SUMMARY: Installing Patches in a JumpStart finish script.

From: Mike Rembis (
Date: Wed Aug 23 1995 - 13:46:17 CDT


I want to thank everyone who sent in their responses.



I have received many responses ranging from "me too" to "I called SUN
and they haven't fixed it yet" to some elaborate scripts.

First, I tell you what I did to make it work (which I did before I received
any of your solutions) and then I'll list a short cat of the proffered

I finally realized that the df command that was giving me trouble was
the one buried inside "installpatch". It just can't seem to handle
the /a mounted stuff and/or being run under chroot. Oh yes,
I did forget to tell everyone that this was a Solaris 2.4 install - so
all responses regarding 2.3 or earlier really don't apply - but thanks

What happens is that installpatch uses df to figure out if you have
enough room to install the patch. Since I am creating brand new systems -
I know that I have enough space for the patches that I am adding - so I
commented out the df lines and just substituted in a static value
for the "free disk size" (I know - this is cheating - but is is Q'n'D!)
After that - everything works like a champ.

I did this ....

                /usr/bin/echo "Saving a copy of existing files to be patched..." # Is there enough space? Use sed to extract the fourth field of
                # df output (can't use awk because it may not be installed).
# kbytes_avail=`df -k | grep c0t3d0s0 | tail -1 | \
# sed 's/^[^ ]*[ ]*[^ ]*[ ]*[^ ]*[ ]*\([^ ]*\).*/\1/'`
                kbytes_avail="185719" # Toss in some number of free space
                bytes=`cat $KBYTESFILE`
                kbytes_required=`expr $bytes`
                if [ $kbytes_required -gt $kbytes_avail ]; then
                        /usr/bin/echo "Insufficient space in $1 to save old files."

Some people suggested mounting the CDROM in special ways - but I was not
using a CDROM - I have already loaded the image on an install server.

A lot of people asked about the book I was using. It's from SunSoft Press -
and its very good. And it comes with a floppy full of useful scripts. Here
is the info:

        A Custom JumpStart Guide
        Paul Anthony Kasper
        Alan L. McClellan

Some of the more popular responses were:

Look in the file /etc/vfstab, and find out what the correct mount
entry should look like. Ie: look for an entry that mounts
/var/sadm/patch or /var/sadm or /var in that order. Manually
add the mount entry into /etc/mnttab for the correct first match.
Try again.
A lot of people reminded me to remember that things were running from /a
not /. (which I already knew and had accounted for)
copy the patch tar files into a directory on your installserver; unpack
the tar files in this directory and user the excellent finish script
written by Caspar Diks, Jan Wortelboer and Gert Poletiek in combination
with the following script:

# patches: automatic installation of patches defined in
# /export/install/install_info/install/patches.conf/<hostname>,
# <domainname>,<default> ; This file is automatically generated from
# Suns Patch_Report and looks like:
# #
# # patchid Synopsis
# #
# 102039-01 SunOS 5.4: fixes for package installation utilities
# 101945-27 SunOS 5.4: jumbo patch for kernel
# 101959-03 SunOS 5.4: lp jumbo patch
# 102007-01 SunOS 5.4: vnode v_count is not maintained correctly
# ...
# Author: LN
# Patches are installed on installserver in directory:
# /export/install/install_info/patches/5.4 (Solaris 5.4 Patches)
# /export/install/install_info/patches/5.3 (Solaris 2.3 Patches)
# This script is invoked from /export/install/install_info/scripts/finish
# script via#
# <domainname>,<default>
# using the excellent finish script written by Caspar Diks, Jan Wortelboer
# and Gert Poletiek.

