The patch levels of the system ought to be checked and repatched on a regular basis, especially some of the jumbo patches since these can change frequently. This can be a very time-consuming process and will obviously depend on the system—it may be a heavy production server that only has downtime available every few months, or it may be a desktop system that gets turned off every night.
Fortunately, a few tools are available from Sun to help automate this task. These are changed from time to time, but the process revolves around downloading a file that contains a listing of every patch and its revision, and checking your system against the list to produce a report detailing the list of patches required to bring the machine up-to-date.
The tools and related files listed below are all available for download from Sun's Sunsolve Web site.
patchdiag.xref. This is the cross-reference file that the machine is checked against. It is updated on the Web site regularly.
patchdiag. This is a script that runs and compares the patches on the machine against the cross-reference file and produces a report. From here, the patches can either be manually downloaded or automated using a public domain tool named wget (see Sun's Sunsolve Web site for details).
patchcheck. This is similar to patchdiag but also allows you to download the required patches using a browser.
Patchdiag is only available to customers who have a support contract. Patchcheck is available to everyone, but you need to have a support contract to be able to use the automated patch download facility.