Patch Management User Guide for HP-UX 11.x Systems (762796-001, March 2014)
Table Of Contents
- Patch Management User Guide for HP-UX 11.x Systems
- Contents
- 1 HP secure development lifecycle
- 2 HP-UX patches and patch management
- 3 Quick start guide for patching HP-UX systems
- 4 HP-UX patch overview
- 5 Patch management overview
- Patch management life cycle
- HP service contracts
- Patch management and software change management strategies
- Establishing a software change management strategy
- Recommendations for software change management
- Consideration of HP patch rating
- Patch management and software depots
- Proactive patching strategy
- Reactive patching strategy
- Advanced topic: security patching strategy
- Advanced topic: scanning for security patches
- Testing the patches to be installed
- 6 What are standard HP-UX patch bundles?
- 7 Using the HP Support Center
- Obtaining an HPSC user account
- Useful pages on the HPSC
- Find individual patches
- Advanced topic: checking for special installation instructions
- Advanced topic: checking for all patch dependencies
- Standard patch bundles
- Custom patch bundles - run a patch assessment
- Support information digests
- Ask your peers in the forums
- Search knowledge base
- 8 Using software depots for patch management
- Common software distributor commands for patching
- Depot types
- Using depots
- Viewing depots
- Creating and adding to a directory depot
- Registering and unregistering directory depots
- Verifying directory depots
- Removing software from a directory depot
- Removing a directory depot
- Installing patches from a depot
- Custom patch bundles
- 9 Using HP-UX Software Assistant for patch management
- 10 Using Dynamic Root Disk for patch management
- 11 The Patch Assessment Tool
- 12 Support and other resources
- 13 Documentation Feedback
- A Patch usage models
- Glossary
- Index
Types of dependencies
HP provides patch dependency information for a patch in its patch details page and its patch text
file. The dependency information is contained in the following fields:
• Patch Dependencies
Patches that are required for proper operation.
• Other Dependencies
Various dependencies that cannot be described as patch dependencies, such as those that
are needed only under specific circumstances.
NOTE: While looking at a patch details page or a patch text file, you might notice an additional
field that is dependency related. The Hardware Dependencies field represents a different type of
dependency than those presented in this section. It does not show dependencies on other patches,
but rather gives specific system models to which a patch is limited.
Corequisites and prerequisites
A corequisite fileset must be available for installation to start and must be present when installation
is complete. No installation ordering is predictable.
A prerequisite adds a requirement that the order of installation be controlled. The prerequisite
fileset must be installed before the requesting fileset. This implies that some content of the prerequisite
is used or modified during the installation process.
Advanced topic: determining corequisite and prerequisite filesets with the swlist command
You can use the following command to determine the dependent filesets. Replace
dependency_type with either corequisite or prerequisite, as appropriate.
swlist -vl fileset -a dependency_type
fileset
For example:
$ swlist -vl fileset -a corequisite PHSS_29964.DCEC-ENG-A-MAN
# Initializing...
# Contacting target "some_system"...
# PHSS_29964.DCEC-ENG-A-MAN
fileset
corequisites PHCO_24400.CORE-SHLIBS,fa=HP-UX_B.11.11_32/64
Enforced and unenforced (manual) dependencies
A patch's dependency upon another patch will either be enforced or unenforced by SD-UX. Starting
with HP-UX 11i v1 (B.11.11), SD-UX install commands supported the use of requisites for
automatically enforcing dependencies. Prior to HP-UX 11i v1, users had to maintain dependencies
manually.
• Enforced dependencies
Dependencies that are registered using corequisite or prerequisite attributes and managed
by SD-UX.
• Unenforced dependencies (also known as manual dependencies)
Dependencies that SD-UX does not register as requisites and thus cannot enforce when
performing patch installation. You can identify these types of dependencies by checking the
manual_dependency category tag. The user must ensure that the required patches are
installed to satisfy these manual dependencies.
34 HP-UX patch overview