#!/bin/sh #! -*- perl -*- eval 'exec perl -x -w $0 ${1+"$@"}' if 0; # PCA - Patch Check Advanced # Analyze, download and install patches for Sun Solaris # # Author : Martin Paul # Home : http://www.par.univie.ac.at/solaris/pca/ my $version='20090224-01'; use strict; use Config; # Default paths my $unzip= '/usr/bin/unzip'; my $showrev= '/usr/bin/showrev'; my $pkginfo= '/usr/bin/pkginfo'; my $pkgparam= '/usr/bin/pkgparam'; my $pkgchk= '/usr/sbin/pkgchk'; my $uncompress= '/usr/bin/uncompress'; my $tar= '/usr/sbin/tar'; my $uname= '/usr/bin/uname'; my $pager= '/usr/bin/more'; # Supported options, format is: # Long name, short name, argument type, argument text, default value, help my @options=( "list|l|||0|List patches", "listhtml|L|||0|List patches, produce HTML output", "download|d|||0|Download patches", "install|i|||0|Install patches", "pretend|I|||0|Pretend to install patches", "readme|r|||0|Display patch READMEs", "getxref|x|||0|Download patch xref file", "xrefdir|X|s|DIR|/var/tmp|Location of patch xref file", "nocheckxref|y|||0|Do not check for updated patch xref file", "xrefown||||0|Give write permissions on xref file to user only", "nocache||||0|Tell proxy to not cache xref file", "patchdir|P|s|DIR|.|Patch download directory", "askauth|a|||0|Ask for Sun Online Account data interactively", "user||s|USER||Sun Online Account user name", "passwd||s|PASS||Sun Online Account password", "localurl||s|URL||DEPRECATED", "patchurl||s|URL||Local URL for patches and READMEs", "xrefurl||s|URL||Local URL for patchdiag.xref", "stop||s@|ID||Stop after patch ID", "ignore||s@|WHAT||Ignore patches whose ID or synopsis match WHAT", "rec||s@|ID||Set Recommended flag on patch ID", "sec||s@|ID||Set Security flag on patch ID", "pattern|p|s|REGEX||List only patches whose synopsis matches REGEX", "noreboot|n|||0|Install only patches which do not require a reboot", "minage||i|DAYS|0|List only patches which are at least DAYS old", "maxage||i|DAYS|0|List only patches which are at most DAYS old", "syslog||s|TYPE|daemon.notice|Log patch installs to syslog priority TYPE", "nobackup|k|s@|ID||Do not back up files to be patched for patch ID", "backdir|B|s|DIR||Saves patch backout data to DIR", "safe|s|||0|Check locally modified files for safe patch installation", "currentzone|G|||0|Make patchadd install patches in the current zone only", "patchadd||s|FILE|/usr/sbin/patchadd|Path to patchadd command", "noheader|H|||0|Don't display descriptive headers", "format||s|FORMAT|%p %i %e %c %r%s%b %a %y|Set output format to FORMAT", "fromfiles|f|s|DIR||Read uname/showrev/pkginfo output from files in DIR", "dltries||i|NUM|1|Try downloads from Sun download server NUM times", "force|F|||0|Force local caching proxy to download from Sun server", "root|R|s|DIR||Alternative root directory", "wget||s|FILE|/usr/sfw/bin/wget /usr/local/bin/wget /opt/csw/bin/wget /usr/bin/wget|Path to wget command", "wgetproxy||s|URL||Default proxy for wget", "logger||s|FILE|/usr/bin/logger|Path to logger command", "threads|t|i|NUM|0|Use NUM download threads" . ($Config{useithreads} ? '' : ' (DISABLED, Perl lacks ithreads)'), "update||s|TYPE|never|Update pca (TYPE is never, check, now or auto)", "pcaurl||s|URL|http://www.par.univie.ac.at/solaris/pca/stable/|URL for pca update", "ssprot||s|PROT|http|Protocol used to access sunsolve (http or https)", "sshost||s|HOST|sunsolve.sun.com|HOST name or IP address for sunsolve", "jar||||0|Download signed patches in JAR format from sunsolve", "cffile||s@|FILE||Read FILE as additional configuration file", "debug|V|||0|Print debug information", "help|h|||0|Display this help", "man|m|||0|Display manual page", "version|v|||0|Display version information", "operands||||missing|ENVFILE", "tmpdir||||/tmp|INTERNAL", "proxy||||0|INTERNAL", "pforce||||0|INTERNAL", "dbgfile||||/tmp/pca-proxy-debug.txt|INTERNAL" ); # Modules use Getopt::Long; use Time::Local; use Cwd; use File::Path; use Fcntl; use File::Basename; use File::Copy; # Variable declarations my (%o, %input, %p, %pkgs, %u, %c, %locks, %rloop, %x, %pkga); my (@plist, @slist, @rlist); my $conf_dbg=''; my %conf_read; my $dlfile=''; my $sttyset=0; my $patchxdir=''; my $currenttime=time(); my $queue; my %a; my $download_start; my $stopreached=0; my $wgetv=''; my $agesum=0; my $xval=0; # Force flush to stdout right after every print command without "\n" $|= 1; # Set signal handler $SIG{HUP} = 'IGNORE'; $SIG{TERM} = $SIG{INT} = $SIG{QUIT} = \&handler; # Main # parse_args(); check_prerequisites(); import_threads(); process_patch_exceptions(); process_patch_flags(); update(); $o{proxy} && proxy(); expand_operands(); if ($o{readme} && ("@slist" =~ /^(\d{6}-\d{2} *)+$/)) { foreach my $pp (@slist) { my ($id, $rev)= split (/-/, $pp); init_patch ($id); $p{$id}{prev}=$rev; push (@plist, $id); } do_patch_list(); exit $xval; } get_current_xref(); if (!$o{list} && !$o{download} && !$o{install} && !$o{readme}) { exit $xval } get_uname(); get_installed_packages(); get_installed_patches(); get_current_patches(); set_extra_req(); create_patch_list(); print_header(); do_patch_list(); print_footer(); exit $xval; # Functions sub download_patch_worker { my $pp; { # signal the download loop that we're ready... lock $download_start; if (!defined($download_start)) { # if we haven't already $download_start = 0; dbg ("Broadcasting download worker ready"); cond_broadcast(\$download_start); } } { # wait for the download loop to tell us to start lock $download_start; dbg ("Waiting for download loop broadcast"); cond_wait(\$download_start) until $download_start == 1; } while (defined($pp = $queue->dequeue())) { my ($id, $rev) = split /-/, $pp; BEGIN { $^W = 0 } $p{$id}{worker_tid} = threads->self->tid(); BEGIN { $^W = 1 } $p{$id}{worker_done} = 0; dbg ("Worker " . $p{$id}{worker_tid} . " downloading " . $pp); download_patch($pp); $p{$id}{worker_done} = 1; } $queue->enqueue(undef); } sub buffer_worker_out { my $id = shift; my $cat = shift; if (!$o{threads}) { return (out ($cat, @_)); } my $ar = &share([]); @{$ar} = ($cat, @_); lock $p{$id}; push @{$p{$id}{output}}, $ar; } sub unbuffer_worker_out { my $id = $_[0]; lock $p{$id}; while (my $ar = shift @{$p{$id}{output}}) { if (@{$ar}) { my $cat = shift @{$ar}; out ($cat, @{$ar}); } } } sub do_patch_list { (@plist) || return; my @workers; for (my $i = 0; $i < $o{threads}; $i ++) { dbg ("Creating worker"); BEGIN { $^W = 0 } push @workers, threads->new(\&download_patch_worker); BEGIN { $^W = 1 } } # Counters $c{current}=0; $c{total}=$#plist+1; $c{dl}=$c{skipdl}=$c{faildl}=$c{inst}=$c{skipinst}=$c{failinst}=0; $c{p_ci}=$c{p_bi}=$c{p_c}=$c{p_b}=0; foreach my $id (@plist) { $c{current}++; # Add revision to patch id my $pp=""; ($p{$id}{irev} ne "00") && ($pp="$id-$p{$id}{irev}"); ($p{$id}{crev} ne "00") && ($pp="$id-$p{$id}{crev}"); ($p{$id}{prev} ne "00") && ($pp="$id-$p{$id}{prev}"); $pp || errx ("Unknown patch-id $id"); # Remember revised patch id for later use $p{$id}{pp} = $pp; if ($o{threads}) { $queue->enqueue($pp); } } if ($o{threads}) { $queue->enqueue(undef); } $c{current}=0; foreach my $id (@plist) { $c{current}++; my $pp = $p{$id}{pp}; if ($o{list} || $o{download} || $o{install}) { print_patch ($id); } if ($o{download} || $o{install}) { out ('info', "\nLooking for $pp ($c{current}/$c{total})"); if ($o{threads}) { { # wait for the first download worker to tell us it's ready... lock $download_start; if (!defined($download_start)) { # if it hasn't already dbg ("Waiting for download worker broadcast"); cond_wait(\$download_start) until (defined($download_start) && $download_start == 0); } } { # signal download workers to start... lock $download_start; if(defined($download_start) && $download_start != 1) { # if we haven't already $download_start=1; dbg ("Broadcasting download loop ready"); cond_broadcast(\$download_start); } } while(!defined $p{$id}{worker_done} || !$p{$id}{worker_done}) { unbuffer_worker_out ($id); sleep 1; } unbuffer_worker_out ($id); } else { download_patch($pp); } } if ($o{install}) { out ('info', "\nInstalling $pp ($c{current}/$c{total})"); install_patch($pp); if (-x '/var/run/nopatch') { `/var/run/nopatch`; $xval=3; last } } if ($o{readme}) { my $rtmp=get_readme ($pp); ($rtmp) && (push (@rlist, $rtmp)); } ($o{download} || $o{install}) && out ('info', '-' x 78); } foreach my $worker (@workers) { dbg ("Waiting for worker"); $worker->join(); } if ($o{download} || $o{install}) { printf "Download Summary: %d total, %d successful, ", $c{total}, $c{dl}; printf "%d skipped, %d failed\n", $c{skipdl}, $c{faildl}; } if ($o{install}) { printf "Install Summary : %d total, %d successful, ", $c{total}, $c{inst}; printf "%d skipped, %d failed\n", $c{skipinst}, $c{failinst}; if (!$o{root} || ($o{root} eq "-R /")) { if ($c{p_ci}) { out ('info', "\nReconfiguration reboot required (init 6)"); $xval || ($xval=4) } elsif ($c{p_bi}) { out ('info', "\nReboot required (init 6)"); $xval || ($xval=4) } elsif ($c{p_c }) { out ('info', "\nReconfiguration reboot recommended (init 6)"); $xval || ($xval=5) } elsif ($c{p_b }) { out ('info', "\nReboot recommended (init 6)"); $xval || ($xval=5) } } } if ($o{readme} && (@rlist)) { system ("$pager @rlist"); unlink (@rlist); } } sub expand_operands { my @tlist=@ARGV; my $again=1; my %fc; while ($again) { $again=0; @slist=(); foreach my $s (@tlist) { if ($s =~ /^(missingr?s?|installedr?s?|allr?s?|totalr?s?|unbundledr?s?|badr?s?)$/) { push (@slist, $s); } elsif ($s =~ /^(mr?s?|ir?s?|ar?s?|tr?s?|ur?s?|br?s?)$/) { push (@slist, $s); } elsif ($s =~ /^(\d{6}|\d{6}-\d{2})$/) { push (@slist, $s); } elsif ($s =~ /(\d{6}-\d{2})\.(zip|jar|tar\.Z|tar)$/) { push (@slist, $1); } elsif (-f $s) { if ($fc{$s}) { errx ("Recursive file inclusion: $s") } else { $fc{$s}=1 } open (LIST, "<$s") || errx ("Can't open $s ($!)"); while () { chomp; next unless $_; push (@slist, (split (/ /, $_))[0]); $again=1; } } else { errx ("Unknown operand: $s"); } } @tlist=@slist; } dbg ("Expanded patch list: @slist"); } sub create_patch_list { # Put patches for patch utilities at the top of the list my @putil= (106125,106126,107171,107172,108987,108988,112951,114194,119254,119255); foreach my $id (@putil) { init_patch($id) } foreach my $id (@putil, sort keys %p) { add_patch_list ($id,0); } } sub add_patch_list { my $id=$_[0]; my $type=$_[1]; # Ignore patches which have been listed already. ($p{$id}{listed}) && return (0); $type=match_patch_list($id,$type); $type || return (0); if ($id eq "125547") { $p{$id}{requires}="122660-10"; $p{"122660"}{obs}=0; $p{"122660"}{obsoletedby}=""; $p{"124204"}{obs}=0; $p{"124204"}{obsoletedby}=""; $p{"118731"}{obs}=0; $p{"118731"}{obsoletedby}=""; } if ($id eq "125548") { $p{$id}{requires}="122661-08"; $p{"122661"}{obs}=0; $p{"122661"}{obsoletedby}=""; $p{"124205"}{obs}=0; $p{"124205"}{obsoletedby}=""; } if ($p{$id}{requires} ne '') { REQ: foreach my $r (split (/;/, $p{$id}{requires})) { # Fix required patches which were never released ($r eq "125077-02") && ($r="120011-09"); # 119757 ($r eq "125078-02") && ($r="120012-10"); # 119758 ($r eq "125486-01") && ($r="120011-14"); # 126206 ($r eq "125487-01") && ($r="120012-14"); # 126207 ($r eq "126677-02") && ($r="124628-03"); # 119534, 124630 ($r eq "126678-02") && ($r="124629-03"); # 119535, 124631 ($r eq "114431-03") && ($r="117172-17"); # 116473 my ($r_id, $r_rev)= split (/-/, $r); # If a required patch has been obsoleted by another patch, we # continue with the patch that obsoleted it. while ($p{$r_id}{obsoletedby} ne '') { my ($oby_id, $oby_rev)= split (/-/, $p{$r_id}{obsoletedby}); dbg ("$r_id-$r_rev required by $id: obsolete, replaced with $oby_id-$oby_rev"); ($r_id, $r_rev)= ($oby_id, $oby_rev); } # Check if patch requires itself if ($r_id eq $id) { dbg ("$r_id-$r_rev required by $id: patch requires itself"); next; } # Check if the required patch is in our database. Normally we should # stop with an error here, but maybe information in patchdiag.xref # is wrong and the patch will install without the missing required patch. if ($p{$r_id}{crev} eq "00") { dbg ("$r_id-$r_rev required by $id: unknown patch"); next; } # Ignore patches already in our list. if ($p{$r_id}{listed}) { dbg ("$r_id-$r_rev required by $id: already listed"); next; } # Ignore patches already installed. if ($p{$r_id}{irev} ge $r_rev) { dbg ("$r_id-$r_rev required by $id: already installed"); next; } # Check for circular patch dependencies. if ($p{$r_id}{requires} ne '') { foreach my $s (split (/;/, $p{$r_id}{requires})) { (my $s_id, my $s_rev)= split (/-/, $s); if (exists $rloop{"$r_id:$s_id"}) { dbg ("$r_id-$r_rev required by $id: Circular patch dependency"); next REQ; } $rloop{"$r_id:$s_id"} = 1; } } dbg ("$r_id-$r_rev required by $id"); if (!add_patch_list($r_id,$type)) { dbg ("$r_id-$r_rev required by $id: does not match"); } } } $p{$id}{listed}=1; push (@plist, $id); $agesum+=calculateage($id); return (1); } sub match_patch_list { my $id=$_[0]; my $type=$_[1]; my $found; S: foreach my $s (@slist) { # Complete patch id with revision (123456-78) if ($s =~ /\d{6}-\d{2}/) { my ($s_id,$s_rev)= split(/-/,$s); if ($id eq $s_id) { if ($p{$id}{ignore} eq "00") { next } if ($p{$id}{ignore} ge $s_rev) { next } $p{$id}{prev}=$s_rev; return (1); } } # Incomplete patch id (123456) if ($s =~ /\d{6}/) { if ($id eq $s) { if ($p{$id}{ignore} eq "00") { next } if ($p{$id}{ignore} eq $p{$id}{crev}) { next } return (2); } if ($type == 2) { return (2); } } # installed or all if (($s =~ /^i/) || ($s =~ /^a/)) { if (!check_rs($s,$id)) { next; } # Check if patch is installed. if ($p{$id}{irev} ne '00') { return (3); } } # unbundled if ($s =~ /^u/) { # Check if patch is Unbundled and has an empy packages list. if (!(($p{$id}{os} eq "Unbundled") && ($p{$id}{pkgs} eq ""))) { next; } # Ignore obsolete and bad patches if ($p{$id}{obs} || $p{$id}{bad}) { next; } if (!check_rs($s,$id)) { next; } return (4); } # missing or all if (($s =~ /^m/) || ($s =~ /^a/)) { # Ignore obsolete and bad patches if ($p{$id}{obs} || $p{$id}{bad}) { next; } # Ignore patches which are installed in the current or higher revision if ($p{$id}{irev} ge $p{$id}{crev}) { next; } # Ignore patches for foreign architectures. $found=0; foreach my $j (split (/\;/, $p{$id}{archs})) { if (($j eq $u{arch}) || ($j eq "all") || ($j eq "$u{arch}.$u{model}")) { $found=1; last; } } if (!$found) { next; } # Ignore patches for packages that are not installed. $found=0; foreach my $j (split (/\;/, $p{$id}{pkgs})) { my ($package, $version)= split (/:/, $j, 2); next unless ($pkgs{$package}); my $iversion=$pkgs{$package}; $version =~ s/"/./g; $version =~ s/\(/./g; $version =~ s/\)/./g; $iversion=~ s/"/./g; $iversion=~ s/\(/./g; $iversion=~ s/\)/./g; if ($iversion =~ /<$version>/) { $found=1; last; } } if (!$found) { next; } if (!chk_extra_req($id)) { next; } if (!check_rs($s,$id) && ($type != 5)) { next; } return (5); } # Total set of patches if ($s =~ /^t/) { if ($p{$id}{crev} eq "00") { next; } if (!check_rs($s,$id)) { next; } return (6); } # Installed bad patches if ($s =~ /^b/) { if (!