systems. Remember that the risk is not only to the failure of an application. While less valuable in smaller operations. For example. libraries. Applications that are not critical should be halted. Commands and libraries may not match the currently running kernel. a growing data center should consider implementing a change control process before it is needed. it becomes necessary to return to the initial state by removing the new patches. • Centralized Change Database By keeping change records on a central system. the individual responsible for executing the change can quickly be identified. and commands are gradually changed. This image can be used to return to the uncommitted state. The database can be constructed to provide access to the experience of other administrators as well as visibility of upcoming changes to system users. such as a Support Plus patch bundle.

To ensure that you can return your system to its current state. can fix the problem. The remaining patches are those delivered in the XSWGR1100 bundle. Selected re-installation and IPD modification can be a complex and risky operation. using the swinstall preview mode: swinstall -p -s /var/tmp/REBUILD_DEPOT -x autoreboot=true \ -x autoselect_patches=true -x reinstall=true \ -x reinstall_files=true OS-Core ProgSupport SCSI-Passthru HP-UX Patch Management 39 . ProgSupport.KERN2-RUN OS-Core.SPT2-DVR.11. staying as close as possible to the patches already on the system..There are also disadvantages. (See “Dependency Analysis for HP-UX 11.System Preparation ing disk space or preparing for the installation of a new bundle. “Planning for Recovery”. In the example.00.00” on page 35 or “Dependency Analysis for HP-UX 11i” on page 36 for more information.SPT2-DVRSCSI-Passthru. Use the swlist command to determine all ancestors of patches to be changed (because you need to reload all of the filesets modified by the patch): swlist -l fileset -a ancestor PHKL_22759 # Initializing.fr=B.fr=B. PHKL_21989..fr=B. and SCSIPassthru products. 2. Failure to perform this analysis for all patches to be removed may cause unpredictable results.00. 5. 4.2) installed with all patches committed and that you need to remove PHKL_22759.fr=B.v=HP PHKL_22759. this would mean copying PHKL_21989 into the recovery depot and removing PHKL_22759.KERN2-RUN. Committed Patch Removal The primary disadvantage of system-wide patch committal is that you cannot as easily roll back the committed patches.. Removing any patch might cause another patch to lose a required dependency.C-INC.00. All are confirmed to be in the depot.C-INC ProgSupport. create a recovery image. Therefore. The depot should include all patches desired for the final system. The best way to do this is to manage your patch depots in such a way that you can re-install a committed patch’s ancestor patches. you determine that you need to reload the OS-Core.v=HP PHKL_22759. # Contacting target "phsvr703".v=HP PHKL_22759.11. You must re-install the patched products to provide the older versions of files or manage your patch depots in such a way that you can re-install a committed patch’s ancestor patches.11.CORE2-KRN OS-Core. but an older patch.00.) Create a recovery depot that contains the original products as well as all required patches. such as an Ignite-UX recovery tape or network image.00. To remove the committed patch and reinstall PHKL_21989: 1. you must perform an analysis to ensure that the final set of patches will function correctly.11. # # Target: phsvr703:/ # # PHKL_22759 PHKL_22759. No newer patches are acceptable.. suppose that a system has the XSWGR1100 bundle (revision 11.v=HP From the swlist output. 3. Perform a dependency analysis.52. See “Committed Patch Removal” and “Patch Commitment” on page 49 for more information.) Reload the ancestor patches.CORE2-KRN. For example. (See Chapter 2.

Theses messages tell you that you need to include the LVM product. (If necessary) check the log files if errors occur.r=B. You can avoid this error setting the enforce_dsa option to false. which turns off automatic dependency checking and increases the risk of error. data will be lost without LVM.LVM-RUN must be selected in order to ensure that all disks will be accessible after the new kernel is put into place.r=B. In either case. 8.11. 40 Patch Installation . TIP: SD-UX affords you a greater level of safety and error checking when you work at the product level.Core. but the actual increase never exceeds of 10 Mbytes.11. TIP: Whenever possible.00" cannot be successfully resolved. For the example. most of which is transient use only. use the swinstall program’s preview mode (include a -p in the command line) to analyze the install before trying to perform it. the following error is listed: ERROR: The filesets LVM. 7.System Preparation 6. * The software "OS-Core. Preview the installation again. Unless you are installing patches into a committed state. TIP: Reloading of products and patches may cause SD-UX to issue a disk space analysis (DSA) error. Because the disk space used by the reloaded products and patches merely replaces existing disk space. use a test system to verify impacts and changes before you change any production environment systems.00" has previous analysis errors. but this requires that you change the default behavior of additional SD-UX options including autoselect_dependencies and enforce_dependencies. You can replace individual filesets to remove committed patches and restore ancestors level. TIP: Patches may include checkinstall scripts that do not support dependency checking and other patch management features. Use this option with extreme caution.CORE-KRN. Whenever possible.r=B.LVM-KRN and LVM. ERROR: The "checkinstall" script for "OS-Core. or the command "/etc/sdsadmin" indicates that there is a multiple disk software disk striping (SDS) array on the system (or cluster). Installing the example products causes swinstall to expect the size of /usr to increase by more than 100 Mbytes.CORE2-KRN.CORE-KRN.CORE-KRN" gave a global error return (exit code "11").11.00" for fileset "OS-Core. The corequisite "OS. This is because there is either an "/etc/lvmtab" file which contains lvm configuration information on the system. this time with the addition of the LVM product: swinstall -p -s /var/tmp/REBUILD_DEPOT -x autoreboot=true \ -x autoselect_patches=true -x reinstall=true \ -x reinstall_files=true OS-Core ProgSupport SCSI-Passthru LVM Run the same command without the -p option to perform the actual installation. the actual usage of /var/adm/sw may increase and cause swinstall to fail.

When is a Reboot Needed? Each patch “knows” if it will require a system reboot to install on a system.*. Patches that were superseded had to be manually removed from a depot. avoid using these complex methods unnecessarily. Unless a special need exists.c=patch @ /MyDepot | grep true Timing of the Reboot In “System Preparation” on page 37. In addition. • All patches in the source depot that corresponded to software on the target system were selected. patches were generally selected and installed using the match_target option of swinstall. Despite this and the cautions regarding system activity. but it should also not be unecessarily delayed. the only method currently available to restart an HP-UX kernel is to shut down and restart the system.X releases. but how can you tell? A flag is recorded both within the patch documentation as well as a fileset attribute within the patch itself. There was no way to filter them according to their type or level of severity. This becomes an issue when the swinstall command line interface (CLI) is used. Any filesets with this attribute set to true will reboot the system if loaded. and some are mentioned in this document. If specified. The goal is to have all systems at a common level with the least amount of overhead.Planning for System Reboot Planning for System Reboot The core of the HP-UX operating system is known as the kernel. A depot can be checked for patches requiring a reboot by using the swlist command to display the is_reboot attribute of the patch filesets. This also made it impossible to install both the product and its patch(es) in a single step. There are complex methods of patch installation. Not only is a reboot often required. It should now be made clear that this ambiguous condition exists until any required system reboot and configuration steps are completed. it is certain that at times users and applications will remain active during an install and need to be prepared before a reboot can occur. the autoreboot option instructs swinstall to reboot the system whenever it is required. While useful for automated and unattended installations. Most kernel (PHKL) and many networking (PHNE) patches require that the kernel be rebuilt and restarted. HP-UX Patch Management 41 . The patches in a local depot (/MyDepot) can be checked with the following: swlist -d -l fileset -a is_reboot *. • SD-UX had no way to determine whether some patches in a depot were superseded by other patches. Installation The previous work outlined in this document was concentrated in creating the depots and with the preparation complete the installation should be simple and quick. the interactive versions of the swinstall command will display a dialog that announces the required reboot. This was an improvement over manual selection of patches but there were several problems: • The match_target option applied to both patches and non-patch software in the same depot and there was no way to ensure that the patches and non-patch software would be installed in the correct order. While solutions for the future are under investigation. it does not allow any time or warning before the system is halted. Using the SD-UX Matching Operations In the HP-UX 10. the fact that the system is in an unknown state until the installation process completes is discussed. This complicated the process of software updates and required that patches be kept in a separate depot. The CLI will not allow an installation that will require a system reboot to begin unless an override option (-x autoreboot=true) is specified.

