SUN patch reporter
SUN have a program that compares the patches installed on a machine
with the latest patch release. This program, and the patch list, is
only available to machines that are on maintenance. Typically, it is
the machines that are not on maintenance that are most in need of
patching, and the security and recommended patches are made public
anyway.
Sun's product is called patchdiag. It has a few limitations with the
default output format:
- If a security patch is for an unbundled product, it is not
displayed in the default output format.
- If a security patch is installed, and is recommended but not
up-to-date, it is not highlighted as a security patch.
- If a product is bundled with Solaris, but it not installed,
patches for that product are still displayed in the patch report.
- It's much slower than it should be.
My replacement, patchsun, still has problems with false positives, but
most of these cannot be overcome without changing the format of the
pkginfo or patch readme files.
Generating the patchdiag.xref file
Requires: GNU tar, Perl 5.
- Make an emtpy directory containing a symbolic link,
'patches', pointing at a directory with a mirror
of Sun's public patch site.
- Change to that directory
- Run extractpkginfo to go through each patch,
extracting the pkginfo and README files.
- Run genxref to go through the
*_Recommended.README files extracting a list of recommended
pathes, and to go though the patch READMEs and pkginfo files,
extracting architecture and version information, etc. Redirect the
output to patchdiag.xref. The output file format is compatible
with SUN's patchdiag tool, although it does contain less information.
Running patchsun
Requires: Perl 5.
Run patchsun to generate a patch report for your
machine. If you didn't name your xref file 'patchdiag.xref', use -x
to give its name.
Sample output
PATCH REPORT FOR 17/Jul/1998
===============================================================================
OUT OF DATE RECOMMENDED PATCHES (not including security patches)
Latest Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
(No patches)
===============================================================================
UNINSTALLED RECOMMENDED PATCHES (not including security patches)
Latest Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
(No patches)
===============================================================================
OUT OF DATE SECURITY PATCHES
Latest Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
104357 06 05 RS SunOS 5.5: usr/sbin/rpcbind patch
103187 39 38 RS SunOS 5.5: libc, libnsl, libucb, nis_cachemgr and rpc.nisd pa
102964 10 09 RS SunOS 5.5: lp patch
===============================================================================
UNINSTALLED SECURITY PATCHES
Latest Inst RS Synopsis
--------- ---- -- -------------------------------------------------------------
106446 01 - S SunOS 5.5: /usr/sbin/ping patch
===============================================================================
END OF PATCH REPORT
Legend
R means 'Recommended patch'.
S means 'Security patch'.
? means 'Status unknown'.
(The recommended status of patches to unbundled products, like NSKIT
patch 103053, is always unknown.)
Source
- patchsun.tar.gz
-
- extractpkginfo
- genxref
- patchsun
Peter Benie <pjb1008@cam.ac.uk>