We build patch lists every 3 to 6 months which are used to upgrade servers to a known state. We don't patch thousands of servers with every list. But when a server has patches applied it is using one of the known internally compiled lists. As you say, those lists often add 100+ patches.
We must use a script very similar to Bernd's that applies each patch individually and captures the return code. At the end we tell the sysadmin if there was any error he should go back and check. And yes, we use the internal non documented return codes of the old patchadd to check if the error was a simple "package doesn't exist" or "patch already applied" ... Obviously we have changed our script to use -t on Solaris 10 as well. I wouldn't mind changing over to 'patchadd -M <patch-dir> <our-list>' at all and let you do all the hard work! But we do like a summary at the end that lets us know about the patch errors that we need to go and look for (could also be solved by parsing friendly output). The exit code should reflect the difference between a "notice" (e.g. didn't add patch as the package it patches isn't installed - nice to report but that's about it), "warning" (e.g. couldn't add patch because a required patch is missing) and "errors" (tried to add patch but something went horribly wrong - we need the sysadmin to go and check). It should report the worst. I know our sysadmins would hardly ever check through the output of patchadd when adding 100+ patches to check if there was any error. As you say "And it produce a lot of output - someone even complained about it." Too much output currently leaves you blind to what really happened when trying to add all the patches. - mo btw, thanks for all your info you post to the list, glad I'm subscribed and see it all. Wouldn't it be better committed to a web page as permanent and maintainable documentation rather than hoping people might find it again trawling mailing list archives? Do you think "One of the most unnoticed but significant ... improvement"s will be noticed by a wider audience this way? Well, I'm happy, I get the info, I did notice it this way :) On 24 Oct 2006, at 19:23, Vasiliy wrote: > What exit code should be if some patches installed and some did > not? It is not a complete failure on my opinion. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2130 bytes Desc: not available URL: <http://mail.opensolaris.org/pipermail/install-discuss/attachments/20061031/6ebb7d1d/attachment.bin>
