Wednesday, January 21, 2009

Patching Solaris Unix - The Rules Change Again!

Hey There,

I was going to do a bit today that carried on from yesterday's post on Solaris 10 boot archive patching issues, and walk through using smpatch to keep your machine up to date (especially if you prefer to stay away from the ui gui bits ;)

I reserve the right to do that, maybe tomorrow/maybe not (I've found that posting on a streak - or too many similar posts in a row - doesn't play out very well). In any event, when I went to update my patches on my SunBlade, I got an interesting message from "smpatch." It's going to be the topic of today's post; if you can even really call it a topic. It seems like many of the "old ways" Sun used to allow you to use to patch your machine are going the way of the Dodo :)

And, now, the Announcement Which Services The Public (Sounds much worse than Public Service Announcement ;)

If you manage, or own, any Sun boxes (and use any of their built-in-or-free utilities to keep your machine(s) current) this EOL (End Of Life) notice regarding certain patch updating/management utilities may be of interest to you.

NOTE: I included the entire messages queue for completeness, but Message "2 of 2" (regarding smpatch) is the one that might interest you, unless you've been hassling with trying to get SunConnection working since March of 2008 ;)

Enjoy (in moderation :)

host # smpatch messages -a

Messages Of The Day

Message 1 of 2
Date: 2008/02/29
Title: Attention all Sun Connection Hosted users
Description: Users of Sun Update Manager, smpatch, and Sun Connection Enterprise (UCE) are not affected
by this EOL announcement, but should continue to read on to determine if their systems are
enabled for hosted management.

Sun Connection Hosted Customers: On March 1, 2008, https://sunconnection.sun.com/ will
reach End of Service Life. You will still be able to receive updates via Sun Update Manager,
smpatch and UCE. We suggest that you check your systems to ensure the Sun Connection Hosted
transport mechanism is disabled.

To see if your system has been enabled for hosted management, check the value of your system
by using the following command:
/usr/lib/cc-ccr/bin/ccr -g cns.service.swupPortalMgmt.status
This command will return a value of "disabled", "enabled", or "". If the value is "disabled"
or "", thank you for checking, no further action is required. If "enabled", please take
action by performing one of the following steps:

You can disable the transport mechanism from Update Manager to Sun Connection hosted by
applying the patch 121081-08 (sparc) or 121082-08 (x86) which will be available on Feb.
29, 2008. If you want more control, you can also disconnect your system from Sun
Connection Hosted and shutdown the associated daemons on your system(s) via either one of
these two options.

1) From the Hosted Management Portal
[Note: This option will not be available once Sun Connection Hosted has been shutdown.]
a) Go to https://updates.sun.com/ and login to the Hosted management site with your Sun
Online Account.
b) Select the Systems tab
c) For each system listed, click the Edit System Settings icon (second icon to the right
of the system name)
d) Scroll to the bottom of the Edit Your System Settings page and click the Delete System
button
e) When asked for confirmation click Continue

This option will unregister your systems from the Portal and send a job down to your system
telling it to disable the portal management functionality.

2) Disable Hosted Management functionality from the client
a) From a terminal window on the target client system, su to root
b) Execute the following command to shutdown the local Hosted daemons:
# /usr/lib/cc-cfw/framework/lib/cc-client-adm stop
c) Execute the following command to prevent the daemons from being restarted at system boot
# /usr/lib/cc-cfw/framework/lib/cc-client-adm disable

Once complete, either option will disassociate your client system with Sun Connection Hosted.

Message 2 of 2
Date: 2009/01/13
Title: Attention all Sun Connection users
Description: The following patches for Sun Update Connection clients will soon be necessary to validate patch downloads.

Solaris 10 (Sparc) 121118-15
Solaris 10 (x86) 121119-15

Solaris 9 (Sparc) 140476-01
Solaris 9 (x86) 140477-01

Solaris 8 (Sparc) 140475-01

These patches deliver an updated public certificate into the smpatch keystore which will be required to validate patches signed after the expiry of the current patch signing certificate. Run

smpatch update

to ensure you are running with the latest versions of all required patches. After applying the patch, the default patchset name will become current2. The current2 patchset contains all the patches available today, and will also deliver the newly signed patches once they become available.

Sun Update Connection Proxy (Local Patch Server) users:

A patch will be available shortly to make use of the new certificates. If you wish, you may alter the patchSigningCertAlias property in the file /var/patchsvr/lps/WEB-INF/applicationContext-lps.xml to

patchsigning:patchsigning2:patchsigning3

After installing the above patch on your system to make use of this new certificate. A restart of patchsvr will be required to pick up the changes.


, Mike




Discover the Free Ebook that shows you how to make 100% commissions on ClickBank!



Please note that this blog accepts comments via email only. See our Mission And Policy Statement for further details.