solaris 10 - LPS not working with smpatch analyze
I recently started patching systems with IDR124828-01 as a temporary fix to the security vulnerability listed here:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102724-1
Since this temporary patch requires kernel patch 118833-24, I needed to get a few of my systems up to date. However, after patching the LPS with the temporary patch, using `smpatch analyze/update` on any system returns: No patches required.
I successfully patched some systems yesterday, so I figured the temporary patch had borked the patchsvr. I verified the problem was with the LPS because changing smpatch settings on the LPS like so: patchpro.patch.source=https://getupdates1.sun.com/ works fine.
Restarting the patchsvr doesn't help. Debug output from smpatch is also not helpful. There are no errors appearing in the patchsvr logs.
Any advice on how I can back out the temporary patch gracefully, or any other problems that may be causing this?
[973 byte] By [
cbcrawfoa] at [2007-11-26 12:31:45]
# 2
As per the instructions -
# patchadd IDR124828-01
I backed it out using just a patchrm.
Some more information on the patchsvr - it now hangs if multiple clients attempt to connect to it. There appears to be some threading problem - I'm not sure if these problems were sparked by the IDR, of their appearance the same day was coincidental.
# 3
Hi
How many clients , and what version of Solaris are they running?
You may wish, on any solaris 10 clients to have a look at the output of the following command (it creates a lot of information , and also console output)
# smpatch analyze -@ \
-C patchpro.internal.statustags=true \
-C patchpro.log.level=7 \
-C patchpro.debug=true \
-C patchpro.log.file=/tmp/smpatchDebug.log
# 4
There were 13 clients originally, there seems to be problems with more than 4. They are all running solaris 10.
The debug output isn't being very helpful (no errors, obvious problems) - All of the analyzed patches appear in this form:
com.sun.patchpro.patch.PatchSequencer@63b2e6 <=Installed patch 121133-02 is >= to current patch 121133-02
There don't seem to be any listed patches newer than September 22 (About the last time they got a large set of patches) - Some of the patches are not current versions as well. E.g. it analyzed patch 121081-05, the latest revision is -06.
# 5
Addition - If I pass patches to analyze/update smpatch works correctly. E.g.
# uname -v
Generic_118833-24
# cat /tmp/testP
123252-01(Netra patch not needed by my systems, but always shows up on analyze)
118833-24
# smpatch analyze -x idlist=/tmp/testP
123252-01
