patchadd(1M) System Administration Commands patchadd(1M)NAMEpatchadd - apply a patch package to a system running the Solaris oper‐
ating system
SYNOPSISpatchadd [-dun] [-G] [-B backout_dir] [-k keystore]
[-P passwd] [-t] [-x proxy] {patch} |
{-M patch_location [patch_list]} [-C net_install_image |
-R client_root_path | -S service]
patchadd-p
[-C net_install_image | -R client_root_path | -S service]
DESCRIPTIONpatchadd applies a patch package to a system running the Solaris 2.x
operating environment or later Solaris environments (such as Solaris
10) that are compatible with Solaris 2.x. This patch installation util‐
ity cannot be used to apply Solaris 1 patches. patchadd must be run as
root.
The patchadd command has the following forms:
o The first form of patchadd installs one or more patches to a
system, client, service, or to the miniroot of a Net Install
Image.
o The second form of patchadd displays installed patches on
the client, service, or to the miniroot of a Net Install
Image.
Starting with version 10 of the Solaris operating system, patchadd per‐
forms validity and dependency checking among a collection of patches
that you specify with the -M source specifier. See the description of
-M under OPERANDS, below.
With respect to zones(5), when invoked in the global zone, by default,
patchadd patches all appropriate packages in all zones. Patching behav‐
ior on system with zones installed varies according to the following
factors:
o use of the -G option (described below)
o setting of the SUNW_PKG_ALLZONES variable in the pkginfo
file (see pkginfo(4))
o type of zone, global or local (non-global) in patchadd which
is invoked
The interaction of the factors above is specified in "Interaction of -G
and pkginfo Variable in Zones," below.
When you add patches to packages on a Solaris system with zones
installed, you will see numerous zones-related messages, the frequency
and content of which depend on whether you invoke patchadd in a global
or local zone, the setting of SUNW_PKG_ALLZONES, and the use of the -G
option.
The patch, -M, -C, -R, and -S arguments shown in the SYNOPSIS are
described under OPERANDS, following OPTIONS.
OPTIONS
The following options are supported:
-B backout_dir
Saves backout data to a directory other than the package database.
Specify backout_dir as an absolute path name.
-d
Does not back up the files to be patched. The patch cannot be
removed.
-G
Add patch(es) to packages in the current zone only. When used in
the global zone, the patch is added to packages in the global zone
only and is not propagated to packages in any existing or yet-to-
be-created non-global zone. When used in a non-global zone, the
patch is added to packages in the non-global zone only. See "Inter‐
action of -G and pkginfo Variable in Zones,", below.
-k keystore
Use keystore as the location to get trusted certificate authority
certificates when verifying digital signatures found in each patch.
If no keystore is specified, then the default keystore locations
are searched for valid trusted certificates. See KEY STORE LOCA‐
TIONS in pkgadd(1M) for more information.
-n
Tells patchadd to ignore the signature and not to validate it. This
should be used only when the content of the patch is known and
trusted, and is primarily included to allow patchadd to apply a
patch on systems without the ability to verify the patch signature,
such as Solaris 8.
-p
In the second form, displays a list of the patches currently
applied.
-P passwd
Password to use to decrypt the keystore specified with -k, if
required. See PASS PHRASE ARGUMENTS in pkgadd(1M) for more informa‐
tion about the format of this option's argument.
-t
Maintains the patchadd return codes from the Solaris release prior
to Solaris 10. On a system with zones(5) installed, a return code
of 0 indicates success. Any other return code indicates failure.
-u
Turns off validation against other required or incompatible
patches. Use extreme caution when using this option. Its use can
precipitate unanticipated bad consequences.
-x proxy
Specify a HTTP[S] proxy to use when downloading packages The format
of proxy is host:port, where host is the hostname of the HTTP[S]
proxy, and port is the port number associated with the proxy. This
switch overrides all other methods of specifying a proxy. See ENVI‐
RONMENT VARIABLES in pkgadd(1M) for more information on alternate
methods of specifying a default proxy.
OPERANDS
The following operands are supported:
Sources
patchadd must be supplied a source for retrieving the patch. Specify
sources using the syntax shown below.
patch
The absolute path name to patch_id or a URI pointing to a signed
patch. /var/sadm/spool/patch/104945-02 is an example of a patch.
https://syrinx.eng:8887/patches/104945-02 is an example of a URI
pointing to a signed patch.
