Prev: OpenSolaris vs Solaris?
Next: internet problem
From: Martin Paul on 6 May 2008 06:28
Mike wrote:
> Using PCA on Solaris 10, what's the best way to recover from patches
> failing to be added because what you have installed are _earlier_
> than patch expects?

The "safe" option in pca is far from perfect, mostly because the
information it has to work with isn't reliable (garbage in - garbage
out). I'm well aware that it will produce false positives from time to
time, which is much better than false negatives (i.e. not showing files
which could be overwritten by a patch).

I add special rules for some patches if needed (you'd get a different,
still not perfect, result with the current development release), but at
the end there will always be a few cases where you have to decide what
to do. If you are sure that it's fine to install the patch, just re-run
pca without --safe/-s.

> I don't get some of the checks that safe install makes. Surely
> checking the modification and size of the password file is daft as
> they're very likely going to be different from "expected"?

It's clear to you, and pca could judge from the "e" (editable) file type
that the patch will probably edit but not overwrite the file either, but
I found the information in the contents file (and pkgchk) too unreliable
to make pca too smart in that regard.

And after all, pca (or pkgchk) revealed an actual problem:

> ERROR: /usr/bin/lpset
> permissions <4511> expected <0511> actual
> ERROR: /usr/sbin/allocate
> permissions <4555> expected <0555> actual

Seems as if you removed the setuid bit from these binaries, and you
should be aware that they will probably be set again after installing
127127.

Hope that helps,

Martin.
--
SysAdmin | Institute of Scientific Computing, University of Vienna
PCA | Analyze, download and install patches for Solaris
| http://www.par.univie.ac.at/solaris/pca/
 | 
Pages: 1
Prev: OpenSolaris vs Solaris?
Next: internet problem