HP HP-UX Patch Management User Manual

Patch Management User Guide for HP-UX

11.x Systems

HP Part Number: 5900-1048 Published: August 2010 Edition: 13

Confidential computersoftware. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211and 12.212, Commercial

Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under

vendor's standard commercial license.

The informationcontained hereinis subject to change without notice. Theonly warranties forHP productsand services are set forth in theexpress

warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP

shall not be liable for technical or editorial errors or omissions contained herein.

Acknowledgements

UNIX® is a registered trademark of The Open Group.

Revision History

Table 1 Revision history

Manufacturing Part Number

Systems

HP-UX5992-4020

HP-UX5992-0674

HP-UX5991-6449

HP-UX5991-5309

HP-UX5991-4825

HP-UX5991-2722

HP-UX5991-1163

HP-UX5991-0686

Publication DateEdition NumberSupported VersionsSupported Operating

August 20101311i v1, 11i v2, 11i v3HP-UX5900-1048

September 20101211i v1, 11i v2, 11i v3HP-UXB3921–90030

September 20091111i v1, 11i v2, 11i v3HP-UX5992–6582

March 20081011.0, 11i v1, 11i v1.6, 11i

v2, 11i v3

September 2007911.0, 11i v1, 11i v1.6, 11i

v2, 11i v3

February 2007811.0, 11i v1, 11i v1.6, 11i

v2, 11i v3

June 2006711.0, 11i v1, 11i v1.6, 11i

March 2006611.0, 11i v1, 11i v1.6, 11i

December 2005511.0, 11i v1, 11i v1.6, 11i

May 2005411.0, 11i v1, 11i v1.6, 11i

December 2004311.0, 11i v1, 11i v1.6, 11i

HP-UX5990-6753a

September 2004211.0, 11i v1, 11i v1.6, 11i

HP-UX5990-6753

April 2004111.0, 11i v1, 11i v1.6, 11i

1 HP-UX patches and patch management......................................................................7

Patch management strategies.................................................................................................................7

How to get patches............................................................................................................................8

Where to start....................................................................................................................................8

2 Quick start guide for patching HP-UX systems............................................................9

Overview.................................................................................................................................................9

Before you begin.....................................................................................................................................9

Should you use standard HP-UX patch bundles?.............................................................................9

Should you use individual patches?.................................................................................................9

Standard HP-UX patch bundles......................................................................................................10

Acquiring and installing standard HP-UX patch bundles...................................................................10

Acquiring the bundles.....................................................................................................................10

Installing the bundles......................................................................................................................11

Advanced topic: using Dynamic Root Disk (DRD).........................................................................12

Acquiring and installing individual patches........................................................................................13

Acquiring the patches......................................................................................................................13

Installing the patches.......................................................................................................................15

Advanced topic: using Dynamic Root Disk (DRD).........................................................................16

3 HP-UX patch overview..................................................................................................17

Patch-related concepts..........................................................................................................................17

Patch identification..........................................................................................................................17

HP-UX software structure...............................................................................................................17

Patch bundles...................................................................................................................................18

Software depots and patch depots..................................................................................................18

Patch status......................................................................................................................................19

Patch state........................................................................................................................................19

State..................................................................................................................................................20

Category tags...................................................................................................................................20

Which patches are on a system?...........................................................................................................21

Examples of the swlist command................................................................................................22

Ancestors and supersession..................................................................................................................25

Ancestors.........................................................................................................................................25

Advanced topic: determining patch ancestors...........................................................................25

Supersession....................................................................................................................................26

Advanced topic: displaying supersession information.............................................................27

Advanced topic: supersession and the patch_state attribute...............................................28

Patch-related attributes.........................................................................................................................29

Patch dependencies...............................................................................................................................31

Types of dependencies.....................................................................................................................31

Corequisites and prerequisites........................................................................................................31

Advanced topic: determining corequisite and prerequisite filesets with the swlist

command....................................................................................................................................32

Enforced and unenforced (manual) dependencies.........................................................................32

Impact of dependencies on acquiring patches................................................................................32

Patch rollback and commitment...........................................................................................................33

Patch rollback...................................................................................................................................33

Advanced topic: patch installation and rollback files................................................................33

Patch commitment...........................................................................................................................33

Advanced topic: patch cleanup utility............................................................................................34

HP-UX patch ratings.............................................................................................................................34

Table of Contents 3

HP patch rating of 1 ........................................................................................................................35

Rating details .............................................................................................................................35

HP patch rating of 2 ........................................................................................................................35

Rating details .............................................................................................................................35

HP patch rating of 3 ........................................................................................................................35

Rating details .............................................................................................................................35

Critical and noncritical patches............................................................................................................36

Finding information for a specific patch...............................................................................................36

Patch documentation ......................................................................................................................36

Advanced topic: the readme attribute............................................................................................38

Obtaining information using the ITRC...........................................................................................38

Accessing information on the ITRC...........................................................................................38

Patch warnings......................................................................................................................................38

The warning field............................................................................................................................39

Critical and noncritical warnings....................................................................................................39

How to handle patch warnings.......................................................................................................40

Questions to ask...............................................................................................................................40

Advanced topic: finding patches with warnings............................................................................40

Backup and recovery............................................................................................................................41

Considerations.................................................................................................................................41

4 Patch management overview......................................................................................42

Patch management life cycle.................................................................................................................42

HP service contracts..............................................................................................................................45

Patch management and software change management strategies.......................................................45

Establishing a software change management strategy ..................................................................45

Recommendations for software change management ...................................................................46

Consideration of HP patch rating....................................................................................................47

Patch management and software depots.........................................................................................47

Proactive patching strategy.............................................................................................................48

Acquiring patches for proactive patching..................................................................................48

Advanced topic: HP-UX Software Assistant..............................................................................49

Reactive patching strategy...............................................................................................................49

Acquiring patches for reactive patching ...................................................................................50

Advanced topic: security patching strategy ...................................................................................50

Advanced topic: scanning for security patches ..............................................................................51

Testing the patches to be installed .......................................................................................................51

5 What are standard HP-UX patch bundles?...............................................................52

Key features..........................................................................................................................................52

Standard HP-UX patch bundles...........................................................................................................52

Obtaining standard HP-UX patch bundles..........................................................................................53

6 Using the IT Resource Center......................................................................................55

Obtaining an ITRC user account...........................................................................................................55

Useful pages on the ITRC.....................................................................................................................55

Find individual patches........................................................................................................................55

Key features.....................................................................................................................................56

Accessing the patch database and finding an individual patch.....................................................56

Advanced topic: checking for special installation instructions............................................................58

Advanced topic: checking for all patch dependencies.........................................................................59

Check for patches with dependencies.............................................................................................59

Standard patch bundles........................................................................................................................62

Custom patch bundles - run a patch assessment..................................................................................62

Support information digests.................................................................................................................62

Key features.....................................................................................................................................62

4 Table of Contents

Ask your peers in the forums...............................................................................................................62

Search knowledge base.........................................................................................................................62

Key features ....................................................................................................................................63

7 Using software depots for patch management.........................................................64

Common software distributor commands for patching.......................................................................64

Depot types...........................................................................................................................................65

