HP UX Patch Management Enforced and unenforced manual dependencies

Page 32

A prerequisite adds a requirement that the order of installation be controlled. The prerequisite fileset must be installed before the requesting fileset. This implies that some content of the prerequisite is used or modified during the installation process.

Advanced topic: determining corequisite and prerequisite filesets with the swlist command

You can use the following command to determine the dependent filesets. Replace dependency_type with either corequisite or prerequisite, as appropriate.

swlist -vl fileset -a dependency_type fileset

For example:

$ swlist -vl fileset -a corequisite PHSS_29964.DCEC-ENG-A-MAN

#Initializing...

#Contacting target "some_system"...

#PHSS_29964.DCEC-ENG-A-MAN fileset

corequisites PHCO_24400.CORE-SHLIBS,fa=HP-UX_B.11.11_32/64

Enforced and unenforced (manual) dependencies

A patch's dependency upon another patch will either be enforced or unenforced by SD-UX. Starting with HP-UX 11i v1 (B.11.11), SD-UX install commands supported the use of requisites for automatically enforcing dependencies. Prior to HP-UX 11i v1, users had to maintain dependencies manually.

Enforced dependencies

Dependencies that are registered using corequisite or prerequisite attributes and managed by SD-UX.

Unenforced dependencies (also known as manual dependencies)

Dependencies that SD-UX does not register as requisites and thus cannot enforce when performing patch installation. You can identify these types of dependencies by checking the manual_dependency category tag. The user must ensure that the required patches are installed to satisfy these manual dependencies.

Impact of dependencies on acquiring patches

HP strongly recommends that you use the ITRC as your primary source for acquiring patches. If you acquire individual patches using the ITRC's Patch Database, the patches required to meet the dependencies of these patches are automatically selected for download along with the patches you selected manually. The analysis performed by the Patch Database to select these patches takes into account supersession and patch warnings. Unless you have a specific reason to do otherwise, you should download these automatically selected patches along with the patches you explicitly selected. This automatic selection of patches represents one of the many time saving features provided by the ITRC.

For a description of how to identify and acquire the additional patches that might be needed to satisfy dependencies, see “Advanced topic: checking for all patch dependencies” (page 59).

NOTE: If you download patches from sources other than the ITRC, you are completely responsible for identifying and downloading the patches required to satisfy all dependencies.

Standard HP-UX patch bundles, such as the Quality Pack, do not require users to perform any dependency analysis. All patches required to satisfy all dependencies are included in the bundles. Using standard HP-UX patch bundles increases confidence that you have obtained and installed all necessary patches to satisfy all dependencies.

