Patch Check Advanced

From: Martin Paul (map_at_par.univie.ac.at)
Date: 07/05/04 

Date: 05 Jul 2004 09:50:59 GMT

After living with the deficiencies of Sun's patchdiag and patchcheck
for a long time, I developed my own script - Patch Check Advanced (PCA).
Recently it has been updated with useful features like analyzing
patch requirements, downloading and installing of patches from Sunsolve.
The script is available for public download from:

  http://www.par.univie.ac.at/~martin/pca/

Basically, PCA does the same as patchcheck - generate lists of
installed and uninstalled patches. It has a lot of advantages,
though, like:

  - Same, easily understandable format for the reports of
    installed and uninstalled patches.
  - Shows Recommended/Security status for installed patches.
  - Shows all uninstalled Recommended/Security patches in one concise list.
    A patch is defined uninstalled if it either isn't installed at all,
    or if it is isn't installed in its most recent revision.
  - Doesn't show false positives in the list of uninstalled patches.
    Only patches for packages which are actually installed are listed.
  - Doesn't show uninstalled patches which are marked Obsolete/Bad.
  - Easy to see if the revision of an installed patch is older, equal to
    or newer than the most recent patch revision.
  - Easy to see if installed patches are not listed in the cross reference
    file, or if the installed revision is newer than the one listed in
    the cross reference file.
  - It's faster (pca -a is about 10 times faster than patchk -l) and
    smaller (and therefore, easier to understand and modify).
  - It can download the current patchdiag.xref file automatically on
    demand.
  - It can download patches from SunSolve, and install them.
  - PCA can ignore patches in its output if you tell it that you are not
    interested in them.
  - It analyzes the prerequisites for patches and lists (and installs)
    required patches in the correct order.

I'm using pca on a daily basis for a long time now, and hope it proves
to be useful for others, too. I'd also like to thank all people who
contributed to PCA with ideas and code. All feedback is welcome.

mp. 

-- 
Systems Administrator | Institute for Software Science | Univ. of Vienna

Relevant Pages

  • 9_Recommended error codes (specifically return code 5)
    ... * "return code 2" indicates patches are already installed. ... * "return code 25" means a patches requires another patch that is not yet installed. ... With or without using the save option, the patch installation process ... Installing 114008-01... ...
    (SunManagers)
  • Re: Firefox, and pca vs. patch_cluster
    ... If you want to list/download/install missing patches only, use the "missing" patch group with pca; this is the default if no patch group is specified. ... If a patch shown in pca's missing list doesn't install, that's a bug; ...
    (comp.sys.sun.admin)
  • Re: Sun Patch Server
    ... Setting up a local caching proxy with pca is indeed recommended. ... will speed up repeated patch downloads tremendously. ... which contain all the patches you tested and recommend for installation. ... in patchdiag.xref and patchlist.delimited (which smpatch ...
    (comp.unix.solaris)
  • Repost: Solaris Live Upgrade: questions about /var/sadm
    ... Newer patches will save the old files ... If the previous patch installation saved the old ... you should go back to the previous version before installing? ... Apply patch blabla-02 (BlaBla-01 saved) ...
    (comp.unix.solaris)
  • RE: new IIS worm? (rcp lsass.exe)
    ... Some good examples of this are some SQL patches. ... not actually installing the files? ... require a work around and not a patch. ... by the patch are at the proper versions. ...
    (Incidents)