-M patch_location [patch_list]
Specifies the patches to be installed by directory location or URL
and, optionally, the name of a file containing a patch list.
When using a directory as the patch_location, specify that direc‐
tory as an absolute path name. Specify a URL as the server and path
name that contains the spooled patches. The optional patch_list is
the name of the file at a specified location containing the patches
to be installed.
-M patch_location patch_id [patch_id...]
Specifies the patches to be installed by directory location or URL,
and patch number.
To use the directory location or URL and the patch number, specify
patch_location as the absolute path name of the directory that con‐
tains spooled patches. Specify a URL as the server and path name
that contains the spooled patches. Specify patch_id as the patch
number of a given patch. 104945-02 is an example of a patch_id.
104945-02 is also an example of a patchid in 104945-02.jar.
Note that patchadd does not require a list of patches. Among a collec‐
tion of patches—residing in a directory, specified in a list, or
entered on a command line—patchadd performs validity and dependency
checking. Specifically, the command does the following:
o Determines whether a patch is applicable for a system. For
example, if the package to be patched is not installed,
patchadd does not attempt to add the patch.
o Establishes dependencies among valid patches and orders the
installation of patches accordingly.
Most users will find the easiest way to specify a source for patchadd
is to specify only a patch_location containing a set of patches.
Destinations
By default, patchadd applies a patch to the specified destination. If
no destination is specified, then the current system (the one with its
root filesystem mounted at /) is assumed to be the destination for the
patch. You can specify a destination in the following ways:
-C net_install_image
Patches the files located on the miniroot on a Net Install Image
created by setup_install_server. Specify net_install_image as the
absolute path name to a Solaris 8 or compatible version boot direc‐
tory. See EXAMPLES.
You should use the -C option only to install patches that are rec‐
ommended for installation to the miniroot. Patches that are recom‐
mended for installation to the miniroot usually include install-
related patches such as package commands, and Sun install and patch
installation tools. If you apply too many patches to the miniroot
it can grow too large to fit into memory during a net installation
of Solaris. Use the -B option and the -C option together so the
miniroot does not get too large. See -B, above.
Note that in the current release and in certain versions of Solaris
10, the miniroot is compressed. To determine whether the miniroot
is compressed on your system, look for a file called sparc.miniroot
or x86.miniroot under /boot, on the boot medium. Before you can
patch a compressed miniroot, you must perform certains steps. See
"Patching a Compressed Miniroot" below.
-R client_root_path
Locates all patch files generated by patchadd under the directory
client_root_path. client_root_path is the directory that contains
the bootable root of a client from the server's perspective. Spec‐
ify client_root_path as the absolute path name to the beginning of
the directory tree under which all patch files generated by
patchadd are to be located. -R cannot be specified with the -S
option. See NOTES.
Note -
The root file system of any non-global zones must not be refer‐
enced with the -R option. Doing so might damage the global zone's
file system, might compromise the security of the global zone,
and might damage the non-global zone's file system. See zones(5).
-S service
Specifies an alternate service (for example, Solaris_8). This ser‐
vice is part of the server and client model, and can only be used
from the server's console. Servers can contain shared /usr file
systems that are created by smosservice(1M). These service areas
can then be made available to the clients they serve. -S cannot be
specified with the -R option. See NOTES.
Patching a Compressed Miniroot
The Solaris operating system uses a compressed miniroot. The compressed
miniroot was adopted first in Solaris for x86 and then in Solaris for
SPARC over the course of Solaris 10 update releases. See below for an
easy way to determine whether your Solaris system uses a compressed
miniroot.
To patch a system with a compressed miniroot (full or partial), you
must unpack and then repack the miniroot before and after running
patchadd with the -C destination specifier. Use the procedure shown
below and accompanying example commands.
1. Unpack the compressed miniroot:
# /boot/solaris/bin/root_archive unpackmedia \
/export/home/altuser/testdir /export/home/altuser/mr
2. Run patchadd with -C to patch the miniroot:
# patchadd-C /export/home/altuser/mr \
/var/sadm/spool/104945-02
3. Repack the miniroot:
# /boot/solaris/bin/root_archive packmedia \
/export/home/altuser/testdir /export/home/altuser/mr
At this point, you can use setup_install_server(1M) to install the
patched miniroot on an install server. See root_archive(1M) for a
description of that command.
