This
chapter introduces you to the
dupatch
utility for installing,
removing, and managing patches.
See
Chapter 3
for instructions
on installing and removing patches from the Tru64 UNIX operating system and
the TruCluster software products.
1.1 Changes to the dupatch Utility
Beginning with Version 5.1B-2, HP changed the way Tru64 UNIX patch kits are installed by introducing the concept of Inclusive Patch Kits. If you did not install Version 5.1B-2 but have installed earlier kits, you may want to review an overview of the installation changes as described in Appendix D.
Version 5.1B-3 introduced several new changes to the way the
dupatch
utility installs, removes, and works with patches:
Before you can install this kit you must accept the conditions
included in the license that the
dupatch
utility displays
(see
Section 3.4).
You can read this license in the
Patch Summary and Release Notes
for Version 5.1B-3.
You can now delete the patch kit by kit name rather than by
specifying individual patches.
With the introduction of this feature, you
can easily delete patches interactively using the
dupatch
graphical interface or from the
dupatch
command line.
This
feature also works on on pre-V5.1B-3 kits.
See
Section 3.8.3.
You can delete patches in multiuser mode. See Section 3.8.1.
You can force the installation of the patch kit even if file
conflicts exist.
This feature is an extension of the
dupatch
baselining feature.
See
Section 2.2.
A new command-line option
dupatch
-track
-type
patch_level
provides
a single command that lists a full description of the patch kits, CSPs, and
ERPs installed on your system.
See
Appendix C.
The
dupatch
utility is provided as an interactive
and command-line tool for working with Patch kits.
The following sections
provide an overview of
dupatch
and describe the procedure
for installing the most current version.
1.2.1 dupatch Overview
All Tru64 UNIX and TruCluster software
Release Patch Kits
are installed, removed, and managed using the
setld
-based
dupatch
utility, which provides you with menus that step you though the
various tasks.
The
dupatch
utility
is also used for installing many of the
Customer-Specific
Patch Kits (CSPs) , and
Early Release Patch
Kits
(ERPs) .
Although the examples and descriptions provided in this
manual, in general, refer to Release Patch Kits, the information is similar
for CSPs and ERPs that install using
dupatch
.
The
dupatch
utility is interactive, but you can also
run it from the command line using command options.
For information about
using the command-line interface, see
Appendix C, which
includes the
dupatch
(8)
For clustered systems running TruCluster
dupatch
is run in conjunction with the rolling upgrade (see
Chapter 4)
or no-roll (see
Chapter 5) procedures.
With
dupatch
, you can perform the following actions:
Install and remove patches.
View patch tracking and management information.
Track current
dupatch
-installed patches
and Customer-Specific patches.
Establish a baseline for systems that had manually installed system files placed on them.
Ensure the correct handling of customized system configuration
files so that customizations are not lost (for example,
conf.c
).
These files are also referred to as system-protected files (.new..
).
Validate patch applicability to existing system files (collision detection).
View the patch-specific documentation.
Because
dupatch
manages patch interdependencies,
direct
setld
installations (setld
-l) and deinstallations (setld
-d)
are disabled.
Most
dupatch
operations generate log files that record
the step-by-step procedures performed during the operation.
For information
about log files see
Appendix A.
1.2.2 Invoking dupatch and Installing New Patch Tools
After you have made the patch kits available to the system being patched,
run
dupatch
from root or you can change directories to
patch_kit
, which contains the
dupatch
utility:
From root:
# /patches/pk4/patch_kit/dupatch
From the
patch_kit
directory:
# cd /patches/pk4/patch_kit # ./dupatch
If new patch tools are available they will be loaded and you will see messages similar to the following:
* A new version of patch tools required for patch management is now being installed on your system. * Tools updated, invoking the updated Patch Utility...
The
dupatch
utility saves information on the tools
that have been loaded to the log file
/var/adm/patch/log/Dupatch_load_date.log
.
(See
Appendix A
for information
about log files.)
Note
To install the latest version of the patch tools, it is important that you run the
dupatch
utility located in the/patch_kit
directory every time you obtain a new patch tar file or a new Tru64 UNIX Patch CD-ROM. See Section C.1 for information you need to be aware of when installing from the command line.