Directory depots..............................................................................................................................65

Tape depots......................................................................................................................................66

Using depots.........................................................................................................................................66

Choosing depot type and depot location........................................................................................67

Viewing depots.....................................................................................................................................67

Examples of the swlist command................................................................................................67

Creating and adding to a directory depot............................................................................................69

Copying patches to depots..............................................................................................................70

Advanced topic: HP-UX Software Assistant...................................................................................71

Copying products with patch dependencies to depots...................................................................71

Registering and unregistering directory depots...................................................................................71

Examples of registering and unregistering depots.........................................................................72

Advanced topic: access control lists................................................................................................72

Verifying directory depots....................................................................................................................73

Examples of verifying directory depots..........................................................................................73

Removing software from a directory depot..........................................................................................74

Advanced topic: removing superseded patches from a depot.......................................................76

Removing a directory depot ................................................................................................................77

Installing patches from a depot............................................................................................................77

Examples of installing patches from a depot..................................................................................79

Installing products with patch dependencies from a depot...........................................................80

Custom patch bundles..........................................................................................................................80

Examples of listing patches and bundles........................................................................................81

Creating a custom bundle................................................................................................................82

8 Using HP-UX Software Assistant for patch management.........................................85

For more information............................................................................................................................85

9 Using Dynamic Root Disk for patch management....................................................86

For more information............................................................................................................................87

10 The Patch Assessment Tool........................................................................................88

Benefits of the Patch Assessment Tool..................................................................................................88

Using the Patch Assessment Tool.........................................................................................................88

Example of running the Patch Assessment Tool..................................................................................89

11 Support and other resources.....................................................................................91

Contacting HP.......................................................................................................................................91

Before you contact HP.....................................................................................................................91

HP contact information...................................................................................................................91

Subscription service.........................................................................................................................91

Documentation feedback.................................................................................................................91

Related information..............................................................................................................................91

Documents.......................................................................................................................................91

HP websites.....................................................................................................................................92

Non-HP websites.............................................................................................................................92

Typographic conventions......................................................................................................................92

A Patch usage models.....................................................................................................94

Patch usage model 1: hardware/application software change.............................................................95

Patch usage model 2: third-party hardware/software qualification.....................................................97

Table of Contents 5

Patch usage model 3: operating environment cold install....................................................................98

Patch usage model 4: operating environment update........................................................................100

Patch usage model 5: proactive patch.................................................................................................102

Patch usage model 6: reactive patch...................................................................................................103

Glossary.........................................................................................................................104

Index...............................................................................................................................107

6 Table of Contents

1 HP-UX patches and patch management

Patches are software that HP releases to deliver incremental updates to a system. Patches are best known for delivering defect fixes, but also deliver new functionality and features, enable new hardware, and update firmware. You can use HP-UX patches to update HP-UX software without having to completely reinstall a system application. For a description of patches, see

Chapter 3: “HP-UX patch overview” (page 17).

You might wonder why you should be concerned with patch management. HP recommends that you address patch management to reduce the risk of problems such as system hangs, panics, memory leaks, data corruption, application failures, and security breaches. If your job involves any of the following concerns, then you need patch management:

• Having proper system functionality and performance

• Maintaining system security

• Maintaining system reliability and availability

• Obtaining the latest system enhancements and functionality

• Reading about problems and solutions before you encounter them

• Limiting the number of patches to install if you encounter a problem

• Limiting the amount of time required to troubleshoot problems

Patch management involves any of the following tasks:

• Selecting or acquiring patches

• Applying patches

• Updating previously applied patches with more current patches

• Verifying patches

• Testing patches

• Listing patches already applied to existing software

• Copying patches

• Maintaining repositories, or depots, of patches for easy selection

• Committing applied patches

• Removing or rolling back applied patches

For a description of patch management, see Chapter 4: “Patch management overview” (page 42).

NOTE: You can approach patch management in many different ways with no one approach being the correct way. You must base decisions regarding patch management on the specifics of your individual situation. Even then, there might be more than one reasonable path.

Patch management strategies

This guide addresses two basic patch management strategies. Most customers use a combination of both strategies:

Proactive Patching Patching regularly to avoid problems

Reactive Patching Patching after a problem occurs

No matter what strategy or combination of strategies you adopt, keep in mind that any change to a system, including change incurred during the process of patch management, risks the introduction of new problems to a system. This guide discusses some steps that you can take to mitigate the risk associated with patching systems.

Patch management strategies 7

How to get patches

HP provides numerous ways to acquire patches, ensuring that system administrators with different goals and different levels of expertise can find a patch source to fit their needs. You can obtain patches individually or in groups of related patches known as patch bundles.

This guide discusses the following HP-UX patch sources:

• IT Resource Center (ITRC) website:

http://itrc.hp.com

• Patch Tools:

HP-UX Software Assistant (SWA) is the HP-recommended utility to maintain currency with HP-published security bulletins and recommended patch levels for HP-UX 11i software. See “Using HP-UX Software Assistant for patch management” (page 85) for more information.

Where to start

If you have immediate patching needs, see Chapter 2: “Quick start guide for patching HP-UX

systems” (page 9).

If you want to learn about patching options, read all chapters in this guide, and then choose the resource that best meets your needs.

8 HP-UX patches and patch management

2 Quick start guide for patching HP-UX systems

This quick start guide is for system administrators who have immediate patching needs. It is a limited solution to general patching issues. If you need in-depth information about patching, review the rest of this document and the other patch-related resources in Section : “Related

information” (page 91).

NOTE: You will require root user privileges to complete these procedures.

Overview

This quick start guides you through basic patch management tasks and provides minimal detail:

• “Before you begin” (page 9)

Before you acquire and install the patch bundles or individual patches, you should consider some patch-related questions. See “Should you use standard HP-UX patch bundles?”

(page 9) and “Should you use individual patches?” (page 9).

• “Acquiring and installing standard HP-UX patch bundles” (page 10)

When initially patching a system, it is important to establish a stable baseline of patches. This section shows you how to acquire and install the standard HP-UX patch bundles. See

Chapter 5 (page 52) for more information.

• “Acquiring and installing individual patches” (page 13)

In addition to the standard HP-UX patch bundles, you might need to install individual patches. For example, you might want more recent patches found on the HP IT Resource Center (ITRC) website than those contained in a standard HP-UX patch bundle on media. You might also want the latest security patches.

For additional information, visit the ITRC website at http://itrc.hp.com.

Before you begin

The following sections contain questions that you should review before you begin the quick start procedures.

Should you use standard HP-UX patch bundles?

Before you acquire and install standard HP-UX patch bundles, consider the following questions:

• Is this a new system?

• Do you want to establish a baseline of patches?

• Do you want to update the existing baseline of patches?

• Are you adding new hardware to the system?

If you answer yes to any of these questions, then you should continue with “Acquiring and

installing standard HP-UX patch bundles” (page 10).

HP recommends using the HP-UX Quality Pack Patch bundle for the proactive maintenance of all HP-UX systems. For a description of the Quality Pack Patch bundle and all other standard HP-UX patch bundles, see “Standard HP-UX patch bundles” (page 10) .

Should you use individual patches?