In other words. See “Dependency Analysis for HP-UX 11. they will not be handled by SD-UX.Installation With HP-UX 11. The benefit to the user is that a separate swinstall session is not required to install patches to a product.*. 42 Patch Installation . any subset generated through a patch_filter operation in 11. you must go through and do a manual dependency analysis.X. you have additional control over patches selected when using either autoselect_patches or patch_match_target through the use of the patch_filter option. If you want to install from a depot of patches. The following command installs patches from a depot which correspond to currently installed software products: swinstall -s /mydepot -x patch_match_target=true -x autoreboot=true Finally. See “Enforced Patch Dependencies” on page 50 for detailed information on the manual_dependencies tag. to install only patches with a category_tag of myTag that apply to a system: swinstall -s /mydepot -x patch_match_target=true -x autoreboot=true \ -x patch_filter="*. patch_filter automatically selects the patches which contain myTag as a category tag in addition to their dependencies. Note that in HP-UX 11. the command: swinstall -s /mydepot MYPRODUCT by default also selects and installs any patches applying to MYPRODUCT that also exist in the source depot. Each patch contains tags (the category_tag attribute) which characterize the patch. This simplifies the process and protects the system from careless activity.00” on page 35 for a detailed explanation of analysis. This functionality has been enabled in 11i through the use of requisite tags. they will be selected and installed with the software. they can be applied during the initial installation or update of the software. Three new selection options were added to improve management of patches: -x autoselect_patches=true|false -x patch_match_target=true|false -x patch_filter=<selection> (default=true) (default=false) (default="*. Most patches contain dependency information within their PSF in the form of corequisites or prerequisites. always check for the manual_dependencies tag which indicates that although the patch has one or more dependencies. the patch_match_target option can be used to select those patches which correspond to any product installed on the system. If patches that apply to the software selected (by a swinstall or swcopy command) are present in the source depot. For 11i. This is most often used to install the proper set of patches from a patch bundle. the match_target option was changed to select only non-patch software. there are exceptions to this enforcement. it does not select the dependencies for those patches.c=myTag" The patch_filter option can also be applied in conjunction with the autoselect_patches option to control which patches are selected when software is initially installed. When installing from a depot. For example. It must be emphasized that as with depots. it only selects those patches which have that tag so if the dependency does not contain it.00 must not have external dependencies.00. However.*") The autoselect_patches option is used when installing software. when patch_filter is used to select patches which contain the myTag category tag. For example. Non-patch software can be identified through the is_patch attribute described in “Patch Related Object Attributes” on page 56. the match_target option has been modified so that it applies only to non-patch software.

Installing Support Plus Patch Bundles Follow this procedure to install patch bundles from the Support Plus CD. to define /cdrom as the mount point. use the name you found using ioscan in Step 5 above. identify the drive device file: ioscan -fnC disk This command lists all recognized CD drives and their associated device files. then select the appropriate patching tools.com/ Select the Maintenance and Support page. 4. Put the appropriate Support Plus CD into the drive. There are several important sources of information: • Check the HP IT Resource Center for information about recommended patches: http://itrc.hp. For example. If necessary. If it is desired that the patches be installed directly into a committed state. For 11. HP strongly recommends that you read the documentation for each bundle or patch you wish to load.hp.) There are two different methods that may be used to commit patches after they have been installed.00. If necessary. 2. Step 2: Check for Last-Minute Information Support Plus often contains last-minute information. the swinstall option -x patch_save_files=false may be used. see “HP Patch Bundles” on page 31 and the Support Plus User’s Guide. (Note that the Support Plus CD has depots contained in subdirectories. You can now access the CD via the mount-point directory. For complete information on Support Plus. The file name will be something similar to /dev/dsk/c1t2d0. or after the fact. define a new directory as the mount point for the CD drive. available on the Support Plus CD and at http://docs. If the CD drive is external. 7. enter: mkdir /cdrom 5. 3. Before proceeding. deselect the Actions-->Save files replaced by patch for later rollback.com. switch it on. Mount the CD drive to the mount-point directory: mount -r /dev/dsk/c1t2d0 /cdrom If the CD drive’s device-file name is not c1t2d0. Wait for the busy light to stop blinking. and the swmodify command allows the patch commitment to be managed down to the fileset level with the patch_commit=true option. For example: ls /cdrom 6. (From the GUI.Installing Support Plus Patch Bundles Installing to a Committed Patch State Patch commitment may take place during patch installation. they are not all at the top level of the CD. The cleanup command is discussed in more detail in “The cleanup Command” on page 72.) Step 1: Mount the CD 1. Open a terminal window and become root on your system. HP-UX Patch Management 43 . the cleanup utility (delivered via patch PHCO_22044 or current replacement) provides a simple interface consistent with the version provided on HP-UX 10.X releases.

html (for 11i) • Diagnostic products have readme files and additional information in the /cdrom/DIAGNOSTICS directory. You can print or view these files directly from the CD. Step 4 (Optional): Set Up Hard Disk Access If more than two systems must access the depot.hp.Installing Support Plus Patch Bundles • Refer to the Support Plus web site for additional information: http://software.x depots from HP-UX 10. Disable remote access by unregistering the depot before unmounting the CD: swreg -u -l depot /cdrom/HWEnable11i NOTE: You cannot access or register 11. For example.txt • Each bundle readme file is also available in HTML format. 3. with the CD mounted at /cdrom. a list of patches (and their dependencies) in the bundle. This short document contains up-to-date information about known problems with patches in recent Support Plus releases. This file contains additional installation instructions.readme (for 11i) • Each patch has an accompanying text file in the /cdrom/TEXT_FILES directory. and a listing of disk space usage. If you mounted the CD on the system that is the target for the patch or diagnostic installation.) You can print or view these directly from the CD.com TIP To simplify sharing of patch information. The hyperlinks from the HTML bundle readme files to the patch text files will work as long as the HTML files reside in the same directory as the TEXT_FILES subdirectory. proceed to “Step 5: Install the Selected Bundles” on page 45. These files contain hyperlinks to the patch text files. use: swcopy -s /cdrom/HWEnable11i \* @ /var/tmp/MyDepot Patch Installation 44 . A free version of the Adobe Acrobat® Reader is available at: http://www. Step 3 (Optional): Set Up Sharing for Remote Systems To enable direct access from one or two other systems. (Patch text files are also included with individual patches that you retrieve from HP. changes since the last release.com/SUPPORT_PLUS/ • • Refer to the Read Before Installing document that accompanies the Support Plus CD. HP recommends that you copy the patch depots to a hard disk using the swcopy command. This file provides detailed information about the patch. For example: more /cdrom/HWEnable11i. assuming the Support Plus CD is mounted to /cdrom: 1. For example: more /cdrom/TEXT_FILES/PHSS_22540. Register the depot: swreg -l depot /cdrom/HWEnable11i 2.adobe. you may wish to copy the documentation files onto your own system. or if you cannot dedicate the CD drive to the Support Plus CD. For example: file:/cdrom/HWEnable11i. You can enter a URL into a web browser to view these files directly from the CD. to register the HWEnable11i depot.readme. Some information is in Adobe® Portable Document Format (PDF) files. For example. Each patch bundle has its own readme file.20 systems. you must register a depot on the Support Plus CD using the swreg command. notes about problems in current and previous releases. Install the bundles (see “Step 5: Install the Selected Bundles” on page 45).

HP-UX Patch Management 45 . Review the documentation. Install the patch bundles. Although you can select individual patches from the bundles.x). The bundle readme files may contain additional installation instructions and other important information. If the swcopy interactive user interface appears. tested. Also. HP recommends the following tasks for all systems: 1. HP recommends that after you have selected a bundle for installation (see “HP Patch Bundles” on page 15). For example. To ensure greatest reliability. Support Plus bundles commonly include patches that require a system reboot. an unexpected condition was encountered. you should plan the installation for an appropriate time and announce a system outage to the users ahead of time. Some amount of risk is involved in any system modification. 2. you install the bundle using the matching operations of the swinstall command. See “Step 2: Check for Last-Minute Information” on page 43. Although you should already have reviewed the patch documentation. You should implement a recovery plan as an insurance policy against a system failure. it is prudent to limit system activity during any installation. Plan for system down time. to install from a CD mounted and registered on the system grendel: swinstall -s grendel:/cdrom/HWEnable11i \ -x patch_match_target=true -x autoreboot=true You can use the swinstall command’s preview mode (-p option) to get an idea of what to expect for the bundle you want to install. HP recommends that both the host system and depot should have the same major HP-UX version (for example. it is wise to recheck the readme files before installing.Installing Support Plus Patch Bundles This command copies the contents of the HWEnable11i depot to the local system under the /var/tmp/MyDepot directory. Also. this requires additional analysis of the readme files to ensure you do not overlook software dependencies. Notes • • HP recommends that you do not merge depots created on different versions of HP-UX. Even though the swinstall command used for installing the bundles requires that the system has networking enabled. an unexpected condition was encountered and you may need to enter additional information or take other action. For example: swinstall -p -s grendel:/cdrom/HWEnable11i \ -x patch_match_target=true -x autoreboot=true NOTE: If the swinstall interactive user interface appears. 3. The new depot is automatically registered for use by remote systems. You may need to enter additional information or take other action. 4. Create a system backup. and intended for use as a unit. Step 5: Install the Selected Bundles The bundles on the Support Plus CD are built. One recovery technique is to use HP’s Ignite-UX tools (provided on HP-UX 11i Operating Environment CD1) to create recovery images. 11. Therefore.

and swremove. The swverify command is provided as a method to compare the data within the IPD with the actual system directories and files. WARNING: Ignoring unknown keyword "hp_mfg" at line 142. # Contacting target "hpfclc1". swverify checks software states. For example. This log file is much more complete.. These verify the actions taken and begin the preparations as the next cycle begins. the swagent log is a good place to look for more information. This can be done using: swverify \* Checking the Logs Each SD-UX command logs messages to /var/adm/sw/sw<task>.log). See the SD-UX manual for more information. including swinstall. /var/spool/sw/swagent. When verifying installed software. swcopy.Finishing Touches Usage Tip Using the swlist command on an HP-UX 11.log beneath the depot directory (for example. See “Cleanup Command” on page 22 or “The cleanup Command” on page 72.log.) A swagent process performs the actual operations for each of the many SD-UX commands. Finishing Touches Once the installation has completed.log. 46 Patch Installation . where task is the name of the command.. WARNING: Ignoring unknown keyword "hp_mfg" at line 64. swagent logs messages to the file swagent. This log is located at /var/adm/sw/swagent.00 system to list bundles on an HP-UX 11i system may generate warnings. a few final steps are required. If you experience problems with one of the SD-UX commands. WARNING: Ignoring unknown keyword "hp_mfg" at line 229. The swverify command Software Distributor maintains a database of software that it controls known as the Installed Products Database or IPD.. it includes the output from installation scripts. The swverify command can be used to verify a patch bundle or even a single patch. This contains a terse summary of command activity. (You can specify a different logfile by modifying the logfile option. but it is recommended that a wildcard be used to verify all products and patches on the system. which would not be in the command log file for swinstall. dependency relationships. The cleanup command can also help you manage SD-UX log files.. file existence and integrity. For depot operations. For example: swlist -d -l bundle @ 11isys:/cdrom/HWEnable11i/GOLDAPPS11i # Initializing.

