如何创建用于手动安装的修补程序集

Juergen Fleischer，2006 年 12 月

Sun Update Connection - Enterprise 的核心功能是自动完成所有的修补程序管理任务，包括分析、相关性解析、实施和最终安装。虽然这应该是最终目标，但在某些情况下，Sun Update Connection - Enterprise 也可能不执行最终安装。例如，SysAdmin 组负责提供标准的修补程序集，而 IT-Operations 组负责使用传统方法进行实际安装。另一种可能的情况是将修补程序安装到备用引导环境中，而不是当前运行的根环境中。

如何执行此类任务？

Sun Update Connection - Enterprise 允许您在模拟模式下运行作业。将解析所有相关性，并且所需的修补程序将下载到客户机，以供在部署模式下重新运行作业时使用。模拟作业完成后，修补程序将被作为 BLOB（binary large object，二进制大对象）存储在 /var/lib/uce/agent/blobs 中，可以在 /var/lib/uce/agent/logs/resolve.log 中找到相关性和排序解析的结果。

本地预操作脚本 create_patchset 创建目录 /var/tmp/patchset，分析 resolve.log 文件以创建 patch_order 文件，并将所有修补程序复制到 patchset 目录中。检测到的固件或快擦写 PROM 修补程序将被移动到名为 firmware+flashprom 的子目录中。

最后，脚本 install_all_patches 将被放置到用于手动安装的修补程序集中。要创建修补程序集，必须在模拟模式下运行标准修补程序作业，然后在部署模式下运行一个作业，以执行运行预操作脚本 create_patchset 的任务。以上就是全部过程。现在，我们就具有一个独立的修补程序集，可用于传统手动安装，或将其安装到备用引导环境中。

用于创建修补程序集的脚本

!/bin/bash

#
# create_patchset
#
# create a standalone patch set for manual installation at
# /var/tmp/patchset
#
# The script uses the output of a patch job run in simulation
# mode. It must be run in the very next job as pre-action
# script in deploy mode.
# Author: Juergen.Fleischer@Sun.COM
#
# v1.1: 12-Nov-2006
#      
PATCHSET=/var/tmp/patchset

FWDIR=/var/tmp/patchset/firmware+flashprom


BASEDIR=/var/lib/uce/agent

RESOLVE=${BASEDIR}/logs/resolve.log

BLOBS=${BASEDIR}/blobs

# to ensure that we don't have to fight with locales
LC_ALL=C
export LC_ALL

#
# We have to find the last line of the last simulation job
# in resolve.log. It contains the No. of patches ...
#
SIMULATE_RESULTS=$(cat -n $RESOLVE | \
 grep 'Total number of sorted operations :'|tail -2|head -1)
NO_PATCHES=$( echo $SIMULATE_RESULTS | nawk '{print $8}' )

if [ -z "$NO_PATCHES" ]
then
  echo Could not determine needed patches from $RESOLVE
  echo Aborting ...
  exit 1
fi

#
# LAST_LINE is the line with the last patchid in the resolve.log
# file
#
LAST_LINE=$(( $(echo $SIMULATE_RESULTS|nawk '{print $1}') -1 ))

rm -rf $PATCHSET
mkdir $PATCHSET
cd $PATCHSET
cp /dev/null patch_order

#
# we will loop now over the NO_PATCHES lines in resolve.log
# until we reach the last patchid
#
echo
echo Starting to create standalone patch set for manual installation
echo or installation into an Alternate Boot Environment \(ABE\).
echo
head -$LAST_LINE $RESOLVE | tail -$NO_PATCHES | while read line
do
  PATCHID=$(echo "$line" |cut -c16-24)
  BLOB=${BLOBS}/$(echo "$line"|cut -c6-13).blob

  echo Copying patchid $PATCHID
  if [ -z "$( file ${BLOB} | grep -w ZIP )" ]
  then
    gzcat ${BLOB} | tar xf -
  else
    unzip -q ${BLOB}
  fi
  rm -rf META-INF
    if [ -f "${PATCHID}/.diPatch" ]
  then
    echo $PATCHID >> patch_order
  else
    # this is not a direct instance patch, assuming FW patch
    [ -d "$FWDIR" ] || mkdir $FWDIR
    mv $PATCHID $FWDIR
    echo Moving patch $PATCHID to firmware subdirectory
  fi done

echo
echo 'Copying install script "install_all_patches"'
cat >install_all_patches <<EOF
#!/usr/bin/sh

# Usage: ./install_all_patches [ -R /ABE ]

# to ensure that the filesystem /opt is available
mount /opt 2>/dev/null && echo Filesystem /opt mounted ...

# install patches, forward additional args like "-R /ABE"
patchadd "\$@" -M \$PWD patch_order EOF

chmod a+x install_all_patches

echo
echo Patch set successfully created in directory $PATCHSET
echo
echo 'Use "./install_all_patches" to install the patch set'
echo

除非另行颁发许可，否则此处所有技术手册中的代码（包括文章、常见问题解答和样例）只能在本许可下使用。