1    Patch Process Overview

This chapter introduces you to the dupatch utility for installing, removing, and managing patches. See Chapter 3 for instructions on installing and removing patches from the Tru64 UNIX operating system and the TruCluster software products.

1.1    Changes to the dupatch Utility

Beginning with Version 5.1B-2, HP changed the way Tru64 UNIX patch kits are installed by introducing the concept of Inclusive Patch Kits. If you did not install Version 5.1B-2 but have installed earlier kits, you may want to review an overview of the installation changes as described in Appendix D.

Version 5.1B-3 introduced several new changes to the way the dupatch utility installs, removes, and works with patches:

1.2    Using dupatch

The dupatch utility is provided as an interactive and command-line tool for working with Patch kits. The following sections provide an overview of dupatch and describe the procedure for installing the most current version.

1.2.1    dupatch Overview

All Tru64 UNIX and TruCluster software Release Patch Kits are installed, removed, and managed using the setld-based dupatch utility, which provides you with menus that step you though the various tasks.

The dupatch utility is also used for installing many of the Customer-Specific Patch Kits (CSPs) , and Early Release Patch Kits (ERPs) . Although the examples and descriptions provided in this manual, in general, refer to Release Patch Kits, the information is similar for CSPs and ERPs that install using dupatch.

The dupatch utility is interactive, but you can also run it from the command line using command options. For information about using the command-line interface, see Appendix C, which includes the dupatch(8) reference page.

For clustered systems running TruCluster dupatch is run in conjunction with the rolling upgrade (see Chapter 4) or no-roll (see Chapter 5) procedures.

With dupatch, you can perform the following actions:

Because dupatch manages patch interdependencies, direct setld installations (setld -l) and deinstallations (setld -d) are disabled.

Most dupatch operations generate log files that record the step-by-step procedures performed during the operation. For information about log files see Appendix A.

1.2.2    Invoking dupatch and Installing New Patch Tools

After you have made the patch kits available to the system being patched, run dupatch from root or you can change directories to patch_kit, which contains the dupatch utility:

From root:

# /patches/pk4/patch_kit/dupatch

From the patch_kit directory:

# cd /patches/pk4/patch_kit
# ./dupatch

If new patch tools are available they will be loaded and you will see messages similar to the following:

   * A new version of patch tools required for patch management
     is now being installed on your system.
 
   * Tools updated, invoking the updated Patch Utility...

The dupatch utility saves information on the tools that have been loaded to the log file /var/adm/patch/log/Dupatch_load_date.log. (See Appendix A for information about log files.)

Note

To install the latest version of the patch tools, it is important that you run the dupatch utility located in the /patch_kit directory every time you obtain a new patch tar file or a new Tru64 UNIX Patch CD-ROM. See Section C.1 for information you need to be aware of when installing from the command line.

After the new tools have been loaded, dupatch prompts you for the path to the patch kit files. After you specify the path (or press Return if the patch kit is in your current directory) you will see the main menu. For example:

Enter path to the top of the patch distribution,
or enter "q" to get back to the menu :  /patches/pk4/patch_kit
 
Tru64 UNIX Patch Utility (Rev. 48-00)
==========================
	- This dupatch session is logged in /var/adm/patch/log/session.log
 
    Main Menu:
    ---------
 
    1)  Patch Kit Installation
    2)  Patch Kit Deletion
    3)  Patch Kit Documentation
 
    4)  Patch Tracking
    5)  Patch Baseline Analysis/Adjustment
 
    h)  Help on Command Line Interface
 
    q)  Quit
 
Enter your choice:

1.3    Patch Applicability

Patch applicability to the existing system files is done on a file-by-file basis for each patch. This ensures that the installation of a patch will not degrade or crash the system. The installation of a patch is blocked if any system files to be replaced by a patch are not valid predecessors of the patch files.

Patch applicability also enables consistency checking and reporting for the installation of Tru64 UNIX and TruCluster software patches.

In cases where a patch is blocked, informative messages are provided to assist you in determining how to proceed. Appendix B lists common error messages and suggested corrective actions.

The installation of a patch is blocked if any of the following conditions exist:

1.4    Patch Reversibility

By default, Release Patch Kits are made reversible during the installation so you revert your system to its state prior to the installation. If you choose to make patch kits nonreversible, you will not be able to uninstall the kit.

Customer-Specific patch kits are forced to be reversible when the CSP kit is manufactured. This forced reversibility overrides the reversibility option provided by dupatch during installation.

Patch reversibility is dependent upon saving the existing system files that will be updated by the patch. Saving these files requires the availability of adequate storage space in /var/adm/patch/backup, which can be a mount point for a separate disk partition, an NFS mount point, or a symbolic link to another file system. This allows you to configure your system to reduce the impact on system disk space for the /, /usr, and /var partitions.