FSD. If Prod. in practice ancestors are managed between grouping of files known as filesets (see Appendix B.Appendix A Basic Patch Concepts Patch management differs in many ways from standard forms of software management. or to proactively avoid encountering a known problem in the future. Figure 15 provides a simple example of the four filesets of product Prod being modified by the patch PHCO_0100. “SD-UX Tools & Objects”). it would rely on external tools or people that do have an understanding. The specific details regarding execution are left to the following chapters. While the concept of ancestry can be applied to a single file. It may deliver defect fixes. The importance of this can be seen through a simple thought experiment of loading PHCO_0100 onto a system that has Prod installed without fileset FSD. with only the PHCO_0100. it is possible for several patches to modify a single product or for a single patch to modify several products.FSD is loaded at a later date. performance enhancements. This fileset is given the same name as that ancestor. A patch is an incremental change to the released software. and in some cases new functionality. a fileset is created for each ancestor fileset.X patches. For a patch that delivers a new version of a single file. When PHCO_0100 is installed. The ancestor of a patch is defined as the preexisting software that is being modified or replaced. This indicates that the FSD fileset was not needed by that system.FSD is not present. Certain terms and actions exist solely within the patch space. the system will determine that fileset Prod. While it is possible to create a support solution without an understanding of these concepts. HP-UX Patch Management 47 . For HP-UX 11. and will not load PHCO_0100. the patch can be installed again. A patch may be loaded in reaction to a system failure. Working with groups of files.FSD fileset actually being processed. This appendix defines the basic patch terminology and concepts. Patch Mechanics Ancestors and Patches Ancestry is one of the basic concepts of patch operations. the ancestor delivered the original version of that file.

In fact. The Prod.X Patch and Ancestors Patch PHCO_0100 PHCO_0100. If this were not the case.0) is stored in a save area associated with PHCO_1000.FSC Prod. an earlier patch could replace files with earlier or outdated versions. it is not required to have all patches in a supersession chain installed. When a patch is superseded.o. both having a of revision 1. each replacing the previous patch.FS fileset contains the relocatable object files foo. it remains on the system. When a patch is loaded onto a system.FS supersession chain of Figure 16. forms a supersession chain (Figure 16). the default behavior is to save copies of all files patched prior to loading the new versions.Patch Mechanics FIGURE 15. the presence of a superseding patch will prevent the installation of any preceding patch.FSC PHCO_0100. is initially patched by PHCO_1000. Only the active member of a supersession chain can be removed. 48 . In general. the version delivered with the original product (v1. these saved files are restored. FIGURE 16. This means that any individual patch supplied by HP must completely contain all aspects of any preceding patch. When PHCO_1000 is loaded. it delivers a new version of foo. The newer patch is said to supersede all earlier patches.FSB One Patch Multiple Filesets Product Prod Prod. the patch numbers increase along a patch supersession chain. but is not active. but as each superseded patch returns to the active state it becomes a candidate for removal in future sessions.FSA Prod. Figure 17 shows the save areas for the Prod.FS PHCO_1000 PHCO_2000 PHCO_3000 The SD-UX-packaged product Prod.FSA PHCO_0100. Only the top patch of the chain is in the active (applied) state. If the patch is removed. A series of patches.FSD Patch Supersession Patches for HP-UX products are required to be cumulative. This patch is superseded by PHCO_2000 which is superseded in turn by PHCO_3000. Patch Rollback The installation of a patch differs from the installation of a product in several ways. Patch Supersession Chain PROD.o and bar. When this happens.0. One of the key differences is the ability to perform patch rollback to restore the pre-patched behavior.FSB Prod.o. HP-UX 11.FSD PHCO_0100. Since patches are designed to be cumulative.

FS to the original state. Patch Rollback PHCO_1000 PHCO_2000 foo. reinstalling the committed patch will not restore the rollback ability.o.r=1. even though it did not change.r=1.0 foo. Patch Dependencies To become fully active.r=1.1 When PHCO_2000 is loaded.o. The disk space used to support patch rollback may be reclaimed through patch commitment. patch PHCO_3000 delivers new version of both files. and in some cases multiple copies of the same file will be preserved.1 bar.text file field(s) used will be noted as appropriate for each type.0 bar.r=1. The product remains patched until updated to a new version or removed from the system. Also. (See Appendix C.2 bar. In these cases.o that was delivered by PHCO_1000.o.) HP-UX Patch Management 49 .FS foo. the associated save area is deleted and the patch cannot be directly removed.r=1.o.o. cumulative patching ensures that the amount of change delivered by a patch will increase during the life of a supersession chain.o. and the save area disk space for those patches is also reclaimed.0 Patch Save Area foo.o that are on the system before loading PHCO_2000 are then stored in the save area. and patch PHCO_2000 again becomes the active patch.o. a patch may require changes in other areas of the system.r=1.0 foo.r=1. if any patch in a supersession chain is committed. The.o. The versions of foo. it delivers a new version of bar. any prior patches lose the ability to be restored. it must also deliver the version of foo. Each patch could be removed in turn.o. How? Because the information lost is of the state prior to the installation of the patch.r=1. the files found within its save area are restored to the system.r=1. As can be seen in the diagram. “The Patch Text File” for more information. It requires disk space that may be needed for other applications or data.1 bar. As a cumulative patch.Patch Dependencies FIGURE 17. The different types of dependencies are documented in the text file or readme attribute of each patch. a patch may document a dependency against patches responsible for these other areas. Finally.1 foo. When a patch is committed to the system.r=1.o. it is important that the areas affected by a single patch are limited.1 PHCO_3000 foo.r=1. If patch PHCO_3000 is removed from the system. and the existing files on the system are preserved in a save area associated with PHCO_3000.2 PROD.o. Patch Commitment The rollback mechanism is not without cost.o and bar.o.o.r=1.1 bar. eventually returning Prod. Because patches are cumulative.

) As long as the desired patch and its dependencies are loaded on the depot. Enforced Patch Dependencies The ability to manage patch dependencies was not included in the original design of the SD-UX. 50 . All such miscellaneous dependencies are explained in the Other Dependencies field. These are documented in the Patch Dependencies field and/or the Special Installation Instructions field. if a patch has a dependency on a superseded patch. In 11. their supersessions and their dependencies and then install the appropriate patches. These system-level dependencies are documented in the Hardware Dependencies field. Manual dependencies are indicated by the manual_dependency category tag and are listed in the PDep or Other Dependency field of the patch text file or readme attribute. there are some cases where special types of dependencies may be encountered. but the dependency must be loaded first for the requirement to be satisfied. An ordered dependency listed in the PDep field of the patch text file and automatically enforced by SD-UX. These include optional dependencies that are required under specific circumstances or hardware dependencies below the system level. swinstall and swcopy will analyze the patches. This is why SD-UX can resolve static dependencies: they don’t run the risk of being superseded. • Standard Dependency The standard dependency is an execution-time software dependency without any exceptions or conditions. SD-UX can register and automatically manage required patch levels. An example would be that the commands in PHCO_1000 cannot be used without the kernel support of patch PHKL_1234. • Hardware Dependency Certain patches are only applicable to specific system models. In 11. there is no way for SD-UX to recognize that the latest patch in the supersession chain has to be loaded. Standard dependencies are documented in the Patch Dependencies field.Patch Dependencies Dependency Types While the dependencies of a patch are generally quite simple. • Ordered Dependency An ordered dependency is an installation-time software dependency without any exceptions or conditions. However in 11i. SD-UX tools acquired the ability to manage patches natively (without scripts) and thus static dependencies. The contents of these patches may be modified by subsequent patches but they are not meant to be superseded. A dependency that is not directly enforceable by SD-UX (although patch scripts can provide indirect enforcement). • Other Dependencies There are dependencies that cannot be described in a simple manner. This analysis is done by the SD-UX tools through some additional attributes within patches and by enforcing the registration of patch dependencies within each patch. (See “Viewing Dependency Information” on page 51. The ability to automatically resolve superseded dependencies for patches was not implemented because of time constraints.00. Three types of dependencies are used in HP-UX 11i: Table 2: HP-UX 11i Dependency Handling Dependency Type Description Corequisite Prerequisite Manual dependency A standard dependency listed in the PDep field of the patch text file and automatically enforced by SD-UX. otherwise known as a line-in-the-sand patch.00. Static dependencies are those which involve a consolidated patch.

