Solaris patching for new learners.

What is a patch?

A patch fixes problems that prevent the proper execution of software. It is a collection of files and directories that replace or update existing files/binaries and directories.

The entire OS is installed as a collection of Solaris packages. It is done during the OS installation via the pkgadd command. Patches are build in a similar fashion. Patches are partial packages which replace files in the existing packages then they update the pkg/patch databases.

Some patches only update one package in the OS others update several packages. To get an idea as to which packages might be updated by a patch look into the patch directory itself. There will be at least one sub-directory of a package which will be updated.

What is IDR (Interim Diagnostic or Relief) ?

During the life cycle of solaris server, organisations may have to deal with some issues which are very much specific to that environment and doesn’t applicable for outside environment.As part of oranisation’s support contract role with oracle ( formerly Sun microsystems), oracle  will provide some customised solutions ( either diagnosis programs or temporary workaround for the issues) to deal with the issues.

Since IDRs  are also act like kind of patches to provide fix to the issues ( but not permanent fixes),  oracle want to keep track of these solutions in the same manner that server is tracking the patch information ( installations, revisions .. etc). That is the reason we do manage ( install/uninstall) IDR in the same manner as we manage patches( using patchadd/patchrm). But there are few difference while administrating IDRs  with patchadd/patchrm.

And they are :

1. An IDR is named similar to a patch, but with the prefix string “IDR” as in “IDR1556456-01”. This name will be displayed by using the “-p” option with either the showrev or patchadd utilities.

e.g.   showrev -p might display:

Patch: IDR1153429-01 Obsoletes: Requires: 14425-01, Incompatibles: 144425-02 Packages: SUNWcsu, SUNWxcu4

2. We cannot specify the -d option during installation to prevent backing up the existing files for eventual restoration.

3. We  will be required to uninstall a revision of an IDR before you can install another.

4. IDR uses a feature called “R-Patch(Restricted Patch)”, this feature will prevent IDR to overwritten by subsequent install of IDR, and also this mechanism prevents a software package that already been modified by an IDR from being further modified by another IDR or patch.

5. We must not use -B option to place the backup data in a location that is volatile (e.g., /tmp) or remove the backup data after installing the IDR. This will prevent the IDR from being uninstalled, and you would therefore not be able to install any more IDRs or patches that affected the same software packages

What is T-Patch ?

T-patch is a Test Patch, and Oracle will provide T-patch when the organisation having high priority issues with any specific bug and needs quick resolution.

How do we manage patch?

In solaris most of the patch management happens with two basic commands and the y are “patchadd for patch install ” and “patchrm for patch uninstall”.

How Patchadd command works?

# /usr/sbin/patchadd /path-to-package
  1. Checks package version and OS release information

  2. Copies files from the patch directory to to their final destinations. Patches are also capable of modifying contents of files instead of just replacing them.

  3. Update pkginfo file with:
    patches now obsoleted
    other required patches incompatible patches its own current patch information

  4. Archives outdated files and dirs to /var/sadm/pkg/save (in a compressed format) 

  5. Log patch installation to the /var/sadm/pkg/patch/{patch-id} directory.  NOTE: This is not the directory that patchadd -p or showrev -p look at to determine which patches are installed.  Those commands look at /var/sadm/pkg/pkginfo file to compile a list of installed patches

  6. Updates the /var/sadm/pkg/pkginfo file

Common option we use with patch add :

 -d   Don’t back up the files to be patched. Patch can’t be backed out after using this option.  Sometimes people use this when disk space is low.  Using this option is extremely discouraged as the patch cannot ever be backed out ! 

-p   Print list of patches. Same as ” showrev -p “

-u   Install unconditionally, even if files to be patched have been modified.

-M   Installs multiple patches. You can list multiple patches separated by a space or include a file containing a list of patches.

What  does patchrm do ?


Attempts to restore the system to the pre-patch installation state. It returns files and directories archived in /var/sadm/pkg/save directory to their original locations and removes the versions installed by the patch

Common options that we use with patchrm:

-f   Forces removal. Sometimes this is needed when a later patch revision was applied.

-B  Removes a patch whose backout data was not stored in /var/sadm/patch/{patch-id}.

-R Removes a patch from alternate root directory structure.  This comes in  handy when backing out a patch on a diskless client OS image or when removing patch while booted from a CDROM.