The dupatch utility checks for the required storage space prior to patch installation. Patch installation is prevented if adequate backup space is unavailable.

Section 2.1 includes an example of the dupatch output regarding patch reversibility.

1.5    Using the Patch Tracking Menu

The dupatch patch-tracking capability lets you view information about installed patches, such as lists of release patches, CSPs, and ERPs installed on the system and which patch kits you have installed.

For example, the following dupatch output shows the patch tracking menu with the List Installed patches menu item selected:

    Patch Tracking Menu:
    ------------------- 
    1)  List installed patches
    2)  List installed patch files
    3)  List patch kit information for installed patches
    4)  Show Patch History for selected patches
    5)  Show System Patch History 
 
    b)  Back to Main Menu
    q)  Quit  Enter your choice: 1
 
    Patch Tracking Selection Menu:
    ------------------------------
 
    1)  List Release Patches
    2)  List Customer Specific Patches
    3)  List All Patches
 
    b)  Back to Tracking Menu
    q)  Quit
 
Enter your choice: 
 
Gathering details of relevant patches, this may take a bit of time
	Patches installed on the system:
	-------------------------------
  (depending upon the number of patches you installed, this may take awhile)
 
 - Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches:
        Patch 25022.00 - SP04 OSFDCMT540                                        
        Patch 25080.00 - SP04 OSFTCLBASE540                                     
        Patch 26022.00 - SP05 OSFDCMT540                                        
        Patch 26080.00 - SP05 OSFTCLBASE540                                     
 
 - Tru64_UNIX_V5.1B / Common Desktop Environment (CDE) Patches:
        Patch 25015.00 - SP04 OSFCDEDT540 (SSRT2405)                            
        Patch 25016.00 - SP04 OSFCDEMAIL540                                     

.
.
.
Patch 26085.00 - SP05 OSFX11540 (SSRT4831 SSRT4802 SSRT4800 SSRT4721) Patch 26086.00 - SP05 OSFXADMIN540   Press RETURN to get back to the Patch Tracking Menu...

1.6    Using the Patch Documentation Menu

When you select the Patch Documentation item of the main menu, dupatch returns a menu that gives you access to different information:

The following output shows the Patch Documentation menu and a typical session:

    Patch Documentation Menu:
    ------------------------
 
     Installed patches on the system
    1)  View problem summaries 
    2)  View full descriptions 
    3)  View special instructions 
    4)  View Problem Report Identifiers 
    5)  View Revision Control Strings 
     Patches in the patch kit
    6)  View problem summaries
    7)  View full descriptions
    8)  View special instructions
    9)  View Problem Report Identifiers
   10)  View Revision Control Strings
     All (installed and non-installed) patches
   11)  View patch problem summaries
   12)  View patch full descriptions
   13)  View patch special instructions
   14)  View Problem Report Identifiers 
   15)  View Revision Control Strings
 
    b)  Back to Main Menu
    q)  Quit
 
Enter your choice: 1
 
    Patch Documentation Selection Menu:
    -----------------------------------
 
    1)  List Release problem summaries
    2)  List Customer Specific problem summaries
    3)  List All problem summaries
 
    b)  Back to Documentation Menu
    q)  Quit
 
Enter your choice: 3
    There may be more patches than can be presented on a single
     screen. If this is the case, you can choose patches screen by screen
     or all at once on the last screen. All of the choices you make will
     be collected for your confirmation before any patches are examined.
 
 - Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches:
     1) Patch 25022.00 - SP04 OSFDCMT540                                        
     2) Patch 25080.00 - SP04 OSFTCLBASE540                                     
     3) Patch 26022.00 - SP05 OSFDCMT540                                        
     4) Patch 26080.00 - SP05 OSFTCLBASE540                                     
 
 - Tru64_UNIX_V5.1B / Common Desktop Environment (CDE) Patches:
     5) Patch 25015.00 - SP04 OSFCDEDT540 (SSRT2405)                            
     6) Patch 25016.00 - SP04 OSFCDEMAIL540                                                               
 

.
.
.
- Tru64_UNIX_V5.1B / X11 Patches: 49) Patch 25075.00 - SP04 OSFSER540 50) Patch 25085.00 - SP04 OSFX11540   Or you may choose one of the following options:   55) ALL of the above 56) CANCEL selections and redisplay menus 57) EXIT without examining any patches   Enter your choices or press RETURN to redisplay menus.   Choices (for example, 1 2 4-6): 1-4 7   Enter the output filename for the problem summaries for installed patches, or < Return> to continue (output to screen):   ========================================================   Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches: Patch 25022.00 - SP04 OSFDCMT540   A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability
.
.
.
Press RETURN to proceed...   Patch Documentation Selection Menu: -----------------------------------   1) List Release problem summaries 2) List Customer Specific problem summaries 3) List All problem summaries   b) Back to Documentation Menu q) Quit   Enter your choice: q    

The patch description information and special instructions are conveniently organized in the Patch Summary and Release Notes document that is packaged with each kit.