After the new tools have been loaded,
dupatch
prompts
you for the path to the patch kit files.
After you specify the path (or press
Return if the patch kit is in your current directory) you will see the main
menu.
For example:
Enter path to the top of the patch distribution, or enter "q" to get back to the menu : /patches/pk4/patch_kit Tru64 UNIX Patch Utility (Rev. 48-00) ========================== - This dupatch session is logged in /var/adm/patch/log/session.log Main Menu: --------- 1) Patch Kit Installation 2) Patch Kit Deletion 3) Patch Kit Documentation 4) Patch Tracking 5) Patch Baseline Analysis/Adjustment h) Help on Command Line Interface q) Quit Enter your choice:
Patch applicability to the existing system files is done on a file-by-file basis for each patch. This ensures that the installation of a patch will not degrade or crash the system. The installation of a patch is blocked if any system files to be replaced by a patch are not valid predecessors of the patch files.
Patch applicability also enables consistency checking and reporting for the installation of Tru64 UNIX and TruCluster software patches.
In cases where a patch is blocked, informative messages are provided to assist you in determining how to proceed. Appendix B lists common error messages and suggested corrective actions.
The installation of a patch is blocked if any of the following conditions exist:
The underlying software product subset is not installed for example, if the applicable Tru64 UNIX or TruCluster software release subset is not installed.
The
setld
inventory is inconsistent with
the existing system files.
This occurs when an operating system or TruCluster software
setld
subset is installed and individual operating system files
that are part of that subset are moved, deleted, or replaced.
The patch installation is blocked if any existing
system files (files that are targeted to be updated by a patch) have changed
and cannot be related to previous versions of the patch.
This ensures that
operating system files that change due to other explicit system administrator
action (for example, layered product patches or non-dupatch
installed CSP installations) are not inadvertently overwritten.
You must take
special action, through the baseline feature to enable patch installation
in this situation.
By default, Release Patch Kits are made reversible during the installation so you revert your system to its state prior to the installation. If you choose to make patch kits nonreversible, you will not be able to uninstall the kit.
Customer-Specific patch kits are forced to be reversible when
the CSP kit is manufactured.
This forced reversibility overrides the reversibility
option provided by
dupatch
during installation.
Patch reversibility is dependent upon saving the existing system
files that will be updated by the patch.
Saving these files requires the
availability of adequate storage space in
/var/adm/patch/backup
,
which can be a mount point for a separate disk partition, an NFS mount point,
or a symbolic link to another file system.
This allows you to configure your
system to reduce the impact on system disk space for the
/
,
/usr
, and
/var
partitions.
The
dupatch
utility checks for the required storage
space prior to patch installation.
Patch installation is prevented if adequate
backup space is unavailable.
Section 2.1
includes an example of the
dupatch
output regarding patch reversibility.
1.5 Using the Patch Tracking Menu
The
dupatch
patch-tracking capability lets you view information about
installed patches, such as lists of release patches, CSPs, and ERPs installed
on the system and which patch kits you have installed.
For example, the following
dupatch
output shows the
patch tracking menu with the List Installed patches menu item selected:
Patch Tracking Menu: ------------------- 1) List installed patches 2) List installed patch files 3) List patch kit information for installed patches 4) Show Patch History for selected patches 5) Show System Patch History b) Back to Main Menu q) Quit Enter your choice: 1 Patch Tracking Selection Menu: ------------------------------ 1) List Release Patches 2) List Customer Specific Patches 3) List All Patches b) Back to Tracking Menu q) Quit Enter your choice: Gathering details of relevant patches, this may take a bit of time Patches installed on the system: ------------------------------- (depending upon the number of patches you installed, this may take awhile) - Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches: Patch 25022.00 - SP04 OSFDCMT540 Patch 25080.00 - SP04 OSFTCLBASE540 Patch 26022.00 - SP05 OSFDCMT540 Patch 26080.00 - SP05 OSFTCLBASE540 - Tru64_UNIX_V5.1B / Common Desktop Environment (CDE) Patches: Patch 25015.00 - SP04 OSFCDEDT540 (SSRT2405) Patch 25016.00 - SP04 OSFCDEMAIL540
.
.
.
