sun.com   |  docs.sun.com
How To Buy  |   My Sun  |   Worldwide Sites
        
 
Sun Microsystems Logo
 Products & Services
 		 Support & Training
 
 
System Administration Guide: Basic Administration 

Previous Previous     Contents     Index     Next Next
Chapter 25

Managing Solaris Patches (Tasks)

This chapter provides step-by-step instructions for managing patches in the Solaris environment.

This is a list of the task maps in this chapter.

For overview information about managing patches in the Solaris environment, see Chapter 24, Managing Solaris Patches (Overview).

Note - Step-by-step instructions for using the smpatch command with PatchPro has been removed from this guide. For information about using the smpatch command with PatchPro, see Signed Patches Administration Guide for PatchPro 2.2.

Managing Patches in the Solaris Environment (Road Map)

Use this map to identify all the tasks for managing patches in the Solaris environment. Each task points to a series of additional tasks such as managing signed or unsigned patches.

Task

Description

For Instructions

Determine if adding signed or unsigned patches

Determine whether adding signed or unsigned patches is best for your environment.

Selecting Signed or Unsigned Patches for Your Environment 

Add a signed or unsigned patch to your system

You can add signed patches with either of the following commands:

 

 

Use the patchadd command starting in the Solaris 9 12/03 release.

Adding Signed Patches With patchadd Command (Task Map) 

 

Use the smpatch command in the Solaris 2.6, 7, 8, or 9 releases.

"Downloading and Applying Signed Patches to a Solaris System (Task Map)" in Signed Patches Administration Guide for PatchPro 2.2

 

Add an unsigned patch to your system.

Managing Unsigned Solaris Patches (Task Map) 

Selecting Signed or Unsigned Patches for Your Environment

The key factor in determining when to add signed or unsigned patches is whether or not the secure download of patches is important in your environment. If the secure download of patches is important in your environment, then add signed patches to your system.

Adding Signed Patches With patchadd Command (Task Map)

Task

Description

For Instructions

1. Set up the package keystore

Import Sun's Root CA certificate into your package keystore.

How to Import a Trusted Certificate into Your Package Keystore (pkgadm addcert) 

(Optional) Set up a proxy server

Specify a proxy server if your system is behind a firewall with a proxy.

How to Set Up a Proxy Server (patchadd) 

2. Download and add the signed patch

Select one of the following to download and add the signed patch to your system with the patchadd command.

 

 

You can manually download and add a signed Solaris patch.

How to Manually Download and Add a Signed Solaris Patch (patchadd) 

 

You can automatically download and add a signed Solaris patch.

How to Automatically Download and Add a Signed Solaris Patch (patchadd) 

How to Import a Trusted Certificate into Your Package Keystore (pkgadm addcert)

To add signed patches to your system with the patchadd command, you will need to add Sun's Root CA certificate, at the very least, to verify the signature on your signed patch. You can import this certificate from the Java keystore into the package keystore.

  1. Become superuser or assume an equivalent role.

  2. Export the Root CA certificate from the Java keystore into a temporary file.

    For example:

    # keytool -export -storepass changeit -alias gtecybertrustca -keystore 
gtecybertrustca -keystore /usr/j2se/jre/lib/security/cacerts -file 
/tmp/root.crt
Certificate stored in file </tmp/root.crt>

    -export

    Exports the trusted certificate.

    -storepass storepass

    Specifies the password that protects the integrity of the Java keystore.

    -alias gtecybertrustca

    Identifies the alias of the trusted certificate.

    -keystore certfile

    Specifies the name and location of the keystore file.

    -file filename

    Identifies the file to hold the exported certificate.

  3. Import the Root CA certificate into the package keystore from the temporary file.

    For example:

    # pkgadm addcert -t -f der /tmp/root.crt
Enter Keystore Password: storepass
      Keystore Alias: GTE CyberTrust Root
         Common Name: GTE CyberTrust Root
    Certificate Type: Trusted Certificate
  Issuer Common Name: GTE CyberTrust Root
      Validity Dates: <Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 ... 
     MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
    SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91...

Are you sure you want to trust this certificate? yes
Trusting certificate <GTE CyberTrust Root>
Type a Keystore protection Password.
Press ENTER for no protection password (not recommended): 
For Verification: Type a Keystore protection Password.
Press ENTER for no protection password (not recommended): 
Certificate(s) from </tmp/root.crt> are now trusted

    -t

    Indicates that the certificate is a trusted CA certificate. The command output includes the details of the certificate, which the user is asked to verify.

    -f format

    Specifies the format of the certificates or private key. When importing a certificate, it must be encoded using either the PEM (pem) or binary DER (der) format.

    certfile

    Specifies the file that contains the certificate.

  4. Display the certificate information.

    For example:

    # pkgadm listcert -P pass:storepass
    Keystore Alias: GTE CyberTrust Root
       Common Name: GTE CyberTrust Root
  Certificate Type: Trusted Certificate
Issuer Common Name: GTE CyberTrust Root
    Validity Dates: <Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 2006 GMT>
   MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
  SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:
BC:65:A6:89:64

  5. Remove the temporary file.

    For example:

    # rm /tmp/root.crt

ProcedureHow to Set Up a Proxy Server (patchadd)

If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server with the patchadd command.

  1. Become superuser or assume an equivalent role.

  2. Select one of the following methods to specify a proxy server.

    1. Specify the proxy server by using the http_proxy, HTTPPROXY, or HTTPPROXYPORT environment variable.

      For example:

      # setenv http_proxy http://mycache.domain:8080

      Or, specify one of the following:

      # setenv HTTPPROXY mycache.domain
# setenv HTTPPROXYPORT 8080

    2. Specify the proxy server on the patchadd command line.

      For example:

      # patchadd -x mycache.domain:8080 -M http://www.sun.com/solaris/patches/latest 101223-02
102323-02

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2004 Sun Microsystems
 

Updated: 2004-01-29, 13:14