$p{$id}{ibad}) { next; } # Check if bad patch has been obsoleted by an installed patch my $oby_id= $id; my $oby_rev; while ($p{$oby_id}{obsoletedby} ne '') { ($oby_id, $oby_rev)= split (/-/, $p{$oby_id}{obsoletedby}); if ($p{$oby_id}{irev} ge $oby_rev) { next S; } } if (!check_rs($s,$id)) { next; } return (7); } } return (0); } sub check_rs { my $s=$_[0]; my $id=$_[1]; # Check that a "stop" patch hasn't been seen if ($stopreached) { return(0); } # Check that this isn't a "stop" patch if ($p{$id}{stop} eq "00") { $stopreached = 1; } if ($p{$id}{stop} eq $p{$id}{crev}) { $stopreached = 1; } # Check for R/S flags if ($s =~ /rs$/) { if (!($p{$id}{rec} || $p{$id}{recf} || $p{$id}{sec} || $p{$id}{secf})) { return(0); } } else { if (($s =~ /r$/) && (!$p{$id}{rec}) && (!$p{$id}{recf})) { return(0); } if (($s =~ /s$/) && (!$p{$id}{sec}) && (!$p{$id}{secf})) { return(0); } } # Ignore patches in the ignore list. if ($p{$id}{ignore} eq "00") { return 0 } if ($p{$id}{ignore} eq $p{$id}{crev}) { return 0 } foreach my $i (@{$o{ignore}}) { next if ($i =~ /^\d{6}$|^\d{6}-\d{2}$/); if ($p{$id}{synopsis} =~ /$i/) { return 0 } } # Check for minage, maxage and pattern if (($o{minage}) && (calculateage($id) < $o{minage})) { return(0); } if (($o{maxage}) && (calculateage($id) > $o{maxage})) { return(0); } if ($o{pattern}) { if ($o{pattern} =~ /^!/) { my $pattern= substr ($o{pattern}, 1); if ($p{$id}{synopsis} =~ /$pattern/) { return (0) } } else { if ($p{$id}{synopsis} !~ /$o{pattern}/) { return(0) } } } return(1); } sub download_patch { my $pp=$_[0]; my ($id, $rev)= split (/-/, $pp); lock_free($o{patchdir}, "download.$pp", 300) || errx ("Another instance of pca is downloading $pp to $o{patchdir} right now"); # Check if patch exists if (-d "$o{patchdir}/$pp") { buffer_worker_out ($id, 'info', "Found patch directory"); $c{skipdl}++; return; } foreach my $ext ('zip','jar','tar.Z','tar') { (-z "$o{patchdir}/$pp.$ext") && unlink "$o{patchdir}/$pp.$ext"; if (-f "$o{patchdir}/$pp.$ext") { buffer_worker_out ($id, 'info', "Found patch file"); $c{skipdl}++; return; } } # Remember if we downloaded the patch for install only $o{download} || ($p{$id}{dfori}=1); (-w $o{patchdir}) || errx ("Can't write to patch download directory $o{patchdir}"); lock_create($o{patchdir}, "download.$pp", 1) || errx ("Another instance of pca is downloading $pp to $o{patchdir} right now"); # Try to get patch from local patch server if ($o{patchurl} =~ /^file:/) { buffer_worker_out ($id, 'info', "Trying $o{patchurl}"); my $path=$o{patchurl}; $path =~ s/^file://; foreach my $ext ('zip','jar','tar.Z','tar') { if (-r "$path/$pp.$ext") { my ($atime, $mtime) = (stat("$path/$pp.$ext"))[8,9]; copy ("$path/$pp.$ext", "$o{patchdir}/$pp.$ext"); utime $atime, $mtime, "$o{patchdir}/$pp.$ext"; } if (-s "$o{patchdir}/$pp.$ext") { buffer_worker_out ($id, 'info', "Done"); $c{dl}++; goto DONE; } unlink "$o{patchdir}/$pp.$ext"; } buffer_worker_out ($id, 'info', "Failed"); } # Without wget we can't download the patch if (!$o{wget}) { buffer_worker_out ($id, 'info', "Failed (can't find wget executable)"); goto FAIL; } # Try to get patch from local patch server with wget if ($o{patchurl} =~ /^http:|^https:|^ftp:/) { buffer_worker_out ($id, 'info', "Trying $o{patchurl}"); if ($o{patchurl} =~ /^http.*pca-proxy\.cgi/) { if (download("patch", $pp, "local", "$o{patchdir}/$pp.tmp", "")) { my $type=filetype("$o{patchdir}/$pp.tmp"); if ($type ne 'unknown') { rename ("$o{patchdir}/$pp.tmp", "$o{patchdir}/$pp.$type"); buffer_worker_out ($id, 'info', "Done"); $c{dl}++; goto DONE; } else { buffer_worker_out ($id, 'info', "Failed (unknown file type)"); } } else { buffer_worker_out ($id, 'info', "Failed"); } unlink "$o{patchdir}/$pp.tmp"; } elsif ($o{patchurl} =~ /^http:|^https:|^ftp:/) { foreach my $ext ('zip','jar','tar.Z','tar') { if (download("patch", "$pp.$ext", "local", "$o{patchdir}/$pp.$ext", "")) { buffer_worker_out ($id, 'info', "Done"); $c{dl}++; goto DONE; } unlink "$o{patchdir}/$pp.$ext"; } buffer_worker_out ($id, 'info', "Failed"); } } # Try download from restricted patch server, if the user provided # Sun Online Account data if (checksoa()) { my $try=1; while ($try <= $o{dltries} ) { buffer_worker_out ($id, 'info', "Trying $o{ssprot}://$o{sshost}/ ($try/$o{dltries})"); if (download("patch", $pp, "sunsolve", "$o{patchdir}/$pp.tmp", "")) { my $type=filetype("$o{patchdir}/$pp.tmp"); if ($type ne 'unknown') { rename ("$o{patchdir}/$pp.tmp", "$o{patchdir}/$pp.$type"); buffer_worker_out ($id, 'info', "Done"); $c{dl}++; goto DONE; } else { buffer_worker_out ($id, 'info', "Failed (unknown file type)"); } } else { buffer_worker_out ($id, 'info', "Failed"); } unlink "$o{patchdir}/$pp.tmp"; $try++; if ($try <= $o{dltries}) { sleep ($try*2) } } } else { buffer_worker_out ($id, 'info', "Failed (no Sun Online Account data)"); } FAIL: buffer_worker_out ($id, 'info', "Failed (patch not found)"); $c{faildl}++; DONE: lock_remove($o{patchdir}, "download.$pp"); } sub download { my $what=$_[0]; my $pp=$_[1]; my $src=$_[2]; my $dstf=$_[3]; my $dstd=$_[4]; my %urls=( "pca:pcaurl", "$o{pcaurl}pca", "xref:local", "$o{xrefurl}patchdiag.xref", "xref:sunsolve", "$o{ssprot}://$o{sshost}/patchdiag.xref", "readme:local", "$o{patchurl}README.$pp", "readme:sunsolve", "$o{ssprot}://$o{sshost}/pdownload.do?target=$pp&method=r", "patch:local", "$o{patchurl}$pp", "patch:sunsolve", "$o{ssprot}://$o{sshost}/pdownload.do?target=$pp&method=h" ); ($o{jar}) && ($urls{"patch:sunsolve"} .= "s"); my $cmd="$o{wget}"; my $url; if (($o{debug}) && ($o{threads} > 1)) { $cmd .= " -nv" } if (!$o{debug}) { $cmd .= " -q" } $url=$urls{"$what:$src"}; if (($o{force}) && ($url =~ /pca-proxy\.cgi/)) { $url .= ":force" } $cmd .= " \"$url\""; if ($o{wgetproxy}) { $cmd .= " --execute http_proxy=$o{wgetproxy}" } if (($what eq "xref") && ($src eq "sunsolve") && ($o{nocache})) { $cmd .= " --execute cache=off" } if ((($url =~ /https:\/\/www.par.univie.ac.at\//) || ($url =~ /https:\/\/sunsolve.sun.com\//)) && ($wgetv >= 11000)) { $cmd .= " --ca-certificate=$0" } if (($what eq "patch") && ($url =~ /pca-proxy\.cgi/)) { $cmd .= " --timeout 3600" } if ((($what eq "patch") || ($what eq "readme")) && ($src eq "sunsolve")) { $cmd .= " --header=\"Authorization: Basic " . base64("$a{user}:$a{passwd}") . "\""; } if ($dstf) { $cmd .= " -O $dstf"; if ($what eq "patch") { $p{$pp}{dlfile}="$dstf" } else { $dlfile="$dstf" } } if ($dstd) { $cmd = "cd $dstd; " . $cmd . " -N"; } $o{debug} && $o{proxy} && ($cmd .= " >>$o{dbgfile} 2>&1"); dbg ($cmd); `$cmd`; if ($what eq "patch") { $p{$pp}{dlfile}="" } else { $dlfile="" } if (!$? && ($dstd)) { return 1 } if (!$? && ($dstf) && (-s $dstf)) { return 1 } return 0; } sub filetype { my $fname=$_[0]; my $buffer; open (F, "< $fname") || errx ("Can't open $fname ($!)"); my $size=read (F, $buffer, 512); close (F); if ($size != 512) { dbg ("Short file: $fname"); return ('unknown') } if (substr($buffer, 257, 5) eq "ustar") { return ('tar') } if (substr($buffer, 0, 2) eq "\037\235") { return ('tar.Z') } if (substr($buffer, 0, 4) eq "PK\003\004") { `$unzip -l $fname META-INF/manifest.mf META-INF/MANIFEST.MF 2>&1`; if ($?) { return ('zip') } else { return ('jar') } } dbg ("Unknown Filetype: $fname"); return ('unknown'); } sub install_patch { my $pp=$_[0]; my ($id, $rev)= split (/-/, $pp); my $output; my $dfile=''; my $opt=''; $patchxdir= "$o{tmpdir}/pca." . time() . $$; mkdir $patchxdir,0755 || errx ("Can't create temporary directory $patchxdir ($!)"); if (-d "$o{patchdir}/$pp") { $?= !symlink ("$o{patchdir}/$pp", "$patchxdir/$pp"); } elsif (-f "$o{patchdir}/$pp.zip") { out ('info', "Unzipping patch"); `$unzip -n $o{patchdir}/$pp.zip -d $patchxdir &1`; $p{$id}{dfori} && ($dfile= "$o{patchdir}/$pp.zip") } elsif (-f "$o{patchdir}/$pp.jar") { out ('info', "Unjarring patch"); `$unzip -n $o{patchdir}/$pp.jar -d $patchxdir &1`; $p{$id}{dfori} && ($dfile= "$o{patchdir}/$pp.jar") } elsif (-f "$o{patchdir}/$pp.tar.Z") { out ('info', "Uncompressing patch"); `cd $patchxdir; $uncompress -c $o{patchdir}/$pp.tar.Z | $tar xf -`; $p{$id}{dfori} && ($dfile= "$o{patchdir}/$pp.tar.Z") } elsif (-f "$o{patchdir}/$pp.tar") { out ('info', "Untarring patch"); `cd $patchxdir; $tar xf $o{patchdir}/$pp.tar`; $p{$id}{dfori} && ($dfile= "$o{patchdir}/$pp.tar") } else { out ('info', "Failed (missing patch file)"); rmdir $patchxdir; $patchxdir=""; $c{failinst}++; return; } if (($?) || (! -d "$patchxdir/$pp")) { out ('info', "Failed"); rmtree ($patchxdir); $patchxdir=""; $c{failinst}++; return; } my $readme= "$patchxdir/$pp/README.$pp"; my $patchinfo= "$patchxdir/$pp/patchinfo"; if ($o{safe}) { out ('info', "Checking files for safe patch installation"); if (!verify_files($id, $readme)) { rmtree ($patchxdir); $patchxdir=""; $c{failinst}++; return; } } # Do we need a reboot? my $p_b=0; my $p_bi=0; my $p_c=0; my $p_ci=0; if (-f $patchinfo) { open(PATCHINFO,$patchinfo) || errx ("Can't open $patchinfo ($!)"); dbg ("Checking for reboot/reconfig in patchinfo"); while () { if (/PATCH_PROPERTIES=.*reconfigimmediate/) { $p_ci=1; last } if (/PATCH_PROPERTIES=.*rebootimmediate/) { $p_bi=1; last } if (/PATCH_PROPERTIES=.*reconfigafter/) { $p_c=1; last } if (/PATCH_PROPERTIES=.*rebootafter/) { $p_b=1; last } } close PATCHINFO; } elsif (-f $readme) { open(README,$readme) || errx ("Can't open $readme ($!)"); dbg ("Checking for reboot/reconfig in README"); while() { if (/Reconfig.*immediate.*after.*install/) { $p_ci=1; last } if (/Reboot.*immediate.*after.*install/) { $p_bi=1; last } if (/Reconfig.*after.*install/) { $p_c=1; last } if (/Reboot.*after.*install/) { $p_b=1; last } } close README; } # If the patchadd command doesn't exist, try installpatch, which # comes with patches for Solaris <= 2.5.1. (-x $o{patchadd}) || ($o{patchadd}="$patchxdir/$pp/installpatch"); (-x $o{patchadd}) || errx ("Can't execute patchadd/installpatch"); # Sun Studio 11 patches on Solaris 10 must be installed with -G # Patches 119254-34 and 119255-34 fix this in patchadd my ($major, $minor) = split (/\./, $u{osrel}); if (($minor == 10) && ($p{$id}{synopsis} =~ /^Sun Studio 11/) && (!$o{currentzone})) { if (!($p{119254}{irev} ge '34') && !($p{119255}{irev} ge '34')) { dbg ("Adding -G to patchadd for Sun Studio 11 on Solaris 10"); $opt .= "-G "; } } # Ignore currentzone option on Solaris <= 9 ($minor <= 9) && ($o{currentzone}=0); if ($o{noreboot} && ($p_ci || $p_bi || $p_c || $p_b)) { out ('info', "Skipping patchadd (noreboot)"); $c{skipinst}++; } elsif ($o{pretend}) { out ('info', "Skipping patchadd (pretend)"); $c{skipinst}++; } else { lock_create($o{tmpdir}, "install", 1) || errx ("Another instance of pca is installing patches right now"); $o{currentzone} && ($opt .= "-G "); if (($o{nobackup} =~ /all/) || ($p{$id}{nobackup} eq "00") || ($p{$id}{nobackup} eq $p{$id}{crev})) { $opt .= "-d " } $o{backdir} && ($opt .= "-B $o{backdir} "); out ('info', "Running patchadd"); dbg ("Starting patchadd at " . localtime); dbg ("$o{patchadd} $o{root} $opt $patchxdir/$pp"); $SIG{INT}='IGNORE'; $output=`$o{patchadd} $o{root} $opt $patchxdir/$pp &1`; $SIG{INT}=\&handler; my $rc=$?; lock_remove($o{tmpdir}, "install"); if ($rc) { out ('info', "\n$output"); $rc /= 256; out ('info', "Failed (exit code $rc)\n$!"); rmtree ($patchxdir); $patchxdir=""; log_msg("Failed to install patch $pp ($p{$id}{synopsis}) rc=$rc"); $c{failinst}++; return; } dbg ("\n$output"); out ('info', "Done"); $c{inst}++; $dfile && unlink ($dfile); log_msg("Installed patch $pp ($p{$id}{synopsis})"); if ($p_ci || $p_c) { my $r=''; if ($o{root}) { $r=$o{root}; $r =~ s/-R // } if (! -f "$r/reconfigure") { out ('info', "Creating $r/reconfigure"); open (F, ">$r/reconfigure"); close (F); } } } if ($p_ci) { out ('info', "Reconfig required"); $o{noreboot} || $c{p_ci}++ } elsif ($p_bi) { out ('info', "Reboot required"); $o{noreboot} || $c{p_bi}++ } elsif ($p_c ) { out ('info', "Reconfig recommended"); $o{noreboot} || $c{p_c}++ } elsif ($p_b ) { out ('info', "Reboot recommended"); $o{noreboot} || $c{p_b}++ } rmtree ($patchxdir); $patchxdir=""; } sub proxy { my $f=$o{proxy}; my $odir; dbg ("Requested file: $f"); if ($f =~ /^patchdiag.xref$/) { $o{xrefown}=1; $odir=$o{xrefdir}; if ($o{pforce}) { unlink ("$odir/$f") } get_current_xref(); } if ($f =~ /^README\.\d{6}-\d{2}$/) { my $pp=$f; $pp =~ s/^.*(\d{6}-\d{2}).*$/$1/; $odir=$o{patchdir}; if ($o{pforce}) { unlink ("$odir/$f") } if (! -f "$odir/$f") { my $rtmp=get_readme ($pp); if ($rtmp) { copy ($rtmp, "$odir/$f"); unlink ($rtmp); } } } # Deprecated if ($f =~ /^\d{6}-\d{2}\.(zip|jar|tar|tar\.Z)$/) { my $pp=$f; $pp =~ s/^.*(\d{6}-\d{2}).*$/$1/; $odir=$o{patchdir}; if ($o{pforce}) { unlink ("$odir/$f") } download_patch($pp); } if ($f =~ /^\d{6}-\d{2}$/) { $odir=$o{patchdir}; if ($o{pforce}) { unlink ("$odir/$f.zip", "$odir/$f.jar", "$odir/$f.tar", "$odir/$f.tar.Z") } download_patch($f); (-f "$odir/$f.zip") && ($f="$f.zip"); (-f "$odir/$f.jar") && ($f="$f.jar"); (-f "$odir/$f.tar") && ($f="$f.tar"); (-f "$odir/$f.tar.Z") && ($f="$f.tar.Z"); } if ($f =~ /^pca$/) { $odir=$o{patchdir}; if ($o{pforce}) { unlink ("$odir/$f") } if ($o{pcaurl} =~ /^http.*pca-proxy\.cgi/) { download('pca', '', 'pcaurl', "$odir/pca", ""); } else { download('pca', '', 'pcaurl', "", $odir); } } if (-f "$odir/$f") { ($f =~ /patchdiag.xref/) && print "Content-type: text/plain\n"; ($f =~ /README/) && print "Content-type: text/plain\n"; ($f =~ /\.zip$/) && print "Content-type: application/zip\n"; ($f =~ /\.jar$/) && print "Content-type: application/zip\n"; ($f =~ /\.tar$/) && print "Content-type: application/x-tar\n"; ($f =~ /\.tar.Z$/) && print "Content-type: application/x-compress\n"; ($f =~ /^pca$/) && print "Content-type: text/plain\n"; use POSIX qw(strftime); my ($size,$mtime)=(stat("$odir/$f"))[7,9]; print "Last-Modified: " . strftime("%a, %d %b %Y %H:%M:%S +0000", gmtime($mtime)) . "\n"; print "Content-length: $size\n\n"; open (F, "<$odir/$f"); read (F, my $content, $size); close (F); print $content; } else { errx ("$f not found"); } exit $xval; } sub checksoa { lock %a; # prevent simultaneous access to checksoa() if multithreaded if(!$a{transcribed}) { $a{user}=$o{user}; $a{passwd}=$o{passwd}; $a{askauth}=$o{askauth}; $a{transcribed}=1; } # Check if we already asked for user/passwd if ($a{askauth} eq 'asked') { if ($a{user} && $a{passwd}) { return (1) } else { return (0) } } # If askauth is set, ask for user my $uask=0; if ($a{askauth}) { print "\nPlease enter Sun Online Account User: "; chomp($a{user} = ); $a{askauth}= 'asked'; $uask=1; } # If askauth or user (but not passwd) is set, ask for passwd if ($a{askauth} || ($a{user} && !$a{passwd})) { system "stty -echo"; $sttyset=1; $uask || print "\n"; print "Please enter Sun Online Account Password"; if ($a{askauth}) { print ": " } else { print " for $a{user}: " } chomp($a{passwd} = ); print "\n\n"; system "stty echo"; $sttyset=0; $a{askauth}= 'asked'; } if ($a{user} && $a{passwd}) { return (1) } else { return (0) } } sub check_prerequisites { # Must be root to install patches if ($o{install} && ($< != 0) && !$o{pretend}) { errx ("You must be root to install patches"); } if ($o{install} && $o{safe} && !