Patch 26085.00 - SP05 OSFX11540 (SSRT4831 SSRT4802 SSRT4800 SSRT4721) Patch 26086.00 - SP05 OSFXADMIN540 Press RETURN to get back to the Patch Tracking Menu...
1.6 Using the Patch Documentation Menu
When you select the Patch
Documentation item of the main menu,
dupatch
returns a
menu that gives you access to different information:
Problem summaries
Provide brief descriptions of the problems corrected by the patches. You can view the problems corrected by installed patches or by patches available from a specific kit.
Full descriptions
Provide complete descriptions of the problems corrected by the individual patches. You can view the problem descriptions for installed patches or for patches available from a specific kit.
Special Instructions
These files describe special instructions you need to be aware of for individual patches. You can view the instructions for installed patches or for patches available from a specific kit.
Report identifiers
Revision control strings
The following output shows the Patch Documentation menu and a typical session:
Patch Documentation Menu: ------------------------ Installed patches on the system 1) View problem summaries 2) View full descriptions 3) View special instructions 4) View Problem Report Identifiers 5) View Revision Control Strings Patches in the patch kit 6) View problem summaries 7) View full descriptions 8) View special instructions 9) View Problem Report Identifiers 10) View Revision Control Strings All (installed and non-installed) patches 11) View patch problem summaries 12) View patch full descriptions 13) View patch special instructions 14) View Problem Report Identifiers 15) View Revision Control Strings b) Back to Main Menu q) Quit Enter your choice: 1 Patch Documentation Selection Menu: ----------------------------------- 1) List Release problem summaries 2) List Customer Specific problem summaries 3) List All problem summaries b) Back to Documentation Menu q) Quit Enter your choice: 3 There may be more patches than can be presented on a single screen. If this is the case, you can choose patches screen by screen or all at once on the last screen. All of the choices you make will be collected for your confirmation before any patches are examined. - Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches: 1) Patch 25022.00 - SP04 OSFDCMT540 2) Patch 25080.00 - SP04 OSFTCLBASE540 3) Patch 26022.00 - SP05 OSFDCMT540 4) Patch 26080.00 - SP05 OSFTCLBASE540 - Tru64_UNIX_V5.1B / Common Desktop Environment (CDE) Patches: 5) Patch 25015.00 - SP04 OSFCDEDT540 (SSRT2405) 6) Patch 25016.00 - SP04 OSFCDEMAIL540
.
.
.
- Tru64_UNIX_V5.1B / X11 Patches: 49) Patch 25075.00 - SP04 OSFSER540 50) Patch 25085.00 - SP04 OSFX11540 Or you may choose one of the following options: 55) ALL of the above 56) CANCEL selections and redisplay menus 57) EXIT without examining any patches Enter your choices or press RETURN to redisplay menus. Choices (for example, 1 2 4-6): 1-4 7 Enter the output filename for the problem summaries for installed patches, or < Return> to continue (output to screen): ======================================================== Tru64_UNIX_V5.1B / Commands, Shells, & Utilities Patches: Patch 25022.00 - SP04 OSFDCMT540 A potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. HP has corrected this potential vulnerability
.
.
.
Press RETURN to proceed... Patch Documentation Selection Menu: ----------------------------------- 1) List Release problem summaries 2) List Customer Specific problem summaries 3) List All problem summaries b) Back to Documentation Menu q) Quit Enter your choice: q
The patch description information and special instructions are conveniently
organized in the
Patch Summary and Release Notes
document that is packaged with each kit.
1.7 Version Switches
A version switch manages the transition of the active version to the new version of an operating system. The active version is the one that is currently in use.
With the Inclusive patch kits, you must manually enable the version switch. See Section 3.7.1 for more information
In the old-style patch kits, version switches are controlled by the
clu_upgrade
-switch
command during a rolling patch.
See
Section 4.10
for more information.
1.8 General Issues and Restrictions
This section provides information you must be aware of when installing
or removing patches.
Be sure to check the
Patch Summary and Release Notes
document of the kit you
are installing for any issues and restrictions that pertain to that installation.
