#!/usr/bin/ksh # This program collects both the patch cluster and the security patches # from SUNSOLVE.SUN.COM, unzips them, and puts them all in the proper # directory. # # -- By Jeff Boulier, jbxr@sungames.com # # Dec 3, 2002 # # Add solaris 9 compatibility. # # Nov 26, 2001 # # Increase the amount of space needed. Those patches are a lot bigger # than they used to be. # # Feb 16. 1999 -- Version 2 # getpatches now checks to see what patches have already # been installed, and drops them out of the patch_order file. # This should generate a very significant speedup on machines # running 2.5.1 and lower. Machines running 2.6 and 7 will also # see small performance improvements. umask 022 # Needed permissions for patch install # Step one: Where should we put the patches? echo "Let's see if there is enough room in /var/tmp to put the patches" echo "there:" space=$( df -k /var/tmp | tail +2 | awk '{print $4}' ) if [ $space -lt 200000 ] then echo "Oh, no!" echo "There might not be enough room in the /var/tmp directory" echo "to hold the complete set of patches." echo "Please enter the name of a directory located on a filesystem" echo "with more than 200 megabytes free:" read PATCHDIR else echo "Yes! There is enough room to hold the patches" echo "in the /var/tmp directory" PATCHDIR=/var/tmp/patches.$$ echo "We'll put them all in $PATCHDIR" fi mkdir -p $PATCHDIR cd $PATCHDIR # Step two: Discover version of Solaris and CPU type. VERSION=$(uname -a | awk '{print $3}') CPUTYPE=$(uname -a | awk '{print $6}') if [[ $VERSION = 5.4 ]] then SOLVERSION="2.4" elif [[ $VERSION = 5.5 ]] then SOLVERSION="2.5" elif [[ $VERSION = 5.5.1 ]] then SOLVERSION="2.5.1" elif [[ $VERSION = 5.6 ]] then SOLVERSION="2.6" elif [[ $VERSION = 5.7 ]] then SOLVERSION="7" elif [[ $VERSION = 5.8 ]] then SOLVERSION="8" elif [[ $VERSION = 5.9 ]] then SOLVERSION="9" fi echo "You seem to be running Solaris $SOLVERSION on a $CPUTYPE" # Step Three: Connecting to SUNSOLVE to fetch patchreport and patchcluster # files for this version of Solaris. echo "I'll fetch the appropriate patch report and patch cluster" echo "Please enter an e-mail address for me to use as the password for" echo "the SUNSOLVE FTP server" read FTPPASS export FTPPASS echo "This will take a little while, but I'll print out" echo "some hashmarks while I fetch the three files" echo "so you can at least tell that I'm doing _something_" if [[ $CPUTYPE = sparc ]] then ftp -n sunsolve.sun.com << EOF user anonymous $FTPPASS cd pub cd patches bin hash prompt get Solaris$SOLVERSION.PatchReport mget $SOLVERSION\_Recommended* EOF else ftp -n sunsolve.sun.com << EOF user anonymous $FTPPASS cd pub cd patches bin hash prompt get Solaris$SOLVERSION.PatchReport mget $SOLVERSION\_x86_Recommended* EOF fi echo "Yes! I've picked up a copy of the patch report and the " echo "Recommended cluster and readme files." echo #Step 4: Extract the patch cluster echo "Extracting patch cluster" sleep 1 if [[ $SOLVERSION -lt 6 ]] then uncompress $SOLVERSION_*Recommended*.Z tar -xvf $SOLVERSION_*Recommended*.tar else unzip $SOLVERSION_*Recommended.zip fi # Step 5: Determine what non-bundled security patches are needed # and including them in an FTP script generated on the fly echo "Determining which non-bundled security patches to fetch." cd *Recommended echo "ftp -n sunsolve.sun.com << EOF user anonymous $FTPPASS cd pub cd patches bin hash prompt" > GETSECURITYPATCHES grep " \* " ../*PatchReport | cut -d"-" -f1 | xargs -n1 -i echo "mget {}*" >> GETSECURITYPATCHES echo "EOF" >> GETSECURITYPATCHES echo "Finished determination of security patches." echo # # Step 6: Fetching non-bundled security patches, using script # developed in the previous step. echo "Fetching non-bundled security patches" ksh ./GETSECURITYPATCHES rm GETSECURITYPATCHES # # Step 7: Extracting Security patches. # echo "Extracting non-bundled security patches" sleep 1 if [[ $SOLVERSION -lt 6 ]] then uncompress *.Z ls *.tar | xargs -n1 tar -xvf else ls *.zip | xargs -n1 unzip fi echo # # Step 8: Including non-bundled security patches in install_cluster # echo "Merging non-bundled security patches into" echo "patch_order file, so when you run patch_order" echo "your non-bundled security patches will also be" echo "installed" echo echo "NOTE: This program does not yet check dependencies" echo "of the non-bundled security patches, so pay" echo "attention to your install process." echo "If you have a non-bundled patch fail because the" echo "other non-bundled patch it depends on hasn't been run yet" echo "you'll need to rerun the failed patch" sleep 1 if [[ $SOLVERSION -lt 6 ]] then ls *.tar | cut -f1 -d"." >> patch_order else ls *.zip | cut -f1 -d"." >> patch_order fi echo echo "Now I'm looking at the existing patches on the system," echo "so I don't attempt to install a patch that has already " echo "been applied. This may take a little while..." echo showrev -p |cut -d":" -f2 | cut -d" " -f2 > EXISTING_PATCHES for PATCH in $(cat patch_order) do if ! ( grep $PATCH EXISTING_PATCHES > /dev/null ) then echo $PATCH >> PATCH_ORDER_REPLACE fi print -n . done cp patch_order ORIGINAL_patch_order cp PATCH_ORDER_REPLACE patch_order echo echo "Finished!" echo echo "Depending on how consciencious you are" echo "you'll want to read all those readme files" echo "for the patches that will be installed, so you can make sure" echo "that you aren't screwing up anything on your" echo "system. " echo echo echo "Once you've finished this, then you may apply the patches as follows:" echo "Shut down your system to the OK prompt," echo "boot into single user mode with boot -s" echo "cd into the $PATCHDIR/*Recommended directory" echo "and type ./install_cluster"