$o{proxy} && ($< != 0)) { errx ("You must be root to use safe mode"); } # Set umask (esp. for patchxdir) umask (0022); # Check for wget executable my $found=''; foreach my $i (split (/ /, $o{wget})) { if (-x $i) { $found= $i; open (W, "$found --version |"); my $v=; close (W); chomp $v; $v =~ s/^GNU Wget ([\d\.]*).*$/$1/; my ($v1, $v2, $v3) = split (/\./, $v); $wgetv=$v1*10000 + $v2*100; $v3 && ($wgetv += $v3); dbg ("Using $found ($v, $wgetv)"); last; } } $o{wget}=$found; # Get patchdiag.xref location $input{xref}="$o{xrefdir}/patchdiag.xref"; # Check patch download directory (-d $o{patchdir}) || errx ("Can't find patch directory $o{patchdir}"); # Check for pager $ENV{PAGER} && ($pager=$ENV{PAGER}); # Check for valid prefix in $fromfiles and set input files/commands if ($o{fromfiles}) { if (-f "$o{fromfiles}/sysconfig/uname-a.out") { $input{pkginfo}= "<$o{fromfiles}/patch+pkg/pkginfo-l.out"; $input{showrev}= "<$o{fromfiles}/patch+pkg/showrev-p.out"; $input{uname} = "<$o{fromfiles}/sysconfig/uname-a.out"; } elsif (-f "$o{fromfiles}uname.out") { $input{pkginfo}= "<$o{fromfiles}pkginfo.out"; $input{showrev}= "<$o{fromfiles}showrev.out"; $input{uname} = "<$o{fromfiles}uname.out"; } elsif (-f "$o{fromfiles}/uname.out") { $input{pkginfo}= "<$o{fromfiles}/pkginfo.out"; $input{showrev}= "<$o{fromfiles}/showrev.out"; $input{uname} = "<$o{fromfiles}/uname.out"; } else { errx ("Can't find pkginfo/showrev/uname output with prefix $o{fromfiles}"); } dbg ("Using $o{fromfiles} as prefix to read .out files"); } else { $input{pkginfo}= "$pkginfo -x $o{root} |"; $input{uname} = "$uname -a |"; } # Set default locale for forks $ENV{LC_ALL}='C'; # Make sure that any request to thread is sane if (!$Config{useithreads} || $o{threads} < 2 || !($o{download} || $o{install})) { dbg ("Prerequisites for threads not met, setting threads to 0"); $o{threads} = 0; } } sub import_threads { return unless ($o{threads} > 1); eval { require threads; require threads::shared; require Thread::Queue; }; if (!$@) { dbg ("Thread modules passed require, importing"); BEGIN { $^W = 0 } threads->import; BEGIN { $^W = 1 } threads::shared->import; Thread::Queue->import; $queue = new Thread::Queue; share(\%a); share(\%c); share(\$download_start); share(\%locks); } else { dbg ("Thread modules did not pass require"); $o{threads} = 0; } } sub verify_files { my $id=$_[0]; my $readme=$_[1]; my @files=(); my %wl; # All $wl{all}="/etc/name_to_major /etc/driver_aliases /etc/driver_classes /etc/minor_perm /etc/security/exec_attr"; # 7/SPARC $wl{106541}="/etc/devlink.tab /etc/rmmount.conf /etc/syslog.conf /etc/vold.conf"; $wl{106857}="/usr/openwin/share/locale/C/props/basic_setting"; $wl{106978}="/etc/nsswitch.conf"; $wl{107589}="/etc/default/kbd"; $wl{107684}="/etc/inet/services /etc/mail/main.cf /etc/mail/subsidiary.cf"; $wl{107738}="/usr/openwin/lib/locale/compose.dir /usr/openwin/lib/locale/locale.alias /usr/openwin/lib/locale/locale.dir"; $wl{108800}="/etc/inet/inetd.conf /etc/init.d/cachefs.daemon"; # 8/SPARC $wl{108725}="/kernel/drv/st.conf"; $wl{108968}="/etc/rmmount.conf /etc/vold.conf"; $wl{108999}="/etc/pam.conf"; $wl{109077}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{109134}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{109695}="/etc/smartcard/opencard.properties"; $wl{109766}="/usr/openwin/lib/locale/ja/X11/fonts/TT/fonts.alias"; $wl{109887}="/etc/smartcard/ocf.classpath"; $wl{110369}="/etc/iu.ap"; $wl{110386}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{110615}="/etc/mail/main.cf /etc/mail/subsidiary.cf"; $wl{110896}="/etc/inet/inetd.conf"; $wl{112438}="/etc/devlink.tab"; $wl{112663}="/usr/openwin/server/etc/OWconfig"; $wl{114542}="/usr/openwin/lib/X11/fonts/TrueType/ttmap/ttmaps.dir /usr/openwin/lib/X11/fonts/encodings/encodings.dir"; $wl{116973}="/etc/apache/mime.types"; $wl{117518}="/usr/openwin/lib/X11/fonts/F3bitmaps/fonts.dir"; $wl{128624}="/etc/default/login /etc/nsswitch.conf /etc/pam.conf"; # 9/SPARC $wl{112233}="/etc/iu.ap"; $wl{112874}="/etc/name_to_sysnum /etc/security/crypt.conf /etc/security/policy.conf"; $wl{112908}="/etc/krb5/krb5.conf"; $wl{112954}="/kernel/drv/uata.conf"; $wl{113073}="/etc/inet/inetd.conf"; $wl{113085}="/usr/openwin/lib/X11/fonts/TrueType/ttmap/ttmaps.dir /usr/openwin/lib/X11/fonts/encodings/encodings.dir"; $wl{113096}="/usr/openwin/server/etc/OWconfig"; $wl{113277}="/kernel/drv/st.conf /kernel/drv/sd.conf"; $wl{113471}="/usr/bin/cputrack"; $wl{113575}="/etc/mail/main.cf /etc/mail/subsidiary.cf"; $wl{114320}="/usr/openwin/server/etc/OWconfig"; $wl{114352}="/etc/inet/inetd.conf"; $wl{123184}="/usr/openwin/lib/X11/fonts/TrueType/ttmap/ttmaps.dir /usr/openwin/lib/X11/fonts/encodings/encodings.dir"; # 9/x86 $wl{114137}="/etc/mail/main.cf /etc/mail/subsidiary.cf"; $wl{114353}="/etc/inet/inetd.conf"; $wl{115168}="/etc/krb5/krb5.conf"; $wl{122300}="/etc/rc0.d/K05volmgt /etc/rc1.d/K05volmgt /etc/rc2.d/K05volmgt /etc/rc3.d/S81volmgt /etc/rcS.d/K05volmgt /etc/security/audit_class /etc/security/audit_event"; # 10/SPARC $wl{116298}="/usr/bin/wscompile /usr/bin/wsdeploy"; $wl{118666}="/etc/.java/.systemPrefs/.system.lock /etc/.java/.systemPrefs/.systemRootModFile"; $wl{118717}="/usr/openwin/server/etc/OWconfig"; $wl{118833}="/etc/logindevperm /etc/security/prof_attr /etc/vold.conf /etc/security/auth_attr"; $wl{119090}="/etc/ima.conf /kernel/drv/iscsi.conf"; $wl{119130}="/kernel/drv/fp.conf /kernel/drv/qlc.conf"; $wl{119252}="/etc/default/kbd /etc/default/nfs"; $wl{119313}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{119757}="/etc/inet/services"; $wl{120011}="/etc/inet/hosts /etc/inet/ipnodes /etc/inet/services /etc/nscd.conf /etc/security/auth_attr /etc/security/prof_attr /etc/default/dhcpagent /etc/security/device_policy /etc/iu.ap"; $wl{120185}="/opt/staroffice8/share/config/javasettingsunopkginstall.xml"; $wl{120222}="/kernel/drv/emlxs.conf"; $wl{120346}="/etc/hba.conf"; $wl{120410}="/etc/gtk-2.0/gtk.immodules /etc/sparcv9/gtk-2.0/gtk.immodules"; $wl{120460}="/etc/gtk-2.0/gtk.immodules /etc/sparcv9/gtk-2.0/gtk.immodules"; $wl{121308}="/usr/sadm/lib/smc/policy/smcconsole.policy"; $wl{121430}="/etc/default/lu"; $wl{122212}="/etc/gconf/gconf.xml.defaults/apps/panel/default_setup/general/%gconf.xml"; $wl{124393}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{125166}="/kernel/drv/qlc.conf"; $wl{127127}="/etc/krb5/krb5.conf /etc/logadm.conf /etc/pam.conf /etc/security/audit_warn /etc/security/auth_attr /etc/security/prof_attr /etc/shadow /etc/user_attr /kernel/drv/mpt.conf"; $wl{127755}="/etc/logadm.conf"; $wl{137093}="/etc/logindevperm"; $wl{137137}="/etc/vfstab"; $wl{137274}="/etc/mnttab"; # 10/x86 $wl{118855}="/etc/logindevperm /etc/security/prof_attr /etc/vold.conf /lib/libc.so.1 /etc/security/device_policy /etc/ipf/pfil.ap /boot/solaris/devicedb/master"; $wl{119091}="/etc/ima.conf /kernel/drv/iscsi.conf"; $wl{119131}="/kernel/drv/fp.conf /kernel/drv/qlc.conf"; $wl{119253}="/etc/default/kbd /etc/default/nfs"; $wl{119314}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{119758}="/etc/inet/services"; $wl{120012}="/boot/solaris/bootenv.rc /boot/solaris/devicedb/master /etc/default/dhcpagent /etc/inet/hosts /etc/inet/ipnodes /etc/inet/services /etc/nscd.conf /etc/security/auth_attr /etc/security/device_policy /etc/security/prof_attr"; $wl{120186}="/opt/staroffice8/share/config/javasettingsunopkginstall.xml"; $wl{120223}="/kernel/drv/emlxs.conf"; $wl{120273}="/etc/sma/snmp/snmpd.conf"; $wl{120347}="/etc/hba.conf"; $wl{120411}="/etc/gtk-2.0/gtk.immodules /etc/amd64/gtk-2.0/gtk.immodules"; $wl{120461}="/etc/gtk-2.0/gtk.immodules /etc/amd64/gtk-2.0/gtk.immodules"; $wl{121309}="/usr/sadm/lib/smc/policy/smcconsole.policy"; $wl{121431}="/etc/default/lu"; $wl{122213}="/etc/gconf/gconf.xml.defaults/apps/panel/default_setup/general/%gconf.xml"; $wl{124394}="/etc/security/auth_attr /etc/security/prof_attr"; $wl{125165}="/kernel/drv/qlc.conf"; $wl{125216}="/etc/wgetrc"; $wl{127128}="/etc/krb5/krb5.conf /etc/logadm.conf /etc/pam.conf /etc/security/audit_warn /etc/security/auth_attr /etc/security/prof_attr /etc/shadow /etc/user_attr /kernel/drv/mpt.conf"; $wl{127756}="/etc/logadm.conf"; $wl{137094}="/etc/logindevperm"; $wl{137138}="/etc/vfstab /lib/libc.so.1"; $wl{137275}="/etc/mnttab"; $wl{138270}="/etc/security/device_policy"; (-f $readme) || return (1); open (README, "<$readme") || errx ("Can't open $readme ($!)"); FILE: while () { next if ($_ !~ /Files included with this patch:/); LINE: while () { chomp; next if (/^$/); last FILE if (! /\//); next if (/ELF/); # Ignore files with "ELF" in pathname - pkgchk bug s/\s+SUNW\w*//; s/\s+\(deleted\)//; s/\s+\//; s/\(deleted\)$//; s/\(deleted file\)$//; s/^\s+//; s/^/\// unless /^\//; foreach my $i (split (/ /, $wl{all})) { ($_ eq $i) && next LINE; } if ($wl{$id}) { foreach my $i (split (/ /, $wl{$id})) { ($_ eq $i) && next LINE; } } push (@files, $_); } } close (README); dbg ("Number of files to check: ", $#files+1); ($#files == -1) && return (1); # pkgchk has a limit of 1024 pathnames my @tfiles=@files; my $out=''; while ($#tfiles != -1) { my $fc=$#tfiles; ($fc >= 1023) && ($fc=1023); my $pfile="$o{tmpdir}/pca.pkgchk." . time() . $$; open (PFILE, ">$pfile") || errx ("Can't open $pfile ($!)"); foreach my $f (@tfiles[0..$fc]) { print PFILE "$f\n" } close PFILE; $out .= `$pkgchk $o{root} -q -i $pfile 2>&1`; unlink $pfile; for (0..1023) { shift @tfiles; } } ($out) || return (1); if ($out =~ /file size |file cksum |pathname |pkgchk: ERROR/) { print "failed file verification:\n\n$out"; return (0); } return (1); } sub set_extra_req { $x{113039}=$x{113040}=$x{113041}=$x{113042}=$x{113043}=$x{111095}=$x{111096}=$x{111413}="rpkg=SUNWsan"; $x{114046}=$x{119209}="rosrel=5.8"; $x{114049}=$x{114050}=$x{119211}=$x{119212}="rosrel=5.9"; $x{117765}=$x{117766}="rosrel=5.8"; $x{117767}=$x{117768}="rosrel=5.9"; $x{114644}=$x{114645}=$x{114646}=$x{114647}=$x{114648}=$x{114649}="rosrel=5.8"; $x{114650}=$x{114651}=$x{114652}=$x{114653}="rosrel=5.8"; $x{114816}=$x{114817}=$x{115780}=$x{115781}=$x{117520}=$x{117521}="rosrel=5.8"; $x{114686}=$x{114687}=$x{114688}=$x{114689}="rosrel=5.9"; $x{114690}=$x{114691}=$x{114692}=$x{114693}=$x{114694}=$x{114695}="rosrel=5.9"; $x{114818}=$x{114819}=$x{115782}=$x{115783}=$x{117526}=$x{117527}="rosrel=5.9"; $x{114255}="rarch=sparc"; $x{114256}="rarch=i386"; $x{115328}="rosrel=5.8"; $x{115342}="rosrel=5.9"; $x{115343}="rosrel=5.9"; $x{119346}="rosrel=5.10"; $x{115766}=$x{120879}=$x{120954}="rarch=sparc"; $x{120091}=$x{120880}=$x{120955}="rarch=i386"; $x{119300}="rosrel=5.8"; $x{119301}="rosrel=5.9"; $x{119302}="rosrel=5.10"; $x{113434}="rpkg=SUNWwbsup"; $x{109700}=$x{111248}="rosrel=5.6"; $x{109701}=$x{111249}="rosrel=5.7"; $x{111250}="rosrel=5.8"; $x{115548}="rosrel=5.9"; $x{123200}="rosrel=5.8"; $x{123201}="rosrel=5.9"; $x{123202}="rosrel=5.10"; $x{119527}=$x{119530}=$x{119325}="rarch=sparc"; $x{119528}=$x{119531}=$x{119326}="rarch=i386"; $x{127498}=$x{127499}="rosrel=5.8"; $x{136986}=$x{136987}="rosrel=5.8"; $x{125950}=$x{125951}="rosrel=5.9"; $x{125952}=$x{125953}="rosrel=5.10"; $x{123827}="rosrel=5.8"; $x{123828}="rosrel=5.9"; $x{123829}="rosrel=5.10"; $x{125760}="rosrel=5.8"; $x{125761}="rosrel=5.9"; $x{125762}="rosrel=5.10"; $x{106514}=$x{108049}=$x{108879}=$x{109120}=$x{109413}="rarch=sparc"; $x{117784}=$x{118195}=$x{118263}=$x{118950}=$x{123254}="rarch=sparc"; $x{106515}=$x{108050}=$x{108881}=$x{109121}=$x{109414}="rarch=i386"; $x{117785}=$x{118196}=$x{118264}=$x{118951}=$x{124590}="rarch=i386"; $x{126356}="rarch=sparc"; $x{126357}="rarch=i386"; $x{117429}="rosrel=5.9"; $x{118386}="rosrel=5.6"; $x{118387}="rosrel=5.7"; $x{118388}="rosrel=5.8"; $x{118389}="rosrel=5.9"; $x{118828}="rosrel=5.8"; $x{118829}="rosrel=5.9"; $x{118836}="rosrel=5.6"; $x{118837}="rosrel=5.7"; $x{118838}="rosrel=5.8"; $x{118839}="rosrel=5.9"; $x{118840}="rosrel=5.9"; $x{120376}="rosrel=5.6"; $x{120377}="rosrel=5.7"; $x{120378}="rosrel=5.8"; $x{120379}="rosrel=5.9"; $x{124689}="rosrel=5.8"; $x{124690}="rosrel=5.9"; $x{111857}="rosrel=5.8"; $x{114176}="rosrel=5.9"; $x{125445}="rosrel=5.9"; $x{125446}="rosrel=5.10"; $x{127553}="rarch=sparc"; $x{127554}="rarch=i386"; $x{121708}="rosrel=5.8"; $x{121709}="rosrel=5.9"; $x{121710}="rosrel=5.10"; $x{125848}="rosrel=5.8"; $x{125849}="rosrel=5.9"; $x{125850}="rosrel=5.10"; $x{115835}=$x{115836}="rpkg=SUNWgscr"; $x{108553}="rosrel=5.8"; $x{125276}="rarch=sparc"; $x{106533}="rplatform=SUNW,UltraSPARC-IIi-cEngine"; $x{106629}="rplatform=CYRS,Superserver-6400"; $x{116413}="rplatform=SUNW,Sun-Fire-15000"; $x{125277}="rosrel=5.9:rarch=i386"; $x{125278}="rosrel=5.10:rarch=i386"; $x{124480}="rosrel=5.9:rarch=sparc"; $x{124481}="rosrel=5.10:rarch=sparc"; $x{124482}="rosrel=5.10:rarch=i386"; $x{119380}="rosrel=5.8"; $x{110936}=$x{110971}="rosrel=5.6"; $x{110937}=$x{110972}="rosrel=5.7"; $x{113120}="rosrel=5.6"; $x{113121}="rosrel=5.7"; $x{113122}="rosrel=5.8"; $x{113123}="rosrel=5.9"; $x{118386}="rosrel=5.6"; $x{118387}="rosrel=5.7"; $x{118388}="rosrel=5.8"; $x{118389}="rosrel=5.9"; $x{118828}="rosrel=5.8"; $x{118829}="rosrel=5.9"; $x{118836}="rosrel=5.6"; $x{118837}="rosrel=5.7"; $x{118838}="rosrel=5.8"; $x{118839}="rosrel=5.9"; $x{127680}="rosrel=5.8"; $x{127681}=$x{127682}="rosrel=5.9"; $x{127683}=$x{127684}="rosrel=5.10"; $x{138550}="rosrel=5.8"; $x{138551}=$x{138552}="rosrel=5.9"; $x{138553}=$x{138554}="rosrel=5.10"; $x{123919}="rosrel=5.7"; $x{123920}="rosrel=5.8"; $x{123921}="rosrel=5.9"; $x{123923}="rosrel=5.10"; $x{139548}="rarch=sparc"; $x{139549}="rarch=i386"; $x{116687}="rosrel=5.7"; $x{116688}="rosrel=5.8"; $x{116689}="rosrel=5.9"; $x{120108}="rosrel=5.7"; $x{120109}="rosrel=5.8"; $x{120110}="rosrel=5.9"; $x{119300}="rosrel=5.8"; $x{119301}="rosrel=5.9"; $x{119302}="rosrel=5.10"; $x{123200}="rosrel=5.8"; $x{123201}="rosrel=5.9"; $x{123202}="rosrel=5.10"; $x{123827}="rosrel=5.8"; $x{123828}="rosrel=5.9"; $x{123829}="rosrel=5.10"; $x{139345}="rosrel=5.8"; $x{139346}="rosrel=5.9"; $x{139347}="rosrel=5.10"; } sub chk_extra_req { my $id=$_[0]; my ($major, $minor) = split (/\./, $u{osrel}); if (exists $x{$id}) { foreach my $i (split (/:/, $x{$id})) { my ($opt, $val)=split(/=/, $i); if (($opt eq "rarch") && ($val ne $u{arch})) { return 0 } if (($opt eq "rosrel") && ($val ne $u{osrel})) { return 0 } if (($opt eq "rplatform") && ($val ne $u{platform})) { return 0 } if (($opt eq "rpkg") && !$pkgs{$val}) { return 0 } } return 1; } if ($id eq "114045") { if ((exists $p{114049}) && ($p{114049}{irev} gt '03')) { return 0 } } if ($id eq "114790") { if (!$pkgs{"SUNWdcar"} || $pkgs{"SUNWdcar"} !~ "<1.1.0,REV=2002.05.29.15.02>") { return 0 } if (!$pkgs{"SUNWcrypr"} || $pkgs{"SUNWcrypr"} !~ "<1.1.0,REV=2002.05.29.15.00>") { return 0 } } if ($id eq "113332") { if (($pkgs{"SUNWhea"}) || ($pkgs{"SUNWmdb"})) { return 1 } if (($u{model} eq 'sun4u') || ($u{model} eq 'sun4us')) { return 1 } return 0; } if ($id =~ /115010|116478/) { if (($pkgs{"SUNWhea"}) || ($pkgs{"SUNWmdb"})) { return 1 } if ($u{model} eq 'sun4u') { return 1 } return 0; } if ($id =~ /109077|109078/) { if ((!