2006-04-06
Some things about smpatch
smpatch
is the official Sun thing for dealing with Solaris patches for
Solaris 8 and 9 (Solaris 10 apparently has an all new system, hopefully
better). I got interested in smpatch
not just because it's the official
Sun tool for this stuff, but because it has one feature that
pca
doesn't: it can reliably tell what
patches are safe to be installed on a live multiuser system.
(While pca can skip patches that require reboots, it doesn't currently have a 'skip patches that claim to require single user mode' option. Although the information is theoretically there in the patch READMEs.)
My first smpatch
surprise was how you get it. For Solaris 9, it
isn't distributed as a download; instead the download page blandly tells you
to install three patches.
(For more fun, it gives specific revisions of those three patches,
one of which is now obsolete.)
So I did the smart thing and used pca, whereupon it cheerfully told me that I already had a current version of patch 112945, the main Sun Patch Manager 2.0 software patch (according to the download page). It turns out 112945 is actually a general patch that is part of the recommended patch set, so I had it installed long ago.
After that there are a number of other things:
smpatch
needs you to be root. For everything.smpatch
is achingly slow, even assuming it downloads the patch database from Sun every time.- there seems to be no way to get detailed information about a
patch that
smpatch analyze
tells you about, such as whether it wants reboots or single-user mode or whatever. (I checked andsmpatch analyze
always produces the same output; it appears that onlysmpatch update
will do anything different.) - there's no way to restrict
smpatch
to just recommended and/or security patches.
Overall grade: less than compelling. There seems to be no reason
not to use pca instead, unless you think that smpatch
has
better information on what patches are safe to install on live
multiuser systems than is in the patch READMEs.
(Hat tip to Matty's blog,
where I read enough about smpatch
to make it worth checking
out.)