Spatchula - A Script to Patch Solaris^TM LANs

Wayne Wonchoba

The Sun Solaris (2.x) bundled patch scheme makes patch installation potentially very easy on a Solaris LAN. Solaris patches are uniquely identified by 8-digit strings like "102832-02"; which are unique across all versions of Solaris. Suppose I wish to install patch "102832-02," after obtaining it and unzipping it into directory ./102832-02, I can:

root 82> cd 102832-02
root 83> ls -F
Install.info*           SUNWolslb/     old_style_patch/
README.102832-02        backoutpatch*
SUNWolrte/              installpatch*
root 84>

and just ./installpatch to install the patch on this system. The machine does not need to be brought into single-user mode while this is occurring (although some patches recommend the machine be in a "quiet" state). The README.* file contains, among other things, special installation instructions. Some patches (e.g., kernel patches) require a reboot of the host, and some patches require no further action at all. /bin/showrev -p will list all patches currently installed on a Solaris host.

You can also obtain patches from a CD-ROM, or for free from the SunSolve Web site: http://www.Sunsolve.com/. The advantage of the latter is that the Sunsolve site has the most up-to-date patch information for various Solaris versions. I will focus on getting patches from the Sunsolve site, rather than from a CD-ROM.

The goal is to use the Solaris bundled patch functionality along with the current patch information at the Sunsolve site to painlessly keep the Solaris LAN patched with the most updated ones available. The solution should be as simple and as scalable as possible.

Overview

Given the description above, here is what I need to do:

1. Find out which patches "ought" to be on each host.