[pca] Question regarding PCA flag "-X"

Glenn Satchell Glenn.Satchell at uniq.com.au
Mon Feb 23 23:47:20 CET 2009 

>From: "Govil, Pankaj" <pankaj.govil at nytimes.com>
>To: "pca at lists.univie.ac.at" <pca at lists.univie.ac.at>
>Date: Mon, 23 Feb 2009 15:24:27 -0500
>Thread-Topic: Question regarding PCA flag "-X"
>Accept-Language: en-US
>Content-Language: en-US
>X-MS-Has-Attach: 
>X-MS-TNEF-Correlator: 
>acceptlanguage: en-US
>X-NYTOriginatingHost: nyhq-mpw-ht02.ent.nytint.com [10.50.13.1]
>X-DCC-Univie-Metrics: ray.univie.ac.at 32723; Body=1 Fuz1=1 Fuz2=1
>X-Univie-DKIM-Check: header.i=@nytimes.com result:unsigned
>X-Univie-Spam-Relay-Countries: US
>Subject: [pca] Question regarding PCA flag "-X"
>X-BeenThere: pca at lists.univie.ac.at
>
>Good Afternoon!
>I am writing this note for two issues hoping someone can assist. I am really 
getting addicted to this sweet program. Thanks very much for your time in 
reading my mail.
>
>
> 1.  It looks like even if I use the "-X" option to specify a location where we 
have the patchdiag.xref file, the program attempts to download the Sun's xref 
file. Most of the times I do not want it to download the file because generally 
there is a significant gap between the time I patch each of the Development, QA, 
Production and BCP servers. As such I prefer the program not to download the 
latest xref file.
> 2.  For some reason, even though I am patching a Solaris 9 server, yet three 
patches one each for Solaris 7, 8 & 10 are reported as ones needing to be 
installed. Any idea why?
>
>The commands and outputs have been pasted below.
>
>pgovil at NDRef> uname -a
>SunOS NDRef 5.9 Generic_122300-35 sun4u sparc SUNW,Sun-Fire-V440 ==> Solaris 9 
box
>pgovil at NDRef> pwd
>/export/home/pgovil/pca
>pgovil at NDRef> ls -l
>total 34188
>-rw-r--r--   1 pgovil   sysadmin 2926934 Feb 23 05:00 patchdiag.xref ==> File 
created today morning at 5 AM via cron
>-rw-r--r--   1 pgovil   sysadmin 2885424 Dec 31 15:07 patchdiag.xref_010609
>-rw-r--r--   1 pgovil   sysadmin 2899559 Jan 16 11:48 patchdiag.xref.011509
>-rw-r--r--   1 pgovil   sysadmin 2902677 Jan 26 10:33 patchdiag.xref_020309
>-rw-r--r--   1 pgovil   sysadmin 2881954 Dec 25 21:30 patchdiag.xref.122408
>-rw-r--r--   1 pgovil   sysadmin 2926934 Feb 22 05:00 patchdiag.xref.old
>drwxr-xr-x   2 pgovil   sysadmin     512 Dec 25 01:14 Security_Patches
>drwxr-xr-x   3 pgovil   sysadmin    5120 Feb 18 05:00 spool
>
>pgovil at NDRef> pca -l missings -X /export/home/pgovil/pca
>Downloading xref file to /export/home/pgovil/pca/patchdiag.xref ==> Program 
attempting to download the xref file despite using -X flag
>Trying http://sunsolve.sun.com/patchdiag.xref (1/1)
>Using /export/home/pgovil/pca/patchdiag.xref from Feb/20/09
>Host: NDRef (SunOS 5.9/Generic_122300-35/sparc/sun4u)
>List: missings (5/213)
>
>Patch  IR   CR RSB Age Synopsis
>------ -- - -- --- --- -------------------------------------------------------
>114016 02 < 03 RS-  14 SunOS 5.9: tomcat security patch
>122300 35 < 36 RS-   6 SunOS 5.9: Kernel Patch
>123919 -- < 09 -S-  61 Sun Management Center 3.6.1: Patch for Solaris 7 ==> Why 
are these patches listed as one's missing?
>123920 -- < 09 -S-  66 Sun Management Center 3.6.1: Patch for Solaris 8 ==> Why 
are these patches listed as one's missing?
>123923 -- < 09 -S-  66 Sun Management Center 3.6.1: Patch for Solaris 10 ==> 
Why are these patches listed as one's missing?
>
>pgovil at NDRef> ls -l
>total 34188
>-rw-r--r--   1 pgovil   sysadmin 2926934 Feb 23 14:53 patchdiag.xref ==> 
Program did indeed download the file.
>-rw-r--r--   1 pgovil   sysadmin 2885424 Dec 31 15:07 patchdiag.xref_010609
>-rw-r--r--   1 pgovil   sysadmin 2899559 Jan 16 11:48 patchdiag.xref.011509
>-rw-r--r--   1 pgovil   sysadmin 2902677 Jan 26 10:33 patchdiag.xref_020309
>-rw-r--r--   1 pgovil   sysadmin 2881954 Dec 25 21:30 patchdiag.xref.122408
>-rw-r--r--   1 pgovil   sysadmin 2926934 Feb 22 05:00 patchdiag.xref.old
>drwxr-xr-x   2 pgovil   sysadmin     512 Dec 25 01:14 Security_Patches
>drwxr-xr-x   3 pgovil   sysadmin    5120 Feb 18 05:00 spool
>
>pgovil at NDRef> pca -l missings -X /export/home/pgovil/pca
>Using /export/home/pgovil/pca/patchdiag.xref from Feb/20/09 ==> If file is 
fairly new, then the program does not attempt to download the file.
>Host: NDRef (SunOS 5.9/Generic_122300-35/sparc/sun4u)
>List: missings (5/213)
>
>Patch  IR   CR RSB Age Synopsis
>------ -- - -- --- --- -------------------------------------------------------
>114016 02 < 03 RS-  14 SunOS 5.9: tomcat security patch
>122300 35 < 36 RS-   6 SunOS 5.9: Kernel Patch
>123919 -- < 09 -S-  61 Sun Management Center 3.6.1: Patch for Solaris 7
>123920 -- < 09 -S-  66 Sun Management Center 3.6.1: Patch for Solaris 8
>123923 -- < 09 -S-  66 Sun Management Center 3.6.1: Patch for Solaris 10
>
>-X, --xrefdir=DIR
>         Set location of the cross-reference file. The default is
>         /var/tmp (in proxy mode, the default is the current
>         directory).  By default, patchdiag.xref is writable for
>         all users. If the xrefown option is set, or the xrefdir
>         option contains /home, the cross reference file will be
>         writable by the current user only.
>
>Thanks,
>
>Pankaj Govil
>PGovil at NYTimes.com<mailto:PGovil at NYTimes.com>
>Ph: (212) 556-3941
>