HP recommendsusing individual patches whenperforming reactive patching tasks. For example, when a system is experiencing a problem, you should apply an individual patch or the smallest set of patches to fix the problem, and not an entire patch bundle.

Please refer to “Acquiring and installing individual patches” (page 13) for more information.

Overview 9

NOTE: In addition to the information in this guide, you should review the release notes for the product you are patching.

Standard HP-UX patch bundles

Table 2-1 shows the bundle names for the HP-UX 11i releases. See Chapter 5 (page 52) for more

information.

Table 2-1 Standard HP-UX patch bundle names

HP-UX 11i v3 (B.11.31)HP-UX 11i v2 (B.11.23)HP-UX 11i v1 (B.11.11)Patch Bundle Name

N/AFeature Enablement

Hardware Enablement

Quality Pack

Required

BUNDLE11iBUNDLE11i

NOTE: Standard HP-UX patch bundles are cumulative. The latest version of a bundle includes patches from all previous versions. Also, the standard patch bundles might have overlapping content. This will not affect the patching process.

Acquiring and installing standard HP-UX patch bundles

The standard HP-UX patch bundles provide recommended sets of HP-UX system patches, which you should use for proactive patching. See Chapter 5 (page 52) for information on specific standard patch bundles.

Acquiring the bundles

To obtain standard patch bundles from the web, perform the following steps:

1. Log in to the target system.

2. Determine the operating system release by entering this command:

uname -r

Record the information. You will use this information in step 8.

FEATURE11iFEATURE11i

HWEnable11iHWEnable11iHWEnable11i

QPKAPPSQPKAPPSGOLDAPPS11i

QPKBASEQPKBASEGOLDBASE11i

N/A

3. Be sure that you are logged in as a user with write permissions to the download directory that you plan to use.

These instructions assume you are using the /tmp directory.

4. Log in to the ITRC at http://itrc.hp.com.

Be sure to log in to the appropriate site (Americas/Asia Pacific or European).

NOTE: You must link your active HP support agreement (that includes Software Updates) to your ITRC profile before downloading patches. Use the My Profile link for instructions after completing login at the ITRC website.

5. Select Patch database from the left navigation.

6. Select find standard patch bundles.

7. Select HP-UX patch bundles.

8. Select the most recent release name for the operating system (by release date).

10 Quick start guide for patching HP-UX systems

9. Select the bundle/depot link. The bundles are cumulative; select the latest.

The bundle's main page is displayed. It shows the following information and links:

• Each patch contained in the bundle.

If the bundle contains patches with warnings, which are notifications of known problems, they are listed near the top of the page.

• All patch identifications (IDs) are linked to the patch database on the ITRC and provide detailed patch information.

• In the right-hand navigation menu you can access the readme file for the bundle by selecting the bundle readme link. Review the readme for critical installation information.

10. Ensure all items are checked. Click add to selected patch list.

If you see additional patches in the selected patch list, the ITRC selected them to replace patches with warnings. See “Patch warnings” (page 38).

11. Review your choices to ensure all items are checked. Click download selected.

The download patches page is displayed.

12. Under the heading “download items in one operation”, select a format option (HP recommends the gzip package). Select a zip package only if you are certain that the HP-UX system can unpack a .zip file.

You can use the commands whereis(1) and which(1) to make sure you have the appropriate software. For example, use whereis gzip to determine if the program is installed and use which gzip to determine if the program is in your path.

13. Click download. Make the appropriate selections (based on the browser you are using) to save the selected bundle to the /tmp/temporary_depot directory on the target system.

14. Record the name of the file being downloaded.

The following section refers to the file as patches.xxx.

Installing the bundles

To install the downloaded bundle, repeat the following steps for each bundle.

1. Log in to the target system.

2. Unpack the downloaded file patches.xxx by using one of these commands:

• If the downloaded file is patches.tgz:

gunzip -c patches.tgz | tar xvf -

• If the downloaded file is patches.tar:

tar -xfv patches.tar

• If the downloaded file is patches.zip:

unzip patches.zip

You must have an installed application that can unpack a .zip file. Not all HP-UX systems have such an application. If you do not have a system that can unpack a .zip file, then you would need to use a system that does, then transfer the unpacked files to the target system.

You can use the program locating commands whereis(1) and which(1) to make sure you have the appropriate software. For example, use whereis gzip to determine if the program is installed and use which gzip to determine if the program is in your path.

3. As root, run the create_depot_hp-ux_11 script.

4. Verify the download by entering this command:

swverify -d \* @ /tmp/temporary_depot/depot

You will see the message "* Verification succeeded."

Acquiring and installing standard HP-UX patch bundles 11

5. Find the bundle names by entering this command:

swlist -d @ /tmp/temporary_depot/depot

6. Record all bundle names.

The bundle name is the first word of each line under the Bundle(s) heading.

7. This step is critical. When you install a QPK or HWE patch bundle, the system reboots

automatically. Before you install abundle (step 9), you need to follow your company's policy regarding a system reboot.

8. This step is critical. Before you install the bundle, back up the system.

9. Install the bundles by entering this command:

swinstall -s /tmp/temporary_depot/depot -x autoreboot=true \

-x patch_match_target=true

During the installation, the system prints progress details to the screen.

10. Monitor the screen for error messages.

The system reboots automatically as part of the installation process.

11. Verify that the installation was successful:

• Repeat the swlist command for each bundle name you recorded in step 6:

swlist

-l bundle bundle_name

Ensure that the bundle is shown in the output.

• Repeat the swverify command for each bundle name you recorded in step 6:

swverify bundle_name

— This command might not always complete in a short amount of time. — If the verification is successful, the last few lines of output contain the line "*

Verification succeeded."

— If the verification was not successful, view the /var/adm/sw/swagent.log file

for additional information related to the swverify command failure. If this is not sufficient to resolve the problem, consult more advanced resources in Section :

“Related information” (page 91).

• View the swagent log file, located at /var/adm/sw/swagent.log. This log includes information related to the installation.

— Find the section pertaining to the installation just performed (located near the end

of the file if you check it immediately after the install). Review this section and make sure that there were no errors ("ERROR").

— If you find errors, consult more advanced resources in Section : “Related

information” (page 91) to resolve the problem.

Advanced topic: using Dynamic Root Disk (DRD)

By using Dynamic Root Disk (DRD) you can minimize the downtime required to apply a patch bundle, do most of your proactive maintenance during normal business hours, and have a fast, reliable backup mechanism if your system does not function as expected after the application of a patch bundle. With DRD, you create a copy (or clone) of the root disk that you can apply patches to, while your system is still up and running. Once all the patches are loaded on the clone, you can then reboot the system using the clone as your active root volume. If for any reason you decide that the patched root volume does not perform as you desire, you can quickly reboot the original system image. For more information, please see Chapter 9 (page 86).

12 Quick start guide for patching HP-UX systems

Acquiring and installing individual patches

At times, you might find it necessary to acquire and install individual patches based on known patch IDs.

For example, you might read an HP-UX security bulletin in which HP recommends that you install specific patches. Another possibility is that you are installing software that requires specific patches for the software to function properly. Customers also frequently acquire and install individual patches for reactive patching. Whichever the case, you can use the Patch Database on the ITRC website to quickly and simply acquire specified patches as well as their dependencies. If you are unfamiliar with patches with dependencies, see Chapter 3: “HP-UX patch overview”

(page 17).

