03-24-2011 12:51 PM
I did notice a cksum for each patch in the patch information page. Does HP-UX (11.11,11.23,11.31) offer any way to validate patch content before installing it via a signature or any other method?
If so can you point me to some examples or man pages?
Solved! Go to Solution.
03-24-2011 02:28 PM
Every patch has a page in the HP-UX patch database that includes a checksum.
You can if you have the time verify the check sum of every patch using an OS utility.
Owner of ISN Corporation
03-25-2011 08:01 AM
I see that there is a is_secure row in the patch details with swlist -dRv @ /var/patch/depot/[patch_name].depot, it seems to indicate if a patch file is encrypted or not and if it requires a password (per the sd(4) doc). I don't see a way to validate it at install time other than the way pointed out to look at the bulletin and cksum the files individually. That seems like a lot of work. It's a shame HP doesn't offer a simpler way to do this for their own content.
03-25-2011 09:21 AM
> I don't see a way to validate it at install time other than the way pointed out to look at the bulletin and cksum the files individually.
Various checks are performed during installation and/or whenever a 'swverify' is run to guarantee the integrity of a patch or product. Not the least of these is a 'cksum' value delivered in the 'INFO' file. Following installation, this file can be found in the '/var/adm/sw' directory.
03-25-2011 03:29 PM
I've heard that they are thinking about this for the future.
>JRF: Not the least of these is a 'cksum' value delivered in the 'INFO' file. Following installation, this file can be found in the /var/adm/sw directory.
You can also use swlist to list the checksums of the files in the fileset.
04-05-2011 02:17 PM
For more on SWA check out https://www.hp.com/go/swa