HPE Community
Operating System - HP-UX
1834809 Members
2379 Online
110070 Solutions
New Discussion

Re: cleaning up superceeded patches

 
Kenneth Penland
Frequent Advisor

‎05-13-2003 06:46 AM

‎05-13-2003 06:46 AM

cleaning up superceeded patches

Ok folks, we here have been keeping up to date on patches pretty well, and have been running cleanup -c 2 every month or so to recover some space.
I reciently discovered a tool to help identify security patches that may be needed on the system called: security_patch_check so I ran it to see what the output would be.
It came back with a bunch of recalled patch messages stating that a patch had been recalled, but we have a newer patch out there. (basically a warning that if the newer patch were to be removed, the recalled patch would affect me again).

Now, I would like to not get all these error messages from this script, but now I cant remove the older patch because it has been "commited" doesnt it seem like the smarter thing to do when you have superceeding patches is to remove the older versions rather than make it so you CANT remove the older versions?
Whats your take on running the cleanup script vs swremoving old patches?
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎05-13-2003 06:54 AM

‎05-13-2003 06:54 AM

Re: cleaning up superceeded patches

This is a problem with security_patch_check

It has been reported, and I run cleanup -c 1 on a monthly basis.

I would not worry about it. If you ever need to back out a patch, you can go back and manually re-install the one you want after your project is complete.



SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎05-13-2003 06:57 AM

‎05-13-2003 06:57 AM

Re: cleaning up superceeded patches

You may want to consider committing the patches, this way the recalled patches can not be removed - making it impossible for the recalled patch to be made active again.

Committing the patches removes the rollback data:
# swmodify -x patch_commit=true PHCO_12345.\*


"Downtime is a Crime."
0 Kudos
Reply
Kenneth Penland
Frequent Advisor

‎05-13-2003 07:07 AM

‎05-13-2003 07:07 AM

Re: cleaning up superceeded patches

I suppose just commiting the newest patch would ensure that the recalled patch wont become active. and that it doesnt really hurt that the swlist grows longer and longer with each patch install. Being a clean freak to me it seems nicer to do an swlist and only see the latest version of each patch rather than every version. such as:

# PHSS_23440 1.0 ld(1) and linker tools cumulative patch
# PHSS_24303 1.0 ld(1) and linker tools cumulative patch
# PHSS_26559 1.0 ld(1) and linker tools cumulative patch
# PHSS_28434 1.0 ld(1) and linker tools cumulative patch
0 Kudos
Reply
Cheryl Griffin
Honored Contributor

‎05-13-2003 07:18 AM

‎05-13-2003 07:18 AM

Re: cleaning up superceeded patches

Actually you would run this for every patch that shows is superseded, leaving the most current patch alone.
# swlist -l patch -a patch_state |grep superseded
S3100002024 "Sys Adm: removing old patches from an HP-UX 11.00 system" in the Knowledge Base shows how to automate this.
"Downtime is a Crime."
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.