NOTE: HP assigns each HP-UX patch a unique identification or patch ID. Each HP-UX patch ID has the form PHXX_#####, where:

• PH is an abbreviation for Patch HP-UX

• XX is replaced with one of the following values for the HP-UX area being patched:

— CO = command patches — KL = kernel patches — NE = network patches — SS = patches related to all other subsystems

• ##### is replaced with a unique four- or five-digit number.

In general, the numeric portion of the patch ID is higher for more recently released patches.

Acquiring the patches

To acquire the patches from the web, perform the following steps:

1. Log in to the target system.

2. Determine the operating system release by entering this command:

uname -r

Record this information. You will use it in step 8.

3. Be sure that you are logged in as a user with write permissions to the download directory you plan to use.

These instructions assume you are using the /tmp/some_patch_directory directory.

4. Log in to the ITRC at http://itrc.hp.com.

Be sure to log in to the appropriate site (Americas/Asia Pacific or European).

5. Select Patch database from the left navigation.

6. In the text box, enter the patch ID for the patch you want to download. Then click ».

If it exists, the selected patch is displayed on the search results page. Patches (possibly differing from the patch you requested) display in one to three columns.

7. Review the patches in the table.

• specified: Shows the patch ID you requested.

• recommended: Shows the patch HP recommends for download/install based on the

patch you requested (it might be different than the patch you specified). If you see a patch in this column, it meets all requirements of the patch you requested. HP recommends you download and install this patch.

• most recent: Shows the most recent version of the requested patch.

Acquiring and installing individual patches 13

The following icons might be displayed along with the patch ID.

• This symbol means that the patch has a warning associated with it. You should review the warning text to determine whether it applies to the system.

• This icon means that the patch has Special Installation Instructions. You should always read them.

See Table 6-1: “Navigating the search results table” (page 56) for a description of all table icons.

8. To review details about a patch, select the patch ID to open the patch details page.

At a minimum, you should review the information provided in the following fields:

• Special Installation Instructions: Read this section to determine if the chosen patch has additional steps that you must perform during installation.

• Warning: This section will only exist if the patch has a warning associated with it. Carefully read the information to determine how or whether the patch's problems will impact the system. If the warning does impact the system, you must decide whether the problem appears severe enough to avoid installing the patch. If this is the case, select an alternate patch if one is available.

• Patch Dependencies, Hardware Dependencies, Other Dependencies: Note the patch IDs because you must later verify that the patches are included on the list of patches that you download.

9. When you finish viewing this page, return to the search results page.

10. On the search results page, check the box next to the patch ID of the patch to download.

TIP: If the recommended column appears, you should select the patch in that column unless you have a valid reason not to.

11. Add the checked patch to the list of patches to download by clicking add to selected patch list.

• If the patch you chose has a warning associated with it, the patch warning(s) page appears.

• If this happens, verify the patch you are downloading and click continue.

• The selected patch list page is displayed.

12. The Patch Database might automatically add some patches to the download list to satisfy dependencies. You should download these along with the patches you explicitly selected.

13. To add more patches to the patch list, click add patches.

14. After acquiring all the patches you need, click download selected to open the download patches page.

15. Under the heading download items in one operation or download items individually, select a format option (HP recommends gzip package) and a download server. Select a zip package only if you are certain the HP-UX system can unpack a .zip file.

16. Click download. Make the appropriate selections (based on the browser you are using) to save the selected bundle to the /tmp/some_patch_directory directory on the target system.

17. Record the name of the file being downloaded.

The following section refers to the file as patches.xxx.

14 Quick start guide for patching HP-UX systems

Installing the patches

To install the downloaded patches, perform the following steps:

1. Log in to the target system.

2. Unpack the downloaded file, patches.xxx:

• If the downloaded file is patches.tgz:

gunzip -c patches.tgz | tar xvf -

• If the downloaded file is patches.tar:

tar -xfv patches.tar

• If the downloaded file is patches.zip:

unzip patches.zip

You must have an installed application that can unpack a .zip file. Not all HP-UX systems have such an application.

3. As root, run the create_depot_hp-ux_11 script.

The patches are now in a depot in the some_patch_directory directory.

4. Verify the download:

swverify -d \* @ /tmp/some_patch_directory/depot

You will see the message "* Verification succeeded."

5. This step is critical. When you install the patches, the system might reboot automatically.

Before you install patches (step 8), you need to follow your company's policy regarding a system reboot.

6. This step is critical. Before you install the patches, back up the system.

7. You can remove the following files to clean up the directory and save space:

• patch files of the form PHXX_#####

• .text files

• .depot files

• depot.psf file

• downloaded .tgz, .tar, or .zip file

• create_depot_hp-ux_11 file

• readme file

8. Install the patches using the following command:

swinstall -s /tmp/some_patch_directory/depot -x autoreboot=true \

-x patch_match_target=true

During the installation, the system prints progress details to the screen.

9. Monitor the screen for error messages.

The system reboots automatically if any of the patches you are installing requires it. Be patient. The patch installation can be slow for large numbers of patches.

Acquiring and installing individual patches 15

10. Verify that the installation was successful:

• Enter the command: swlist -l product

Ensure that the installed patches are shown in the output.

• Execute the swverify command on each of the new patches:

swverify patch_id

— This command might not always complete in a short period of time. — If the verification is successful, the last few lines of output contain the line "*

Verification succeeded."

— If the verification was not successful, view the /var/adm/sw/swagent.log

filefor additional information related to the swverify command failure. If this is not sufficient to resolve the problem, consult more advanced resources in Section :

“Related information” (page 91).

• View the swagent log file, located at /var/adm/sw/swagent.log. This log includes

information related to the installation.

— Find the section pertaining to the installation just performed (located near the end

of the file if you check it immediately after the install). Review this section, and ensure that there were no errors ("ERROR").

— If you find errors, consult more advanced resources in Section : “Related

information” (page 91) to resolve the problem.

Advanced topic: using Dynamic Root Disk (DRD)

By using Dynamic Root Disk (DRD) you can minimize the downtime required to apply patches, do most of your proactive maintenance during normal business hours, and have a fast, reliable backup mechanism if your system does not function as expected after the application of the patches. With DRD, you create a copy (or clone) of the root disk that you can apply patches to while your system is still up and running. Once all the patches are loaded on the clone, you can then reboot the system, using the clone as your active root volume. If for any reason you decide the patched root volume does not perform as you desire, you can quickly reboot the original system image. Note that if you are only applying a few patches, the time it takes to create a clone using DRD (similar to the time required by Ignite-UX to create a recovery image) might not be a valuable investment of your time. For more information, please see Chapter 9 (page 86).

16 Quick start guide for patching HP-UX systems

3 HP-UX patch overview

Patch-related concepts

Patch identification

HP assigns each HP-UX patch a unique identification or patch ID. Each HP-UX patch ID has the form PHXX_#####, where:

• PH is an abbreviation for Patch HP-UX

• XX is replaced with one of the following values for the HP-UX area being patched:

— CO = command patches — KL = kernel patches — NE = network patches — SS = patches related to all other subsystems

• ##### is replaced with a unique four- or five-digit number.

