Hi "little help",
1. From the pca website it states "*As pca uses the wget command to download patches from the patch server, make sure that any specially required option is set in /etc/wgetrc or $HOME/.wgetrc*.". I see the options to tell pca where wet resides but nothing to set the wgetrc file. Is there a way to do this? I would like to have one central file that I can use for all my servers rather than copying a file locally.
It depends on wget itself where it looks for wgetrc files by default. The standard wget in Solaris looks for /etc/wgetrc and ~/.wgetrc. If you compile your on version and install it in e.g. a globally shared /usr/local, it looks for /usr/local/etc/wgetrc and ~/.wgetrc.
You can also use the WGETRC environment variable to point wget at a certain wgetrc file. PCA itself does not include an option to specify a path to a wgetrc file, but there's an option "--wgetopt" to feed options directly to wget. I recommend setting up wget configuration (e.g. proxy) outside of PCA, as it can be used on its own, too.
2. I also notice that wget requires ssl support to work properly. I have recompiled wget 1.12 a number of times with ssl support but each time it has an issue (only on sparc - x86 works fine). I found a workaround by using an older version of wget (1.10.2). Is there an issue with pca using 1.12?
PCA should work fine with any version of wget. Always test it outside of PCA first - if that doesn't work, PCA won't either.
Is there a reason why you aren't simply using /usr/sfw/bin/wget which comes with Solaris? It includes SSL support and works fine with PCA.
3. I have been testing with the --safe flag as well as --pretend to make sure there are no issues with patches. This is due to heavy customization for files. Based on the results I save the files and run the install without the flags and go back and replace any modified files. I am wondering if I opt to install without the --pretend and simply use --safe what would happen. I know the patches that fail --safe will not get installed. If I go back and install these after would there be any issue with dependencies, etc. Any issues if it is kernel patch>
As you say, patches which fail the "--safe" check will not get installed. So if a later patch depends on such a patch, it won't get installed. It depends on the local situation (which or how many files included in patches have local modifications). Here, I always use "--safe", but I also try to keep the amount of modified system files to a minimum, and I rarely see such dependency issues. You'll have to try it out.
4. I have opted to use a local patch server. When I run my script to check the client and download the required patches everything works fine. However, when I run a query from the client to download from the local patch server it does not see to work. Rather it complains about file type unknown or file not found (404). See below ... --13:25:29-- http://foohost/dev/pca-proxy.cgi?109611-01 => `/var/tmp//109611-01.tmp' Resolving foohost... xxxx Connecting to foohost|xxx|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 154,536 (151K) [text/plain]
Instead of the patch zip file, the web server returns the "pca-proxy.cgi" file itself. Obviously the web server doesn't execute the CGI file correctly. The .cgi file must have execute permissions, and the web server must be configured to allow CGI executions in the directory where "pca-proxy.cgi" is stored (for apache, this is "ExecCGI"). The PCA docs include an example to set up the apache server included in Solaris, too. Sometimes the error log of the httpd contains helpful information, too.
Hope this helps, Martin.