$pkgs{"SUNWdhcm"}) && (!$pkgs{"SUNWdhcsu"})) { return 0 } if ($pkgs{"SUNWj3rt"}) { return 1 } return 0; } if ($id =~ /118739|116706/) { if (!$pkgs{"SUNWtsr"} || $pkgs{"SUNWtsr"} !~ "<2.5.0,REV=2003.04.03.21.27>") { return 0 } } if ($id =~ /118740|116707/) { if (!$pkgs{"SUNWtsr"} || $pkgs{"SUNWtsr"} !~ "<2.5.0,REV=2003.04.03.19.26>") { return 0 } } if ($id eq "118741") { if (!$pkgs{"SUNWtsr"} || $pkgs{"SUNWtsr"} !~ "<2.5.0,REV=2003.11.11.23.55>") { return 0 } } if ($id eq "118742") { if (!$pkgs{"SUNWtsr"} || $pkgs{"SUNWtsr"} !~ "<2.5.0,REV=2003.11.11.20.36>") { return 0 } } if ($id eq "110692") { if ((exists $p{108806}) && ($p{108806}{irev} ge '01')) { return 0 } if ((exists $p{108806}) && ($p{108806}{crev} ge '01')) { return 0 } } if ($id eq "111412") { if (!$pkgs{"SUNWmdi"} || $pkgs{"SUNWmdi"} !~ "<11.8.0,REV=2001.01.19.01.02>") { return 0 } if (!$pkgs{"SUNWsan"}) { return 0 } } if ($id eq "111097") { if (!$pkgs{"SUNWsan"}) { return 0 } if (!$pkgs{"SUNWqlc"}) { return 0 } } if ($id eq "111656") { if (!((exists $p{109460}) && ($p{109460}{irev} eq '05'))) { return 0 } } if ($id eq "111658") { if (!((exists $p{107469}) && ($p{107469}{irev} eq '08'))) { return 0 } } if ($id eq "111079") { if (!((exists $p{105375}) && ($p{105375}{irev} eq '26'))) { return 0 } } if ($id eq "107474") { if ((exists $p{107292}) && ($p{107292}{irev} ge '02')) { return 1 } return 0; } if (($id eq "112780") && !($u{model} eq 'sun4u')) { return 0 } if ($id eq "112327") { if (($u{osrel} ne "5.6") && ($u{osrel} ne "5.7")) { return 0 } } if ($id eq "111891") { if (!$pkgs{"SUNWutr"} || $pkgs{"SUNWutr"} !~ "<1.3_12.c,REV=2001.07.16.20.52>") { return 0 } } if ($id =~ /109357/) { if ((exists $p{109778}) && ($p{109778}{irev} ge '08')) { return 0 } if ((exists $p{109778}) && ($p{109778}{crev} ge '08')) { return 0 } } if (($id eq "108834") && (($u{osrel} ne "5.5.1") || ($u{osrel} ne "5.6") || ($u{osrel} ne "5.7"))) { return 0 } if (($id eq "112125") && (($u{osrel} ne "5.6") || ($u{osrel} ne "5.7"))) { return 0 } if (($id eq "112126") && (($u{osrel} ne "5.8") || ($u{osrel} ne "5.9"))) { return 0 } if (($id eq "121430") && ($p{121430}{crev} ge '16') && (!$pkgs{"SUNWlucfg"})) { return 0 } if (($id eq "121431") && ($p{121431}{crev} ge '17') && (!$pkgs{"SUNWlucfg"})) { return 0 } if (($id eq "121428") && ($p{121428}{crev} ge '08')) { if (!((exists $p{121430}) && ($p{121430}{irev} ge '16'))) { return 0 } } if (($id eq "121429") && ($p{121429}{crev} ge '08')) { if (!((exists $p{121431}) && ($p{121431}{irev} ge '16'))) { return 0 } } if ($id =~ /120971|120972|120973|122803|122804|122805|126507|126508|126506/) { if (!($pkgs{"SUNWsamfsr"} || $pkgs{"SUNWsamfsu"})) { return 0 } } if ($id =~ /120974|120975|120976|122806|122807|122808|126511|126512|126510/) { if (!($pkgs{"SUNWqfsr"} || $pkgs{"SUNWqfsu"})) { return 0 } } if ($id =~ /116338|116339|118383|118384|125698|125699/) { if (!$pkgs{"SUNWxwplt"} || $pkgs{"SUNWxwplt"} !~ "<3.8.1800,REV=0.99.03.23>") { return 0 } } if (($id eq "119381") && ($u{osrel} ne "5.9") && ($u{osrel} ne "5.10")) { return 0 } if (($id eq "119775") && ($minor < 10)) { return 0 } if ($id eq "116831") { if (!($pkga{"SUNWebsc"} && ($pkga{"SUNWebsc"} eq ""))) { return 0 } } if ($id eq "116832") { if (!($pkga{"SUNWebsc"} && ($pkga{"SUNWebsc"} eq ""))) { return 0 } } if (($id eq "110938") && (($u{osrel} ne "5.8") || ($u{osrel} ne "5.9"))) { return 0 } if (($id eq "110973") && (($u{osrel} ne "5.8") || ($u{osrel} ne "5.9"))) { return 0 } if ((($id eq "139335") || ($id eq "139337")) && !$o{fromfiles}) { my $prodname=`$pkgparam $o{root} ooobasis30-base SUNW_PRODNAME`; if ($prodname ne "StarOffice") { return 0 } } if ((($id eq "139336") || ($id eq "139338")) && !$o{fromfiles}) { my $prodname=`$pkgparam $o{root} ooobasis30-base SUNW_PRODNAME`; if ($prodname ne "StarSuite") { return 0 } } return 1; } sub get_uname { # Get information about host open(UNAME, $input{uname}) || errx ("Can't open $input{uname} ($!)"); $_=; $_ || errx ("Empty uname output"); chomp; close UNAME; ($u{osname}, $u{hostname}, $u{osrel}, $u{osversion}, $u{model}, $u{arch}, $u{platform})= split (/ /, $_); ($u{osname} && $u{hostname} && $u{osrel} && $u{osversion} && $u{model} && $u{arch} && $u{platform}) || errx ("Can't parse ouput from $input{uname}:\n $_"); } sub get_installed_packages { my $package; # Read pkginfo open(PKGINFO, $input{pkginfo}) || errx ("Can't open $input{pkginfo} ($!)"); if ($input{pkginfo} =~ /pkginfo-l.out/) { while() { if (/\s+PKGINST:\s+(\S+)$/) { $package = $1; } if (/\s+ARCH:\s+(\S+)$/) { $pkga{$package} .= "<$1>"; } if (/\s+VERSION:\s+(\S+)$/) { $pkgs{$package} .= "<$1>"; } } } else { while() { ($_ =~ /^(\S+) /) || errx ("Can't parse output from $input{pkginfo}:\n $_"); $package=$1; # Removing trailing .2/.3/... (multiple versions of same package) $package =~ s/\..*//; $_= ; ($_ =~ /\((\S+)\) (.+)$/) || errx ("Can't parse output from $input{pkginfo}:\n $_"); $pkga{$package} .= "<$1>"; $pkgs{$package} .= "<$2>"; } } close(PKGINFO); } sub get_installed_patches { my $list=''; my $done=0; my $nonsun=999999; my $showrev_cmd=$showrev; ( -x $showrev_cmd) || ($showrev_cmd=''); my $patchadd_cmd=$o{patchadd}; ( -x $patchadd_cmd) || ($patchadd_cmd=''); # On Solaris <= 8, showrev doesn't support -R. Use patchadd instead. my ($major, $minor) = split (/\./, $u{osrel}); if (($minor <= 8) && $o{root}) { $showrev_cmd='' } if ($o{fromfiles}) { dbg ("Reading from $input{showrev}"); open(SHOWREV, $input{showrev}) || errx ("Can't open $input{showrev} ($!)"); $/=""; $list= ; $/="\n"; close SHOWREV; $done=1; } else { foreach my $cmd ($showrev_cmd, $patchadd_cmd) { next unless $cmd; $input{showrev}="$cmd -p $o{root} 2>/dev/null"; dbg ("Reading from $input{showrev}"); $list=`$input{showrev}`; if (!$?) { $done=1; last } else { dbg ("Failed: $list") } } } $done || errx ("Couldn't get list of installed patches"); $list || ($list= "No patches are installed\n"); my @list= split(/\n/, $list); foreach my $i (sort @list) { # Sun patches (123456-78, IDR123456-78) if (($i =~ /^Patch:\s+(\d{6})-(\d{2}).*/) || ($i =~ /^Patch:\s+IDR(\d{6})-(\d{2}).*/)) { my ($id, $rev)=($1,$2); init_patch($id); $p{$id}{irev}= $rev; if ($i =~ / Obsoletes: ([-0-9, ]*) /) { for my $j (split (/,* /, $1)) { my ($oid, $orev) = split (/-/, $j); ($id eq $oid) && next; init_patch($oid); $p{$oid}{iobsoletedby}="$id-$rev"; #dbg ("$oid-$orev obsoleted by $id-$rev"); } } if ($i =~ / Incompatibles: ([-0-9, ]*) /) { for my $j (split (/,* /, $1)) { my ($iid, $irev) = split (/-/, $j); init_patch($iid); #dbg ("$iid-$irev incompatible with $id-$rev"); } } next; # Non-Sun patches } elsif ($i =~ /^Patch:\s+(\S+)/) { my $id=$nonsun--; init_patch ($id); $p{$id}{irev}=$p{$id}{crev}="01"; $p{$id}{synopsis}=$1; next; } next if ($i =~ "No patches are installed"); next if ($i =~ "No patches installed"); next if ($i =~ /^$/); print ("WARNING: Can't parse output from $input{showrev}:\n $i\n"); } } sub get_current_xref { # Download most recent patchdiag.xref, if requested return if ($o{nocheckxref}); lock_free($o{xrefdir}, "xref", 60) || errx ("Another instance of pca is downloading $input{xref} right now"); # Remove possibly left-over size zero file if (-z $input{xref}) { unlink ($input{xref}) } # Check for existing and up to date local copy of xref file if ((-f $input{xref}) && (!$o{getxref})) { my $interval=10800; # 3 hours my ($mtime,$ctime)=(stat($input{xref}))[9,10]; my $now=time(); my $age=$now-$ctime; dbg ("xref mtime: " . localtime($mtime)); dbg ("xref now : " . localtime($now)); dbg ("xref ctime: " . localtime($ctime)); dbg ("xref age : " . $age); if ($age < $interval) { dbg ("Local file $input{xref} is up to date"); return; } } out ('info', "Downloading xref file to $input{xref}"); # Check if we can write to xref directory if (! -w $o{xrefdir}) { my $msg="Can't write to xref download directory $o{xrefdir}"; if ($o{getxref} || (! -f $input{xref})) { errx ($msg) } else { out ('info', $msg); return } } # Check if we can write to xref file if ((-f $input{xref}) && (! -w $input{xref})) { my $msg="Can't write to $input{xref}"; if ($o{getxref}) { errx ($msg) } else { out ('info', $msg); return } } lock_create($o{xrefdir}, "xref", 1) || errx ("Another instance of pca is downloading $input{xref} right now"); (-s $input{xref}) && rename ("$input{xref}", "$input{xref}.tmp"); if ($o{xrefurl} =~ /^file:/) { out ('info', "Trying $o{xrefurl}"); my $path=$o{xrefurl}; $path =~ s/^file://; if (-r "$path/patchdiag.xref") { my ($atime, $mtime) = (stat("$path/patchdiag.xref"))[8,9]; copy ("$path/patchdiag.xref", $input{xref}); utime $atime, $mtime, $input{xref}; } if (-s $input{xref}) { goto DONE } else { out ('info', "Failed") } } # Without wget we can't download patchdiag.xref if (!$o{wget}) { out ('info', "Failed (can't find wget executable)"); goto FAIL; } if ($o{xrefurl} =~ /^http:|^https:|^ftp/) { out ('info', "Trying $o{xrefurl}"); if (download("xref", "", "local", $input{xref}, "")) { goto DONE } else { out ('info', "Failed") } } my $try=1; my $ret=0; while ($try <= $o{dltries} ) { out ('info', "Trying $o{ssprot}://$o{sshost}/patchdiag.xref ($try/$o{dltries})"); $ret=download("xref", "", "sunsolve", $input{xref}, ""); last if ($ret); $try++; if ($try <= $o{dltries}) { sleep ($try*2) } } if ($ret) { goto DONE } else { out ('info', "Failed") } FAIL: out ('info', "Failed (patchdiag.xref not found)"); DONE: # If we have a backup copy and the download failed, use the backup if (-s "$input{xref}.tmp" && ! -s $input{xref}) { rename ("$input{xref}.tmp", "$input{xref}") } # If we have a backup copy, check if the downloaded file is newer if (-s "$input{xref}.tmp") { my $odate; my $ndate; my $oage=-1; my $nage=-1; open (XREF, "<$input{xref}.tmp"); while () { if ($_ =~ /PATCHDIAG TOOL CROSS-REFERENCE FILE AS OF (.*) /) { $oage= date2days ($odate=$1); dbg ("old xref age: $oage"); last; } } close XREF; open (XREF, "<$input{xref}"); while () { if ($_ =~ /PATCHDIAG TOOL CROSS-REFERENCE FILE AS OF (.*) /) { $nage= date2days ($ndate=$1); dbg ("new xref age: $nage"); last; } } close XREF; if ((($oage == -1) && ($nage != -1)) || (($oage != -1) && ($nage != -1) && ($nage <= $oage))) { unlink ("$input{xref}.tmp") } else { out ('info', "Downloaded file ($ndate) older than local file ($odate)"); rename ("$input{xref}.tmp", "$input{xref}") } } lock_remove($o{xrefdir}, "xref"); if (-s $input{xref}) { if ($o{xrefown} || ($o{xrefdir} =~ /\/home\//)) { chmod 0644, $input{xref}; } else { chmod 0666, $input{xref}; } return; } (-z $input{xref}) && unlink ($input{xref}); } sub get_current_patches { # Read patchdiag.xref # (-z $input{xref}) && errx ("Empty file $input{xref}"); open(XREF, "<$input{xref}") || errx ("Can't open xref file $input{xref} ($!)"); while () { if ($_ =~ /PATCHDIAG TOOL CROSS-REFERENCE FILE AS OF (.*) /) { out ('info', "Using $input{xref} from $1"); last; } } $/=""; my $xref= ; $/="\n"; close XREF; if (!$xref) { errx ("Corrupt file $input{xref}") } my @xref= split( /\n/, $xref ); # Build our patch information table from the xref file. # patchdiag.xref is sorted, so if multiple revisions of a patch are listed, # the one with the highest revision comes last. # foreach my $i (sort @xref) { # Ignore comment lines and HTML tags next if (($i =~ /^##/) || ($i =~ /^'; $h_char='>'; } $irev= $p{$id}{irev}; if ($irev eq "00") { $irev= '--' }; $crev= $p{$id}{crev}; if ($crev eq "00") { $crev= '--' }; $rec='-'; if ($p{$id}{recf}) { $rec='r'; }; if ($p{$id}{rec}) { $rec='R'; } $sec='-'; if ($p{$id}{secf}) { $sec='s'; }; if ($p{$id}{sec}) { $sec='S'; } $bad='-'; if (($p{$id}{irev} eq "00") && ($p{$id}{bad} )) { $bad='B' } if (($p{$id}{irev} ne "00") && ($p{$id}{ibad})) { $bad='B' } $synopsis= $p{$id}{synopsis}; $age=calculateage($id); if ($age > 999) { $age=999; } if (!$o{listhtml}) { my $out=$o{format}; $id=sprintf ("%6d", $id); $out =~ s/%p/$id/; $out =~ s/%i/$irev/; $out =~ s/%e/$char/; $out =~ s/%c/$crev/; $out =~ s/%r/$rec/; $out =~ s/%s/$sec/; $out =~ s/%b/$bad/; $age=sprintf ("%3d", $age); $out =~ s/%a/$age/; $out =~ s/%y/$synopsis/; my $n=sprintf ("%3d", $c{current}); $out =~ s/%n/$n/; my $t=sprintf ("%3d", $c{total}); $out =~ s/%t/$t/; print "$out\n"; } else { # The patch download link will only work for patches in zip format, # there is no way to determine if it's in zip or tar.Z here. # $synopsis =~ s/\&/\&/; printf ""; if ($o{patchurl} =~ /pca-proxy\.cgi/) { printf "%6d", $id; } else { printf "%6d", $id; } printf "%2s%1s%2s%1s%1s%1s%3s", $irev, $h_char, $crev, $rec, $sec, $bad, $age; if ($o{patchurl} =~ /pca-proxy\.cgi/) { printf "%s\n", $synopsis; } else { printf "%s\n", $synopsis; } } } sub print_header { if (!$o{listhtml} && !$o{noheader} && !$o{readme}) { print "Host: $u{hostname} ($u{osname} $u{osrel}/$u{osversion}/$u{arch}/$u{model})\n"; if ($o{root}) { my $r=$o{root}; $r =~ s/-R //; print "Root: $r\n" } print "List: @slist (" . int(@plist) . "/$agesum)\n\n"; (@plist) || return; my $hdr= my $sep=$o{format}; $hdr =~ s/%p/Patch /; $hdr =~ s/%i/IR/; $hdr =~ s/%e/ /; $hdr =~ s/%c/CR/; $hdr =~ s/%r/R/; $hdr =~ s/%s/S/; $hdr =~ s/%b/B/; $hdr =~ s/%a/Age/; $hdr =~ s/%y/Synopsis/; $hdr =~ s/%n/Cnt/; $hdr =~ s/%t/Tot/; $sep =~ s/%p/------/; $sep =~ s/%i/--/; $sep =~ s/%e/-/; $sep =~ s/%c/--/; $sep =~ s/%r/-/; $sep =~ s/%s/-/; $sep =~ s/%b/-/; $sep =~ s/%a/---/; $sep =~ s/%n/---/; $sep =~ s/%t/---/; if ($sep =~ /%y/) { my $ysep = '-' x (78 - (length ($sep)-2)); $sep =~ s/%y/$ysep/; } print "$hdr\n$sep\n"; } if ($o{listhtml}) { print "\n"; print "\n\n"; print "PCA report for $u{hostname}\n"; print "\n\n"; print "

Host: $u{hostname} ($u{osname} $u{osrel}/$u{osversion}/$u{arch}/$u{model})
\n"; if ($o{root}) { my $r=$o{root}; $r =~ s/-R //; print "Root: $r
\n" } print "List: @slist (" . int(@plist) . "/$agesum)

\n\n"; (@plist) || return; print ""; print ""; print ""; print ""; print ""; print "\n"; } } sub print_footer { if ($o{listhtml}) { print "
PatchIRCRRSBAgeSynopsis
