patch

Just a quick heads up to the ODA customers — there is a critical patch 2.1.0.3.1 out that is applied on top of ODA patch bundle 2.1.0.3.0. This patch has an important fix for a bug causing ODA servers to shutdown in some situations when an ASM disk is lost. The patch number is 13817532 [...]

Just a quick post that the 11.2.0.3 patch set for Oracle Database Server has been released for x86 and x86-64 platforms (other ports will soon follow). The patchset number is 10404530 and is available for download from My Oracle Support.

Also be sure to check out the 11.2.0.3 New Features Guide.

This is a rather quick note, but can be quite useful in certain situations. I currently look after a system which is quite difficult to jump on. That means before I get to do a “sudo su – oracle” I need to get to a jump-off box, ssh to 2 other machines and then log in as myself. It’s secure, but not user friendly. Especially in this case where I needed to run the latest RDA for an an open support request.

So rather than “dragging” the RDA with me on each box I used the new (Flash) interface to get a small shell script which you just need to deploy to your machine and run. It then connects to updates.oracle.com and does its magic.

The script works mostly fine, but depending on your environment you have to make small changes. My example is for Solaris 10, any Linux should just work out of the box.To start with you need to log in to the Flash version of My Oracle Support (unsurprisingly) and click on “patches and updates”. Enter your patch number, for example 10376971 for RDA on Solaris SPARC 64bit. On the results page, click on the description (“remote Diagnostics Agent OCM Bundle….”). The line will now be highlighted. Next, click on the download icon to view a new pop up window.The magic is in the “wget options” link down to the left. Clicking on it you have the option to have a script created or either copy the script to the clipboard.

I chose the latter, and created /tmp/get.sh with the contents from the clipboard. The script is shown here:

#!/bin/sh

#
# Generated Wed, 23 Feb 2011 08:49:57 Coordinated Universal Time
# Start of user configurable variables
#

# SSO username and password
SSO_USERNAME=user@company.com
SSO_PASSWORD=

# E-Delivery token
# The EPD_TOKEN will expire 48 hours after the following generation date
# Wed, 23 Feb 2011 08:49:57 Coordinated Universal Time
EPD_TOKEN=

# Path to wget command
WGET="/usr/bin/wget"

# Location of cookie file
COOKIE_FILE=/tmp/$$.cookies

# Log directory and file
LOGDIR=.
LOGFILE=$LOGDIR/wgetlog-`date +%m-%d-%y-%H:%M`.log

# Output directory and file
OUTPUT_DIR=.

#
# End of user configurable variable
#

if [ "$SSO_PASSWORD " = " " ]
then
 echo "Please edit script and set SSO_PASSWORD"
 exit
fi

# Contact updates site so that we can get SSO Params for logging in
SSO_RESPONSE=`$WGET https://updates.oracle.com/Orion/Services/download 2>&1|grep Location`

# Extract request parameters for SSO
SSO_TOKEN=`echo $SSO_RESPONSE| cut -d '=' -f 2|cut -d ' ' -f 1`
SSO_SERVER=`echo $SSO_RESPONSE| cut -d ' ' -f 2|cut -d 'p' -f 1,2`
SSO_AUTH_URL=sso/auth
AUTH_DATA="ssousername=$SSO_USERNAME&password=$SSO_PASSWORD&site2pstoretoken=$SSO_TOKEN"

# The following command to authenticate uses HTTPS. This will work only if the wget in the environment
# where this script will be executed was compiled with OpenSSL. Remove the --secure-protocol option
# if wget was not compiled with OpenSSL
# Depending on the preference, the other options are --secure-protocol= auto|SSLv2|SSLv3|TLSv1
$WGET --secure-protocol=auto --post-data $AUTH_DATA --save-cookies=$COOKIE_FILE --keep-session-cookies $SSO_SERVER$SSO_AUTH_URL -O sso.out >> $LOGFILE 2>&1

rm -f sso.out

$WGET  --load-cookies=$COOKIE_FILE --save-cookies=$COOKIE_FILE --keep-session-cookies "https://updates.oracle.com/Orion/Services/download/p10376971_422_SOLARIS64.zip?aru=13243257&patch_file=p10376971_422_SOLARIS64.zip" -OUTPUT_DIR/p10376971_422_SOLARIS64.zip   >> $LOGFILE 2>&1

# Cleanup
rm -f $COOKIE_FILE

You need to check the SSO_USERNAME and SSO_PASSWORD variables to match your settings. I needed to do some minor modifications for my Solaris 10 installation . For example, wget is in the Sun Freeware directory (/usr/sfw/bin), which is not in the PATH. Change wget to “not check for certificates”, as shown in this example, line 20:

WGET=”/usr/sfw/bin/wget –no-check-certificate”

I also had to set a proxy-set the following environment variables, either in the script or on the command line:

export http_proxy=http://proxy.host:port
export https_proxy=https://proxy.host:port

With this set, everything worked smoothly. It pays off to run the script with the -x option as in bash -x /tmp/get.sh. As you can see the script writes a log file to your current working directory, and it saves the patch in it as well. Be careful not to fill up /tmp/ with a 3GB download :)

This technique obviously depends on the wget utility to be available. For security reasons your sys admin may not have installed it in which case you might use some fancy cascaded port-forwarding to get the patch to your box (or ask someome with more permissions after having spent 30 minutes raising a ticket which is going to be executed in the next 3 weeks)

Happy patching

Update: Mon Sep 13 16:02:36 PDT 2010 The 11.2.0.2 patch is now available for download (for real). If you downloaded it on Friday, there is no need to re-download it. It was mistakenly made public before it could be validated (test MD5 sums, etc.), but has since been validated. Enjoy! Just a quick post that the 11.2.0.2 patch set for Oracle Database Server has been released for x86 and x86-64 platforms. The patchset number is 10098816 and is available for download from My Oracle Support. Be sure to give note 1189783.1 Important Changes to Oracle Database Patch Sets Starting With 11.2.0.2 a read as several things have changed in the patching process. {lang: 'ar'}