1.8.1 When Single-User Mode Is Recommended
Although you can install patches in multiuser mode, we recommend that you bring down your system to single-user mode when installing patches that affect the operation of the Tru64 UNIX operating system or the product you are patching. If your system must remain in multiuser mode, apply the patches when the system is as lightly loaded as possible.
There are no restrictions on performing patch selection and preinstallation
checking in multiuser mode.
Patch removals can only be done in single-user
mode.
1.8.2 Use Clean Directory for Each Patch Kit
When installing a patch kit downloaded from the Web, untar the file
in a clean directory; that is, one that does not contain files from a previous
patch kit.
A failure to do this can have adverse consequences when installing
the new kit.
1.8.3 Patching a System Prior to Creating a Cluster
Patching your system before creating your cluster can save you time, although if you do so, be aware that you cannot then remove the patch kit.
The following steps describe how to patch your system before creating a cluster:
Install and configure the Tru64 UNIX operating system.
Use the
setld
command to install the TruCluster software
kit.
If the TruCluster software kit is not loaded before the patch operation,
patches for TruCluster software will not be loaded.
Patch the system.
Use the
clu_create
command to create the
single-member cluster.
See the Tru64 UNIX
Installation Guide
for information
about installing the operating system and the TruCluster
Cluster Installation
manual for information about creating your cluster.
1.8.4 RIS and DMS Unsupported for Patch Installation
Remote Installation
Services (RIS) and Dataless Management Services (DMS) installations of patches
are not supported.
However, the patch kit installation mechanism does support
network installation via NFS.
1.8.5 Direct setld Installation and Removal of Patch Subsets Is Not Allowed
You can install and remove Tru64 UNIX and TruCluster software patches
only through
dupatch
.
You cannot directly install or reinstall
the patch subsets with
setld
.
This ensures that patch tracking
and management are not compromised.
1.8.6 Limitation for /var/adm/patch/backup Directory Handling
The patch
management utility assumes there is one
/var/adm/patch/backup
directory per system.
It does not handle placement of archived original files
for multiple systems in one directory.
1.8.7 Do Not Enter Ctrl/c During Installation Phase
Do not enter a Ctrl/c command during the installation phase of the patch kit.
Caution
As with any system update, entering a Ctrl/c during this phase could leave the operating system software environment in an inconsistent and nonrecoverable state.
1.8.8 Removing Patches Containing Customized Files
If you
use
dupatch
to remove a patch containing a customized file,
messages similar to the following may appear in the session log file,
/var/adm/patch/log/session.log
:
- Tru64_UNIX_V5.1B / Network Patches: Patch 25020.00 - SP04 OSFCLINET540 (SSRT3653 SSRT2384 SSRT2275 ...) Customization found in ./etc/inetd.conf. Before the backup was restored, we had saved a copy of this file in: ./etc/inetd.conf.PreDel_OSFPAT02502000540 Please compare ./etc/inetd.conf with this saved copy. If there are extra customizations you want to keep, you would need to merge them into ./etc/inetd.conf manually. ./etc/inetd.conf.PreDel_OSFPAT02502000540 can be removed afterwards.
This message warns you to examine the removed patch for any customized
files it may contain, which in this example is the file
/etc/inetd.conf
.
In order to keep those customizations, you will have to manually
add them.
The following are examples of such customized files:
/usr/var/spool/cron/crontabs/root
/etc/sysconfigtab
/usr/var/adm/sendmail/sendmail.cf
1.8.9 Release Patches Do Not Automatically Supersede CSPs
Release patches do not automatically supersede
dupatch
-based Customer-Specific patches (CSPs).
Any Release patch
blocked by a CSP will result in a
dupatch
message.
See
Section B.1.7
for more information.
See the release notes
of the new style patch kits for a list of CSPs that are included in those
patch kits.
The
Patch Summary and Release Notes
document
included with Version 5.1B-2 and higher includes a list of CSPs that were
reconciled in the patch kit.
1.8.10 Impact on System Upgrades to Later Versions of Tru64 UNIX
In the presence of patches of layered products, certain procedures used to upgrade a system to a later version of Tru64 UNIX can lead to inconsistencies among operating system and layered product objects.
Note
After successfully installing a new version of Tru64 UNIX, you should obtain and install the latest patch kit that is applicable to that version.