\n\n\n"; } } sub get_readme { my $pp=$_[0]; my ($id, $rev)= split (/-/, $pp); my $rfile="$o{tmpdir}/README.$pp" . time() . $$; $p{$id}{dlfile}=$rfile; out ('stderr', "Downloading README for $pp"); # If patch is available in unzipped format, use its README if (-f "$o{patchdir}/$pp/README.$pp") { out ('stderr', "Trying $o{patchdir}/$pp"); copy ("$o{patchdir}/$pp/README.$pp", $rfile); if (-s $rfile) { goto DONE } else { out ('stderr', "Failed") } } # If we have the zip/jar file, extract README from there. This doesn't work # for tar/tar.Z files, as Sun's tar cannot extract files to stdout. foreach my $ext ('zip', 'jar') { if ((-f "$o{patchdir}/$pp.$ext") && !$o{pforce}) { out ('stderr', "Trying $o{patchdir}/$pp.$ext"); `$unzip -p $o{patchdir}/$pp.$ext $pp/README.$pp >$rfile 2>/dev/null`; if (!$? && (-s $rfile)) { goto DONE } else { out ('stderr', "Failed") } } } # Get README from local patch server if ($o{patchurl} =~ /^file:/) { out ('stderr', "Trying $o{patchurl}"); my $path=$o{patchurl}; $path =~ s/^file://; (-r "$path/README.$pp") && copy ("$path/README.$pp", $rfile); if (-s $rfile) { goto DONE } else { out ('stderr', "Failed") } } # Without wget we can't download the README if (!$o{wget}) { out ('info', "Failed (can't find wget executable)"); goto FAIL; } if ($o{patchurl} =~ /^http:|^https:|^ftp/) { out ('stderr', "Trying $o{patchurl}"); if (download("readme", $pp, "local", $rfile, "")) { goto DONE } else { out ('stderr', "Failed") } } # Try download from restricted patch server, if the user provided # Sun Online Account data if (checksoa()) { my $try=1; my $ret=0; while ($try <= $o{dltries}) { out ('stderr', "Trying $o{ssprot}://$o{sshost}/ ($try/$o{dltries})"); $ret=download("readme", $pp, "sunsolve", $rfile, ""); last if $ret; $try++; if ($try <= $o{dltries}) { sleep ($try*2) } } if ($ret) { goto DONE } else { out ('stderr', "Failed") } } else { out ('stderr', "Failed (no Sun Online Account data)"); } FAIL: out ('info', "Failed (README not found)"); DONE: $p{$id}{dlfile}=""; if (-s $rfile) { out ('stderr', "Done"); return ($rfile); } unlink ($rfile); return (); } sub update { if ($o{update} eq "never") { dbg ("Never update"); return; } if (($o{update} ne "auto") && $o{proxy}) { dbg ("update option $o{update} not supported in proxy mode"); return; } # If we can't write to pca, update won't work. if (($o{update} eq 'now') || ($o{update} eq 'auto')) { if (! -w $0) { errx ("Update option unavailable: Can't write to $0") } } if ($o{update} eq 'auto') { dbg ("Auto update"); my $interval=86400; # One day my ($mtime,$ctime)=(stat($0))[9,10]; my $now=time(); my $age=$now-$ctime; dbg ("pca mtime : " . localtime($mtime)); dbg ("pca now : " . localtime($now)); dbg ("pca ctime : " . localtime($ctime)); dbg ("pca age : " . $age); if ($age < $interval) { dbg ("age lower than interval"); return; } } my $udir= "$o{tmpdir}/pca." . time() . $$; mkdir $udir,0755 || errx ("Can't create temporary directory $udir ($!)"); my $ufile= "$udir/pca"; dbg ("ufile: $ufile"); # Copy pca to temporary directory, keeping the timestamps. my ($atime, $mtime) = (stat($0))[8,9]; copy ($0, $ufile); utime $atime, $mtime, $ufile; my $ret; if ($o{pcaurl} =~ /^http.*pca-proxy\.cgi/) { $ret=download('pca', '', 'pcaurl', "$udir/pca", ""); } else { $ret=download('pca', '', 'pcaurl', "", $udir); } $ret || errx ("Could not get pca from $o{pcaurl}"); my $newv; open (F, "<$ufile"); while () { if ($_ =~ /^my \$version=\'(\d{8}-\d{2})\'/) { $newv=$1; dbg ("Old version: $version"); dbg ("New version: $newv"); last; } } close (F); my $updated=0; if ($newv eq $version) { if ($o{update} eq "auto") { utime $atime, $mtime, $0; } else { out ('info', "No new version available"); } } else { out ('info', "New version available: $newv (current version: $version)"); if (!$o{proxy}) { out ('info', "\nChanges:\n"); open (F, "<$ufile"); while () { if ($_ =~ /=head2 Version $newv/) { out ('info', "Version $newv"); while () { if ($_ =~ /=head2 Version (\d{8}-\d{2})/) { ($1 le $version) && last; } $_ =~ s/=head2 //; chomp; out ('info', "$_"); } } } close (F); } if ($o{update} ne "check") { out ('info', "Update"); dbg ("Copy $ufile to $0"); if (!copy ($ufile, $0)) { out ('info', "Failed ($!)"); } else { my ($atime, $mtime)= (stat($ufile))[8,9]; utime $atime, $mtime, $0; out ('info', "Done"); } $updated=1; } } unlink ($ufile); rmdir ($udir); if (($o{update} eq "auto") && !$updated) { return } if ($o{proxy}) { return } exit $xval; } sub out { my $cat= shift; if ($o{proxy}) { if ($cat eq 'error') { print "Content-type: text/plain\n"; print "Status: 500 @_\n\n"; print "Internal Error: @_\n"; return; } if ($o{debug}) { open (F, ">> $o{dbgfile}"); my $now= localtime; print F $now, ": ", @_, "\n"; close (F); return } return; } if ($cat eq 'debug' ) { if ($o{debug}) { print "@_\n" } return } if ($o{noheader}) { return } if ($cat eq 'stderr') { print STDERR @_, "\n"; return } if ($cat eq 'info' ) { print @_, "\n"; return } if ($cat eq 'error' ) { print STDERR "\nERROR: ", @_, "\n"; return } } sub dbg { $o{debug} || return; out ('debug', @_); } sub calculateage { my $id=$_[0]; if (!$p{$id}{age}) { $p{$id}{age}=date2days($p{$id}{reldate}) } return ($p{$id}{age}); } sub date2days { my ($tmonth, $day, $year)=split(/\//, $_[0]); my %months=("Jan",0,"Feb",1,"Mar",2,"Apr",3,"May",4,"Jun",5,"Jul",6,"Aug",7,"Sep",8,"Oct",9,"Nov",10,"Dec",11); my $month=$months{$tmonth}; return (int(($currenttime-timelocal(0,0,0,$day,$month,$year))/86400)); } sub lock_create { my $lockd=$_[0]; my $tag=$_[1]; my $maxretry=$_[2]; my $lockf="$lockd/.pcaLock.$tag"; lock_free ($lockd, $tag, $maxretry) || return (0); unlink "$lockf"; sysopen (LOCKF, $lockf, O_RDWR|O_CREAT|O_EXCL) || errx ("Can't write $lockf ($!)"); print LOCKF "$$\n"; close LOCKF; chmod 0666, $lockf; $locks{$tag}=$lockf; return (1); } sub lock_free { my $lockd=$_[0]; my $tag=$_[1]; my $maxretry=$_[2]; my $lockf="$lockd/.pcaLock.$tag"; my $retry=0; while ($retry < $maxretry) { if (-s "$lockf") { open (LOCKF, "<$lockf"); chomp(my $pid = ); close LOCKF; if (kill (0, $pid) || ($! eq "Not owner")) { dbg ("Locking $lockf failed"); $retry++; ($retry < $maxretry) && sleep (1); next; } } return (1); } return (0); } sub lock_remove { my $lockd=$_[0]; my $tag=$_[1]; unlink "$locks{$tag}"; $locks{$tag}=''; } sub log_msg { my $priority=$o{syslog}; if ($priority eq "none") { return } if ($priority !~ /\./) { $priority .= ".notice" } system("$o{logger} -t pca -p $priority \"@_\""); } sub errx { out ('error', @_); cleanup(); exit ($xval=1); } sub handler { errx ("Caught a SIG@_"); } sub cleanup { dbg ("Cleanup"); if ($dlfile) { dbg ("Removing $dlfile"); unlink "$dlfile"; } if (($input{xref}) && (-s "$input{xref}.tmp")) { dbg ("Putting back copy of patchdiag.xref file"); rename ("$input{xref}.tmp", "$input{xref}"); } foreach my $id (keys %p) { if ($p{$id}{dlfile}) { dbg ("Removing $p{$id}{dlfile}"); unlink "$p{$id}{dlfile}"; } } if (@rlist) { dbg ("Removing @rlist"); unlink (@rlist); } $patchxdir && rmtree ($patchxdir); foreach my $tag (keys %locks) { if ($locks{$tag}) { dbg ("Removing $locks{$tag}"); unlink "$locks{$tag}"; } } $sttyset && system "stty echo"; } sub base64 { # From MIME-Base64-Perl-1.00 my $res = pack("u", $_[0]); # Remove first character of each line, remove newlines $res =~ s/^.//mg; $res =~ s/\n//g; $res =~ tr|` -_|AA-Za-z0-9+/|; # fix padding at the end my $padding = (3 - length($_[0]) % 3) % 3; $res =~ s/.{$padding}$/'=' x $padding/e if $padding; return $res; } sub parse_args { # Get internal defaults foreach my $opt (@options) { my ($long, $short, $arg, $argtxt, $default, $help)=split (/\|/, $opt); if ($long eq 'cffile') { map { read_cffile($_) } split (/ /, $default); } elsif ($arg =~ /@/) { @{$o{$long}}=split (/ /, $default); } else { $o{$long}=$default; } } (basename($0) eq "pca-proxy.cgi") && ($o{proxy}=1); (basename($0) =~ "debug") && ($o{debug}=1); $o{proxy} && ($o{xrefdir} = getcwd()); # Get defaults from optional configuration file(s) my @conf=(); if ($o{proxy}) { push (@conf, dirname($0)."/../etc/pca-proxy.conf"); push (@conf, "/etc/pca-proxy.conf"); push (@conf, "pca-proxy.conf"); } else { push (@conf, dirname($0)."/pca.conf"); push (@conf, dirname($0)."/../etc/pca.conf"); push (@conf, "/etc/pca.conf"); $ENV{HOME} && push (@conf, $ENV{HOME}."/.pca"); push (@conf, "pca.conf"); } foreach my $i (@conf) { read_cffile ($i) } # Get defaults from optional environment variables (PCA_*) foreach my $opt (@options) { my ($long, $short, $arg, $argtxt, $default, $help)=split (/\|/, $opt); next if ($help eq "INTERNAL"); my $env=uc("PCA_$long"); next unless ($ENV{$env}); if ($long eq 'cffile') { map { read_cffile($_) } split (/ /, $ENV{$env}); } elsif ($arg =~ /@/) { push (@{$o{$long}}, split (/ /, $ENV{$env})) } else { $o{$long}=$ENV{$env} } } ($ENV{TMPDIR}) && (-d $ENV{TMPDIR}) && ($o{tmpdir}= $ENV{TMPDIR}); # Proxy mode ? if ($o{proxy}) { if ($#ARGV != 0) { errx ("Missing argument") } if ($ARGV[0] =~ /:force/) { $ARGV[0] =~ s/:force//; $o{pforce}=1 } if ((($ARGV[0] !~ /^patchdiag.xref$/) && ($ARGV[0] !~ /^\d{6}-\d{2}\.(zip|jar|tar|tar\.Z)$/) && ($ARGV[0] !~ /^\d{6}-\d{2}$/) && ($ARGV[0] !~ /^README\.\d{6}-\d{2}$/) && ($ARGV[0] !~ /^pca$/))) { errx ("Illegal argument"); } $o{proxy}=$ARGV[0]; } else { # Get command line options my @olist=(); foreach my $opt (@options) { my ($long, $short, $arg, $argtxt, $default, $help)=split (/\|/, $opt); next if (($help eq "INTERNAL") || ($help eq "ENVFILE")); $short && ($long="$long|$short"); if ($arg) { $long .= "=$arg" } elsif ($Getopt::Long::VERSION >= 2.32) { $long .= "!" } push (@olist, $long); } Getopt::Long::config ("bundling", "no_ignore_case"); $o{cffile}=sub { read_cffile ($_[1]) }; GetOptions (\%o, @olist) || usage() && exit ($xval=2); delete $o{cffile}; } if ($o{help}) { usage(); exit $xval } if ($o{man}) { man(); exit $xval } if ($o{version}) { version(); exit $xval } $o{listhtml} && ($o{list}=1); $o{pretend} && ($o{install}=1); $o{root} && ($o{root}="-R $o{root}"); if (!$o{patchurl} && $o{localurl}) { $o{patchurl}=$o{localurl} } if (!$o{xrefurl} && $o{localurl}) { $o{xrefurl}=$o{localurl} } if ($o{patchurl} =~ /\.cgi$/) { $o{patchurl} .= "?" } if ($o{xrefurl} =~ /\.cgi$/) { $o{xrefurl} .= "?" } if ($o{pcaurl} =~ /\.cgi$/) { $o{pcaurl} .= "?" } if ($o{patchurl} =~ /[^\/\?]$/) { $o{patchurl} .= "/" } if ($o{xrefurl} =~ /[^\/\?]$/) { $o{xrefurl} .= "/" } if ($o{pcaurl} =~ /[^\/\?]$/) { $o{pcaurl} .= "/" } ($o{patchdir} !~ /^(\/|\w:\/)/) && ($o{patchdir}= getcwd()."/$o{patchdir}"); ($o{xrefdir} !~ /^(\/|\w:\/)/) && ($o{xrefdir}= getcwd()."/$o{xrefdir}"); # Set defaults $o{operands} && !@ARGV && (@ARGV=(split (/\s+/, $o{operands}))); ($o{download} || $o{install} || $o{readme} || $o{getxref} || $o{proxy}) || ($o{list}=1); # Show all options and configuration files in debug output foreach my $opt (@options) { my ($long, $short, $arg, $argtxt, $default, $help)=split (/\|/, $opt); if ($long eq 'cffile') { } elsif ($arg =~ /@/) { next unless (@{$o{$long}}); dbg ("Option $long: @{$o{$long}}"); } else { next if ($o{$long} eq $default); dbg ("Option $long: $o{$long}") } } dbg ("ARGV: @ARGV"); dbg ("Version: $version"); ($conf_dbg) && dbg ("Config files: $conf_dbg"); ($o{debug} && !$o{proxy}) && log_msg ("Running pca $version in debug mode"); if ($o{update} !~ /^(never|check|now|auto)$/) { errx ("Invalid TYPE specified with --update: $o{update}"); } } sub process_patch_exceptions { foreach my $i ('stop', 'ignore', 'nobackup') { foreach my $j (@{$o{$i}}) { #dbg ("$i: $j"); if (($i eq 'nobackup') && ($j =~ /^all$/)) { $o{$i}='all'; last } if ($j =~ /^(\d{6})$/) { init_patch($1); ($p{$1}{$i}= "00"); next } if ($j =~ /^(\d{6})-(\d{2})$/) { init_patch($1); ($p{$1}{$i}= $2); next } errx ("Invalid patch ID with --$i: $j") unless ($i eq 'ignore'); } } } sub process_patch_flags { foreach my $i ('rec', 'sec') { foreach my $j (@{$o{$i}}) { #dbg ("$i: $j"); if ($j =~ /^(\d{6})(-\d{2})*$/) { init_patch($1); ($p{$1}{"${i}f"}= 1); next } errx ("Invalid patch ID with --$i: $j") } } } sub read_cffile { if ($conf_read{$_[0]}) { return } else { $conf_read{$_[0]}=1 } local *CONF; open (CONF, "<$_[0]") || return; $conf_dbg .= "$_[0] "; dbg ("Reading cffile $_[0]"); while () { chomp; s/^#.*$//; s/\s+#.*$//; s/^\s*//; s/\s*$//; next if /^$/; # Deprecated if (/(\d{6})\s+ignore/) { push (@{$o{ignore}}, $1); next } if (/(\d{6}-\d{2})\s+ignore/) { push (@{$o{ignore}}, $1); next } if (/(\d{6})\s+\+rec/) { push (@{$o{rec}}, $1); next } if (/(\d{6})\s+\+sec/) { push (@{$o{sec}}, $1); next } next unless (/(\w+)\s*=\s*(.+)/); my ($name, $value)=($1,$2); foreach my $opt (@options) { my ($long, $short, $arg, $argtxt, $default, $help)=split (/\|/, $opt); next if ($help eq "INTERNAL"); next unless ($name eq $long); if ($long eq 'cffile') { map { read_cffile($_) } $value; } elsif ($arg =~ /@/) { push (@{$o{$long}}, $value) } else { $o{$long}=$value } last } } } sub usage { print< = $id; # effective uid $< = $id; # real uid $> = $id; # effective uid }; pod2usage( -exitstatus => 0, -verbose => 2 ); } sub version { print "pca $version\n"; } __END__ =head1 NAME pca - analyze, download and install patches for Sun Solaris =head1 SYNOPSIS pca [OPTION] .. [OPERAND] .. =head1 DESCRIPTION pca is a perl script which generates lists of installed and missing patches for Sun Solaris systems and optionally downloads and installs patches. By default, if run without any option or operand, pca shows a list of all patches which are not installed in their most recent revision. The output of the pkginfo, showrev and uname commands is used to gather information about the system. Sun offers a patch cross-reference file called patchdiag.xref which contains information about all available patches. This file is downloaded by pca automatically to /var/tmp/ and kept up-to-date. If the file exists and is not writable, pca uses it and won't try to update it. =head1 SAMPLE OUTPUT Here's some sample output from I, which shows a list of all installed and missing patches: Using /var/tmp/patchdiag.xref from Feb/29/04 Host: myhost (SunOS 5.9/Generic_117171-09/sparc/sun4u) List: all (7/2182) Patch IR CR RSB Age Synopsis ------ -- - -- --- --- -------------------------------------------------- 112785 42 < 43 RS- 18 X11 6.6.1: Xsun patch 112787 01 = 01 --- 999 X11 6.6.1: twm patch 112807 10 = 10 RS- 9 CDE 1.5: dtlogin patch 113039 -- < 06 --- 76 SAN 4.4.1: Sun StorEdge Traffic Manager patch 113040 -- < 08 R-- 77 SAN 4.4.1: fctl/fp/fcp driver patch 113477 02 > -- --- 999 NOT FOUND IN CROSS REFERENCE FILE! 117114 -- < 02 --- 4 CDE 1.5: sdtwebclient patch The header includes some general information about the patchdiag.xref file, the host (I) and the listed patches (I). The numbers in parantheses are the number of listed patches and the sum of their ages in days; when listing missing patches, this is a rough indicator of the current patch state. The first column (I) contains the patch number, followed by the installed revision (I) and the current revision (I), with one of E, E, or = between them, which tells whether the installed patch revision is lower, equal or higher than the current revision of the patch. The I column lists the Recommended/Security/Bad flag of the patch. I shows the number of days since the patch was released, and I shows a short description of the patch. On this system, revision 42 of patch 112785 is installed, but a newer revision (43) is available. This patch is marked Recommended/Security. Patch 112787 is installed in revision 01, which is the most recent revision of the patch. 112807 is marked Recommended/Security, and it's up-to-date. Patches 113039, 113040 and 117114 are not installed at all, and 113040 is marked Recommended. 