Any value other than those listed here denotes a patch that should be restricted and used only with full understanding and great caution. Viewing Dependency Information To review patches with manual dependencies. provide the current patch state.text file is described in detail in Appendix C. but the patch may transition into different release states.00 cannot handle the new functionality) the patch will not register its dependencies. the requirement of requisite registration is waived. If the patch is multi-release then (since 11. In addition. The data within the .c=manual_dependencies @ /MyDepot If this command yields some patch names. you must consult the following fields in the patch text file: • Pdep—patches listed in this field are not enforceable but can be detected and listed by the patch database. • General Release A status of General Release indicates a patch that is approved for widespread use and is the active member of the supersession chain. the patch will contain a category tag which states that the user must manually resolve any dependencies.text file and is also displayed when viewing patches within the ITRC. you must perform a manual dependency analysis such as the one outlined in “Dependency Analysis for HP-UX 11. and in particular the Patch Database itself. The following patch states are used by all patches that should be available to customers. • Other Dependencies—patches listed in this field are conditional dependencies but are not detected by the patch database. The current release state. This section examines some of these properties. the. Also. • Special Installation Instructions—this field often includes explanatory text for patches listed in the Other Dependencies field. Patch Status Almost every patch created is intended for general release to all customers.00” on page 35. For example: swlist -d -l product -a readme PHKL_23400 @ /MyDepot The HP-UX Patch An HP-UX patch is a partial delivery of software that fixes defects found in the original.X patches include internal readme files that you can view with the swlist command. or in some cases extends the original functionality. HP-UX Patch Management 51 . it will contain all known fixes to date for the target software.text file reflects the initial state of the patch due to the static nature of the file. If not then proceed with the copy or installation.The HP-UX Patch Two situations may result in unregistered dependencies. This is the manual_dependencies tag. “The Patch Text File”. You should check for this tag every time that you want to install from a bundle or depot to make sure that there are no external dependencies. Each patch includes a set of properties that are documented in an associated text file. 11. The ITRC data. known as the patch status. if the dependency relationship is more complex than the grammar for requisites can support. The following command checks for this tag in the patches within depot /MyDepot: swlist -d -l product *. can be found within the . As the newest available patch. then for each of those patches. When this happens.

The currently defined patch types are: PHCO PHKL PHNE PHSS Commands and libraries Kernel Networking All other HP-UX subsystems 52 . • General/Special Superseded When an active patch is replaced by a newer version. or system hang. patch supersession should not be considered in a negative manner. • Critical The patch delivers a new fix for a critical failure. As with superseded patches. and not the probability that it will be encountered. Patches may be created as special release if a set of customers require nonstandard behavior or configuration-specific change that would cause problems for others. While there may still be compelling reasons to install such a patch (such as a performance enhancement). you may choose to proactively load a critical patch to avoid a possible failure. is unique for a patch regardless of patch type. Patches are marked as being critical in response to the severity of a failure.The HP-UX Patch • Special Release A special release patch is an active patch that was not intended for use by all customers. • General/Special Recalled Under certain conditions. called the patch number. Even if you take a very conservative approach to changing your system. A patch can be classified into one of three categories: • Not critical No part of the patch addresses a critical failure. Applicable to both General and Special Release patches. data corruption. The known qualities of an older patch may have greater value than the non-critical improvements. each system administrator should review the issues documented in the recall notice with the value of the current patch fixes and cost of system change. the correct action for a specific system may vary. but supersedes a critical patch The patch does not contain critical fixes. The severity of the defect is such that the patch should be evaluated for applicability to local systems and environments. certain patches address issues of the highest priority and are considered critical. they may not be critical. and while the generic recommendation will be to remove and replace the patch. The Critical Patch While each patch is created to improve upon the original version of the ancestor software. Examples of conditions that cause a patch to be marked critical include data loss. The numeric field. Patch Identification An HP-UX patch name consists of a four-character type identifier followed by an underscore followed by a four or five digit numeric field. there is no reason to take any immediate action. While the newer patch should contain additional fixes. • Not critical. system panic. it enters the superseded state. Patches cannot be partially recalled. but delivers critical content that was introduced within a patch that has been superseded within the same patch chain. a patch may be recalled and removed from general distribution.

The HP-UX Patch This naming convention is not recognized by the SD-UX software management tools. These are the . Shell archives are a useful and portable method to package groups of files for transfer between Unix-based systems.X patches are also marked through the is_patch and is_sparse attributes and the patch category tag.text file is the complete documentation for the patch.depot and . The Patch Shar File The shar(1) utility is used to produce a shell archive file. The . HP-UX Patch Management 53 . it is packaged as a shell archive. HP-UX 11. special installation instructions (if any). When a patch is acquired individually from the Patch Database within the ITRC or from the Fulfillment Server (FFS). When exercised by the shell. For more information on these and other attributes.depot file is an SD-UX tape-style depot containing the actual patch.text files. see “Patch Related Object Attributes” on page 56. the patch shell archive will recreate two files within the current working directory. dependencies. including descriptions of the symptoms and defects repaired by the patch. These sources are described in more detail in chapter 3. and the list of files contained within the patch. “Acquiring Patches”. The .

The HP-UX Patch 54 .

but you need only a small subset of SD-UX functionality for patching operations. For in-depth information. A fileset may include scripts that control installation and removal.Appendix B SD-UX Tools & Objects This appendix provides an overview of Software Distributor commands for HP-UX (SD-UX-UX) commands and concepts as they apply to patching. Selecting patches by fileset level may cause a fix to be only partially applied. You can also enable SD-UX to install and manage software simultaneously on multiple remote hosts from a central controller. SD-UX is included with the HP-UX Operating System and by default manages software on the local host only. It describes a unique subset of the files that make up a product. grouped into a manageable unit. Therefore.hp.com. This section gives you a simplified view of the object types that relate to patches. HP-UX Patch Management 55 . The Basic SD-UX Object Types Software Distributor uses a variety of object types.00) • Software Distributor Administration Guide (for 11i) These manuals are available at http://docs. Many patch operations involve some aspects of the SD-UX tools. and patch filesets are delivered only within a patch product. SD-UX functionality that is not appropriate for patching is not discussed. even though SD-UX permits this kind of selection. consult the SD-UX manuals: • Managing HP-UX Software with SD-UX (for 11. In general. you should avoid selecting patches at the fileset level. The Fileset A fileset is one or more related files. This appendix does not present a comprehensive view of SD-UX. Consult the SD-UX manual for more information. You can find formal definitions in the SD-UX manual or the sd(4) man page. This appendix does not discuss SD-UX remote operations or installations involving alternate roots. patches are created and managed at the product level.

The Bundle A bundle encapsulates products and filesets into a single software object.fr=B.11.00.VXFS-BASE-KRN.C-INC PHKL_18543.. applied_to • Applies to patch filesets. • Contains the software_spec of the ancestor fileset that this patch fileset modified when it was installed.VXFS-BASE-KRN PHKL_18543. • The following example shows patch PHKL_18543.11. A depot can also be a distribution media (e. See “The swlist Command” on page 66 for more information.fr=B. The patch-related attributes are described below.11.VXFS-PRG.C-INC. which contains three filesets.v=HP JournalFS. Bundles provide a convenient way to group software objects together for easy selection. See “HP Patch Bundles” on page 15 for more information.g.v=HP JournalFS. More than one bundle can contain the same software objects. serial file that contains products or bundles. • Lists all of the patch filesets that have modified this fileset.) 56 . The Depot A depot is a directory that contains software products or bundles that are available for direct or remote installation.v=HP applied_patches • Applies to base (non-patch) filesets. You can change the contents of a depot. HP-UX 11. (See “Software Specifications” on page 73 for more information on software_spec.00. You can view SD-UX object attributes with the swlist command. swlist -l fileset -a ancestor PHKL_18543 # PHKL_18543 PHKL_18543.VXFS-PRG ProgSupport. • Indicates the fileset that this fileset modifies. HP provides several types of standard patch bundles. CD or tape) or a single.00.X patches that require customization include SD-UX control scripts at the product level.00 release. Attributes control aspects of patch behavior and define patch properties and relationships. Patch Related Object Attributes Each of the objects described in “The Basic SD-UX Object Types” has a set of properties known as attributes.Patch Related Object Attributes The Product An HP-UX patch is structured as a single SD-UX product that contains one or more filesets. each modifying a different fileset found on the HP-UX 11. ancestor • Applies to filesets. A bundle can be thought of as a virtual “configuration” of software.fr=B.