To determine whether a Solaris image uses a compressed miniroot, check
for the presence of either an x86.miniroot or sparc.miniroot file under
/boot on the boot medium.
Interaction of -G and pkginfo Variable in Zones
The following list specifies the interaction between the -G option and
the SUNW_PKG_ALLZONES variable (see pkginfo(4)) when adding a patch in
global and local (non-global) zones.
global zone, -G specified
If any packages have SUNW_PKG_ALLZONES set to true: Error; nothing
changes.
If no packages have SUNW_PKG_ALLZONES set to true: Apply patch to
package(s) in global zone only.
global zone, -G not specified
If any packages have SUNW_PKG_ALLZONES set to true: Apply patch to
appropriate package(s) in all zones.
If no packages have SUNW_PKG_ALLZONES set to true: Apply patch to
appropriate package(s) in all zones.
local zone, -G specified or not specified
If any packages have SUNW_PKG_ALLZONES set to true: Error; nothing
changes.
If no packages have SUNW_PKG_ALLZONES set to true: Apply patch
package(s) in local zone only.
KEYSTORE LOCATIONS
See the section KEYSTORE LOCATIONS in the pkgadd(1M) man page for
details.
KEYSTORE AND CERTIFICATE FORMATS
See the section KEYSTORE AND CERTIFICATE FORMATS in the pkgadd(1M) man
page for details.
EXAMPLES
The examples in this section are all relative to the /usr/sbin direc‐
tory.
Example 1 Installing a Patch to a Standalone Machine
The following example installs a patch to a standalone machine:
example# patchadd /var/sadm/spool/104945-02
Example 2 Installing a Patch to a Client From the Server's Console
The following example installs a patch to a client from the server's
console:
example# patchadd-R /export/root/client1 /var/sadm/spool/104945-02
Example 3 Installing a Patch to a Service From the Server's Console
The following example installs a patch to a service from the server's
console:
example# patchadd-S Solaris_8 /var/sadm/spool/104945-02
Example 4 Installing Multiple Patches in a Single Invocation
The following example installs multiple patches in a single patchadd
invocation:
example# patchadd-M /var/sadm/spool 104945-02 104946-02 102345-02
Example 5 Installing Multiple Patches Specifying List of Patches to
Install
The following example installs multiple patches specifying a file with
the list of patches to install:
example# patchadd-M /var/sadm/spool patchlist
Example 6 Installing Multiple Patches to a Client and Saving the Back‐
out Data
The following example installs multiple patches to a client and saves
the backout data to a directory other than the default:
example# patchadd-M /var/sadm/spool -R /export/root/client1 \
-B /export/backoutrepository 104945-02 104946-02 102345-02
Example 7 Installing a Patch to a Solaris 8 or Compatible Version Net
Install Image
The following example installs a patch to a Solaris 8 or compatible
version Net Install Image:
example# patchadd-C /export/Solaris_8/Tools/Boot \
/var/sadm/spool/104945-02
Example 8 Installing a Patch to a Compressed Miniroot
The following example installs a patch to a compressed miniroot, such
as one finds on a Solaris x86 machine that supports GRUB-style booting.
This example assumes that /export/Solaris_11/Tools/Boot contains the
unpacked miniroot. After applying the patch, the miniroot needs to be
repacked
example# patchadd-C /export/Solaris_11/Tools/Boot \
/var/sadm/spool/104945-02
See "Patching a Compressed Miniroot," above, for information on Solaris
versions that use a compressed miniroot.
Example 9 Installing a Patch to an Uncompressed Miniroot
The following example installs a patch to a miniroot on a Solaris
machine that does not have a compressed miniroot.
example# patchadd-C /export/Solaris_9/Tools/Boot \
/var/sadm/spool/104945-02
See "Patching a Compressed Miniroot," above, for information on Solaris
versions that use a compressed miniroot.
Example 10 Displaying the Patches Installed on a Client
The following example displays the patches installed on a client:
example# patchadd-R /export/root/client1 -p
Note the caveat on the use of the -R option in the description of that
option, above.