113477 is installed, but not listed in the cross-reference file. New Solaris update releases often have patches pre-installed which are not yet listed in patchdiag.xref. Often one patch requires other patches to be installed before it can be installed. pca resolves these dependencies, and lists patches in their correct order. This can be seen in the patch list when a greater patch number is shown before a lower one, or when a patch which is not marked R/S is shown on the list of missing R/S patches. =head1 OPTIONS =over =item -l, --list List patches. See OPERANDS on how to specify which patches are listed. =item -L, --listhtml Like I<-l>, but generates output in HTML format, including links to patch READMEs and downloads. If I is set and points at a local patch proxy, the links in HTML output will point there, too. =item -d, --download Download patches. See OPERANDS on how to specify which patches are downloaded. Patches are placed in the current directory or in I, if set. A Sun Online Account is required. =item -i, --install Download and install patches. See OPERANDS on how to specify which patches are installed. Requires pca to be run as root. Downloaded patches are removed after successful installation, unless I<--download> is used, too. =item -I, --pretend Like I<-i>, but only pretend to install patches. Can be used to find out if any of the patches require a reboot. =item -r, --readme Display patch READMEs. See OPERANDS on how to specify which READMEs are displayed. The patch README is extracted from a previously downloaded patch file or downloaded directly from Sun, if Sun Online Account data is provided. =item -x, --getxref Download most recent patch cross-reference file. If the file does not exist or is older than 3 hours, pca tries to download it on its own before anything else. =item -X, --xrefdir=DIR Set location of the cross-reference file. The default is I (in proxy mode, the default is the current directory). By default, patchdiag.xref is writable for all users. If the I option is set, or the I option contains I, the cross reference file will be writable by the current user only. =item -y, --nocheckxref Do not check for updated patch cross-reference file. Use this option to maintain a global baseline patch set. =item --xrefown If set, patchdiag.xref will be writable for the current user only. =item --nocache If a proxy is used to access the Internet, this option advises it to not cache patchdiag.xref. Useful if the proxy can't be trusted to always return an up-to-date version of the file. =item -P, --patchdir=DIR Set directory to which patches are downloaded. The default is the current working directory. =item -a, --askauth Ask for Sun Online Account data interactively when needed. =item --user=USER Login name for Sun Online Account authentication. =item --passwd=PASS Password for Sun Online Account authentication. =item --patchurl=URL If set, pca tries to download patches and READMEs from this URL first. Any URL starting with file:/, ftp://, http:// or https:// can be used. See LOCAL PATCH SERVER for more information. =item --xrefurl=URL If set, pca tries to download the patchdiag.xref file from this URL first. Any URL starting with file:/, ftp://, http:// or https:// can be used. See LOCAL PATCH SERVER for more information. =item --localurl=URL Deprecated. Use I and I instead. If set, pca tries to download patches, READMEs and patchdiag.xref from this URL first. Any URL starting with file:/, ftp://, http:// or https:// can be used. =item --stop=ID Stop after patch ID. When the specified patch ID is reached during listing, downloading or installing patches all operations are stopped. =item --ignore=WHAT Ignore certain patches. The patch will not be listed, downloaded or installed unless it is required by another patch. Specify a patch ID without revision (I<123456>) to ignore any revision of patch 123456. Specify I<123456-78> to ignore only revision 78 of patch 123456; newer revisions will not be ignored. Specify a search pattern like I to ignore patches whose synopsis matches the pattern. =item --rec=ID Set Recommended flag on patch ID. Useful to add single patches to the set of recommended patches. The patch will be marked with a lowercase I in pca's output. =item --sec=ID Set Security flag on patch ID. Useful to add single patches to the set of security patches. The patch will be marked with a lowercase I in pca's output. =item -p, --pattern=REGEX List only patches whose synopsis matches the search pattern REGEX. This can be a simple string like I or a regular expression like I<"[kK]ernel">. If the pattern starts with a '!', only patches which do not match the pattern are shown. =item -n, --noreboot Install only patches that don't require a reboot after installation. =item --minage=DAYS List only patches which are at least DAYS old. =item --maxage=DAYS List only patches which are at most DAYS old. =item --syslog=TYPE Syslog priority to log patch installs to. The default is I which gets logged to I. Specify facility and severity (e.g. I) or a facility only (e.g. I, the default severity is I). Use I to disable logging to syslog. =item -k, --nobackup=ID Do not back up files to be patched for patch ID. This works by running patchadd with its I<-d> option. Patches can not be backed out if this option is used. Specify a patch ID with or without a revision or the special ID "all" to not back up files for any patch. =item -B, --backdir=DIR Saves patch backout data to DIR. This works by running patchadd with its I<-B> option. =item -s, --safe Safe patch installation. Checks all files for local modifications before installing a patch. A patch will not be installed if files with local modifications would be overwritten. =item -G, --currentzone Make patchadd modify packages in the current zone only. This works by running patchadd with its I<-G> option. This option works on Solaris 10 or newer only. =item --patchadd=FILE Path to an alternative patchadd command. =item -H, --noheader Don't display descriptive headers and other information, just one line per patch. Useful if re-using pca's output in own scripts. =item --format=FORMAT Set output format to FORMAT. The default format is "%p %i %e %c %r%s%b %a %y". Use I<%p> for the patch number, I<%i> for the installed revision, I<%e> for information whether the installed revision is lower, equal or higher than the current revision (I<%c>). Use I<%r>, I<%s> and I<%b> for the Recommended, Security and Bad flag, I<%a> for the age and I<%y> for the Synopsis. Use I<%n> as a patch counter and I<%t> for the total number of patches. Example: With the format string "%p-%c %y" pca shows patches in the same format as smpatch. Use of this option in combination with I<--listhtml> is unsupported. =item -f, --fromfiles=DIR Read uname/showrev/pkginfo output from files in the specified directory, where DIR can also be a file name prefix. See CREATING PATCH REPORTS FOR REMOTE MACHINES for details. =item --dltries=NUM Try downloads from Sun's download server NUM times. The default is 1. Can be raised to reduce failed patch downloads when Sun's patch download server is unresponsive. =item -F, --force Force local caching proxy to download patchdiag.xref, patches and patch READMEs from Sun's download server, even if the file is already in the cache. Useful to download updated patch READMEs for bad patches. =item -R, --root=DIR Set alternative root directory. This can be useful for Live Upgrade, to analyze patches in an alternate root environment or to point pca at the mini-root of a jumpstart install server. =item --wget=FILE Path to the wget command. =item --wgetproxy=URL Default proxy for wget. =item --logger=FILE Path to (alternative) logger command. =item -t, --threads=NUM Number of concurrent download threads. See THREADS for details. =item --update=TYPE Check for available updates for pca itself. TYPE can be I, I, I or I. See UPDATE PCA for more information. =item --pcaurl=URL Set the URL which is used by I to check for new versions of pca. See UPDATE PCA for more information. =item --ssprot=PROT Use PROT as the protocol to access the Sun download server. The default is I. The only reasonable alternative value is I; wget must support HTTPS for this to work. =item --sshost=HOST Use HOST as the hostname or IP address of the Sun download server. The default is I. =item --jar Download signed patches in JAR format instead of unsigned ZIP files from the Sun download server. The signatures must be verified with I outside of pca as of now. =item --cffile=FILE Read FILE as additional configuration file. Use I in a configuration file to include FILE. =item -V, --debug Show debug output. This includes output generated by patchadd. When running in proxy mode, debug output will be written to the file /tmp/pca-proxy-debug.txt. =item -h, --help Print help on command line options. =item -m, --man Print manual page. This requires the Pod::Usage module. =item -v, --version Print version information. =back If no option is specified, the I<-l> option to list patches is used. =head1 OPERANDS The operands determine which patches are listed (I<-l>), downloaded (I<-d>), installed (I<-i>) or whose READMEs are displayed (I<-r>). Multiple operands can be specified. Supported operands are I (missing, installed, all, total, unbundled, bad), I with or without revision (123456-78 or 123456), I (123456-78.zip) and I (patchlist.txt). The patch groups can be used to specify all missing patches (I), all installed patches (I), both installed and missing patches (I), all patches listed in patchdiag.xref (I), patches not associated with a software package (I) or installed patches which are marked Bad (I). By adding I, I or I to any of the patch groups, only patches from the patch group which are marked Recommended, Security or either Recommended or Security are specified. Examples are I for all missing Security patches, or I for all Recommended/Security patches. Patch groups can be shortened by using the first letter of the patch group plus optional r/s/rs (e.g. I for missings or I for allrs). Patch IDs like I<123456-78> or I<123456> are used to specify single patches. If no revision (I<-78>) is specified, patch dependencies will be resolved. If the name of a patch file like I<123456-78.zip> is specified, it has the same effect as using I<123456-78>. This can be useful to install a list of already downloaded patches with I. If a I is specified, the file is read and its contents are added to the list of operands line-by-line. A file can contain other file names. If the file name is equal to a valid patch group name it will not be read. The patch list can be limited to patches whose synopsis line contains a search pattern by using any patch group in combination with the I<--pattern=REGEX> option. A command like I shows any missing patch containing the I keyword in its description. If the search pattern contains whitespace or special characters, enclose it in quotation marks: I shows patches for all versions of Sun Studio. If the pattern starts with '!', the patch list is limited to patches which do not match the pattern. If no operands are specified, the I operand is used. =head1 CONFIGURATION The behaviour of pca can be configured by setting any option either in a configuration file, as an environment variable with the I prefix or on the command line. See OPTIONS for a complete list; only the long names can be used in configuration files and for environment variables. At first, the configuration files are read. pca reads I in the directory where pca is installed, I<../etc/pca.conf> of the directory where it is installed, I, I<$HOME/.pca> and I in the current directory, in this order. In proxy mode the files I<../etc/pca-proxy.conf>, I and I in the current directory are read instead. Options are set by specifying I in the file. Example: To set the path of the wget command, use I. To enable debug output, use I. Then, all environment variables matching I are read. Example: To set the patch download directory, set I to I. To set the I option, set I to I<1>. At last, the command line options are read. Example: To set the location of the patch xref file, use I<-X /tmp> or I<--xrefdir=/tmp>. To set the option for safe patch installation, use I<-s> or I<--safe>. All boolean options (i.e. those which do not take an argument) can be negated on the command line by specifying I<--no-option> to override settings from configuration files. Version 2.32 or newer of the Getopt::Long module is required. Example: If I is set in I it can be overridden with I<--no-noreboot>. The I option can only be used in configuration files and as an environment variable. It sets the default OPERANDS. In a configuration file, everything after a I<#> character is regarded as a comment and ignored. =head1 PATCH DOWNLOAD AND INSTALLATION The I<-d> option downloads patches to the current directory, I<-i> downloads and installs them. The download option can be used as a regular user. The external command wget is used for the actual download. If it can't be found in the default paths, set the I option to contain the path to the wget command. The install option requires pca to be run as root. It uses I to install the patches. Using I<-I> instead of I<-i> pretends to install patches, but does not actually install any patch. The patches are downloaded from Sun's patch download server. To download patches from Sun, a Sun Online Account (SOA) is required. A free SOA will grant access to security and driver patches only. To access all patches, you need to buy a Sun Service Plan and connect it to your SOA. Set the two options I and I to contain the SOA user name and password. If I is set, but I is not, pca will ask for the password. Alternatively, when run with the I option, pca asks for Sun Online Account data interactively. As pca analyzes the information in the cross-reference file to resolve patch dependencies, it lists and installs patches in the correct order. For some patches, a (reconfiguration) reboot is recommended or required after installation. The /reconfigure file is created as needed and a message is shown in the summary. When the I or I option is combined with the I option, only patches which do not require a reboot are installed. This information is contained in the patch distribution file. Therefore, even if I is specified, the patches are downloaded anyway; only the installation is skipped. I normally keeps a backup of all files it modifies. Using the I<--nobackup=ID> option with pca instructs I to not keep backup copies of replaced files (see the I<-d> option in patchadd's man page). Sometimes a patch re-delivers and silently overwrites files which have been modified locally. pca tries to overcome this issue with its safe patch installation mode. Before installing a patch, pca checks all files listed in the patch README for local modifications. If any modified file is in danger of being overwritten, a warning is shown and the patch is skipped. Safe mode is off by default, and can be turned on by using I<-s> or I<--safe> in combination with I<-i> (install patches) or I<-I> (pretend to install patches). You must be root to use I<-s>. Running I is a safe way of identifying problematic patches without actually installing them. In rare cases, patches modify or replace files without updating the checksum in the package database used by pca. Installing a more recent revision of the same patch will fail although no local modifications have been made to a file. Patch installation can