Sun Storage 6320 System
 

GCS>Sun Microsystems>Sun FAB>Standard>Controlled Proactive
 

All 6320 systems with MIRE 1.3.1 or older will no longer be able to obtain system patch updates online via patchpro after August 2006. If customers do not upgrade to MIRE 1.3.2 prior to September 2006 and wish to upgrade their 6320 after August 2006, then they will be forced to call Sun and request a Sun Service Engineer come onsite to perform patch upgrades manually via CD image. This may be a T&M charge to the customer, depending on their current entitlement status. The actual certificate expiration date is September 24, 2006.

Customers will receive invalid patch certificate errors and will be unable to obtain patches online via PatchPro. The actual messages may be unclear. The PatchPRO log will show something like:

Thu Jun 01 19:05:46 PDT 2006(CRITICAL)=>
com.sun.patchpro.manipulators.SunOSSunPatchInstaller@140c281
<=com.sun.patchpro.security.SignatureValidationException:
ERROR: Failed to validate the digital signature(s) for:
at
com.sun.patchpro.manipulators.Installer.extractPatch(Installer.java:314)
at
com.sun.patchpro.manipulators.SunOSSunPatchInstaller.install(SunOSSunPatchInstaller.java:45)
at
com.sun.patchpro.manipulators.Installer.run(Installer.java:134)
at java.lang.Thread.run(Thread.java:534)
Thu Jun 01 19:05:46 PDT 2006(ERROR)=> Thread[Thread-20,5,main] <=Problem
installing patches: Received a Manipulable event.
Thu Jun 01 19:05:47 PDT 2006(ALERT)=>
com.sun.patchpro.util.PatchBundleInstaller@1be0f0a <=Failed to install a
patch.

While the Screen will show the fairly standard failure message that looks something like:

Assessing patches needed for your system...
.Adding com.sun.patchpro.host.Realization@4e79f1
..
Retrieved patch list...
Downloading patches to /var/spool/pkg/patchpro...
.
Installing patches from /var/spool/pkg/patchpro...
WARNING: Policy does not allow installation of patches.
Received a Manipulable event.
Received a Manipulable event.
ALERT: Failed to install a patch.

Due to a transition from GTE CyberTrust-anchored PKI to a new PKI from VeriSign, the patch signing certificate that was used with PatchPro (MIRE 1.3.1 and older) will become invalid beginning September 2006.

This will affect all existing 6320 systems that use PatchPRO and shipped since Sept 2001 (when the current certificate took effect).  Existing patches will still work, but will not be re-signed. The old certificate remains in the "keystore" file, so adding old patches to existing systems will still work. When patches are signed with the new key, the PatchPro client MUST contain the new certificate. The keystore will retain both the old and new signing certificates so that old and new patches will pass validation.

The upcoming 6320 MIRE 1.3.2 release includes the new certificate and will enable online PatchPro updates by the customer for any new patches released after August 2006.

Notify 6320 customers to upgrade to the latest MIRE baseline image (v1.3.2) as soon as possible.

• Manual: Sun StorEdge 6320 System 1.3 Release Notes (816-7880-xx)
• URL: http://pts-storage.west/products/Maserati/index.html

This solution has no attachment