In general, the numeric portion of the patch ID is higher for more recently released patches.

HP-UX software structure

To understand some of the topics presented in this chapter, you shouldhave a basic understanding of the structure of HP-UX software. Patches are part of this software structure. You will also need to use Software Distributor.

The following list provides an overview of theSoftware Distributor for HP-UX (SD-UX) software objects that compose HP-UX software.

• Fileset

— A fileset is a grouping of one or more files contained in a product. A fileset groups a

subset of a product's files into a manageable unit.

— Filesets include the files and control scripts that make up a product. For more information

about control scripts, see the Software Distributor Administration Guide on the HP Business

Support Center website at http://www.hp.com/go/sd-docs. — Filesets must exist within a product. — Although a patch has a unique name, the names of the filesets contained in a patch

match the corresponding base filesets that they patch.

• Product

— A product is a software object that is packaged and distributed for users to acquire and

install. — Products are composed of one or more filesets and might additionally contain one or

more control scripts. — A product can exist either within a bundle or as its own entity.

• Bundle

— A bundle is an encapsulation of products into a single software object. — Bundles are, sometimes, optional software objects. — Product objects are included in a bundle by reference only. — If the products within the bundle are all patches, the bundle is known as a patch bundle.

For more information about these software objects, see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/sd-docs.

Patch-related concepts 17

Patch bundles

Patch bundles play an important role in patch management. A patch bundle is a collection of patches that have been grouped into a single software object to meet a specific need. Many HP-UX users find that acquiring and installing these bundles, as opposed to acquiring and installing patches individually, simplifies the patch management process.

Your first encounter withpatch bundles might be with the standard HP-UX patch bundles. These bundles contain patches that HP has assembled to meet a specific need. For example, the basic purpose of Quality Pack patch bundles is to deliver defect-fix patches for proactive maintenance. HP releases updated versions of the bundles on a regular schedule and tests them to ensure a high level of reliability. Using standard HP-UX patch bundles can be a less error-prone and more efficient way to patch a system than acquiring and installing individual patches. For more information, see Chapter 5: “What are standard HP-UX patch bundles?” (page 52).

Each patch bundle includes all patch dependencies for the successful installation of all patches that apply to a system. Additionally, some patch bundles, such as HWEnable11i and FEATURE11i, deliver patches for the successful installation of product bundles that include I/O driver products, for example, USB-00. The selection ofproduct bundles with patch dependencies will result in the automatic selection of required patches from the applicable patch bundle. This automatic selection of patch dependencies can simplify the management and installation of products or patches with patch dependencies.

Patch bundles also make it easier for you to determine the current level of patches on a system. For example, there could be hundreds of individual patches contained in an installed bundle, but the swlist command lists, by default, only the bundle name rather than each individual patch contained in the bundle.

For example, if you installed the December 2003 Quality Pack patch bundles on an HP-UX 11i v1 (B.11.11) system, output for the bundles would be similar to the following:

GOLDAPPS11i B.11.11.0312.4 Gold Applications Patches for HP-UX 11i v1, December 2003 GOLDBASE11i B.11.11.0312.4 Gold Base Patches for HP-UX 11i v1, December 2003

For more information about listing the products on a system, see “Which patches are on a system?”

(page 21).

You might also find yourself working with patch bundles if you use the ITRC Patch Assessment Tool, which allows you to create your own custom patch bundles. For more information, see

Chapter 10: “The Patch Assessment Tool” (page 88).

Software depots and patch depots

Software depots, or simply depots,are an integral part of patchmanagement. A depot is a special type of file or directory that has been formatted for use by SD-UX as a software repository. In the general case, depots contain a diverse array of software products. A depot can exist as a directory tree on a SD-UX file system or on CD or DVD media, and it can exist as a tape archive (tar) archive on serial media (tape). All depots share a single logical format, independent of the type of media on which the depot resides. Depots can reside on a local or remote system. You can package software directly into a depot or copy packaged software into the depot from elsewhere. This guide focuses on depots as repositories for patches and patch bundles. Such depots can be referred to as patch depots.

Patch depots are a very effective mechanism for managing patches. You can create your own custom patch depots to meet various patch management needs. You can also create special depots to be located on a patch server that acts as a source for patch or bundle installations on other systems.

HP uses patch depots to deliver patches and patch bundles. For more information about depots, see Chapter 7: “Using software depots for patch management” (page 64).

18 HP-UX patch overview

Patch status

Patches have an associated status. The initial value of a patch's status does not change, but over the life of the patch, modifiers might be added (as described in this section). You can find the value for a patch's status in the Status field. This field is in the patch’s patch details page on the ITRC and in the patch text file. To obtain the most up-to-date values for patch status, use the patch details page. A patch status has the following values and modifiers to describe it.

Initial values for patch status include the following:

• General Release (GR)

• Special Release (SR)

Modifiers for patch status values include the following:

• Superseded

• With Warnings

HP has approved GR patches for widespread use.

HP intends an SR patch for limited distribution. It is available only through special channels.

Indicates that the patch has been replaced by a newer patch. For more information about supersession, see “Ancestors and supersession” (page 25).

Results in the additional patch status values General Superseded and Special Superseded.

Indicates that the patch has an associated warning. For more information about warnings, see “Patch warnings” (page 38).

Most patches have a status of General Release or General Superseded.

Patch state

A patch that has been installed on a target system is assigned an attribute called patch_state that provides information about a patch. For example, the patch_state tells you whether the patch hasbeen committed or superseded. For more information about attributes, see “Patch-related

attributes” (page 29).

There are four values for patch_state:

• applied

• committed

• superseded

Results in the additional patch status values General Release With Warnings and Special Release With Warnings.

The patch is currently activeon the system and is the most recent member of its supersession chain to have been loaded.

The patch's rollback files have been deleted, or the patch was installed without saving rollback files. The patch cannot be directly removed from the system. For more information about patch rollback, see “Patch rollback and commitment” (page 33).

The patch has been superseded by another patch that has been installed on the system. The patch is no longer active. For more information about supersession, see “Ancestors and

supersession” (page 25).

• committed/superseded

The patch has been committed and superseded by another patch installed on the system.

Patch-related concepts 19

State

IMPORTANT: For HP-UX11.0 systems, you must install patch PHCO_22526or a superseding patch for proper functionality regarding the committed/superseded patch_state.

Use the following SD-UX commands to determine patch_state values:

• Show the patch_state value for patch patch_id by entering this command:

swlist -l fileset -a patch_state patch_id

• Show the patch_state values for all patches on the local system by entering this command:

swlist -l fileset -a patch_state *,c=patch

For more information regarding the swlist command, see “Which patches are on a system?”

(page 21).

Filesets (patch and nonpatch) have an attribute called state that indicates the current installation state of a fileset. During installation, software is transitioned through the following states: transient, installed, and configured. During removal, software is transitioned through these states: configured, installed, and transient.

An SD-UX operation leaves a fileset in one of the following states:

• installed

Software has been successfully installed but not yet configured.

