SUN patch reporter

SUN have a program that compares the patches installed on a machine with the latest patch release. This program, and the patch list, is only available to machines that are on maintenance. Typically, it is the machines that are not on maintenance that are most in need of patching, and the security and recommended patches are made public anyway.

Sun's product is called patchdiag. It has a few limitations with the default output format:

If a security patch is for an unbundled product, it is not displayed in the default output format.
If a security patch is installed, and is recommended but not up-to-date, it is not highlighted as a security patch.
If a product is bundled with Solaris, but it not installed, patches for that product are still displayed in the patch report.
It's much slower than it should be.

My replacement, patchsun, still has problems with false positives, but most of these cannot be overcome without changing the format of the pkginfo or patch readme files.

Generating the patchdiag.xref file

Requires: GNU tar, Perl 5.

Make an emtpy directory containing a symbolic link, 'patches', pointing at a directory with a mirror of Sun's public patch site.
Change to that directory
Run extractpkginfo to go through each patch, extracting the pkginfo and README files.
Run genxref to go through the *_Recommended.README files extracting a list of recommended pathes, and to go though the patch READMEs and pkginfo files, extracting architecture and version information, etc. Redirect the output to patchdiag.xref. The output file format is compatible with SUN's patchdiag tool, although it does contain less information.

Running patchsun

Requires: Perl 5.

Run patchsun to generate a patch report for your machine. If you didn't name your xref file 'patchdiag.xref', use -x to give its name.

Sample output

PATCH REPORT FOR 17/Jul/1998
===============================================================================
 
OUT OF DATE RECOMMENDED PATCHES (not including security patches)
  Latest  Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
(No patches)
===============================================================================
 
UNINSTALLED RECOMMENDED PATCHES (not including security patches)
  Latest  Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
(No patches)
===============================================================================
 
OUT OF DATE SECURITY PATCHES
  Latest  Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
104357 06  05  RS SunOS 5.5: usr/sbin/rpcbind patch
103187 39  38  RS SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd pa
102964 10  09  RS SunOS 5.5: lp patch
===============================================================================
 
UNINSTALLED SECURITY PATCHES
  Latest  Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
106446 01   -   S SunOS 5.5: /usr/sbin/ping patch
===============================================================================
END OF PATCH REPORT

Legend

R means 'Recommended patch'.
S means 'Security patch'.
? means 'Status unknown'.

(The recommended status of patches to unbundled products, like NSKIT patch 103053, is always unknown.)

Source

patchsun.tar.gz: extractpkginfo
genxref
patchsun

Peter Benie <pjb1008@cam.ac.uk>