32 HP-UX patch overview

Image 32
Contents Patch Management User Guide for HP-UX 11.x Systems Revision history Table of Contents What are standard HP-UX patch bundles? Using Dynamic Root Disk for patch management 104 107HP-UX patches and patch management Patch management strategiesHow to get patches Where to startQuick start guide for patching HP-UX systems OverviewBefore you begin Should you use standard HP-UX patch bundles?Acquiring the bundles Acquiring and installing standard HP-UX patch bundlesStandard HP-UX patch bundles Installing the bundles As root, run the createdepothp-ux11scriptAdvanced topic using Dynamic Root Disk DRD SwlistAcquiring and installing individual patches Acquiring the patchesQuick start guide for patching HP-UX systems Installing the patches Swverify -d \* @ /tmp/somepatchdirectory/depotAdvanced topic using Dynamic Root Disk DRD HP-UX patch overview Patch-related conceptsPatch identification HP-UX software structurePatch bundles Software depots and patch depotsPatch status Patch stateSwlist -l fileset -a state grep patchid StateCategory tags Which patches are on a system? Swlist -l product -a categorytag patchidExamples of the swlist command For example$ swlist -l product *,c=patch $ swlist -l product *,c=manualdependencies $ swlist -l bundle @ somesystem$ swlist -l fileset -a ancestor PHSS29183 Ancestors and supersessionAncestors $ swlist -a appliedpatches Xserver.AGRM SupersessionSwlist -a appliedpatches filesetname Swlist -l patch -x showsupersededpatches=true Showpatches -s$ swlist -l fileset -a supersedes PHSS28681 Swlist -a patchstate -x showsupersededpatches=true patchidPatch-related attributes HP-UX Patch Supersession ChainSee Category tags Corequisites and prerequisites Patch dependenciesTypes of dependencies Swlist -vl fileset -a dependencytype fileset Enforced and unenforced manual dependenciesImpact of dependencies on acquiring patches Patch commitment Patch rollback and commitmentPatch rollback HP-UX patch ratings Advanced topic patch cleanup utilityCleanup -p -c number HP patch rating Rating detailsCritical and noncritical patches Finding information for a specific patchPatch documentation $ swlist -l product -a categorytag PHSS30011Subset of fields in patch text file and patch details Obtaining information using the Itrc Patch warningsAdvanced topic the readme attribute Swlist -l product -a readme patchid moreCritical and noncritical warnings Advanced topic finding patches with warnings How to handle patch warningsQuestions to ask Backup and recovery ConsiderationsPatch management overview Patch management life cyclePatch management life cycle Patch management overview Establishing a software change management strategy Restrictive Conservative InnovativeRecommendations for software change management Operational factor and patch management strategy matrixConsideration of HP patch rating Patch management and software depotsProactive patching strategy Acquiring patches for proactive patchingReactive patching strategy Advanced topic HP-UX Software AssistantAdvanced topic security patching strategy Acquiring patches for reactive patchingTesting the patches to be installed Advanced topic scanning for security patchesStandard HP-UX patch bundles Key featuresWhat are standard HP-UX patch bundles? Obtaining standard HP-UX patch bundles Standard HP-UX patch bundle use and release datesQuick start guide for patching HP-UX systems Using the IT Resource Center Obtaining an Itrc user accountUseful pages on the Itrc Find individual patchesKey features Accessing the patch database and finding an individual patchClick the add to selected patch list button Using the IT Resource Center Advanced topic checking for all patch dependencies Check for patches with dependenciesUsing the IT Resource Center Click the add to selected patch list button Standard patch bundles Custom patch bundles run a patch assessmentSupport information digests Ask your peers in the forumsSearch knowledge base Using software depots for patch management Common software distributor commands for patchingDepot types Directory depotsUsing depots Tape depotsSwlist -l depot Viewing depotsChoosing depot type and depot location $ swlist -l depot @ swdepot.xyz.com $ swlist -l depotSwlist -l depot @ remotesystem Creating and adding to a directory depot Copying patches to depots Depot/patches/11.11Copying products with patch dependencies to depots Registering and unregistering directory depotsAdvanced topic HP-UX Software Assistant Advanced topic access control lists Examples of registering and unregistering depots$ swreg -l depot /depot/patches/2003-07periodicdepot $ swreg -u -l depot /depot/patches/2003-07periodicdepot$ swverify -d \* @ /mydepots/newdirectorydepot Verifying directory depotsExamples of verifying directory depots Verification had errors Removing software from a directory depotVerification succeeded $ swverify -d \* @ /mydepots/PHSS30278depotExecution succeeded $ swlist -l product -d @ /mydepots/patchdepot $ /usr/sbin/cleanup -d /mydepots/patchdepotAdvanced topic removing superseded patches from a depot Installing patches from a depot Removing a directory depot$ swlist -l product @ /mydepots/patchdepot $ swreg -u -l depot /mydepots/PHCO27780depotReboots the system when required Examples of installing patches from a depot Analysis succeededAnalysis and Execution succeeded Installing products with patch dependencies from a depotCustom patch bundles Rev Bundle Description Examples of listing patches and bundlesRev Patch description Creating a custom bundle $ swlist -d @ /mydepots/temporarydepotAnalysis succeeded Finally, remove the temporary depot Using HP-UX Software Assistant for patch management For more informationUsing Dynamic Root Disk for patch management Drd1m Benefits of the Patch Assessment Tool Using the Patch Assessment ToolPatch Assessment Tool Example of running the Patch Assessment Tool Select upload new system information Related information Support and other resourcesContacting HP Non-HP websites Typographic conventionsHP websites Times Patch usage models Patch usage model 1 hardware/application software change Components in test Image Then productionDRD Begi n Product needs to be certified on HP-UX 11i v2/v3 Patch usage model 3 operating environment cold install Patch usage model 3 operating environment cold install Patch usage model 4 operating environment update Patch usage model 4 operating environment update Patch usage model 5 proactive patch Create clonePatch usage model 6 reactive patch Passed? SystemGlossary AncestorIPD SWA Index Index See also HWE Index