10 Recommended Patch Not Working

stringman · April 20, 2010, 10:02am

Hello,

The 10_Recommended update failed on 3 of 191, which was patch 119254-73 (the 1st 2 patches were skipped). I looked up the patch on Sunsolve (http://sunsolve.sun.com/search/document.do?assetkey=1-21-119254), which stated that 121133-02 was a required patch for 119254-73. I did a "showrev -p | grep 121133" and found that 121133 has been obsoleted by 120011-14. So it looks like I have what is required to install the patch. Oddly enough, patch 119254-73 deals w/ patching the system.

Several logs were created and the common error message is that "Patch 119254-73 failed to install due to a failure produced by pkgadd"

Another error message was:

"This appears to be an attempt to install the same architecture and version of a package that is already installed. The installation will attempt to overwrite this package. ... Cannot open pkgadd: ERROR: checkinstall script did not complete successfully".

I'm certainly not a Solaris expert, so I'm not sure where to go from here. Any help would be greatly appreciated. Thanks in advance.

Ken

incredible · April 20, 2010, 10:23am

A quick question.. are the majority of the patches succeeded including the kernel patch?
If yes, then ignore it. You may just try to copy the patch to a temp dir, and manually do a patchadd. Provide us the output

stringman · April 20, 2010, 3:17pm

incredible,

No patches succeed. It checks for the dependancy patches, confirms they exist, skipps them, then begins to apply 119254-73...Then crashes. I will try to install 119254-73 manually rather than through the 10_Recommended update and let you know if it takes.

Ken

---------- Post updated at 02:17 PM ---------- Previous update was at 10:19 AM ----------

I manually installed 119254-73 and it installed successfully. I then ran the 10_Recommeneded update and it failed on the next patch install (7 of 191). It looks like it's the "installcluster" script that is failing. I don't know if this matters, but when I manually installed 119254-73 I did not go into single user mode but I am in single user mode for the cluster update. Could there be some service or proccess turned off in single user mode that is available is normal mode that the install process requires?

Ken

System_Shock · April 20, 2010, 3:59pm

... by any chance, do you have Solaris zones implemented in this server? Maybe one that was configured but not activated?

stringman · April 20, 2010, 4:04pm

No zones

reborg · April 20, 2010, 4:24pm

I have seen problems before similar to this when there was a corrupt pkginfo in /var/sadm but none of the commands were outputting anything useful.

Try the single pkagadd on he package, and if you get nothing then truss or dtrace the same to see what actually fails.

incredible · April 20, 2010, 10:49pm

All patches are recommended to be patched in single user mode.
what is your current patch level? which latest 10_Recommended patch cluster are you using?

stringman · April 21, 2010, 4:57pm

I tried applying a single patch using patchadd in single user mode and got the same error. patchadd works when the system is up.

My kernel patch is 138888-05. I had been using the April 13 update. I thought it might be corrupt since it took so long to download, so I downloaded the April 19 release today. Same result. I also thought maybe the zip fix had not been applied since the 1st patch in the cluster was 119254-73. So I applied that patch (not in single user mode), deleted the 10_Recommended directory and unzipped the cluster again. Same result.

It looks like patching only works when the system is fully booted, which is not recommended. The next patch in the list to apply is 142251-01, which specifically states to apply in single user mode.

The log files are not telling me much and the audit files are not recording anything useful. I will look at truss, but could there be some service or proccess turned off in single user mode that is available in normal mode that the install process requires. The system gets locked down pretty hard by security, which often breaks our system.

Thanks in advance.

Ken

---------- Post updated at 03:57 PM ---------- Previous update was at 01:08 PM ----------

I can't believe it is so simple or even required. I had placed the patch cluster in /patch/10 Recommended. The problem was /patch only had permissions of 700. So even though /patch/10 Recommended has permissions of 755, the script would not execute. Apparently, the patchadd proccess looks for an "install user" and if it doesn't exist it switches to "nobody". If "nobody" doesn't have permissions, the install crashes. Permissions must propagate from the root, not just the 10 Recommended directory. I opened up everything from root to 777 and it worked.

So in other words, to log into single user mode you need to pass the firmware password and the root password. Then once you start applying patches, patchadd uses a different user who may or may not exist or have permissions! Ridiculous.

Anyway, here are a couple links I found explaining the situation:
Patch 124672-06 failed to install due to a failure produced by pkgadd. - Shitalkumar Patel's Weblog
SUMMARY: patchadd/pkgadd failed for 114219-11

It probably could have fixed this issue as well:

Thanks to all for you help.

Ken