Example 11 Installing a Digitally Signed Set of Patches
The following example installs multiple patches, some of which have
been signed, using the supplied keystore, password, and HTTP proxy.
example# patchadd-k /etc/mycerts -P pass:abcd -x webcache.eng:8080 \
-M http://www.sun.com/solaris/patches/latest 101223-02 102323-02
EXIT STATUS
The following exit values are returned:
0
Successful completion.
>0
An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWswmt, SUNWcs │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Committed │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOcpio(1), pkginfo(1), patchrm(1M), pkgadd(1M), pkgadm(1M), pkgchk(1M),
pkgrm(1M), setup_install_server(1M), smpatch(1M), showrev(1M),
pkginfo(4), attributes(5), grub(5), zones(5)DIAGNOSTICS
The following messages might help in determining some of the most com‐
mon problems associated with installing a patch.
Patch Installation errors
Message
The prepatch script exited with return code retcode.
patchadd is terminating.
Explanation and Recommended Action
The prepatch script supplied with the patch exited with a
return code other than 0. Run a script trace of the prepatch
script and find out why the prepatch had a bad return code. Add
the -x option to the first line of the prepatch script to fix
the problem and run patchadd again.
Message
The signature on patch patch_id was unable to be verified.
patchadd is terminating.
Explanation and Recommended Action
The digital signature on a patch was unable to be verified
given the keystore in use and the signature on the patch. Check
the keystore to make sure it has the requisite trust anchor(s)
required to validate the signature on the package and that the
package has not been tampered with.
Message
The postpatch script exited with return code retcode.
Backing out patch.
Explanation and Recommended Action
The postpatch script provided with the patch exited with an
error code other than 0. This script is mostly used to cleanup
files (that is, when a package is known to have ownership or
permission problems) attributes that do not correspond to the
patch package's objects. After the user has noted all valida‐
tion errors and taken the appropriate action for each one, the
user should re-run patchadd using the -u (unconditional)
option. This time, the patch installation will ignore valida‐
tion errors and install the patch anyway.
Message
Insufficient space in /var/sadm/patch to save old files.
(For 2.4 systems and previous)
Explanation and Recommended Action
There is insufficient space in the /var/sadm/patch directory to
save old files. The user has three options for handling this
problem: Use the -B option while invoking patchadd. This option
will direct patchadd to: save the backout data to the user
specified file system, generate additional disk space by delet‐
ing unneeded files, or override the saving of the old files by
using the -d (do not save) option when running patchadd.
If the user elects not to save the old versions of the files to
be patched, patchrm cannot be used. One way to regain space on
a system is to remove the save area for previously applied
patches. Once the user has decided that it is unlikely that a
patch will be backed out, the user can remove the files that
were saved by patchadd. The following commands should be exe‐
cuted to remove the saved files for patchpatch_id:
cd /var/sadm/patch/patch_id
rm -r save/*
rm .oldfilessaved
After these commands have been executed, patch patch_id can no
longer be backed out.
Message
Insufficient space in /var/sadm/pkg/PKG/save to save old files.
(For 2.5 systems and later)
Explanation and Recommended Action
There is insufficient space in the /var/sadm/pkg/PKG/save
directory to save old files. The user has three options for
handling this problem: (1) Use the -B option while invoking
patchadd. This option will direct patchadd to save the backout
data to the user specified file system. (See synopsis above.)
(2) Generate additional disk space by deleting unneeded files,
or (3) override the saving of the old files by using the -d (do
not save) option when running patchadd. However, if the user
elects not to save the old versions of the files to be patched,
patchrm cannot be used. One way to regain space on a system is
to remove the save area for previously applied patches. Once
the user has decided that it is unlikely that a patch will be
backed out, the user can remove the files that were saved by
patchadd. The following commands should be executed to remove
the saved files for patch patch_id:
cd /var/sadm/pkg/pkgabbrev/save
rm -r patch_id
After these commands have been executed, patch patch_id can no
longer be backed out.
Message
Save of old files failed.
(For 2.4 systems and previous)
Explanation and Recommended Action
Before applying the patch, the patch installation script uses
cpio to save the old versions of the files to be patched. This
error message means that the cpio failed. The output of the
cpio would have been preceded this message. The user should
take the appropriate action to correct the cpio failure. A com‐
mon reason for failure will be insufficient disk space to save
the old versions of the files. The user has two options for
handling insufficient disk space: (1) generate additional disk
space by deleting unneeded files, or (2) override the saving of
the old files by using the -d option when running patchadd.