# Enter Ip Number "" of your Patch-Fileserver-which normally
# equals to your installserver

if [ ! -d ${newroot}/var/patches/5.4 ]
    echo Failed to find patch directory
    /usr/sbin/mount $PATCHSERVER:/export/install/install_info/patches
   echo "Patchfiles mounted from $PATCHSERVER to ${newroot}/var/patches"
echo "running patch script..."
        echo try to patch ${patchid}: ${comment}
        /usr/sbin/chroot ${newroot} /var/patches/5.4/${patchid}/installpatch -d

/usr/sbin/umount /a/var/patches
echo "patch script finished..."

readconf patches.conf | while read patchid comment
This is how I get patches installed through Jumpstart.

this is an entry from my rules file:

keyword match_value begin_script class_file finish_script
------- ----------- ------------ ---------- -------------

hostname [hostname] - ss5_1G_all install24patches

This is the "install24patches" script:

cd /cdrom/Patches <--- this path is where ever your 2.4 Patches are.
./install_patches /a <--- install_patches then installs the patches on
                                  the host's

When completed, you'll get a /var/sadm/install_data/Patches_log file. This
will help you if any errors are encountered during installation. Below is
a sample of that file from an actual install.

Create patch archive area
*** Install Patches begins Wed Jul 26 16:47:34 EDT 1995 (version 1.23)
*** PATCHDIR: /opt/patch
*** PATCH PATCHDIR: /opt/patch/patch
*** COMMAND: noras# install_patches
Installing SUNWpatch.m package...
Print services stopped.
Print services started.

Installation of <SUNWpatch> was successful.
Pkgadd was successful
        The following patches were applied by install_patches:

I know it seems too simple to work, but it does. If you have any questions,
let me know.
  I've slightly modified the finish script from the book and
  have no problems...mine is as follows. The w.x.y.z is
obviously the IP address of your patch server, in my case a
machine different to the actual JumpStart server. The script
was modified simply because the 'patches' directory contained
4.1.3U1 patches etc so I wanted to control the installation
from a list. Hope this helps.

# add_patch.fin
# This finish script adds all the patches that reside in a patch
# server's directory.

B=/a # base directory of all absolute paths (/a during installation)
# Replace cyclops:/5_4patches with the name of your patch server
# and the absolute path to the patch directory.
PATCH_SERV=w.x.y.z:/somewhere/Patches # Server and path where patches reside
mkdir $B/patches
mount -F nfs ${PATCH_SERV} $B/patches
if [ $? = 0 ]
    cd $B/patches
    for patch in `cat $B/patches/List_Of_2.4_rec_Patches`
    if [ -x $B/patches/${patch}*/installpatch ]
        echo "
Applying patch ${patch}
$B/patches/`ls -d ${patch}*`/installpatch -R $B $B/patches/`ls -d ${patch}*`
        echo "
Error: Patch $patch seems to be obselete.
    umount $B/patches
    rmdir $B/patches
    rmdir $B/patches
    echo "
Error: Cannot mount patch directory.
       Patches not added.

solaris < 2.4 : forget it, installpatch does not have the -R option
solaris >= 2.4 : installpatch -R /a

Hi Mike,

the problem is related to the mounted filesystem one have during
execution of the finish script.
The real /var-filesystem is mounted under /a/var/...!

What we do by the finsh-script is copying a file to (/a)/etc/init.d/kfainit
linking it to rc2.d and rc0.d,
touching a /a/KFApatch and /a/KFAreboot.

Having finished the finish script the system is rebooted automatically.
Comming up the rc2 script recognizes the link to kfainit and executes
this script.

What we do within this script is easy to tell you:


   if [ -d /KFApatch ]
        installpatch ...

        rmdir /KFApatch
   if [ -d /KFAreboot ]
       rmdir /KFAreboot
       init 6


This works fine,
     The problem is that the installpatch has /var hardcoded and
     all file systems are mounted on /a for jumpstart.

     My suggestion is to edit each installpatch shell and add $B
     in front of all /var occurrences. Then set the variable B
     in your environment.
Hi Mike,

There are more problems with installing patches than just the one you mention
below. For instance, the jumbo lp patch(I think that's the one) tries to
restart lpsched, but it isn't smart enough to not even bother if it isn't
running... A very annoying problem.

Your problem may be with everything mounted on /a or whatever.

Try creating an rc script to do your patches for you. The whole idea being that
when the machine is rebooted it will get to a script, possibly
/etc/rc3.d/S99patch or something that will:
- mount the patch server
- install the patches
- remove itself
- reboot

This method has worked very well for quite a while, give it a try.