Not committed. The is_patch attribute is required for patches to be managed via the autoselect_patches or patch_match_target options of swinstall and swcopy. This attribute gets rid of the ambiguity created by the committed attribute above. is_sparse • Applies to patch filesets. • When set to true. In 11i. A category_tag can be used as a selection mechanism (see “Patch Hubs” on page 33). A committed fileset is also in either the applied or superseded state (which state applies cannot be determined from the patch_state field). • When set to true. committed: A committed patch cannot be directly removed from the system. • Provides a label for a fileset or product. superseded: A patch in the superseded state has been replaced by a newer member of its supersession chain. In HP-UX 11. is_sparse indicates that the current fileset is incomplete and cannot be loaded in the absence of the fileset’s ancestor.Patch Related Object Attributes category_tag • Applies to filesets or products. committed/superseded: A committed/superseded patch is committed and superseded. is_reboot indicates that installation of the fileset will cause the system to reboot. This ensures that a patch fileset cannot be explicitly selected when not appropriate. A committed patch is applied but not superseded. and others may be created by customers with the swmodify command. A patch in the applied state has not been committed or superseded. install patch PHCO_22526. HP-UX Patch Management 57 . is_patch • Applies to both patch products and filesets. You may install PHCO_22526 to obtain the committed/superseded state described below. patch filesets exist in one of three conditions. depending on the order of the patch operation: applied: An applied patch contains the software that is currently active on the system and is the most recent member of its supersession chain (of one or more patches) to have been loaded. A patch in the superseded state may or may not have been committed. • In addition to the state attribute (also described in this section). is_reboot • Applies to filesets.00. To obtain this state in 11. • When set to true. is_patch indicates that the object is a patch. patch filesets exist in one of four conditions: applied: Same as above.00 systems. superseded: Has been replaced by a newer member of its supersession chain. committed: A committed patch cannot be removed from the system. which records the installation states of software. Several tags are defined during patch creation. the patch_state attribute records the condition of patches. patch_state • Applies to patch filesets.

• Lists all prior filesets that a patch fileset supersedes. Note that all superseded filesets are included. 58 . Some attributes are stored in the IPD only): installed (IPD only): The software was successfully installed but not configured. product. The swconfig command is not discussed in this tutorial. An SD-UX operation leaves a fileset in one of the following states and records it in the fileset’s state attribute. See “Software Specifications” on page 73 for more information. transient: Indicates that swinstall or swcopy was killed or aborted during the execution phase leaving the software in an unknown and incomplete state. • The software_spec attribute (short for software specification) contains the fully qualified identifier for the bundle. but the ordering of the superseded filesets may not match the order of the supersession chain itself. • The readme attribute of an HP-UX patch contains the text file. or fileset. software_spec • Applies to bundles. or filesets. • A fileset’s state attribute (also used for non-patch software) provides useful information about the installation state of software. SD-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. superseded_by • Applies to patch filesets. available (depot only): The software is ready for access. It can be used by a swinstall or swcopy session using the depot as the source. state • Applies to filesets.Patch Related Object Attributes readme • Applied to products.X SD-UX-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. consult the swconfig(1m) man page or the SD-UX manual for more information. (Note that 11. This attribute is only set for installed patch filesets. configured (IPD only): The product was successfully installed AND configured. products. • Records the software specification of the fileset that superseded the fileset on a given system. The software_spec contains the object name and any version or architecture information. supersedes • Applies to patch filesets. No further operations are required. HP recommends that you move all patches left in the installed state to the configured state with the swconfig command. and never in software depots. The transient state differs from the corrupt state in that SD-UX did not detect the failure when it initially occurred. corrupt: Indicates that errors detected in the execution phase of a swcopy or swinstall process left the software in an unknown state and that the software should not be used. Although not every patch requires configuration.

swcopy . Synopsis swinstall [-i] [-p] [-v] [-s source] [-x option=value]. This option affects only standard output and not the log files. a graphical user interface is invoked. TIPS: • Because many patches aren’t designed for individual installation. ordered by those most commonly used: • • • • • • • swinstall . The swinstall Command The swinstall command is used to load patch software from a source depot and onto a target system.displays information about software products. Additional concepts for using the SD-UX commands are discussed in “Other Options and Aids to Using the SD-UX Commands” on page 73. [software_selections] Patch Related Command Line Arguments -i Use an interactive user interface. • swinstall has numerous options that you should not use for patching because they lack dependency support.installs and configures software products. swpackage . patch_match_target) should be the preferred method for installing patches. Previews the install operation without performing the actual installation. Preview mode is not enabled by default. If the environment variable DISPLAY is set to a valid X windows display.modifies software product information in a target root or depot. swreg ..copies software products for subsequent installation or distribution. HP recommends that you use only the options discussed below. swremove.unconfigures and removes software products. swremove . swmodify . swlist . The GUI starts by default if you enter swinstall without any software_selections.Introduction to the SD-UX Commands Introduction to the SD-UX Commands This appendix discusses the SD-UX commands that relate to patching. and swlist have an optional GUI mode. swinstall. swcopy.packages software products into a depot (directory or tape). Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked. The following list shows the commands. -p -v HP-UX Patch Management 59 . Requests verbose mode. All SD-UX commands run from the command line.registers or unregisters depots or roots. the automatic matching options(autoselect_patches..

default values are shown. those that do employ them to enforce critical requirements of content and load order. any bundle wrappers within the source depot that contain software selected for installation will be automatically selected if the is_reference attribute is set to true. consult the swinstall(1m) man page or refer to the SD-UX manual. autoselect_patches=true Actions→Manage Patch Selection→Automatically select patches for software to be installed When loading a software product. While few 11. This option should not be set to false unless directed by an HP Support Engineer. 60 . installation will only proceed if enforce_dependencies is set to false. One or more software specifications. This option should not be set to false unless directed by an HP Support Engineer. Patch related command options are specified below. Since all 11i patch dependencies will be enforced by SDUX. autoselect_reference_bundles=true None When set to true. Where appropriate. For the full set of available options.0 patches exist with dependencies enforced by the SD-UX tools. option=default value Description autoreboot=false autoselect_dependencies=true Menu Path in Interactive Interface None (GUI waits for permission to reboot) Actions→→Autoselect dependencies Enables an automatic reboot upon completion of the software installation. When software is selected for installation with an SD-UX-enforced dependency. Sets the specified command option to the value given. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies. overriding any other values for that option.The swinstall Command -s source -x option=value Specifies the depot (source) containing the software to be installed. those that do employ them are enforcing critical requirements of content and load order. See “Software Specifications” on page 73 for more information software_selections Patch-Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). While few 11. eliminating lengthy. it is especially important that this option is taken advantage of in selecting patches and avoiding unwanted configurations. manual patch dependency analysis. Note that this does not mean all of the software listed in the wrapper will be selected. See “Setting Default Values for Command Options” on page 74 for more information. only the bundle wrapper itself. this option becomes even more important and helpful. any patches within the same depot for that product will automatically be selected for installation. All 11i patches will contain enforced dependencies except for those that meet strict exception rules. if the dependency is not present on the target system and is not selected for installation from the source depot. that software will automatically be selected for installation if present in the source depot and autoselect_dependencies is set to true. As a result.00 patches exist with dependencies enforced by the SD-UX tools. (when marking software) When software is selected for installation with an SD-UX-enforced dependency.

Specify the device file of the tape drive to be used as the default. patch_save_files=true Options→Change Options→Save files replaced by patch for later rollback If set to false. mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. However. If set to true.The swinstall Command enforce_scripts=true Options→Change Options→Enforce script failures Each patch may have several installation scripts associated with it. This is the recommended method to install patches from a managed depot (such as those provided by HP). the patch_match_target option is the preferred method for HP-UX 11. These scripts may issue errors to protect the system from incorrect patch usage. filesets will be reinstalled. reinstall=false Options→Change Options→Reinstall filesets even if the same revision exists Prevents SD-UX from re-installing (overwriting) an existing revision of a fileset. swinstall skips files that would be installed to a remote (NFS) file system (or that are already there).” on page 5 for notes on other options. this option is not recommended unless alternative recovery mechanisms are available. Prevents installation of files to a target that exists on a remote (NFS) file system. swinstall requires that all filesystems listed in the systems /etc/fstab file are mounted prior to installation. source_cdrom=/SD-UX_CDROM source_tape=/dev/rmt/0m write_remote_files=false None (default cannot be changed within GUI) None (default cannot be changed within GUI) None Specify the device file of the CD-ROM to be used as the default. HP-UX Patch Management 61 . patch_filter=software_specification Actions→Manage Patch Selection→Filter The patch_filter option can be used to specify a subset of software available to load. See Chapter 2. patch_match_target=false Actions→Manage Patch Selection→Automatically select patches for software installed on the target Select all patches within the source depot that modify the existing system software. the remote files are installed. patches are loaded directly to the committed state and cannot be rolled back. While a convenient way to control disk usage. It is also an especially powerful tool for depot management in 11i since dependencies are dealt with correctly. Setting this option to false removes this restriction. this option can be used for 11.00 patch selection when combined with user-defined category tags. By default.X systems this option was used to select patches within a depot that applied to the target system. This option is not yet recommended for general use in 11.X releases to provide this functionality.0 as no provision is made for dependencies. match_target=false Actions→Match What Target Has Selects all software within the source depot with an ancestor attribute that matches a fileset currently on the target system. This option should not be used unless directed by an HP Support Engineer. While on HP-UX 10. When set to true and superuser has write permission on the remote file system. “Planning for Recovery.