• configured

Software has been successfully installed and configured. No further operations are required.

• corrupt

SD-UX has encountered an unexpected condition during software installation checks.

• transient

When SD-UX moves software from one location to another, the software is in a transient state. If an interruption occurs during the transfer, the state remains transient.

For more information about these states, see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/sd-docs.

Use the following swlist command to view the state associated with patch patch_id:

swlist -l fileset -a state | grep patch_id

For more information about the swlist command,see “Which patches are on a system?”

(page 21).

Category tags

Patches have categories, or category tags, associated with them to simplify the process of determining the general purpose of a specific patch. A patch might have multiple categories specified. This section provides a list of common patch categories. A patch always has the category tag patch.

Although you can use category tags in conjunction with several SD-UX commands, including the swinstall and swcopy commands, you should only use category tags with the swlist command.

Because of the cumulative nature of patches, many category tags for a patch are inherited from the patch's ancestors. Therefore, if patch A is created to deliver a critical fix, it will have a critical tag, and all patches superseding it will also have a critical tag.

20 HP-UX patch overview

You can determine patch categories for a given patch in the following ways:

• Viewing the Category Tags field on the patch details page or inthe text file for the patch.

• Using the swlist command:

swlist -l product -a category_tag patch_id

This command also shows any category tags that have been manually added to the patch by a user. For swlist examples that use category tags and for more information about the swlist command, see “Which patches are on a system?” (page 21).

The following list provides a subset of patch-related categories:

• patch

This category tag is always present for patches because software objects with the is_patch attribute set to true have the built-in, reserved category of patch. For more information about attributes, see “Patch-related attributes” (page 29).

• hardware_enablement

A patch that provides support for new hardware.

• enhancement

A patch that provides an enhancement.

• special_release

— A patch with restricted distribution, usually intended for installation by one specific

customer or set of customers. — Information for special_release patches is not always available using the ITRC's

Patch Database or other official HP information sources. However, you might encounter

references to these patches when viewing information related to other patches. — A patch cannot inherit this tag.

• critical

— A patch that repairs a critical problem. For more information, see “Critical and noncritical

patches” (page 36).

A patch that has a critical tag also has one or more of the following tags: panic,

halts_system, corruption, memory_leak.

• firmware

A patch that provides model-specific firmware updates.

• manual_dependencies

— A patch that contains one or more dependencies that are not enforced by SD-UX tools.

For more information, see “Patch dependencies” (page 31). — A patch cannot inherit this tag.

Which patches are on a system?

SD-UX is included with the HP-UX operating system and provides a powerful set of tools for centralized HP-UX software management. Many SD-UX commands start with sw; for example: swlist, swinstall, swreg, swremove, swcopy, and swverify. For more information about SD-UX, see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/sd-docs.

The swlist command can be invaluable in determining which patches and patch bundles are on an HP-UX system. You can use the swlist command to display information about software products that are installed on a local or remote host, or that are stored in a local or remote depot. You can use the various command arguments and options to customize the information returned. See the swlist(1M) manpage.

Which patches are on a system? 21

This section presents some examples of swlist to display information about patches, bundles, and depots.

NOTE: For brevity and improved readability, some lines of SD-UX command output have been shortened or removed.

Examples of the swlist command

Use the swlist command with no arguments to get a default listing of all top-level software installed on the local host:

swlist

For example:

$ swlist # Initializing... # Contacting target "some_system"... # # Target: some_system:/

# Bundle(s): BUNDLE11i B.11.11.0102.2 Required Patch Bundle for HP-UX 11i, February 2001 GOLDAPPS11i B.11.11.0312.4 Gold Applications Patches for HP-UX 11i v1, Dec 2003 GOLDBASE11i B.11.11.0312.4 Gold Base Patches for HP-UX 11i v1, December 2003 HWEnable11i B.11.11.0309.4 Hardware Enablement Patches for HP-UX 11i, Sep 2003 MOZILLA 1.4.0.00.00 Mozilla 1.4 for HP-UX T1471AA A.03.50.000 HP-UX Secure Shell

# Product(s) not contained in a Bundle: PHCO_28848 1.0 Software Distributor Cumulative Patch PHCO_29010 1.0 shar(1) patch PHCO_29495 1.0 libc cumulative patch PHSS_28677 1.0 CDE Applications Periodic Patch vim 5.8 Vi IMproved

The swlist command has many arguments. This chapter considers only the following arguments and operands:

swlist [-d] [-l level] [-a attribute] [-s source] [software_selections] [-x option=value] [@ target_selections]

• -d

Directs the swlist command to operate on a software depot rather than on software currently installed on the system. When you use this argument, you must also use the @ target_selections argument to specify the depot.

• -l level

— Lists all software objects down to the specified level. The following is a partial list of

supported level values:

◦ depot: Lists software available from registered depots. ◦ bundle: Shows only bundles. ◦ product: Shows only products. ◦ patch: Shows all applied patches. ◦ fileset: Shows products and filesets. ◦ file: Shows products, filesets, files, and numbers (used in software licensing). ◦ category: Shows all categories of available patches for patches thathave included

category objects in their definition.

— Specifies multiple values for level:

-l bundle -l product: Shows bundles and the products they contain.

22 HP-UX patch overview

• -a attribute

Specifies one or more attributes to display. For more information about attributes, see

“Patch-related attributes” (page 29).

• -s source

Specifies the software source to list. Use this argument as an alternative way to list a depot.

• software_selections

— Specifies software objects to be listed. — Applies only if the level is bundle, product, fileset, file, or patch. — Use wildcards [ ], *, ? in the specification of the software_selections if you

want to make multiple selections. For example:

◦ A specification of bun[12] selects software bun1 and bun2.

◦ A specification of \* selects all software.

— Views the manpages for sd(5) using the command:

man 5 sd

• -x option=value

— Sets the option to specified value. — The default behavior of the swlist command is to show only the latest patches installed

on a system. It does not show patches that have been superseded. To list superseded

patches, set the show_superseded_patches option to true:

swlist -x show_superseded_patches=true

— Specifies multiple -x options if needed.

• @ target_selections

— Specifies the target of the command. You can specify the swlist command operate on

a system other than the local host or on a depot. For example, to specify the swlist

command operate on the system host1:

swlist @ host1

— Operates on the software depot depot1 located in directory some_directory on the

local host:

swlist @ /some_directory/depot1

— Operates on the depot depot2 located in directory some_directory on the system

host1:

swlist @ host1:/some_directory/depot2

For a complete list of swlist arguments, consult the swlist(1M) manpage or the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/

go/sd-docs.

To filter the output to display only patches, use the -l argument in combination with a software selection using the category tag patch:

swlist -l level *,c=category_tag

For example:

$ swlist -l product *,c=patch # Initializing... # Contacting target "some_system"... # # Target: some_system:/ PHCO_28848 1.0 Software Distributor Cumulative Patch PHCO_29010 1.0 shar(1) patch PHCO_29495 1.0 libc cumulative patch

Which patches are on a system? 23

PHSS_28677 1.0 CDE Applications Periodic Patch ...