However if the user elects not to save the old versions of the
files to be patched, the patch cannot be backed out.
Message
Pkgadd of pkgname package failed with error code code.
See /tmp/log.patch_id for reason for failure.
Explanation and Recommended Action
The installation of one of the patch packages failed. patchadd
will backout the patch to leave the system in its pre-patched
state. See the log file for the reason for failure. Correct the
problem and reapply the patch.
Message
Pkgadd of pkgname package failed with error code code.
Will not backout patch...patch re-installation.
Warning: The system may be in an unstable state!
See /tmp/log.patch_id for reason for failure.
Explanation and Recommended Action
The installation of one of the patch packages failed. patchadd
will not backout the patch. You may manually backout the patch
using patchrm, then re-apply the entire patch. Look in the log
file for the reason pkgadd failed. Correct the problem and re-
apply the patch.
Message
patchadd is unable to find the INST_RELEASE file. This file
must be present for patchadd to function correctly.
Explanation and Recommended Action
The INST_RELEASE file is missing from the system. This file is
created during either initial installation or during an update.
Message
A previous installation of patch patch_id was invoked
that saved files that were to be patched. Since files
were saved, you must run this instance of patchadd
without the -d option.
Explanation and Recommended Action
If a patch was previously installed without using the -d
option, then the re-installation attempt must also be invoked
without the -d option. Execute patchadd without the -d option.
Message
A previous installation of patch patch_id was invoked
with the -d option. (i.e. Do not save files that would
be patched) Therefore, this invocation of patchadd
must also be run with the -d option.
Explanation and Recommended Action
If a patch was previously installed using the -d option, then
the re-installation attempt must also be invoked with the-d
option. Execute patchadd with the -d' option.
Diagnostic Reference
The patch installation messages listed below are not necessarily con‐
sidered errors, as indicated in the explanations given. These messages
are, however, recorded in the patch installation log for diagnostic
reference.
Message
Package not patched:
PKG=SUNxxxx
Original package not installed
Explanation and Recommended Action
One of the components of the patch would have patched a package
that is not installed on your system. This is not necessarily
an error. A patch may fix a related bug for several packages.
For example, suppose a patch fixes a bug in both the online-
backup and fddi packages. If you had online-backup installed
but didn't have fddi installed, you would get the message :
Package not patched:
PKG=SUNWbf
Original package not installed
This message only indicates an error if you thought the package
was installed on your system. If this is the case, take the
necessary action to install the package, backout the patch (if
it installed other packages) and re-install the patch.
Message
Package not patched:
PKG=SUNxxx
ARCH=xxxxxxx
VERSION=xxxxxxx
Architecture mismatch
Explanation and Recommended Action
One of the components of the patch would have patched a package
for an architecture different from your system. This is not
necessarily an error. Any patch to one of the architecture-spe‐
cific packages might contain one element for each of the possi‐
ble architectures. For example, assume you are running on a
sun4u. If you were to install a patch to package SUNWcar, you
would see the following (or similar) messages:
Package not patched:
PKG=SUNWcar
ARCH=sparc.sun4c
VERSION=11.5.0,REV=2.0.18
Architecture mismatch
Package not patched:
PKG=SUNWcar
ARCH=sparc.sun4u
VERSION=11.5.0,REV=2.0.18
Architecture mismatch
Package not patched:
PKG=SUNWcar
ARCH=sparc.sun4e
VERSION=11.5.0,REV=2.0.18
Package not patched:
PKG=SUNWcar
ARCH=sparc.sun4
VERSION=11.5.0,REV=2.0.18
Architecture mismatch
These messages indicate an error condition only if patchadd
does not correctly recognize your architecture.
Message
Package not patched:
PKG=SUNxxxx
ARCH=xxxx
VERSION=xxxxxxx
Version mismatch
Explanation and Recommended Action
The version of software to which the patch is applied is not
installed on your system. For example, if you were running
Solaris 8, and you tried to install a patch against Solaris 9,
you would see the following (or similar) message:
Package not patched:
PKG=SUNWcsu
ARCH=sparc
VERSION=10.0.2
Version mismatch
This message does not necessarily indicate an error. If the
version mismatch was for a package you needed patched, either
get the correct patch version or install the correct package
version. Then backout the patch (if necessary) and reapply.
