23-FEB-2011: Solaris package management is broken

It's simple, you see -- just remove all the patches you have ever applied before installing any new packages. Duh!

More failure on the Solaris front. Package management on Solaris (10 and older) systems is completely broken. If you have have to install a vendor package after the system has been installed you must first back-out all patches.

What ? That can't be right... I install packages all the time without backing out all my patches. You're crazy!

Sure, you CAN install packages without backing out all the patches but it's not a good idea. The central issues here are that:

  1. A single Solaris patch provides updates for multiple packages; and
  2. Solaris patches are sparse

So when you patch a system, all the packages that are installed get patched and the bits for packages that are not installed get ignored. Thus, if you later install package that was patched by a patch you have already installed, you cannot then re-apply the patch (because you already have it, and you may even have a newer patch that overlaps some of the packages so you cannot simply re-install the patch as you may end up downgrading things that have been patched).

What ?

Let's work from a recent example. I got a request to install TFTP on 2 existing servers. These servers are running Solaris 10 Update 5. They have, of course, had all relevant patches applied to them. They did not have the SUNWtftp package installed. That made me sad. But I endeavored to persevere and decided to install the SUNWtftp package despite not being able to take the systems down for several hours to patch them. So I installed the SUNWtftp package from Solaris 10 Update 5 from the original installation media. I ended up with the package SUNWtftp version 11.10.0,REV=2005. installed.

Good to go.

Well, not quite. I tried to actually USE the tftp service and it ended up failing with:

 Feb 23 22:42:27 nx tftpd[14237]: [ID 659407 daemon.error] socket (main): Permission denied
 Feb 23 22:42:32 nx tftpd[14278]: [ID 659407 daemon.error] socket (main): Permission denied
 Feb 23 22:42:37 nx tftpd[14317]: [ID 659407 daemon.error] socket (main): Permission denied
 Feb 23 22:42:42 nx tftpd[14388]: [ID 659407 daemon.error] socket (main): Permission denied
 Feb 23 22:42:47 nx tftpd[14458]: [ID 659407 daemon.error] socket (main): Permission denied

Well... That sucks. I do some research and find out that this is a bug in older tftp daemons with newer kernels. Well, I did just install some old software. Maybe I just need to patch it up.

Let's see, according to the documentation I will need the patches:

  1. 142909-17 (obsoletes 140169-01, which obsoletes 123332-02, which obsoletes 123332-01)

That should be easy enough! Just one patch. Let's get to it.

 # scp user@jumpstart:/jumpstart/Patches/142909-17.zip /var/tmp
 # cd /var/tmp
 # unzip 142909-17.zip
 # patchadd 142909-17

This story is still in progress, I need to gather more details before I can complete it.