For example: swinstall -p -s grendel:/cdrom/XSWGR1100 \ -x patch_match_target=true -x autoreboot=true The swcopy Command The swcopy command copies software from one depot to another. you can copy all of the contents of individual patches into a single depot from which the group can be loaded in a single session and with a single reboot (if needed). You do not need to use the swreg command on depots created by swcopy. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked. Specifies the depot (source) containing the software to be copied. (See “The swreg Command” on page 69 for more information. or internet address.) Synopsis swcopy [-i] [-p] [-v] [-s source] [-x option=value] [software_selections] [@ target_selection] Patch Related Command Line Arguments -i Use an interactive user interface. overriding any other values for that option. a graphical user interface is invoked. Sets the specified option to the value given. the syntax is host:/directory where the host name can be a name. Preview mode is not enabled by default. Note that the swcopy command automatically registers (enables remote access to) any depot that it creates. Requests verbose mode. This option affects only standard output and not the log files. -p -v -s source -x option=value software_selections target_selections 62 .The swcopy Command Examples • Install from a CD mounted and registered on the system grendel: swinstall -s grendel:/cdrom/XSWGR1100 \ -x patch_match_target=true -x autoreboot=true • Use the swinstall command’s preview mode (-p option) to get an idea of what to expect for the bundle you want to install. If you specify a host with the directory. Patch related options are specified below. For example. This can be particularly useful if software exists in several depots. The GUI starts by default if you enter swcopy without any software_selections. domain name. If the environment variable DISPLAY is set to a valid X windows display. Previews the copy operation without performing the actual copy. See “Software Specifications” on page 73 for more information The absolute path name (directory location) to which you want the software_selections to be copied. See “Setting Default Values for Command Options” on page 74 for more information. One or more software specifications.

Setting this option to false removes this restriction. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies. While few 11. files are uncompressed before swcopy puts them into the target depot. that other software will automatically be selected to be copied if present in the source depot and autoselect_dependencies is set to true. only the bundle wrapper itself. This option should not be set to false unless directed by an HP Support Engineer. although it may not improve fast networks. swcopy requires that all filesystems listed in the systems /etc/fstab file are mounted prior to installation. This will conserve disk space and can enhance performance on slower networks (50 Kilobytes/second or less). source_tape=/dev/rmt/0m uncompress_files=false None (default cannot be changed within GUI) Options→Change Options→Uncompress files after transfer Specifies the device file of the tape drive to be used as the default. HP-UX Patch Management 63 . making this option very useful.00 patches currently exist with dependencies enforced by the SD-UX tools. option=default value Description autoselect_dependencies=true Menu Path in Interactive Interface Actions→Autoselect dependencies (when marking software) When software is selected for copying with a registered dependency on other software. If set to true. filesets will be recopied.The swcopy Command Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). The majority of 11i patches have SD-UX-enforced dependencies. if that dependency is not present on the target system and is not marked for copying from the source depot the copy will only proceed if enforce_dependencies is set to false. See also the compress_files option. . mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. When software to be copied has an SD-UX-enforced dependency. When set to true. autoselect_reference_bundles=true None (default cannot be changed within GUI) When set to true. compress_files=false Options→Change Options→Compress files during transfer Setting this option to true causes swcopy to compress file before transfer to the target depot. For the full set of available options. default values are shown. Note that this does not mean all of the software listed in the wrapper will be selected. Where appropriate. consult the swcopy(1m) man page or refer to the SD-UX manual. those that do employ them to enforce critical requirements of content and load order. reinstall=false Options→Change Options→Recopy filesets even if the same revision exists Prevents SD-UX from overwriting an existing revision of a fileset. any bundle wrappers within the source depot that contain software selected for copying will be automatically selected if the is_reference attribute set to true.

see “The cleanup Command” on page 72. • swremove may not always be your first and best solution for error recovery. copy the contents of the XSWGR1100 depot to the local system under the /var/tmp/MyDepot directory. swcopy -s oldsys:/depot -x layout_version=0. Make sure your other recovery methods are not more appropriate before you use this command. • If you are on an 11. • Removal of a patch bundle does not automatically return you to the patch state prior to loading that bundle.The swremove Command write_remote_files=false None Prevents copying of files to a target that exists on a remote (NFS) file system.00 system and you use swremove to remove a patch. If the patch was needed to fulfill a documented dependency then patches to satisfy the dependency must be activated via rollback or installation. The swremove command will fail if the unwanted patch fulfills a dependency. Examples • With the CD mounted at /cdrom. swcopy skips files that would be copied to an NFS file system (or that are already there). you must make sure you didn’t “break” any software dependencies. • You should not use swremove to remove patch information that remains in the IPD after installing a new version of HP-UX. It also removes software from depots.8 \* @ /depots/oldsys The swremove Command The swremove command deletes software that has been installed on your system. files are copied to remote systems. swcopy -s /cdrom/XSWGR1100 \* @ /var/tmp/MyDepot • Invoke an interactive session. Note that swremove has several limitations when used for patch operations: • You cannot use swremove to remove committed patches. When set to true and superuser has write permission on the remote file system.X system. Synopsis swremove [-i] [-d] [-p] [-v] [-x option=value] [software_selections] [ @ target] 64 .X style depot from the system oldsys to an HP-UX 11. using the default depot at hostX as the source: swcopy -i -s hostX • Copy all patches in current directory to the depot /hub/patches (assuming root shell is /sbin/sh): for PATCHDEPOT in *. By default.depot do swcopy -s $PATCHDEPOT \* @ /hub/patches done • Copy a HP-UX 10. In HP-UX 11i you cannot remove a patch that is required by another patch.

While few 11. enforce_scripts=true Options→Change Options→Enforce script failures Each patch may have several removal scripts associated with it. if the dependency is not present on the target system or also selected for removal from the source depot. since all 11i patches enforce dependencies.00 patches currently exist with dependencies enforced by the SD-UX tools. Operate on a depot rather than installed software. -d -p -v -x option=value software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). This option affects only standard output and not the log files. consult the swremove(1m) man page or refer to the SD-UX manual. These scripts may issue errors to protect the system from incorrect patch usage. the target is assumed to be the system itself. Previews the remove operation without performing the actual removal. default values are shown. For the full set of available options. this option is very useful in maintaining patch integrity and system stability. When software selected for removal has a registered dependency. option=default value Description autoselect_reference_bundles=true Menu Path in Interactive Interface None If true. Where appropriate. Do not set this option to false unless directed to do so by an HP Support Engineer. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked. enforce_dependencies=true Options→Change Options→Enforce dependency analysis errors in agent Enforces software dependencies. Sets the specified command option to the value given. removal only proceeds if enforce_dependencies is set to false.The swremove Command Patch Related Command Line Arguments -i Use an interactive user interface. However. Preview mode is not enabled by default. HP-UX Patch Management 65 . those that do employ them to enforce critical requirements of content and removal order. Requests verbose mode. This option should not be used unless directed by an HP Support Engineer. a graphical user interface is invoked. Patch related command options are specified below. . Verbose mode is enabled by default. If the environment variable DISPLAY is set to a valid X windows display. the bundles will not be automatically removed. overriding any other values for that option. One or more software specifications. If false. See “Software Specifications” on page 73 for more information The depot from which software is to be removed. If not specified. See “Setting Default Values for Command Options” on page 74 for more information. bundles that have the is_reference attribute set to true will be automatically removed when the last of its contents is removed. The GUI starts by default if you enter swremove without any software_selections.

Examples • Remove only the bundle wrapper XSWHWCR1100 from the system. When set to true and superuser has write permission on the remote file system. 66 . Lists software depots instead of software currently installed on the target system. it never starts by default. Synopsis swlist [-i] [-d] [-v] [-a attribute] [-l level] [-s source] [software_selections] [ @ target] Patch Related Command Line Arguments -i Invokes a GUI interface that lets you perform interactive software selections. If no -a options are specified. Setting this option to false removes this restriction.) is essential to removing the wrapper only): swremove XSWHWCR1100. More specifically: • • • • • See what’s installed on a system. write_remote_files=false None (default cannot be changed within GUI) Prevents removal of files from a target that exists on a remote (NFS) file system. leaving any contents present (Note that the trailing period (. files are removed from remote systems. • Remove all contents of the depot. You must specify -i to invoke the GUI. SD-UX requires that all filesystems listed in the systems /etc/fstab file are mounted prior to removal. then list all the attributes for an object. then list the selected attributes in the above format. swremove skips files that would be removed from an NFS file system. Check attributes of software. Otherwise a terminal user interface (TUI) designed for use on ASCII terminals is invoked. /depots/MyDepot: swremove -d \* @ /depots/MyDepot The swlist Command The swlist command provides information on software installed on a system or located in a depot. If the environment variable DISPLAY is set to a valid X windows display. Browse the patch documentation. By default. See what software is in a depot. The attributes are listed in the format: -d -v keyword value If one or more -a options are specified. one attribute per line. a graphical user interface is invoked.The swlist Command mount_all_filesystems=true Options→Change Options→Mount filesystems in /etc/fstab or /etc/checklist By default. See what depots are available on remote systems.

followed by the associated description and current patch_state. and description of the product or fileset to be listed. swlist displays all bundles within the depot followed by any products not contained within a bundle. • bundle List all bundles with revision and description for each.fileset format) with the associated revision and description. the bundles and products are listed with revision and one-line description. While this option may be specified multiple times. If not specified. and all products and filesets are listed as a comment showing revision and description before any patch fileset that apply to it. revision. the ordering of the arguments does not control the format of the list. Each file is preceded by the product and fileset that is the registered owner of that file. You can also specify the sources as target depots and list them using the -d option. A comment (marked by a leading # character) precedes each block giving the name. Specifies the detail of the swlist output. Specifies the software source to list. A comment (marked by a leading # character) precedes each block giving the name. The values used include: -s source software_selections target -l level • file List all files recorded in the IPD. This is an alternative way to list a source depot. • product List all products with revision and description for each.The swlist Command -a attribute The named attribute is included in the listing when defined at the specified level. and description of the product. • fileset List all filesets recorded in the IPD (in product. • patch List all patch filesets using the full software specification. One or more software specifications. As is the case with their respective levels. The listing may be limited in scope by the software_selections specification. HP-UX Patch Management 67 . • default (no level specified) When no level is specified. The listing is sorted by ancestor. the target is assumed to be the system itself. revision. • depot List all registered depots on the target system. • category List all category tags currently defined within the target depot. See “Software Specifications” on page 73 for more information The depot to be listed.