It seemed that most people setup scripts to add the patches after
the reboot, then remove the installing patch script(s). That's OK -
just takes a little longer to setup.

I did just pop out to the Sun patch server and found this:
(*** It bothers me that this has been a known bug since 1/1/94***)

Bug Report for BugID sysadmin/patch_utility/1155189

Bug Report for BugID sysadmin/patch_utility/1155189

 Bug Id: 1155189
 Category: sysadmin
 Subcategory: patch_utility
 Release summary: s1093
 Synopsis: installpatch in autoinstall finsh script fails if /var is a separate partition
         Integrated in releases:
 Patch id:
Description: Using a finish script to install patches fails when /var is a
                separate partition.

     The problem shows up when you have a seperate /var partition
     which is mounted to /a/var at the time of an autoinstall. The
     offending part of the installpatch script are these five lines:

        bytes_avail=`df -b /var/sadm/patch | tail -1`
        bytes_avail=`echo $bytes_avail | sed 's/.*\ //'`
        bytes_avail=`expr $bytes_avail \* 1000`
        bytes_required=`cat /tmp/bytes_required.$$`
        if [ $bytes_required -gt $bytes_avail ]; then ...

     With var really mounted to /a/var, `df -b /var/sadm/patch | tail -1` sends
     an error message to standard error and a null string to standard out.
     Thus with $bytes_required eventually becoming a null string,
     "if [ $bytes_required -gt $bytes_avail ]; " causes the script to exit
     without installing the patch at all.

The finish script is as follows:

# installation script for installing integration patches
# to install patch, use installpatch shipped with the patch, though may
# be preferable to use most recent copy available
# patches are in the "patches" subdirectory of $SI_CONFIG_DIR
# add other patches to the PATCHES line
# installed packages are rooted in /a using chroot. This makes it check
# and update all the correct files, and make the right links.
# it is necessary to create the loopback mount so all the files are
# accessible to installpatch when its root has been changed to /a.

echo ""
echo `date`
echo "Starting Install ...... Patches"
echo " Approximate time: 00:14:34"
echo ""


# set up so installpatch will work under chroot

PATCHES="`cat ${NEW_ROOT}${LOCAL_CONFIG_DIR}/patches/list.PRO`"

if [ "${PATCHES}" ]; then

        #echo ""
        #echo "Installing integration patches"

        # the installpatch itself
        for cur_patch in ${PATCHES}

                echo "\nApplying Patch ${cur_patch} `date`"
                chroot ${NEW_ROOT} \
                        ${LOCAL_CONFIG_DIR}/patches/${cur_patch}/installpatch \
                echo ""

# un-do the set up
Work around:
See evaluation for workaround.
         Submitter: pattym Date: 01/21/94
         Dispatch Operator: bugtraq Date: 01/21/94
         Evaluator: lori.alt@central Date: 01/27/94
         Closeout Operator: lori.alt@central Date: 01/27/94

Comments and suggestions about SunSolve ONLINE?
Copyright 1994 Sun Microsystems, Inc.
2550 Garcia Ave.,
Mt. View, CA 94043-1100 USA.
All rights reserved.


Thanks to all below for responding.....

From: Ivan BRAWLEY <>
From: Mark <>
From: (Mike r. Phillips 3788)
From: (Rune Aarstad)
From: "Manfred Liebchen" <>
From: dowjone!tonym! (Anthony G. Morgan)
From: (Mike Salehi)
From: (Michael Bennett SERCO ESA/ESRIN DPE/IO)
From: (Rahul Roy)
From: (V.Sander)
From: (System Administrator - David Rossman)
From: Michael Tonn <>
From: (Al Venz)
From: (Octavio Diez de Sollano)
From: (Glenn Satchell - Uniq Professional Services)
From: (John Mendenhall)
From: (Jeff Wasilko)
From: (Heggli Beat)

Mike Rembis | Internet:
SUN Systems/Network Mgr | Internet:
5757 Plaza Drive | Voice: (714) 236-6520
Cypress, CA 90630-0007 | FAX: (714) 236-6039
````````````````Reality is in the Eye of the Beholder'''''''''''''''

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:32 CDT