On Solaris 10, I downloaded an update that UpdateManager wants to
install only after a reboot.  The thing is, there is no good reason for
that and I would rather not reboot my server if I don't have to.  How do
I force the installation of updates that are pending a reboot?

-- 
Photos and travelogues from Africa and Southeast Asia: http://www.exile.org

Eric Edwards <ese002@news9.exile.org> wrote:
> On Solaris 10, I downloaded an update that UpdateManager wants to
> install only after a reboot.  The thing is, there is no good reason for
> that and I would rather not reboot my server if I don't have to.  How do
> I force the installation of updates that are pending a reboot?

Such patches either risk system stability or result in a driver reload - not
things that you normally want to do on a running system.  If you are happy
to risk the system crashing or behaving abnormally, you can install the
patch by hand.  The downloaded patches can be found in /var/sadm/spool. 
Each patch is a ".jar" file.  I'll assume that the patch number is 123456-78

# cd /var/sadm/spool
# unzip -q 123456-78.jar
# read the README file in the 123456-78 directory
# patchadd 123456-78

You still should schedule a reboot to complete the process.  

There is no reason why you have to install the patch immediately (unless
it's fixing a problem you currently have.)  Other patches which are not
dependent on it will still apply. So why not just let the system queue it
until you do reboot?

-- 
Isaac Asimov: Properly read, the Bible is the most potent
              force for atheism ever conceived.

On Fri, 25 Jul 2008 04:44:12 -0000, Geoff Lane <zzassgl@buffy.sighup.org.uk> wrote:
>Such patches either risk system stability or result in a driver reload - not
>things that you normally want to do on a running system.  If you are happy
>to risk the system crashing or behaving abnormally, you can install the
>patch by hand.  The downloaded patches can be found in /var/sadm/spool. 
>Each patch is a ".jar" file.  I'll assume that the patch number is 123456-78
>
># cd /var/sadm/spool
># unzip -q 123456-78.jar
># read the README file in the 123456-78 directory
># patchadd 123456-78
>
>You still should schedule a reboot to complete the process.  
>
>There is no reason why you have to install the patch immediately (unless
>it's fixing a problem you currently have.)  Other patches which are not
>dependent on it will still apply. So why not just let the system queue it
>until you do reboot?

Thanks.  I'll do that.

It's an important security patch to a daemon.  No drivers.  No kernel
patches.  I am, frankly, baffled that Sun thought that it needed a reboot.
Do they think that we don't know how to restart daemons?  I mean, sure,
they can *recommend* a reboot to make sure all the i's are dotted the
t's are crossed, but to *require* a reboot is insane.

-- 
Photos and travelogues from Africa and Southeast Asia: http://www.exile.org

Eric Edwards wrote:
> It's an important security patch to a daemon.  No drivers.  No kernel
> patches.  I am, frankly, baffled that Sun thought that it needed a reboot.

Let me guess - you're talking about the BIND patch fixing the recent 
cache poisoning attack? You're right, a reboot isn't required - 
restarting the service is sufficient.

The fact that Sun (or better, some Sun engineers) is way too generous in 
setting the "reboot/reconfigure required" tag has been discussed in the 
past, but especially with an important patch like that they should have 
paid more attention. The reboot requirement will keep people from 
installing the patch immediately, which really is a bad thing.

IMO, detailed post-install instructions should be included with each 
patch. Usually a simple fuser/lsof call on patches binaries and shared 
libraries tell you that a reboot is *not* required.

mp.
-- 
SysAdmin | Institute of Scientific Computing, University of Vienna
      PCA | Analyze, download and install patches for Solaris
          | http://www.par.univie.ac.at/solaris/pca/