Under Construction
Performing the Update
The update to AIX 7200-05-08-2420 will now be carried out. Again, we start with all three ifixes installed:
# emgr -l
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S 81112ma 02/01/25 08:46:29 ifix for openssh Jan CVEs
2 S IJ50424s7a 02/01/25 13:09:14 IJ50424 for AIX 7.2 TL5 SP5 to SP7
3 S IJ52366s7a 02/01/25 13:09:33 IJ52366 POTENTIAL SECURITY ISSUE
…
#
An update should not be successful, because only the installed ifix IJ50424s7a can be automatically removed, when updating to the mentioned AIX version:
# install_all_updates -Y -d /mnt/aix720508lpp
…
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
The updates being installed do not contain all the APARs to allow
all existing interim fixes to be automatically removed. Please ensure
the interim fixes are enabled for automatic removal and obtain the
updates that contain the APARs for the following interim fixes,
or remove the interim fixes, as described below.
81112ma
IJ52366s7a
EFIX MANAGER LOCKS
------------------
* * * ATTENTION * * *
The following selected filesets are locked by EFIX manager:
openssh.base.server
openssh.base.client
bos.net.tcp.sendmail
bos.net.tcp.client_core
installp has halted this operation because one or more files in the
filesets listed above are registered as having an EFIX. You must remove
these EFIXES before performing operations on the given fileset.
To get a listing of all locked filesets and the locking EFIX label,
execute the following command:
# /usr/sbin/emgr -P
To remove the given EFIX, execute the following command:
# /usr/sbin/emgr -r -L <EFIX label>
For more information on EFIX management please see the emgr man page
and documentation.
install_all_updates: Checking for recommended maintenance level 7200-05.
install_all_updates: Executing /usr/bin/oslevel -rf, Result = 7200-05
install_all_updates: Verification completed.
install_all_updates: Log file is /var/adm/ras/install_all_updates.log
install_all_updates: Result = FAILURE
#
The update fails (Result = FAILURE). Some filesets are locked, since the associated installed ifixes could not be uninstalled automatically (81112ma and IJ52366s7a).
We uninstall the two ifixes, because they are not automatically removed during the update:
# emgr -r -L 81112ma
…
EFIX NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
1 81112ma REMOVE SUCCESS
Return Status = SUCCESS
#
# emgr -r -L IJ52366s7a
…
EFIX NUMBER LABEL OPERATION RESULT
=========== ============== ================= ==============
1 IJ52366s7a REMOVE SUCCESS
ATTENTION: system reboot is required. Please see the "Reboot Processing"
sections in the output above or in the /var/adm/ras/emgr.log file.
Return Status = SUCCESS
#
The automatically removable Ifix IJ50424s7a remains installed.
We repeat the update:
# install_all_updates -Y -d /mnt/aix720508lpp
…
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
The updates being installed contain the following interim fix labels,
which will be removed prior to installing the updates:
IJ50424s7a
NOTE: Rejecting an update that contains an interim fix will not
re-install the interim fix on the system.
FILESET STATISTICS
------------------
112 Selected to be installed, of which:
112 Passed pre-installation verification
----
112 Total to be installed
installp: bosboot verification starting...
installp: bosboot verification completed.
+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+
Removing interim fixes...
The emgr command successfully removed interim fix IJ50424s7a.
installp: APPLYING software for:
security.acf 7.2.5.203
…
install_all_updates: Checking for recommended maintenance level 7200-05.
install_all_updates: Executing /usr/bin/oslevel -rf, Result = 7200-05
install_all_updates: Verification completed.
install_all_updates: Log file is /var/adm/ras/install_all_updates.log
install_all_updates: Result = SUCCESS
#
The update was successful, the installed ifix IJ50424s7a was automatically removed, as expected. The official fix for the APAR IJ50424 is installed:
# instfix -ik IJ50424
All filesets for IJ50424 were found.
#
However, the fix for APAR IJ52366 is missing, because the corresponding ifix was manually uninstalled and the update does not contain the official fix for this APAR.