be forced by not using the I option. Running I on a regular basis is enough to keep the system at the recommended patch level. This is quite comfortable and works without problems in many cases. As some patches require special handling, it's recommended to read the README of every patch before installation. pca's I<-L> option for HTML output and the I<--readme> option to display patch READMEs are handy for that. Sometimes installing a patch might fail because of inconsistencies in the patchdiag.xref file, the patch README and the information contained inside the patch. Often this gets fixed in a new version of patchdiag.xref or in a new revision of the patch. Either try again a few days later or take a look at the I section on the pca web site, where some problematic patches are listed. =head1 LOCAL PATCH SERVER On a local network, it might be useful to have a local patch server. There are two ways to set up a local patch server for pca, using the I and I options. URLs specified with these options are always accessed first when downloading patches, patch READMEs or patchdiag.xref. Only if a file can't be found there, pca falls back to Sun's patch server. Like this, files are downloaded from Sun's patch server only once when installing patches on multiple machines. Create the local patch repository by copying downloaded patch files (e.g. 123456-78.zip), patch READMEs (e.g. README.123456-78) and/or patchdiag.xref to a directory which is available via NFS or on a local web server. Point pca at it by setting the I and/or I options to the URL (e.g. file:/patches/ or http://www.my.org/patches/). The more advanced method uses pca to work as a local caching proxy for itself. Create a directory in the document root of the local web server, and link or copy pca there under the name I. Make sure that the directory (or the directories specified with the I and I options) are owned and writable by the user under which CGI scripts run, as patches, patch READMEs and patchdiag.xref will be stored there. Verify that the web server is configured to run CGI scripts (for apache, check the ExecCGI and AddHandler options in httpd.conf). Create a pca.conf file in the same directory to specify Sun Online Account data. On the client, point pca at the caching proxy by setting the I and I options to e.g. http://www.my.org/patches/pca-proxy.cgi. In proxy mode, if a patch or patch README exists in the local cache directory, it is delivered immediately. If it doesn't, the file is downloaded from Sun's patch server, put into the cache, and delivered. For patchdiag.xref, I will always make sure that it has a recent version of this file and deliver it from its cache. With a local caching proxy in place, client systems running pca and using this proxy do not need direct access to the Internet at all. Example setup of a local caching proxy on a vanilla Solaris 10 system: # mkdir /var/tmp/pca # chown webservd:webservd /var/tmp/pca This is where patches, READMEs and patchdiag.xref will be stored by the proxy. Now put the CGI script in place and create a configuration file: # cd /var/apache2/cgi-bin # cp /usr/local/bin/pca pca-proxy.cgi # chmod 555 pca-proxy.cgi # cat > /etc/pca-proxy.conf xrefdir=/var/tmp/pca patchdir=/var/tmp/pca user=XXXXXX passwd=YYYYYY ^D # chown webservd:webservd /etc/pca-proxy.conf # chmod 600 /etc/pca-proxy.conf If the apache2 server is not running yet, create I and enable the server with I: # cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf # svcadm enable svc:/network/http:apache2 Test the caching proxy on a client: ./pca -X . --xrefurl=http://server.domain/cgi-bin/pca-proxy.cgi --patchurl=http://server.domain/cgi-bin/pca-proxy.cgi -d 126306-01 The patchdiag.xref and 126301-01.zip will be downloaded by the proxy and stored in I on the server, and both files will be delivered to the client. If it doesn't work, add I to the pca.conf file and look at /tmp/pca-proxy-debug.txt and /var/apache2/logs/ for details. When downloading large patches through the proxy, you must ensure that the web server does not kill I before it has completed the download from SunSolve. Apache has a I option with a default value of 300 seconds. Raise that to 1800 seconds to avoid problems. For large setups, you can build a cascade of local caching proxies by pointing one proxy at another proxy by setting I and I to point at the master proxy in the slave proxies' pca.conf. As pca uses the wget command to download patches from the patch server, make sure that any specially required option is set in I or I<$HOME/.wgetrc>. Example: When running the local patch server on a HTTPS server with a self-signed certificate, I should be specified in I on the client. =head1 UNBUNDLED PATCHES Usually a patch is related to one or more software packages installed on a system. Apart from that, there are unbundled patches. They provide firmware updates for machines, disks, or tape drives and fixes for software which doesn't come in package format. Currently there is no way to automatically determine if such patches actually apply to a system. The I operand specifies this type of patches. At first, I will show a long list of patches. To reduce this list to the interesting ones, unnecessary patches can be ignored by using the I option in a pca configuration file. For patches you are absolutely not interested in, use an entry like I in the configuration file; this patch will never be shown again, even if a newer revision of the patch appears. Patches that are installed in their current revision should be put with this revision into the configuration file (e.g. I). The patch will show up again when a newer revision is released. Example: Patch 106121-18 contains the most recent PROM firmware for Ultra 5/10 workstations. As it's installed on all systems, I put I into the configuration file. When a new revision of the patch is released, it will show up in I again. Patch 118324 is the PROM firmware patch for the Sun Fire V440. As I don't have such a machine, I put I into the configuration file to ignore this patch completely. All that pca can do is to notify of new unbundled patches or patch revisions. It's on you to decide whether a patch is needed by checking its README file, and to install it by following the instructions in the README. Unbundled patches cannot be installed by patchadd or pca. =head1 CREATING PATCH REPORTS FOR REMOTE MACHINES pca can create a patch report or download patches for a system which cannot run pca directly, like stripped-down systems without perl or an Internet connection. On such systems, run: uname -a > uname.out showrev -p > showrev.out pkginfo -x > pkginfo.out On systems with a minimal core installation of Solaris, the I command might not be available. Use I showrev.out> instead. Copy the resulting I<*.out> files to a system where pca is installed. Use the I<-f DIR> or I<--fromfiles=DIR> option to point pca at the location of the input files. The argument to I<-f> can be a directory or a file name prefix like I. This allows collecting I<*.out> files for multiple systems and telling pca which ones to read. If Sun Explorer is used to collect information about Sun systems, a directory containing Sun Explorer output can be used as the argument to I<-f> as well. Other options can be used in combination with I<-f>. Example: I downloads all missing patches for the remote system. =head1 ZONES pca can be run both in the global zone or any non-global zone. Patches installed in the global zone are usually installed in all non-global zones, too. It's recommended to install patches in the global zone first, and then run pca in all non-global zones to check for additionally needed patches. This is necessary if packages have been added to or removed from just the global or any non-global zone. When pca is run with the I<-G> option, this option is handed through to patchadd, which will install patches in the current zone only. See the man page for patchadd for further details. =head1 THREADS If pca is run with the I<--threads=NUM> option, in conjunction with the download I<-d> or install I<-i> options, pca will begin downloading multiple patches in parallel, up to NUM patches at once. Patches will still be installed one at a time, in the appropriate order. The perl version used to run pca must support threading, otherwise requests to use threading will be silently ignored. The /usr/bin/perl which comes with Solaris and perl binaries compiled with the default settings do not support threading. In that case, the output of I<--help> will indicate that threads have been disabled. =head1 UPDATE PCA Changes to the patch infrastructure by Sun and problems with single patches often make updates to pca necessary. To ease that procedure, the I option can be used. The default is type I - pca will never check for updates. Use the I type to contact the pca webpage and check for available updates. Using I will not only check, but also download and install the updated version of pca. With I, pca will check for updates automatically once per day, keeping itself up to date without user intervention. Unlike I and I which are for interactive usage, this type is best used in a configuration file. The default URL to check for updates is http://www.par.univie.ac.at/solaris/pca/stable/ (official release). It can be set with the I option. Set it to http://www.par.univie.ac.at/solaris/pca/develop/ to check for and update to new development versions of pca. You can set I to point at a local URL to distribute whatever version in your local network. If set to point at a local caching proxy, the proxy will check for updates automatically, keep a local copy of the pca script in I and deliver it to the client. Set I in the configuration file for pca in proxy mode (I) to make it keep itself up-to-date. =head1 JUMPSTART You can use pca to install patches in the finish script of a jumpstart install server. Perl is included in the OS image which is booted over the network for installation starting with Solaris 8. As the machine will probably not have an Internet connection during installation, you can either pre-download all necessary patches into a directory accessible via NFS, or set up a local caching proxy. If you use any http or ftp url for I or I, you must put a copy of wget into the directory that contains your finish script and pca, and use the I option to point pca at it. Set I and I (unless you use I) to /tmp to avoid problems with non-writable directories. As the OS which gets installed during jumpstart is mounted at /a, use the I option to instruct pca to install patches there. =head1 EXAMPLES List all missing patches. This is the same as running pca without any arguments: pca -l missing List all installed security patches: pca -l installeds Display the README for the current revision of patch 116532: pca --readme 116532 Show all installed patches which are marked Bad. You should read the patch README to find out how to handle a specific bad patch: pca -l bad Download multiple explicitly specified patches after asking for Sun Online Account data: pca --askauth -d 121308-02 122032 Download and install all missing patches which do not require to reboot the system in safe mode: pca --noreboot --safe --install Download all missing patches for a remote system. Output from I, I and I has been saved to /tmp/myhost_uname.out etc. before: pca -f /tmp/myhost_ -d missing Check for a new version of pca and install it: pca --update now A sample configuration file: # Sun Online Account user=myuser passwd=secret # Other patchurl=http://www.my.org/patches/pca-proxy.cgi xrefurl=http://www.my.org/patches/pca-proxy.cgi syslog=user safe=1 =head1 ENVIRONMENT VARIABLES All environment variables with the I prefix are evaluated as options; see CONFIGURATION for details. Furthermore, these environment variables are used by pca: =over =item PAGER Path to the command which is used to display patch README files =item TMPDIR During patch installation, patches are extracted under this directory =back =head1 EXIT STATUS The following exit values are returned: 0 No error 1 Unknown error 2 Usage error 3 Reboot required to continue patch installation 4 Reboot required 5 Reboot recommended =head1 AUTHORS Martin Paul Emartin@par.univie.ac.atE Thanks to everybody who contributed code or provided feedback: Andrew Brooks, Bruce Riddle, Damian Hole, Peter Van Eynde, Richard Whelan, Eugene MacDougal, Peter Schmitz, Fredrik Lundholm, Dan W. Early, Markus Reger, Constantijn Sikkel, Stephen P. Potter, Fletcher Cocquyt, Timothy J. Howard, Thomas Bluhm, Frank Doeschner, Loris Serena, Marion Biallowons, Ricky Chew, Martin R. Korczak, Imad Soltani, Scott Lucas, Anders Grund, Bernd Senf, Chris Zappala, Ashley Krelle, Mike Patnode, Mats Larsson, Thomas Maier-Komor, Willi Burmeister, Stefaan A. Eeckels, Ian Collins, Leptonux, Joseph Millman, Guenter Zaehle, Frank Fejes, Mark Jeffery, Alberto da Silva, Mauricio Tavares, Kurt Rabitsch, Jeff Wieland, Frank Bertels, Steve Meier, Dan Lorenzini, Gerard Henry, Laurent Blume, Sean Berry, George Moberly, Erik Nordenberg, Mark Ashley, Jim Prescott, Christian Pelissier, Hugues Sapin, Colin A. White, Dale T. Long, Christophe Kalt, Bruno Delbono, Nan Liu, Frank Cusack, Marlon Sanchez-Nunez, Jois Diwakar, Toni Viemero, Jens Larsson, Gordon D. Gregory, Luis Catacora, Erik Larson, Tim Longo, Mike Borkowski, Nicolas Goy, William Bonnet, Dave Love, Thomas Brandstetter, Daniel Kunkel, Gregor Longariva, Miroslav Zubcic, Tim Bradshaw, Chris Quenelle, Christopher Odenbach, Andy Fiddaman, Peter Sundstrom, Andreas F. Borchert, Jonah Simandjuntak, Damian Lilley, Chris Ridd, Albert Lee, James Lick, John Douglass, Andres A. Flores Concepcion, Chris Reece, Toni Viemero, Timothy Meader, John D. Groenveld, Ceri Davies, Martin Wismer, Laszlo Kiss, Mike Moya, Leon Koll, Shawn Boots, Mike Wallace, Robert P. McGraw, Peter Arnold, Matt Kolb, Mike Shackelford, John Dzubera, Donald Teed, Asif Iqbal, Stephen Nash, Jason Loretz, Bryan Howard, Roman, Jonathan Hoefker, Daniel Trinkle, Ron Halstead, Rob Fisher, Chris Coffey, Travis Freeland, Hans-Werner Jouy, Gary Mills, Craig Bell, Mick Russom, Brian King, Ashley Rowland, Guillermo Castellini, Bryan D. Moorehead, Mark Scheufele, Corey Becker, David Robson, Kevin Maguire, Mike Wallace, Marcos Della, Frank Sperber, Horst Scheuermann, Adrian Ulrich, Steve Fox, David Collodel, Jeremiah Johnson, Erik Schubert, David Sullivan, Tom Francen, Matthew Scala, Richard Mayebo, Gerald Sinkiewicz, David Montag, Steve Forman, Jeffrey King, Gerry Van Trieste, Chris Denneen, Greg Barry, Paul Armstrong, Andreas Fineske, Eric Kissinger, Torsten Peter, Yevgeniy Averin, Sean Walmsley, Alexander Skwar, Jeffrey King, Jones Olatunji, Richard Skelton, Kjetil Torgrim Homme, Brian McNamara, Gerry Sinkiewicz, Kazuyuki Sato, Mayuresh Kshirsagar, Mauro Mozzarelli, Judy Illeman Gaukel, Petri Kunnari, William Pool, Steven Faulconer, Rono Jacob, Will Green, Martial Rioux, Zafar Pravaiz, Romeo Theriault, Fredrich Maney, Ben Szoko, Pietari