Patch Management User Guide for HP-UX 11.x Systems (5900-3011, April 2013)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP-UX patches and patch management
- 2 Quick start guide for patching HP-UX systems
- 3 HP-UX patch overview
- 4 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 5 What are standard HP-UX patch bundles?
- 6 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 7 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 8 Using HP-UX Software Assistant for patch management
- 9 Using Dynamic Root Disk for patch management
- 10 The Patch Assessment Tool
- 11 Support and other resources
- A Patch usage models
- Glossary
- Index
Impact of dependencies on acquiring patches
HP strongly recommends that you use the HPSC as your primary source for acquiring patches. If
you acquire individual patches using the HPSC's Patch Database, the patches required to meet
the dependencies of these patches are automatically selected for download along with the patches
you selected manually. The analysis performed by the Patch Database to select these patches takes
into account supersession and patch warnings. Unless you have a specific reason to do otherwise,
you should download these automatically selected patches along with the patches you explicitly
selected. This automatic selection of patches represents one of the many time saving features
provided by the HPSC.
For a description of how to identify and acquire the additional patches that might be needed to
satisfy dependencies, see “Advanced topic: checking for all patch dependencies” (page 61).
NOTE: If you download patches from sources other than the HPSC, you are completely responsible
for identifying and downloading the patches required to satisfy all dependencies.
Standard HP-UX patch bundles, such as the Quality Pack, do not require users to perform any
dependency analysis. All patches required to satisfy all dependencies are included in the bundles.
Using standard HP-UX patch bundles increases confidence that you have obtained and installed
all necessary patches to satisfy all dependencies.
Patch rollback and commitment
Patch rollback
You might occasionally want to remove a patch and restore the system to its prepatched state. This
process is known as patch rollback. For example, if you installed a patch that resulted in
unacceptable system behavior, you might choose to roll back this patch. However, rollback is
possible only if certain files were saved as part of the patch installation process. During patch
installation, the default behavior is to save copies of all files that are replaced by the new patch
before the new versions of these files are loaded. These saved files are called rollback files and
are the key to making patch rollback possible. When you roll back a patch, these rollback files
are restored to the system. You should override the default behavior only if you have a complete
understanding of the patch rollback process.
You cannot roll back a patch unless one of the following is true:
• Rollback files corresponding to the patch are available for reinstallation.
• Base software and the patch that modifies the software are removed at the same time (removing
the base software also removes the patches associated with that software).
• For superseded patches, you must first roll back the superseding patch.
You can use the swremove command to roll back a patch (if no dependencies exist for the patch).
Use the following command to roll back the patch patch_id:
swremove patch_id
As is true for many SD-UX commands, you can add the -p option to execute the command in
preview-only mode. This mode allows you to view output from the command without actual changes
occurring. You should initially execute the command in preview mode:
swremove -p patch_id
Advanced topic: patch installation and rollback files
When installing patches, you can explicitly specify that rollback files not be saved. To do this, you
add the -x patch_save_files=false option to the swinstall command:
$ swinstall -s /tmp/temporary_depot/depot -x autoreboot=true \
-x patch_match_target=true x patch_save_files=false
Only use the false option if you will never remove a patch under any circumstances.
34 HP-UX patch overview