> The https server at sunsolve.sun.com doesn't respond, but
> http works. At least for me.
That is somewhat bizarre. This is like watching an old well loved building
collapse in slow motion. :-(
So then ... here is what I did. On my server ( with a valid contract ) I
did the following :
1) fetch the patchdiag.xref from good ol SunSolve
that worked for the moment
2) run PCA t determine that patches have updated since June 19th which is
when I last applied patches to this server.
3) look at list
4) look at the report for patches needed :
# cat patch_report_missing
Using /export/medusa/root/pca_data/xref/patchdiag.xref from Nov/19/10
Host: deimos (SunOS 5.10/Generic_142901-14/i386/i86pc)
List: missing (157/8633)
Patch IR CR RSB Age Synopsis
------ -- - -- --- ---
-------------------------------------------------------
119255 73 < 77 RS- 5 SunOS 5.10_x86: Install and Patch Utilities Patch
5) I then attempt to fetch the patch from Sunsolve with good ol PCA and
watch that fail miserbly.
6) I read
http://sunsolve.sun.com/search/document.do?assetkey=1-79-1199543.1-1
7) I then fetch the certificates file :
# /opt/csw/bin/wget
http://sunsolve.sun.com/search/document.do\?attach=yes\&assetkey=urn:cds:attach:cds/attachments/pshsure/1199543.1/WGET3_getupdates.pem
8) I put that someplace that I can get to later
# mv
document.do\?attach=yes\&assetkey=urn:cds:attach:cds%2Fattachments%2Fpshsure%2F1199543.1%2FWGET3_getupdates.pem
$PCA_XREFDIR/getupdates.pem
9) I look at the cert file :
# head $PCA_XREFDIR/getupdates.pem
-----BEGIN CERTIFICATE-----
MIIEdzCCA+CgAwIBAgIQeFTJcTtAoD2TTksbfyZhcDANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x
MDA0MTMwMDAwMDBaFw0xMTA1MDUyMzU5NTlaMIG4MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxQOUmVkd29vZCBTaG9yZXMxGzAZBgNV
BAoUEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxQJR2xvYmFsIElUMTMwMQYD
VQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMTAx
#
# /opt/csw/bin/openssl x509 -text -in $PCA_XREFDIR/getupdates.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:54:c9:71:3b:40:a0:3d:93:4e:4b:1b:7f:26:61:70
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
International Server CA - Class 3, OU=www.verisign.com/CPS
Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Validity
Not Before: Apr 13 00:00:00 2010 GMT
Not After : May 5 23:59:59 2011 GMT
Subject: C=US, ST=California, L=Redwood Shores, O=Oracle
Corporation, OU=Global IT, OU=Terms of use at www.verisign.com/rpa
(c)10, CN=*.oracle.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:cb:2b:bd:5b:70:71:e2:a6:cc:06:78:73:cc:e3:
a7:fd:fa:5d:22:79:55:54:c7:f7:54:25:e2:7d:5e:
d8:77:34:c4:c6:ed:60:7a:ea:c8:cb:10:15:33:47:
3d:b3:e2:dd:45:49:e4:1f:52:09:01:74:91:82:33:
6f:5d:3c:39:6f:90:ff:04:18:35:c8:27:17:cd:67:
3b:e3:22:bb:0b:69:41:10:02:7e:73:44:86:cc:43:
91:fe:12:4a:96:75:d2:8d:0b:15:cf:10:8f:d5:8f:
d1:7e:40:f6:91:45:1a:fa:79:10:1f:58:27:a2:f4:
09:57:a2:9b:5f:0d:5c:8f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
OCSP - URI:http://ocsp.verisign.com
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 2.16.840.1.113733.1.7.23.3
CPS: https://www.verisign.com/rpa
X509v3 CRL Distribution Points:
URI:http://SVRIntl-crl.verisign.com/SVRIntl.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client
Authentication, Netscape Server Gated Crypto, Microsoft
Server Gated Crypto
X509v3 Key Usage:
Digital Signature, Key Encipherment
1.3.6.1.5.5.7.1.12:
0`.^.\0Z0X0V..image/gif0!0.0...+......Kk.(.....R8.).K..!..0&.$http://logo.verisign.com/vslogo1.gif
Signature Algorithm: sha1WithRSAEncryption
0d:4d:7d:17:cd:11:89:0f:a4:5a:13:aa:43:91:ab:11:30:fd:
9f:fa:fa:e6:ab:d6:c8:d9:12:3b:53:72:f2:40:47:61:c8:db:
0d:19:04:f1:0b:ef:bc:b9:0f:02:bf:b3:cd:de:c4:d7:2a:03:
17:64:f7:4a:f9:e7:35:60:34:e2:55:50:b2:16:fc:52:26:b7:
d8:34:13:38:99:7f:6a:3d:a7:32:ed:6b:91:44:e1:2e:00:0b:
eb:ab:36:4f:f1:9b:71:f1:58:5f:11:89:43:01:52:f3:9e:6d:
fe:2a:f2:a9:24:46:44:ad:ca:70:2d:ad:0c:62:32:43:e3:47:
b3:26
-----BEGIN CERTIFICATE-----
MIIEdzCCA+CgAwIBAgIQeFTJcTtAoD2TTksbfyZhcDANBgkqhkiG9w0BAQUFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x
MDA0MTMwMDAwMDBaFw0xMTA1MDUyMzU5NTlaMIG4MQswCQYDVQQGEwJVUzETMBEG
A1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxQOUmVkd29vZCBTaG9yZXMxGzAZBgNV
BAoUEk9yYWNsZSBDb3Jwb3JhdGlvbjESMBAGA1UECxQJR2xvYmFsIElUMTMwMQYD
VQQLFCpUZXJtcyBvZiB1c2UgYXQgd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMTAx
FTATBgNVBAMUDCoub3JhY2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAyyu9W3Bx4qbMBnhzzOOn/fpdInlVVMf3VCXifV7YdzTExu1geurIyxAVM0c9
s+LdRUnkH1IJAXSRgjNvXTw5b5D/BBg1yCcXzWc74yK7C2lBEAJ+c0SGzEOR/hJK
lnXSjQsVzxCP1Y/RfkD2kUUa+nkQH1gnovQJV6KbXw1cj50CAwEAAaOCAXwwggF4
MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNp
Z24uY29tMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgG
CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDwGA1UdHwQ1
MDMwMaAvoC2GK2h0dHA6Ly9TVlJJbnRsLWNybC52ZXJpc2lnbi5jb20vU1ZSSW50
bC5jcmwwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEG
CisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMG4GCCsGAQUFBwEMBGIwYKFeoFwwWjBY
MFYWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFEtruSiWBgy70FI4mymsSweLIQUY
MCYWJGh0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28xLmdpZjANBgkqhkiG
9w0BAQUFAAOBgQANTX0XzRGJD6RaE6pDkasRMP2f+vrmq9bI2RI7U3LyQEdhyNsN
GQTxC++8uQ8Cv7PN3sTXKgMXZPdK+ec1YDTiVVCyFvxSJrfYNBM4mX9qPacy7WuR
ROEuAAvrqzZP8Ztx8VhfEYlDAVLznm3+KvKpJEZErcpwLa0MYjJD40ezJg==
-----END CERTIFICATE-----
#
very nice .. Verisign seems to be everywhere.
10) I then fetch my first patch :
/opt/csw/bin/wget -v --http-user=someusername --http-passwd=BADCAFFE
--ca-certificate=$PCA_XREFDIR/getupdates.pem
https://getupdates.oracle.com/all_unsigned/119255-77.zip -O
$PCA_PATCHDIR/119255-77.zip
That seems to work. :-)
11) I write a simple script to fetch the patches I need. I watch that fail
with loads of this :
2010-11-21 16:41:37 ERROR 403: You are not entitled to retrieve this
content..
The only patches I am allowed to have with my support contract for Solaris
10 seem to be these : 119255-77 142252-02 145045-02
119255-77 RS- SunOS 5.10_x86: Install and Patch Utilities Patch
142252-02 RS- SunOS 5.10_x86: sh patch
145045-02 R-- SunOS 5.10_x86: ksh pfksh rksh xargs sh patch
Strangely I am not allowed to have the compiler patches that I really need.
120759-21 --- Sun Studio 11_x86: Sun Compiler Common patch for x86 backend
121018-22 --- Sun Studio 11_x86: Patch for Sun C++ 5.8 compiler
121020-12 --- Sun Studio 11_x86: Patch for x86 Fortran 95 8.2 Compiler
121616-07 --- Sun Studio 11_x86: Patch for Sun dbx 7.5_x86 Debugger
126498-20 --- Sun Studio 12_x86: Sun Compiler Common patch for x86 backend
124864-26 --- Sun Studio 12_x86: Patch for Sun C++ Compiler
124868-15 --- Sun Studio 12_x86: Patch for C 5.9 compiler
141858-07 --- Sun Studio 12 Update 1_x86: Sun Compiler Common patch for x86
128229-11 --- Sun Studio 12 Update 1_x86: Patch for C++ Compiler
142363-06 --- Sun Studio 12 Update 1_x86: Patch for C Compiler
145349-01 --- Sun Studio 12 Update 1_x86 : Patch for dbx
Funny ... I am not allowed to have those as well as piles of others.
I so enjoy paying a corporation money and then I have to work for them.
Does anyone know, I mean really know, when Oracle will get its act
together on this simple yet critical service ?
--
Dennis Clarke
dcla...@opensolaris.ca <- Email related to the open source Solaris
dcla...@blastwave.org <- Email related to open source for Solaris