In 11i. In 11. By setting this option to true the 11.c=critical • List all category tags defined in the depot /var/MyDepot on the system grendel swlist -d -l category @ grendel:/var/MyDepot Also see “Software Specifications” on page 73 for more examples. consult the swlist(1m) man page or refer to the SD-UX manual.show_superseded_patches=false must be added to the /var/adm/sw/ defaults file. default values are shown. whether or not they are superseded. Where appropriate. For the full set of available options. However.00 systems. swlist lists all patches in the IPD. swlist only lists those patches which are active on the system.00 swlist functionality can be turned on in an 11i system (all patches in the IPD are listed). patch PHCO_22526 must be installed and swlist.c=patch @ grendel:/var/MyDepot • List the filesets modified by installed patch PHSS_8675 swlist -a ancestor PHSS_8675 • List all of the files delivered within patch PHCO_12140 after downloading from the ITRC: swlist -d -l file @ /tmp/PHCO_12140. option=default value Menu Path in Interactive Interface The swlist command lists the contents of the IPD.00 system.The swlist Command Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73).depot • List all patches that have modified the LVM product swlist -l patch LVM • Display the documentation for all patches containing critical functionality swlist -a readme -l product *. show_superseded_patches=false Examples • List all patches in the depot /var/MyDepot on the system grendel: swlist -d -l product *. 68 . to get the 11i functionality on an 11.

) Synopsis swreg -l depot [-u] [-v] [objects] Patch Related Command Line Arguments -l depot Perform operations on depots. Examples • Register the patch depot XSWGR1100: swreg -l depot /cdrom/XSWGR1100 • Disable remote access by unregistering the depot XSWGR1100 (local access is still enabled): swreg -u -l depot /cdrom/XSWGR1100 The swmodify command SD-UX commands automatically keep track of software management operations by creating an Installed Products Database (IPD) and various catalog files that contain information about the software on the system. the swmodify command is not recommended for general usage.The swreg Command The swreg Command The swreg command registers or unregisters an existing depot. This option affects only standard output and not the log files. -u -v objects Patch Related Options None. While other levels of SD-UX objects may be modified by swreg. WARNING: With the exception of committing patches and creating category tags. it can be accessed from remote systems. (For the full set of available options. Unregistration of a depot can be a convenient way to limit access during development. When a depot is registered. (Note that unregistered depots are still available locally. they are not within the scope of this tutorial. Although you cannot edit the IPD or catalog files directly. Requests verbose mode. Improper alteration of the information in the IPD could cause unexpected behavior during subsequent patching or system updates and leave your system in an unsupportable state. consult the swreg(1m) man page or the SD-UX manual. the swmodify command lets you change the contents of these files via the command line. Specifies the path to the object[s] to be registered or unregistered. Causes swreg to unregister the specified objects instead of registering them. Synopsis swmodify [-d] [-p] [-v] ]-a attribute[=value]] [-x option=value] [software_selections] [ @ target] HP-UX Patch Management 69 .

software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73). Where appropriate. Patch related command options are specified below. Previews the modify operation without modifying anything. This option affects only standard output and not the log files. default values are shown. consult the swmodify(1m) man page or refer to the SD-UX manual Menu Path in Interactive Interface Commits a patch by removing files saved for patch rollback. See “Setting Default Values for Command Options” on page 74 for more information. Each attribute modification will be applied to every software_selection. you cannot remove the patch unless you remove the associated base software that the patch modified. option=default value patch_commit=false Examples • Commit the patch PHKL_1234 and remove its corresponding rollback files: swmodify -x patch_commit=true PHKL_1234 • Mark all patches in the depot /depots/newpatches with a new category tag to indicate that they have been approved: swmodify -a category=approved \* @ /depots/newpatches 70 . If not specified. If the -u option is specified. One or more software specifications. then delete the attribute from the given software_selections (or delete the value from the set of values currently defined for the attribute). the target is assumed to be the system itself. The given target must be a depot. modify. The default value is false. Requests verbose mode. See “Software Specifications” on page 73 for more information The depot to be modified. Otherwise add/modify the attribute for each software_selection by setting it to the given value. Multiple -a options can be specified. For the full set of available options. When set to true.The swmodify command Patch Related Command Line Arguments -a attribute[=value] Add. this option removes the saved files for the patches specified in the software selections for the command. or delete the value of the given attribute. Once you have run this option on a patch. overriding any other values for that option. -d -p -v -x option=value Perform modifications on a depot. Sets the specified command option to the value given. Preview mode is not enabled by default.

Without this operand. this command allows the transfer of software onto a tape or into a tape depot which can then be used as a software source. Synopsis swpackage [-p] [-v] [-s directory] [-x option=value] [software_selections] [@ target] Patch Related Command Line Arguments -p -v -s directory -x option=value Previews the package operation without performing the actual packaging. option=default value compress_files=false layout_version=1. The tape can be used in the absence of networking support.0 Menu Path in Interactive Interface Setting this option to true causes swpackage to compress files before packaging them. The recognized types are directory and tape.8. default values are shown. An existing directory depot (which already contains products) to be used as the source. this operand names the device file on which to write the tar archive. The device file must exist so that swpackage can determine if the media is a DDS tape or a disk file. Supported values are 1. Refer to the swpackage(1m) manpage or the SD-UX manual for more information. target_type=directory HP-UX Patch Management 71 . This creates smaller depots.The swpackage command The swpackage command While primarily used to create depots from source files. Specifies the POSIX layout version to which the SD-UX commands conform when writing distributions. /var/spool/sw is used as the default depot directory. and the tape depot could be provided via ftp(1). Where appropriate. See “Setting Default Values for Command Options” on page 74 for more information. For the full set of available options. Either method can be used to transport the contents of a depot to another system for local access. software_selections target Patch Related Options The following options have the most relevance to patching (see “Setting Default Values for Command Options” on page 73).0 (default) and 0. Patch related command options are specified below. swpackage uses the device file /dev/swtape. Defines the type of distribution to create. Preview mode is not enabled by default. this operand defines the location of the directory. If you are creating a distribution tape. One or more software specifications. Requests verbose mode. This option affects only standard output and not the log files. overriding any other values for that option. See “Software Specifications” on page 73 for more information If you are creating a distribution depot (directory). Without this operand. Sets the specified command option to the value given. consult the swpackage(1m) man page or refer to the SD-UX manual.

Display the patch information at the SD-UX product or fileset level. Display the superseded patches on the system. It is used to remove any patches for earlier releases from the Installed Product Database after updating to a newer version of HP-UX. -d The show_patches Command The show_patches utility displays active and superseded patches in a formatted output. Synopsis cleanup [-n|-p] -i cleanup [-n|-p] -d <depot> Patch Related Command Line Arguments -p -n -i Preview the cleanup task but do not actually remove any patch information. The cleanup command is not delivered with HP-UX. Notify the user of cleanup tasks and request confirmation before actually removing any patch information. These superseded patches will be removed from the software depot. The cleanup utility also allows patches to be committed across the entire system.X patches that are remnants from an upgrade to HP-UX 11. Superseded patches are those that have been replaced by newer patches on the system. It is also used to remove patches from a software depot if they have been superseded by patches also available in the same depot.X. Determine which patches that are included in the Installed Product Database are 10. Currently available as patch PHCO_19550. These patches are removed from the IPD so that they are no longer displayed in the output of the swlist command. Active patches are those which have not been superseded by newer patches on the system. Determine which patches in the software depot have been superseded by patches also available from the depot. but as a patch. Synopsis show_patches [-a] [-s] [-l product|fileset] Patch Related Command Line Argument: default -a -s -l level If no options are specified. The cleanup command logs all information to /var/adm/cleanup. 72 . The utility uses the SD-UX patch attributes patch_state and superseded_by to determine which patches are active and which are superseded. Display the active patches on the system.The cleanup Command Examples • Re-package the entire contents of the depot /var/spool/sw onto the tape at /dev/rmt/0m: swpackage -s /var/spool/sw -x target_type=tape @ /dev/rmt/0m The cleanup Command The cleanup command provides functions useful when dealing with HP-UX patches. which may be easier to interpret than the output of the swlist command.log. show_patches displays the active patches at the SD-UX product level.