1.7    Version Switches

A version switch manages the transition of the active version to the new version of an operating system. The active version is the one that is currently in use.

With the Inclusive patch kits, you must manually enable the version switch. See Section 3.7.1 for more information

In the old-style patch kits, version switches are controlled by the clu_upgrade -switch command during a rolling patch. See Section 4.10 for more information.

1.8    General Issues and Restrictions

This section provides information you must be aware of when installing or removing patches. Be sure to check the Patch Summary and Release Notes document of the kit you are installing for any issues and restrictions that pertain to that installation.

1.8.1    When Single-User Mode Is Recommended

Although you can install patches in multiuser mode, we recommend that you bring down your system to single-user mode when installing patches that affect the operation of the Tru64 UNIX operating system or the product you are patching. If your system must remain in multiuser mode, apply the patches when the system is as lightly loaded as possible.

There are no restrictions on performing patch selection and preinstallation checking in multiuser mode. Patch removals can only be done in single-user mode.

1.8.2    Use Clean Directory for Each Patch Kit

When installing a patch kit downloaded from the Web, untar the file in a clean directory; that is, one that does not contain files from a previous patch kit. A failure to do this can have adverse consequences when installing the new kit.

1.8.3    Patching a System Prior to Creating a Cluster

Patching your system before creating your cluster can save you time, although if you do so, be aware that you cannot then remove the patch kit.

The following steps describe how to patch your system before creating a cluster:

  1. Install and configure the Tru64 UNIX operating system.

  2. Use the setld command to install the TruCluster software kit. If the TruCluster software kit is not loaded before the patch operation, patches for TruCluster software will not be loaded.

  3. Patch the system.

  4. Use the clu_create command to create the single-member cluster.

See the Tru64 UNIX Installation Guide for information about installing the operating system and the TruCluster Cluster Installation manual for information about creating your cluster.

1.8.4    RIS and DMS Unsupported for Patch Installation

Remote Installation Services (RIS) and Dataless Management Services (DMS) installations of patches are not supported. However, the patch kit installation mechanism does support network installation via NFS.

1.8.5    Direct setld Installation and Removal of Patch Subsets Is Not Allowed

You can install and remove Tru64 UNIX and TruCluster software patches only through dupatch. You cannot directly install or reinstall the patch subsets with setld. This ensures that patch tracking and management are not compromised.

1.8.6    Limitation for /var/adm/patch/backup Directory Handling

The patch management utility assumes there is one /var/adm/patch/backup directory per system. It does not handle placement of archived original files for multiple systems in one directory.

1.8.7    Do Not Enter Ctrl/c During Installation Phase

Do not enter a Ctrl/c command during the installation phase of the patch kit.

Caution

As with any system update, entering a Ctrl/c during this phase could leave the operating system software environment in an inconsistent and nonrecoverable state.

1.8.8    Removing Patches Containing Customized Files

If you use dupatch to remove a patch containing a customized file, messages similar to the following may appear in the session log file, /var/adm/patch/log/session.log:

- Tru64_UNIX_V5.1B / Network Patches:
        Patch 25020.00 - SP04 OSFCLINET540 (SSRT3653 SSRT2384 SSRT2275 ...)      
 
        Customization found in ./etc/inetd.conf.
 
        Before the backup was restored, we had saved a copy of this file in:
 
                ./etc/inetd.conf.PreDel_OSFPAT02502000540
 
        Please compare ./etc/inetd.conf with this saved copy. 
 
        If there are extra customizations you want to keep, you would need 
        to merge them into ./etc/inetd.conf manually. 
 
        ./etc/inetd.conf.PreDel_OSFPAT02502000540 
        can be removed afterwards.

This message warns you to examine the removed patch for any customized files it may contain, which in this example is the file /etc/inetd.conf. In order to keep those customizations, you will have to manually add them.

The following are examples of such customized files:

1.8.9    Release Patches Do Not Automatically Supersede CSPs

Release patches do not automatically supersede dupatch-based Customer-Specific patches (CSPs). Any Release patch blocked by a CSP will result in a dupatch message. See Section B.1.7 for more information. See the release notes of the new style patch kits for a list of CSPs that are included in those patch kits. The Patch Summary and Release Notes document included with Version 5.1B-2 and higher includes a list of CSPs that were reconciled in the patch kit.

1.8.10    Impact on System Upgrades to Later Versions of Tru64 UNIX

In the presence of patches of layered products, certain procedures used to upgrade a system to a later version of Tru64 UNIX can lead to inconsistencies among operating system and layered product objects.

Note

After successfully installing a new version of Tru64 UNIX, you should obtain and install the latest patch kit that is applicable to that version.