The following command shows patches that have a manual_dependencies category tag:

swlist -l level *,c=category_tag

For example:

$ swlist -l product *,c=manual_dependencies # Initializing... # Contacting target "chb26006"... # # Target: chb26006:/ PHCO_24198 1.0 ioscan(1M) patch PHCO_25831 1.0 SCSI Ultra160 driver Online Addition script PHCO_25841 1.0 Add Rock Ridge extension to mount_cdfs(1M) PHCO_26252 1.0 mount_vxfs(1M) cumulative patch ...

The following command shows bundles on the system specified:

swlist -l level @ target_selections

For example:

$ swlist -l bundle @ some_system # Initializing... # Contacting target "some_system"... # # Target: some_system:/ BUNDLE11i B.11.11.0102.2 Required Patch Bundle for HP-UX 11i, Feb 2001 GOLDAPPS11i B.11.11.0312.4 Gold Applications Patches for HP-UX 11i v1, Dec 2003 GOLDBASE11i B.11.11.0312.4 Gold Base Patches for HP-UX 11i v1, Dec 2003 HWEnable11i B.11.11.0309.4 Hardware Enablement Patches for HP-UX 11i, Sep 2003 MOZILLA 1.4.0.00.00 Mozilla 1.4 for HP-UX T1471AA A.03.50.000 HP-UX Secure Shell

Table 3-1: “Variations of the swlist command” (page 24) lists numerous swlist command

variations that you might find useful. These examples can also help you learn how to combine various swlist arguments.

Table 3-1 Variations of the swlist command

swlist -l depot

swlist -l depot @ some_host

swlist -d -l product @ \some_host:/some_directory/some_depot

swlist -l product -s \some_host:/some_directory/some_depot

swlist -d -l product *,c=patch @ \some_host:/some_directory/some_depot

swlist -d -l category @ \some_host:/some_directory/some_depot

swlist -a readme -l product *,c=critical

Descriptionswlist Commands

Displays the registered depots located on thelocal system.

Displays the registered depots located on the system some_host.

Alternates commands that list the products stored in the software depot /some_directory/some_depot on the system some_host.

Lists all patches in the depot

/some_directory/some_depot on the system some_host.

Lists all category tags associated with the contents of the depot /some_directory/some_depot on the system some_host.

Displays thereadme documentationfor patch patch_id.swlist -a readme -l product patch_id

Displays the readme documentation for all patches installed on the local system which contain critical functionality.

Lists the products contained in bundle some_bundle.swlist -l product some_bundle

24 HP-UX patch overview

Table 3-1 Variations of the swlist command (continued)

Descriptionswlist Commands

Lists the category tags for patch patch_id.swlist -l product -a category_tag patch_id

swlist -l product -a category_tag \*,c=patch

Ancestors and supersession

The related concepts of ancestors and supersession are integral to patches and patch management. It is important that you gain a basic understanding of both. It might also be helpful for you to recall information presented in “HP-UX software structure” (page 17).

Ancestors

The ancestor of a patch is the original softwareproduct that a patch modifies. Ancestry is defined only at the fileset level. Each patch fileset has only one ancestor fileset that composes the base software that a patch modifies. However, there might be one or more versions of this ancestor fileset. The patch fileset has the same extension as its ancestor. For example, fileset Xserver.AGRM is the ancestor of patch fileset PHSS_29183.AGRM. You can see an additional example in

“Advanced topic: determining patch ancestors” (page 25).

Ancestry impacts both patch installation and patch removal. A patch fileset cannot be installed on a system unless its ancestor fileset software either is already installed or is being installed during the same operation. Similarly, when an ancestor fileset is removed, all the patches that have been applied to it are also removed.

Advanced topic: determining patch ancestors

Lists the patches installed on the local system and their corresponding category tags.

You can determine a patch fileset's ancestor using the patch's ancestor attribute with the swlist command. The following command lists the ancestor filesets for the filesets of patch patch_id:

swlist -l fileset -a attributepatch_id

For example:

$ swlist -l fileset -a ancestor PHSS_29183 # Initializing... # Contacting target "chb26006"... # Target: chb26006:/

# PHSS_29183 PHSS_29183.AGRM Xserver.AGRM,fr=B.11.11,v=HP PHSS_29183.DDX-ADVANCED Xserver.DDX-ADVANCED,fr=B.11.11,v=HP PHSS_29183.DDX-ENTRY Xserver.DDX-ENTRY,fr=B.11.11,v=HP PHSS_29183.DDX-LOAD Xserver.DDX-LOAD,fr=B.11.11,v=HP PHSS_29183.DDX-SAM Xserver.DDX-SAM,fr=B.11.11,v=HP PHSS_29183.DDX-SLS Xserver.DDX-SLS,fr=B.11.11,v=HP PHSS_29183.DDX-UTILS Xserver.DDX-UTILS,fr=B.11.11,v=HP PHSS_29183.X11-SERV Xserver.X11-SERV,fr=B.11.11,v=HP PHSS_29183.X11-SERV-MAN Xserver.X11-SERV-MAN,fr=B.11.11,v=HP PHSS_29183.XEXT-DBE Xserver.XEXT-DBE,fr=B.11.11,v=HP PHSS_29183.XEXT-DBE-MAN Xserver.XEXT-DBE-MAN,fr=B.11.11,v=HP PHSS_29183.XEXT-DPMS Xserver.XEXT-DPMS,fr=B.11.11,v=HP PHSS_29183.XEXT-DPMS-MAN Xserver.XEXT-DPMS-MAN,fr=B.11.11,v=HP PHSS_29183.XEXT-HPCR Xserver.XEXT-HPCR,fr=B.11.11,v=HP PHSS_29183.XEXT-HPCR-MAN Xserver.XEXT-HPCR-MAN,fr=B.11.11,v=HP PHSS_29183.XEXT-MBX Xserver.XEXT-MBX,fr=B.11.11,v=HP PHSS_29183.XEXT-RECORD Xserver.XEXT-RECORD,fr=B.11.11,v=HP

Patch filesets that have been applied to an ancestor fileset are listed in the ancestor's applied_patches attribute. Enter the following command:

Ancestors and supersession 25

swlist -a applied_patches fileset_name

For example:

$ swlist -a applied_patches Xserver.AGRM # Initializing... # Contacting target "chb26006"... # Target: chb26006:/

Xserver.Runtime.AGRM PHSS_21817.AGRM,fa=HP-UX_B.11.11_32/64 PHSS_26619.AGRM,fa=HP-UX_B.11.11_32/64 PHSS_26622.AGRM,fa=HP-UX_B.11.11_32/64 PHSS_26638.AGRM,fa=HP-UX_B.11.11_32/64 PHSS_29169.AGRM,fa=HP-UX_B.11.11_32/64 PHSS_29183.AGRM,fa=HP-UX_B.11.11_32/64

For more information see the Software Distributor Administration Guide on the HP Business Support Center website at http://www.hp.com/go/sd-docs.

Supersession

Supersession is the process of replacing an earlier patchwith a new patch. A new patchsupersedes all previous patches for its particular patch chain. Upon installation of the new (superseding) patch, its files replace files of the patches being superseded. Patches for HP-UX products are always cumulative. Each new patch contains all aspects of all its preceding patches.