l=/.VXFS-PRG.VXFS-ADV-KRN.0.fileset][.v=HP. all filesets within that product are also selected. software selections.a=HP-UX_B.l=/.fa=HP-UX_B.a=HP-UX_B. The invocation options.11. The software specification takes one of the following formats: product[.11. A software specification is a unique identifier for an SD-UX software object.r=1.00_32/64. This file is overwritten on each invocation.00_32/64.11.11.11.r=1.00_32/64.r=1.product[.r=1.00_32/64. the selection is comprised of one or more software specifications. product.CORE2-KRN PHKL_18543.fileset]][.11. From an interactive session.v=HP. You can also save session information from interactive or command-line sessions.) The software_spec attribute contains the full software specification for any bundle.00_32/64. Each session is saved to the file $HOME/.version] where the version has the form: [r=revision][.00_32/64.0.execute the command even if the session ends before proper completion.last.l=/. A software specification must name either a product or a bundle.l=/. source information.v=HP.fa=HP-UX_B.a=HP-UX_B.00_32 PHKL_18543.r=1.v=HP PHKL_18543. and filesets can be specified only within a product.11. and target hosts are saved before command execution actually commences.00_32 PHKL_18543.c=category] (The version may also have a l=location component that applies only to installed software and refers to software installed to a location other than the default product directory.0.l=/.a=arch][.l=/. The software specification for the patch product appears in the output as a comment.00_32/64. If you select a product. A session file uses the same syntax as the defaults files (see “Setting Default Values for Command Options” on page 74).11. # swlist -l fileset -a software_spec PHKL_18543 # PHKL_18543 PHKL_18543. This lets you re. You can use the swlist command to display this information.fa=HP-UX_B.v=HP.a=HP-UX_B.KERN2-RUN.sw/sessions/. For patch operations.l=/.v=vendor][.fa=HP-UX_B.a=HP-UX_B.11.00_32 PHKL_18543.r=1.Other Options and Aids to Using the SD-UX Commands Other Options and Aids to Using the SD-UX Commands Software Specifications When an SD-UX command can be supplied a software selection.CORE-KRN.a=HP-UX_B.VXFS-ADV-KRN PHKL_18543.0. or patch (see “Patch Related Object Attributes” on page 56).VXFS-BASE-KRN.l=/.00_32/64 PHKL_18543.VXFS-BASE-KRN PHKL_18543.KERN2-RUN PHKL_18543.CORE2-KRN. You can specify an absolute path for a session file.fa=HP-UX_B. If you do not specify a directory.r=1.C-INC PHKL_18543. you usually only need to refer to a patch or bundle name.11.00_32/64 Session Files Session files let you save your work from a command session.a=HP-UX_B. you can save session information into a file at any time by selecting the Save Session or Save Session As option from the File menu. If you explicitly select a bundle.0.v=HP. The following example shows how swlist can create a list of the software specifications for a patch at the fileset level.fa=HP-UX_B. all products within the bundle are also selected.0.00_32/64 PHKL_18543.v=HP.00_32 PHKL_18543.v=HP.fa=HP-UX_B.VXFS-PRG PHKL_18543.11.C-INC. Each invocation of an SD-UX command defines a session.11.0.CORE-KRN PHKL_18543. the default location for a session file is $HOME/.11. save session information by executing swinstall or swcopy with the -C session__file option.r=1.0.version] bundle[. HP-UX Patch Management 73 .a=HP-UX_B.11.00_32/64.11.sw/sessions/{command}. From a command-line session.

default values.sw. 3. after changing daemon options. any command line options or parameters that you specify when you invoke swinstall or swcopy take precedence over the values in the session file. 4.sw/defaults file affect only you and not the entire system. Because the daemon is already running. Altering option values and storing them in a defaults file can help when you want the SD-UX command to behave the same way each time the command is invoked. Values in these option files are specified using this syntax: [command.sw/defaults file. Option values in your personal $HOME/. or command line changes. the daemon must be restarted for these options to be recognized. Option values changed on the command line affect only that activity. use the /var/adm/sw/defaults file. Option values in a session file affect activities only for that session and revert when that session is completed. Keep in mind. however. NOTE: Use of session files is not recommended with swremove because the session file could include software selections that you do not want included in the removal operation.defaults file is a template that lists and explains each option. specify the session file as the argument for the -S session__file option of swinstall or swcopy. These options are listed as comments that you can copy into the system defaults file (/var/adm/sw/defaults) or your personal defaults file ($HOME/. Options in the defaults file are read as part of command initialization.defaults is only usable as a template for copying to other option files. To re-execute a session from a command-line. Note that when you re-execute a session file. These values can also be overridden by specifying an options file with the -X option_file command-line option or with one or more -x option=value options directly on the command line. all other allowable values. and the resulting system behavior for each. To restart the daemon. type: /usr/sbin/swagentd -r 74 . Option values in /usr/lib/sw/sys. use the Recall Session option from the File menu.defaults). 2. 5. Option values in /var/adm/sw/defaults file affect all users in a system. Likewise. Setting Default Values for Command Options SD-UX commands have extensive options that alter command behavior. They can also be changed using the GUI Options Editor. session files. For system-wide policy setting. The /usr/lib/sw/sys.Other Options and Aids to Using the SD-UX Commands To re-execute a saved session from an interactive session. that individual users may override these values with their own $HOME/. the values in the session file take precedence over values in the system defaults file.]option=value These rules govern the way the defaults work: 1.

kernel patches. KL . yyyyy = a unique number Example: PHSS_14014 . Starbase. and depot files as well as the patch product and (in HP-UX 10.general HP-UX commands. HP-UX Patch Management 75 .Appendix C The Patch Text File The Patch Text File Fields Patch Name The name of the patch.X releases) the patch fileset. text. SS . This identifier is used for the patch shar. etc.all other subsystems: X11.an HP-UX subsystem patch name. Patch Description A one-line description that describes this cumulative patch. Format is: PHxx_yyyy where: PH = Patch HP-UX. xx = area patched: CO . NE . Creation Date The date that the patch was created.network specific patches.

external. Status This is the support status of the patch. i. Causes a major application to fail such that the system’s operation is severely impacted.X/PHxx_yyyy 76 . product. and other non-GR patches. A patch is considered critical if it fixes a critical problem or it supersedes a patch fixing a critical problem. Critical Yes/No followed by text. Products This field lists the product name and all product revisions to which this patch applies if it is a patch for an optional product. a non-core operating system product. Filesets This is a list of all the filesets which contain one or more files included in this patch. Causes data loss or corruption.com). and dependency requirements. Delivers a fix related to processing dates in the year 2000 and beyond.e. where: • GR = General Release patch should be installed on all systems meeting the OS.The Patch Text File Fields Post Date The date that the patch was posted for general distribution. If the patch is for the core operating system.OS Releases The hardware platforms and HP-UX OS releases on which this patch can be installed. either GR or SP. The current choices for supported releases are: /hp-ux_patches/s700_800/11. Hardware Platforms . A problem is critical if it: • • • • Causes the system (OS/kernel) to fail/crash/panic. Automatic Reboot? Yes/No (whether or not this patch requires a reboot after installation). • SP = Special Release site-specific patches for installation at one specific customer or set of customers. This flags the Critical status of this patch and all superseded patches.hp. the value in this field is N/A. Path Name The path name is the patch’s storage location on the HP Electronic Support Center ftp server (ftp://us-ffs.

If the patch replaces an object module in a library. and how to reproduce the problem (if known). specifically what a user would experience. Defect Description A detailed description of the defect that specifically addresses the explicit conditions which caused the problem (if known).o). Patch Files The full installed path name of all files in this patch. Also include methods to verify if the patch needs to be installed.a(vers.a the path listed would be /usr/conf/lib/libhp-ux. For example. Hardware Dependencies Specific system models to which this patch is limited. Supersedes A list of all patches replaced by this patch.o in the library /usr/conf/lib/libhp-ux. both on a file basis as well as on a behavioral basis. and thereby. Patch Dependencies All patches that must be installed to insure proper operation of this patch. SR All Service Request (SR) numbers addressed by this patch and all its predecessors. The what string is a way to identify the software version. An SR is a formal request from a customer to have a defect resolved or a feature added to HP software.13 $ Patch Conflicts All known patch conflicts. verify that the patch is installed. if a patch replaces the object module vers. Other Dependencies Any non-patch and non-hardware dependencies that may exist. HP-UX Patch Management 77 .The Patch Text File Fields Symptoms The external symptoms of the problem. the full path of the library is listed with the object module following in parentheses. what(1) Output The output from what(1) for each file or library object file listed in the Patch Files field. Example: $Revision: 1.

These instructions have been included in this tutorial. Patch Package Size The SD depot size in Kilobytes.The Patch Text File Fields Equivalent Patches All equivalent patches for other hardware platforms and OS releases not including this patch. Special Installation Instructions Any special instructions not included in those mentioned above. Installation Instructions The standard installation instructions common to all patches. 78 .

You're Reading a Free Preview

Descarga
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->