The -X flag only directs pca to use a different directory, it still
uses the same algorithm to download a new file if it is more than a
certain age.

I think you also need to use the -y option to tell pca to use the
existing patchdiag.xref:

     -y, --nocheckxref
          Do not check for updated patch cross-reference file.
          Use this option to maintain a global baseline patch
          set.
          
Here is the entry for 123919-09 from patchdiag.xref, in field 8 it says
it is "Unbundled" which means the patch is not designed for a specific
OS release, but rather if the packages are installed then the patch
should be installed. This field can also contain the OS version, eg 7,
9, 10_x86, and so on.

123919|09|Dec/24/08| |S| |  |Unbundled|sparc;|SUNWesagt:3.6.1,REV=2.7.2003.08.28
;SUNWesamn:3.6.1,REV=2.7.2003.08.28;SUNWesclb:3.6.1,REV=2.7.2003.08.28;SUNWescli
:3.6.1,REV=2.7.2003.08.28;SUNWesclt:3.6.1,REV=2.7.2003.08.28;SUNWescom:3.6.1,REV
=2.7.2003.09.10;SUNWesmod:3.6.1,REV=2.7.2003.08.28;SUNWespro:3.6.1,REV=2.7.2003.
08.28;SUNWessmn:3.6.1,REV=2.7.2003.08.28;SUNWessrv:3.6.1,REV=2.7.2003.08.28;SUNW
suagt:3.6.1,REV=2.7.2003.08.28;SUNWsusrv:3.6.1,REV=2.7.2003.08.28;|Sun Managemen
t Center 3.6.1: Patch for Solaris 7

It seems like a problem with patchdiag.xref - pca is interpreting the
file correctly.

regards,
-glenn

More information about the pca mailing list