You can look at the following Posts where the procedures for various critical server patching was explained

General Procedure for Kernel Patching in Solaris.

Solaris Patching using Live Upgrade





I have started ( aka in 2009 as my own personal reference blog, and later sometime i have realized that my leanings might be helpful for other unixadmins if I manage my knowledge-base in more user friendly format. And the result is today's' You can connect me at -

You may also like...

15 Responses

  1. Mark says:

    Jußt a note for those not aware, patching is depreciated in Solaris 11 with the Linux like IPS where the concept of applying patches does not exist. I believe that the pkg* commands are still available for legacy third party applications.

  2. Ramdev Ramdev says:

    Hi Mark, Thanks very much for sharing this info

  3. Yogesh Raheja says:

    @Mark, thanks yes you are absolutely right SRV4 concept is replaced with IPS in solaris 11 and repository like system is introduced. All pkgadd/pkgrm/pgkchk etc commands are also replaced with new one. Let us see how much time will it take to come to the production with full fludge…

  4. Raj (Help Needed) says:


    I have installed Fedora on my desktop (at home) and configured an IP address too. I have connected the Fedora box to my laptop having XP using a straight LAN cable. I can ping successfully each other. But I can not do a telnet or ftp to Fedora box from the laptop and it says “Temporary failure in name resolution:”. FTP daemon is running.

    Could you please let me the probable issue? Should I use a cross LAN cable or am I doing the right thing?


  5. Yogesh Raheja says:

    @Raj, possibly you may be using hostnames. Try the same using IP’s.

  6. Raj says:

    @Yogesh : In fact, I used the IP address of the Fedora box :) but failed.

  7. Ramdev Ramdev says:

    Hi Raj, to connect two systems directly you need crossover cable. Straight cable wont work. I am still doubt about the ping part…can you show us the ping command and it’s output?

  8. raj says:

    @Ramdev: Thanks for your time :)
    I’ll try the same with a cross cable.

  9. kimkhoo says:

    Hi, can you provide me some guidelines on how to patch OS with Symantec VCS running on it. thanks.

  10. Ramdev Ramdev says:

    hi kimkhoo, Guidelines to perform patching VCS cluster. I am assuming you are using SVM for root disk mirror.

    1. Offline Patching :

    >> Stop VCS , Disable VCS startup SCripts, Split mirror and test booting with second one.
    >> patch the kernel either from multiuser more or maintenance mode as per the patch’s readme instructions
    >> bring up both the servers, and start the VCS manually and test the resource Groups.
    >> if all looks good then enable startup scripts ( and optionally you can do one more sanity reboot to check the cluster is starting without trouble)
    >>> finally reattach the mirrors

    2. Online patching ( little risky ):

    >> move the service groups to one node and stop the VCS on the second node.
    >> Prepare the Second node for patching – disbale the VCS startup script , Split root mirror , test that second disk booting properly.
    >> patch the server and test with rebooting. and startup the cluster and see you are able to switchover the service groups to the patced machine, one by one without trouble.
    >>> once all moved to second node enable the VCS startup script, then stop the VCS on first node. And patch the first node similar to above steps.
    >> once patching done and server rebooted, balance the service groups as per the initial setup.
    >>> if all looks good, then attach the mirrors.

  11. Sandeep Kumar says:

    Hi Ramdev,
    Your contents are excellent and whenever i read your posts and article, i feel good.
    I feel one more thing you should add with this site(Job related news especially for UNIX).
    After that their will be no requirement to open any other website.
    Your portal is always open in my machine.
    Keep it up.


    • Ramdev Ramdev says:

      Sandeep, it is always good feeling when someone says they love this site. Thanks for your comment and suggestion. We Will look into all the possibilities to make this site better and better .

  12. Dinesh says:

    Keep up the good work gurukul team. Your contents are like quick refresher if the topic is known and if the topic is unknown, it is simple to understan and learn.

  13. sukhpreet says:

    hi ramdev,

    i need some info..
    how to get the below details from solaris box..

    Memory (In GB)
    Number of CPU’s and Frequency in GHz
    Disk Space (In GB)

    kindly let me know the commands to fetch these details..
    there is a solaris 11 box.

  1. September 18, 2015

    […] Read – Patching Beginners Guide […]

What is in your mind, about this post ? Leave a Reply

  Our next learning article is ready, subscribe it in your email

What is your Learning Goal for Next Six Months ? Talk to us