Am 20.03.2014 16:46, schrieb McGraw, Robert P:
Can someone explain how safe works when patching with —no-safe.
At first - keep in mind that PCA does not install patches itself, it
uses the OS command "patchadd" for that. So PCA is not involved into
modifying any OS files. What --safe does is documented like this:
"Sometimes a patch re-delivers and silently overwrites files which have
been modified locally. PCA tries to overcome this issue with its safe
patch installation mode. Before installing a patch, PCA checks all files
listed in the patch README for local modifications. If any modified file
is in danger of being overwritten, a warning is shown and the patch is
skipped."
PCA collects a list of files delivered in a patch and runs "pkgchk"
against that list. Like this, comparing the actual file size/mode/etc
against /var/sadm/install/contents it finds out if a file has local
modifications. If so, PCA in safe mode will skip the patch.
Often a patch includes special install scripts for files included in the
patch, which take care that files aren't simply overwritten by patchadd.
Sometimes the intregrate changes into existing files, leaving local
modifications alone. Sometimes they install the new file from the patch
with an extension ".new" and leave it to the admin to integrate the changes.
PCA has a white list of patches/files, where it knows that the relevant
patch includes special handling, to reduce the number of false warnings.
I use PCA like that:
Install all patches with --safe. I then look at all patches which were
skipped due to safe mode, and find out why. Then install the patches
without --safe, and react as necessary: re-integrate local changes which
got overwritten, integrate local changes and changes in *.new files into
the file in question, etc.
So --safe will just tell you "ohoh, watch out, there *might* be some
manual intervention required after installing this patch, but I can't
tell exactly what it is".
Hope that helps,
Martin.