Message
Re-installing Patch.
Explanation and Recommended Action
The patch has already been applied, but there is at least one
package in the patch that could be added. For example, if you
applied a patch that had both Openwindows and Answerbook compo‐
nents, but your system did not have Answerbook installed, the
Answerbook parts of the patch would not have been applied. If,
at a later time, you pkgadd Answerbook, you could re-apply the
patch, and the Answerbook components of the patch would be
applied to the system.
Message
patchadd Interrupted.
patchadd is terminating.
Explanation and Recommended Action
patchadd was interrupted during execution (usually through
pressing CTRL-c). patchadd will clean up its working files and
exit.
Message
patchadd Interrupted.
Backing out Patch...
Explanation and Recommended Action
patchadd was interrupted during execution (usually through
pressing CTRL-c). patchadd will clean up its working files,
backout the patch, and exit.
NOTES
To successfully install a patch to a client or server, patchadd must be
issued twice, once with the -R option and once with the -S option. This
guarantees that the patch is installed to both the /usr and root parti‐
tions. This is necessary if there are both /usr and root packages in
the patch.
pkgadd is invoked by patchadd and executes the installation scripts in
the pkg/install directory. The checkinstall script is executed with its
ownership set to user install, if there is no user install then pkgadd
executes the checkinstall script as noaccess. The SVR4 ABI states that
the checkinstall shall only be used as an information gathering script.
If the permissions for the checkinstall script are changed to something
other than the initial settings, pkgadd may not be able to open the
file for reading, thus causing the patch installation to abort with the
following error:
pkgadd: ERROR: checkinstall script did not complete successfully.
The permission for the checkinstall script should not be changed. Con‐
tents of log file for a successfull installation: patchadd redirects
pkgadd's output to the patch installation log file. For a successfull
installation, pkgadd will produce the following message that gets
inserted into the log file:
This appears to be an attempt to install the same architecture
and version of a package which is already installed. This
installation will attempt to overwrite this package.
This message does not indicate a failure, it represents the
correct behavior by pkgadd when a patch installs correctly.
This message does not indicate a failure, it represents the correct
behavior by pkgadd when a patch installs correctly.
On client server machines the patch package is not applied to existing
clients or to the client root template space. Therefore, when appropri‐
ate, all client machines will need the patch applied directly using
this same patchadd method on the client. See instructions above for
applying patches to a client. A bug affecting a package utility (for
example, pkgadd, pkgrm, pkgchk) could affect the reliability of
patchadd or patchrm, which use package utilities to install and backout
the patch package. It is recommended that any patch that fixes package
utility problems be reviewed and, if necessary, applied before other
patches are applied. Existing patches are:
Solaris 2.5.1 Sparc Platform Edition:
104578
Solaris 2.5.1 Intel Platform Edition:
104579
Solaris 2.6 Sparc Platform Edition:
106292
Solaris 2.6 Intel Platform Edition:
106293
WARNINGS
Certain patches are classified as "deferred activation" patches (some‐
times with initial capitals, as "Deferred Activation" patches). Under
conditions indicated below, such patches require special treatment. A
patch's README file specifies whether that patch is of the deferred
activation variety. (Search on "Deferred Activation" in the README
file.)
If you are installing or removing a patch that uses deferred activation
patching, you must check on the following:
o On a system running zones, all non-global zones must be in a
halted state for adding or removing a patch.
o Deferred activation patching requires the loopback file sys‐
tem (lofs) in order to complete safely. Systems running Sun
Cluster 3.1 or Sun Cluster 3.2 are likely to have lofs
turned off because of restrictions on HA-NFS functionality
when lofs is enabled. Therefore, before a deferred activa‐
tion patch is installed or removed, you must re-enable the
loopback file system by commenting out the following line in
the /etc/system file:
exclude:lofs
Then, reboot your system and install or remove the patch.
After you have completed the patch operation, uncomment the
line cited above, then reboot to resume normal operation.
SunOS 5.11 11 Dec 2007 patchadd(1M)