Hyvarinen, Roman Pestka, Juergen Mengeling, David S. Bryant, Maciek S., Alexander Sverdlov, David Coronel, David Groce, Jeff Woolsey, Thomas Marshall, Allen Eastwood, Mike Busse, Martin Bellenberg, Dennis Clarke, Dominique Frise, Mark Hopkins, Enda O'Connor, Victor Feng, Peter Englmaier, Paul B. Henson, Gerry Haskins, Jeff A. Earickson, Stuart Anderson, Dagobert Michelsen, Simon Bellwood, Ateeq Altaf, Andrew Berry, Julian Davies, Con Petsoglou, Uwe Wolfram, Micah Cowan, Dan Shaw, Paul Moore, Neal A. Lucier, Eric Bourgi, Sergiusz Pawlowicz, Paul Van Bommel, Matt Banks, Ray Cromwell, Jan Holzhueter, Liam Carey, Alex Docauer, Christopher S. Chan, Philip Kime, Michael Schmarck, Kevin L. Bliss, Thomas Bleek, Albert White, Ron Helzer, Sergei Haramundanis, Steven M. Christensen, Felix Schattschneider, Rajiv G Gunja, Jeremy Simpson, Jesse Caldwell, Amy Rich, Jens Elkner, Stephen Matich, Justus J. Addiss, Fred Chagnon, David French, Don O'Malley, Stuart F. Biggar, Diana Stockdale, Randal T. Rioux, Todd Koeckeritz. =head1 MAILING LISTS Two mailing lists are available: =over =item pca-news This is a one-way list for announcements of new versions and news. To join, send an empty message to Epca-news-join@lists.univie.ac.atE. =item pca This is a discussion and support list. Messages from pca-news will be posted to this list as well. Posting to the list is allowed for non-subscribers. To join, send an empty message to Epca-join@lists.univie.ac.atE. To post to the list, send your message to Epca@lists.univie.ac.atE. =back =head1 SEE ALSO =over =item pca web site: http://www.par.univie.ac.at/solaris/pca/ =back =head1 CHANGES =head2 Version 20090224-01 * Allow search patterns for synopsis to be used with --ignore * Maintain last modification time on patchdiag.xref and pca * Add Last-Modified header in local caching proxy mode * Preserve last modification time on pca update * Maintain timestamps when copying files from file:/ URLs * New option to download patches in JAR format (--jar) * Fix recognition of jar files * Do not show reboot recommendation message if --root=DIR is set * Make space part of the option value when used in configuration file * Fix safe option for ill-formatted README file * Apply check: add 139335, 139336, 139337, 139338 * Apply check: add 123919, 123920, 123921, 123923 * Apply check: add 113120, 113121, 113122, 113123 * Apply check: add 116687, 116688, 116689, 119300, 119301, 119302 * Apply check: add 120108, 120109, 120110, 123200, 123201, 123202 * Apply check: add 123827, 123828, 123829, 139345, 139346, 139347 * Apply check: add 139548, 139549 * Update list of contributors =head2 Version 20081218-01 * Enable syslog messages to daemon.notice by default * Enhance possible values for syslog option * Log sample message to syslog in debug mode * New generic handling of unknown, non-Sun patches * Documentation: Add cp command in local server setup example * Rename internal function err() to avoid keyword clash with recent perl * Mark patch 114147 as BAD * Whitelist: add 137137, 137138, 121308, 121309, 138270 * Whitelist: remove obsolete patch * Apply check: add 110936, 110937, 110938, 110971, 110972, 110973 * Apply check: add 118386, 118387, 118388, 118389 * Apply check: add 118828, 118829 * Apply check: add 118836, 118837, 118838, 118839 * Apply check: add 127680, 127681, 127682, 127683, 127684 * Apply check: add 138550, 138551, 138552, 138553, 138554 * Update list of contributors =head2 Version 20081024-01 * Read only pca-proxy.conf (not pca.conf) in proxy mode * Provide more detailed exit status * Include patch count and sum of patch ages in header * Fix handling of downloaded files that are too short * Check whether patch already exists before announcing download * Fix handling of PTF/ACSLS patches * Read architecture information from pkginfo output * Accept wrong entries in the arch column in patchdiag.xref * Handle special characters in package version string * Fix erroneous behaviour with checking for patch existance * Simplify internal handling of extra patch requirements * Calculate patch age only once * Apply check: add 116413, 119775, 116831, 116832 * Update list of contributors =head2 Version 20080911-01 * Remove check for patches which are only partly installed =head2 Version 20080909-01 * Check for patches which are only partly installed * Fix bug with missing patches with multiple versions of the same package * Log failed patch install to syslog * Fix minage option being one day off * Include and use VeriSign certificate for HTTPS downloads from SunSolve * Include and use CyberTrust certificate for HTTPS downloads from pca home * Simplify patch download and pca update code * Simplify patch README download code * Simplify patchdiag.xref download code * Add some debug code * Fix coding error * Code cleanup * Documentation: Better describe what the noheader option does * Fix required patches which were never released: 125486, 125487, 114431 * Fix required patches which were never released: 126677, 126678 * Apply check: modify 119313, 119314 * Update list of contributors Today pca turns 5 years; version 1.0 was published first on 2003/09/09. Thanks to all of you for the large amount of positive feedback I've received during the last years! =head2 Version 20080729-01 * Workaround for 120011/120012 requiring obsolete patches 122660/122661 * Fix a bug when using current version of wget with https * Enhance checks for empty or corrupt patchdiag.xref file * New default URL setting for pcaurl * Apply check: add 121708, 121709, 121710, 125848, 125849, 125850 * Update list of contributors =head2 Version 20080626-01 * New option to list patches with a maximum age (--maxage=DAYS) * Create DIR/reconfigure (not /reconfigure) when using --root=DIR * Don't show ignorable error message from showrev * Fix required patches which were never released: 125077, 125078 * Whitelist: add 120185, 120186 * Whitelist: remove obsolete patches * Apply check: add 137112, 119252, 119253 * Apply check: add 136987, 136986 * Apply check: add 127553, 127554 * Apply check: remove obsolete patches * Update list of contributors =head2 Version 20080519-01 * Fix a bug where pca fails to run when threads option is used * Use locally existing patches in jar format * Read configuration file immediately when cffile option is seen * Enhance performance with hundreds of patch IDs as operands * Fix hanging unzip when no diskspace is left * Show timestamp in debug mode when patchadd is started * Remove duplicate debug message * Documentation: Add note about possible requirement of wgetrc settings * Whitelist: add 137093, 137094 * Apply check: fix 119381 * Apply check: add 125445, 125446 * Cosmetic changes * Update list of contributors =head2 Version 20080507-01 * Add option for concurrent patch downloads (--threads=NUM) * New option to set sunsolve access protocol to HTTPS (--ssprot=PROT) * Ignore HTML tags in patchdiag.xref * Honor wgetproxy option for non-SunSolve URLs as well * Read ../etc/pca-proxy.conf in proxy mode * Fix wget version detection under Red Hat * Make safe option work with ill-formatted README files * Whitelist: add 137274, 137275 * Whitelist: add 127755, 127756, 128307 * Whitelist: add 127127, 127128 * Apply check: add 117429, 118386, 118387, 118388, 118389 * Apply check: add 118828, 118829, 118836, 118837, 118838, 118839, 118840 * Apply check: add 120376, 120377, 120378, 120379, 124689, 124690 * Apply check: add 116338, 116339, 118383, 118384, 125698, 125699 * Apply check: add 111857, 114176 * Apply check: add 119380, 119381 * Update list of contributors =head2 Version 20080311-01 * Try to download patchdiag.xref from alternative sunsolve URL * Add hack to make pca work with wget v1.11 * Add new format specifiers for patch count (%n) and total patches (%t) * Show info header even if no patches are listed * Fix bug with pca not finding its configuration file in some cases * Fix warning about use of uninitialized value * Documentation: Add information about mailing lists * Whitelist: add 127718 * Apply check: add 127719 * Update list of contributors =head2 Version 20080131-01 * New option to display man page (-m/--man) * Make patch utilities patches appear at the top of the list * Create /reconfigure after patch installation if needed * Show correct reboot command in patch installation summary (init 6) * Allow specifying negative patterns with the pattern option * Honore ignore options even if patch IDs are specified explicitely * Make update option work with pcaurl set to a local caching proxy * Make auto update work with pca in proxy mode * Documentation format fixes * Whitelist: add 127718 * Whitelist: remove obsolete patch * Apply check: add 126356, 126357 * Apply check: add 106514, 106515, 108049, 108050, 108879, 108881 * Apply check: add 109120, 109121, 109413, 109414, 117010, 117011 * Apply check: add 117784, 117785, 118195, 118196, 118263, 118264 * Apply check: add 118950, 118951, 123254, 124590 * Apply check: add 124480, 124481, 124482 * Update list of contributors =head2 Version 20080109-01 * Read /etc/pca-proxy.conf and ./pca-proxy.conf in proxy mode * New option to specify additional configuration files (--cffile=FILE) * Allow negating boolean options on the command line with --no-option * Documentation: Add information about the Timeout option in Apache * Whitelist: add 125082, 125890, 128624 * Whitelist: remove obsolete patch * Apply check: add SAM-FS and QFS patches Use /etc/pca-proxy.conf or pca-proxy.conf in the same directory as the CGI script from now on. For downward compatibility pca-proxy.cgi will still read pca.conf in the standard locations, but this is deprecated. =head2 Version 20071214-01 * Enhance check for circular patch dependencies * Enhance error handling * Update list of contributors * Whitelist: add 118717, 127111, 127112 =head2 Version 20071115-01 * Streamline patch downloads from local caching proxy * More verbose output during downloads and patch installation * Complete code redesign of all download functions * Try to download patchdiag.xref from sunsolve without SOA data * Always keep backup copy of patchdiag.xref before trying download * Use downloaded copy of patchdiag.xref if date is equal to backup copy * Always check if downloaded copy of xref file is newer than local copy * Restore backup copy of patchdiag.xref if pca is interrupted * Correctly handle SOA password with # sign in configuration file * Add trailing slash to download URL if missing * Show wget version in debug output * Fix bug when installing patch using previously unpacked patch directory * Change implementation of file type recognition * Fix perl warning * Update list of contributors Attention: There has been a change in the protocol used to download patches from the local caching proxy. Make sure to update both pca and pca-proxy.cgi. The output format of pca has been changed to give more detailed information about download sources and patch installation. SunSolve has changed in a way that download of the patchdiag.xref file is possible without a Sun Online Account again. pca now tries both with and without SOA. =head2 Version 20071023-01 * Change nobackup option to accept a patch ID or "all" as argument * Preserve local copy of patchdiag.xref if sunsolve copy is older * New option to set sunsolve hostname or IP address (--sshost=HOST) * Honor setting of nocheckxref option in proxy mode * Detect absolute path names for xrefdir/patchdir under Windows * Use "--execute cache=off" instead of "--cache=off" with nocache * Show patchadd command in debug output * Fix debug message shown when safe option is used * Remove temporary entry for 126509 which was missing from xref * Apply check: add 123202 * Apply check: add 123827, 123828, 123829 * Apply check: add 125760, 125761, 125762 The nobackup option requires an argument now. Instead of --nobackup use --nobackup=all, or specify selected (e.g. large) patches in multiple nobackup options. SunSolve is sometimes delivering out-of-date versions of the patchdiag.xref file. pca now checks the date in the header and will not overwrite a more recent local copy with an outdated file from SunSolve. =head2 Version 20071011-02 * A Sun Online Account is needed to access patchdiag.xref * Modify askauth to ask for authentication data when needed * Use same URL for patch README in HTML output with and without SOA * Fix bug with update showing old list of changes * Fix typo in reconfiguration message * Documentation: Clarify information about ignore option * Whitelist: add 121429, 119757, 119758, 125367, 125368 * Whitelist: modify 121428 With a recent change to SunSolve, a Sun Online Account is now required to allow pca downloading the patchdiag.xref file. The askauth option has been modified to ask for the Sun Online Account in that case, too. =head2 Version 20071005-03 * Add documentation about using pca in a jumpstart finish script * Whitelist: modify 120011 * Fix small bug with installing Sun Studio 11 patches on Solaris 10 =head2 Version 20071002-01 * New option to allow pca to update itself (--update=TYPE) * Code cleanup and performance enhancements * Deliver files in proxy mode directly without HTTP redirect * Write debug output to file in proxy mode * Fix a problem with timelocal when running pca under Windows * Fix obscure bug with --safe option and pathnames with commas * Add option to stop after a specified patch ID (--stop=ID) * Allow patch proxy to download files from another patch proxy * Revert to old mechanism of specifying user and password with wget * Include documentation in pca * Handle relative path names in xrefdir correctly * Whitelist: add 120011, 125369, 120012, 125216, 125370 * Whitelist: modify 118833 * Whitelist: remove obsolete patches * Apply check: add 125950, 125951, 125952, 125953 * Apply check: add 121430, 121431, 121428 * Apply check: add 125276, 125277, 125278 * Apply check: remove obsolete patches There is a new version scheme, consisting of the date in ISO format plus a serial number. The same scheme is used for official and development releases. A new option has been added (update=TYPE) which allows pca to check for and install new versions of itself. See UPDATE PCA in the documentation. The documentation is now included in POD format in pca. Use I to view it. There are some enhancements to pca in proxy mode. You can setup a cascade of local proxies by pointing one proxy at another. The xrefdir and patchdir are honored now in proxy mode, so you can keep the cache directory out of the document root of your web server and use an existing cgi-bin directory. Debugging a proxy is simplified; when the debug option is set, debug output will be written to a file. =cut # O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2 -----BEGIN CERTIFICATE----- MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY oJ2daZH9 -----END CERTIFICATE----- # O=GTE Corporation, CN=GTE CyberTrust Global Root -----BEGIN CERTIFICATE----- MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ -----END CERTIFICATE-----