Short story:
Download PCA for system registered with Oracle CSI. This version of PCA (Patch Check Advanced) allows to maintain Solaris OS patches using Oracle Solaris Premier Subscriptions and Oracle CSI account instead of the SunSolve account with Sun Contract.
Long Story:
After quite successful evaluation of running MySQL on Solaris 10 we decided to move all our production database servers to the Oracle Solaris. We purchased Oracle Solaris Premier Subscriptions for Non-Oracle x86 Systems (our servers are Dell PowerEdge R710). I have registered the my subscription with Oracle support and successfully installed Oracle Configuration Manager on the server. Patch analysis and recommendations didn’t work for the server OS. Attempting to download the recommended patch cluster didn’t work either. Sun server, where the actual patch file is located, responded with 403 (Forbidden) and the “You are not entitled to retrieve this content. ” message. Trying to get to the OS patches via SunSolve finally showed the following picture: Sun servers that host all Solaris patches don’t know about Oracle CSI (Customer Support ID) and Oracle support system knows nothing about Sun Contract Number which is required for getting any Solaris patch other than public security patch.
My next thought was getting the system updated with the built-in smpatch utility. I was thinking that if Oracle is now packaging Solaris 10 distribution, everything shipped with the OS should work. Naive me…
The server was installed with minimal install of the Solaris OS. smpatch is not being installed as part of this choice. Installing just SUNWmga package doesn’t not work as it dependent on a bunch of other packages that are not installed during minimal install. To make the story short you should do the following in order to get smpatch functional:
- Install smpatch related packages from Solaris 10 DVD:
- Insert the DVD and find out its device:
ls -al /dev/sr* | awk ‘{print “/” $11}’ - Mount it with:
mount -F hsfs -o ro /dev/<device name> /mnt/dvd where device name is the one you’ve got in the above step (make sure /mnt/dvd exists) - execute as root:
# pkgadd -d /mnt/dvd/Solaris_10/Product/ SUNWupdatemgru SUNWupdatemgrr SUNWccccr SUNWccccrr SUNWccccfg SUNWcctpx SUNWccfw SUNWccsign SUNWbrg SUNWcsmauth SUNWscnprm SUNWscnsom SUNWsensor SUNWscn-base SUNWsam SUNWscnprmr SUNWcacaort SUNWscn-base-r SUNWsamr SUNWbrgr SUNWzoneu SUNWzoner SUNWpool SUNWxcu4 SUNWsensorr SUNWscnsomr SUNWjdmk-base - Follow this excellent article created by Kevin Pendleton about Registering Solaris 10 and updating patches from the command line (CLI)
So now the smpatch does something useful, other than throwing weird Java hundred lines exception stack traces. Frankly, I don’t understand Sun engineers, who decided to develop such a simple and vital system utility in Java with dependences to a bunch of other packages. The most annoying thing is that the program doesn’t tell you that “SUNWjdmk-base package is missing, please install it”. Instead, it throws weird unreadable Java errors. But the most funny thing is that if you are Oracle customer and you don’t have existing Sun contract you cannot do much with smpatch. smpatch also goes for patch files to SunSolve servers which know nothing about the fact that Oracle sales $1K per CPU support subscriptions for the operating system it is running on.
While I was digging the Internet for finding solution to apply patches to my system, I found two very important things.
One of them is PCA (Patch Check Advanced) – outrageous patching utility for Solaris written by Martin Paul. It is extremely smal Perl script that just does the work in the right way. This is exactly what this kind of OS utility should look like. I’m going to manage all my new Solaris systems with PCA. Once you get get it work, you don’t need anymore any heavy Java based patch management software provided by Sun/Oracle.
Another very useful piece of information was Oracle article, explaining Patch download automation for Sun products using wget. In fact, Oracle has migrated all Sun servers hosting Solaris patches to its own servers. Presumably, it is not yet integrated into the Oracle Support portal and Solaris system utilities. I hope Oracle is not going to abandon Solaris 10 in sake of their new Solaris 11 Express release. So if you have valid Oracle CSI, you can manually download and install required Solaris patches using this howto. I did it for the recommended patch cluster (10_x86_Recommended.zip).
And finally, when my system was up to date, the only thing that I was missing is a patching tool for the ongoing system maintenance. I looked into the PCA code, it was quite easy to merge base patch URLs to work with new Oracle locations. As a result I’ve got PCA that is fully functional and works with Oracle CSI credentials.
Download it: PCA for system registered with Oracle CSI
Update (December, 13)
I just received email from Martin Paul saying that he also had prepared an updated version of PCA and it is going to be released any time soon. Please check his site for the update. Oracle has completed migration of Sun servers over the last weekend. I will check My Oracle Support site for patches availability and its integration with Oracle Configuration Manager.
Update (December, 14)
Blastwave PCA package is still not updated with latest PCA version. Download it manually from the PCA Home page. Oracle Configuration Manager is not updated either. Patches should be downloaded manually, although with PCA it is much easier to do.
Infraworks 
For PCA and other packages you will find OpenCSW better updated.
http://www.opencsw.org/packages/CSWpca/