This discussion is archived
4 Replies Latest reply: Aug 24, 2009 6:56 PM by 807567 RSS

Patchsvr is no longer a patchsvr

807567 Newbie
Currently Being Moderated
well, it was nice getting an update to the local patchsvr that made it
look for new patches by itself rather than having us delete the old database first.
But, now the patch server no longer acts as a patch server, it merely acts as
a proxy. It refuses to cache patches, as soon as they have been sent to
requesting client, they are immediately deleted from the cache. I tried changing
the defaults, no change. Currently want these settings to take effect:

Patch source URL: https://getupdates1.sun.com/
Cache location: /var/sadm/spool/patchsvr
Messages maximum age: 0
Collection maximum age: 1
Patchset maximum age: 0
Detector maximum age: 1

Having non-zero values doesnt seem to help either.

This makes updating a lot of servers taking a LOT of time
and wastes a lot of resources.
  • 1. Re: Patchsvr is no longer a patchsvr
    807567 Newbie
    Currently Being Moderated
    Thanks for the heads up. I'm observing the something on my systems. This makes it tough for us who need an air gap between the Internet and our internal servers. Hopefully this is just an oversight on the part of Sun and will be fixed quickly.
  • 2. Re: Patchsvr is no longer a patchsvr
    807567 Newbie
    Currently Being Moderated
    Do you have these settings?

    # patchsvr setup -l
    Patch source URL: https://getupdates1.sun.com/
    Cache location: /var/sadm/spool/patchsvr
    Messages maximum age: 1
    Collection maximum age: 1
    Patchset maximum age: 3
    Detector maximum age: 3

    You could change it like this:

    # patchsvr setup -a 14
    # patchsvr setup -t 14

    Mine deleted patches initially, downloading an identical copy, but
    eventually stopped doing that.
  • 3. Re: Patchsvr is no longer a patchsvr
    807567 Newbie
    Currently Being Moderated
    Have you applied the latest Sun Update Connection Proxy 1.0.9 patch:

    SPARC - 119788-10      x86 - 119789-10

    Also if you grep patchSigningCertAlias /var/patchsvr/lps/WEB-INF/applicationContext-lps.xml

    the result should be:

    <property name="patchSigningCertAlias"><value>patchsigning:patchsigning2:patchsigning3</value></property>

    Is this the case?
  • 4. Re: Patchsvr is no longer a patchsvr
    807567 Newbie
    Currently Being Moderated
    yes, it was the patchsigning3 I had forgotten about.
    wonder why the LPS patch itself (or the cert patch) could not apply these changes ?
    Thanks.