A series of patches form a supersession chain. A supersession chain includes the following:

• The nonpatch software product being patched.

• Each patch that fixes the nonpatch software product.

• Each patch that fixes the patches.

Figure 3-1 shows a simple, hypothetical supersession chain in which a product has been

superseded by PHXX_31937, which in turn has been superseded by PHXX_32384, which has been supersededby PHXX_43826. In general, patch numbers increase along a patch supersession chain.

26 HP-UX patch overview

Figure 3-1 Patch Supersession Chain in a Patch Family

The cumulative nature of a patch allows it to satisfy all dependencies on all patches it supersedes. The converse is not true, however. A superseded patch will not satisfy a dependency on a superseding patch.For more information aboutdependencies, see “Patch dependencies” (page 31).

You can determine which patches a given patch supersedes by viewing either the patch's patch details page or the patch's patch text file. See the Supersedes field for more information.

Advanced topic: displaying supersession information

By default, the swlist command does not show superseded patches, but you can use the show_superseded_patches option to show them. Enter this command:

swlist -l patch -x show_superseded_patches=true

You can also use the HP-UX Patch Tool show_patches to show superseded patches. To show superseded patches, enter this command:

show_patches -s

You can list the filesets that have directly superseded the filesets of a given patch installed on the system. This is done by using the swlist command to show the superseded_by attribute of the patch.In thefollowing example, patch PHSS_27875 is superseded by patch PHSS_28681:

swlist -l level -a attribute \ -x option=valuepatch_id

For example:

$ swlist -l fileset -a superseded_by \

-x show_superseded_patches=true PHSS_27875

# Initializing... # Contacting target "some_system"... # # Target: some_system:/ #

# PHSS_27875 PHSS_27875.X11-JPN-S-MSG PHSS_28681.X11-JPN-S-MSG,fa=HP-UX_B.11.11_32/64

Ancestors and supersession 27

PHSS_27875.X11-RUN-CL PHSS_28681.X11-RUN-CL,fa=HP-UX_B.11.11_32/64 PHSS_27875.X11-TCH-B-MSG PHSS_28681.X11-TCH-B-MSG,fa=HP-UX_B.11.11_32/64

You can also show the filesets that a given patch has superseded. These superseded filesets will be listed whether or not they are installed on a system. This is done by using the swlist command to list the supersedes attribute of the patch. Note that the first patch of any particular patch supersession chain does not have a supersedes attribute. In the following example, patch PHSS_28681 is shown to supersede patches PHSS_27875, PHSS_26498, and PHSS_25201. (The output has been reformatted to improve readability.)

swlist -l level -a attributepatch_id

For example:

$ swlist -l fileset -a supersedes PHSS_28681 # Initializing... # Contacting target "some_system"... # # Target: some_system:/ # # PHSS_28681 PHSS_28681.X11-JPN-S-MSG PHSS_27875.X11-JPN-S-MSG,fr=* PHSS_26498.X11-JPN-S-MSG,fr=* PHSS_28681.X11-RUN-CL PHSS_27875.X11-RUN-CL,fr=* PHSS_26498.X11-RUN-CL,fr=* PHSS_25201.X11-RUN-CL,fr=* PHSS_28681.X11-TCH-B-MSG PHSS_27875.X11-TCH-B-MSG,fr=* PHSS_26498.X11-TCH-B-MSG,fr=*

Advanced topic: supersession and the patch_state attribute

When a superseding patch is applied to a system, the superseded patch (if there was one) remains on the system but is not active. Only the top patch of the chain is in the active (applied) state. For more information about patch state, see “Patch state” (page 19).

You can use the following swlist command to show the patch_state attribute for patch patch_id:

swlist -a patch_state -x show_superseded_patches=true patch_id

It is important to note that the availability of a newer, superseding patch does not preclude the use of the older patch. Depending on the circumstances, a superseded patch might be a better choice than the patch superseding it. Older patches have had more exposure to varied, real-world use. When they have been shown to induce no ill effects, they are generally safer than newer patches that supersede them. Thus, if two patches in a supersession chain solve the problem you are facing, you might find that the older patch is the better choice.

Because HP-UX patches are cumulative, a superseding patch negates the need for the previous patch. As an example, patch PHSS_29377 delivers all the features and fixes of all other patches shown in Figure 3-2: “HP-UX Patch Supersession Chain” (page 29). This patch will also satisfy any dependencies on all patches in the supersession chain.

SD-UX does not allow you to install a patch that has been superseded by another patch already installed on a system. Using Figure 3-2: “HP-UX Patch Supersession Chain” (page 29) as an example, if you have patch PHSS_29377 installed on a system SD-UX will not allow you to install patch PHSS_29323.

Patch supersession chains can be more complex than the one shown in Figure 3-2: “HP-UX Patch

Supersession Chain” (page 29).

28 HP-UX patch overview

Figure 3-2 HP-UX Patch Supersession Chain

The supersession chain in Figure 3-2: “HP-UX Patch Supersession Chain” (page 29) is composed of two separate supersession chains that were combined when patch PHSS_29156 superseded both PHSS_29026 and PHSS_29008. Again, because of the cumulative nature of HP-UX patches, patch PHSS_29377 delivers all the features and fixes delivered by the other six patches in this supersession chain.

Patch-related attributes

Each of the SD-UX objects described in “HP-UX software structure” (page 17) has a set of properties known as attributes that provide information about the object's characteristics. For patches, these attributes control aspects of patch behavior and define patch properties and relationships. (See “State” (page 20) and “Patch state” (page 19).)

For informationabout how you can use attributes with the swlist command, see “Which patches

are on a system?” (page 21).

Patch-related attributes 29

The following list describes a subset of available attributes:

• ancestor

— Applies to filesets. — Identifies the fileset that must be on the system for the patch to be installable.

• category_tag

— Applies to products or filesets. — Provides a label for a fileset or product. Several tags are defined during patch creation;

users can create others with the swmodify command.

— See “Category tags” (page 20).

• is_patch

— Applies to both patch products and filesets. — When set to true, is_patch enables patch behavior.

• is_reboot

— Applies to filesets. — When set to true, is_reboot indicates that installation of the fileset will cause the

system to reboot.

• patch_state

— Applies to patch filesets. — Records the condition of patches. — See “Patch state” (page 19).

• readme

— Applies to products. — Contains the patch's original text file.

• software_spec

— Applies to bundles, products, or filesets. — Contains the fully qualified identifier for the bundle, product, or fileset. Uniquely

identifies a specific instance of a software object.

• state

— Applies to filesets. — Provides useful information about the installation state of software. — See “State” (page 20).

• supersedes

— Applies to patch filesets. — Lists all prior filesets that a patch fileset supersedes. — See “Ancestors and supersession” (page 25).

• superseded_by

— Applies to patch filesets. — Records the software specification of the fileset that superseded the fileset on a given

system. This attribute is set only for installed patch filesets, and never in software depots.

— See “Ancestors and supersession” (page 25).

You can show these attributes with the swlist command using the -a attribute argument, replacing attribute with one of the previously listed attributes. For more information about the swlist command, see “Which patches are on a system?” (page 21).

30 HP-UX patch overview

+ 80 hidden pages