HP-UX Software Assistant Release Notes (December 2011)
◦ -n
Suppress warnings about currently installed patches whose state is neither configured
nor available. A patch which is not in one of these states is misconfigured and should be
fixed. Software Assistant does not detect this type of issue at all.
◦ -o [bcdmprs]
Alter the information printed by security_patch_check in the human-readable patch
information table. (Software Assistant's reporting options have changed/improved
significantly from SPC.)
◦ -q/-qq
These options have changed meaning, and if you want to conditionally generate a report
only if there are issues, you need to use report_when_no_issues and check the exit
code of swa.
◦ -s os-version
Specify the OS version. Without the -s option, security_patch_check uses the
software_spec field of the OS-Core fileset to determine which OS is running on the target
system. The os-version should be in the format 11.xx. This option is useful when analyzing
a patch-only depot.
◦ -t
Gather information about superseded patches.
The following HTTPS configuration options (were specified in spc_config file) are not
implemented in the initial release of SWA. Check the SWA manpages for the latest functionality.
◦ CRLCHECK
As of the June 2007 release, CRLCHECK is now implemented as the crl_check extended
option.
◦ CRLURL
As of the June 2007 release, CRLURL is now implemented as the crl_url extended
option.
◦ HTTPS_CA_DIR
A directory containing files, each of which consists of one PEM-encoded trusted CA
certificate. If using certificates other than the defaults shipped by Hewlett-Packard, note
that these files should be indexed using the certificate's subject name hash value, in the
form "hash.0". Use the OpenSSL utility, c_rehash, to index the certificates in the
directory, creating the hash.0 format files for each certificate file in the directory which
ends with the .pem extension. Software Assistant uses Java's cacerts keystore; this cannot
be changed.
◦ HTTPS_CA_FILE
The fully qualified path to a file containing PEM-encoded CA certificates which will be
trusted by security_patch_check. Software Assistant uses Java's cacerts keystore;
this cannot be changed.
◦ OPENSSLDIR
The directory path containing the openssl and c_rehash binaries. Software Assistant uses
Java's internal ssl implementation, so this is not needed.
Version C.01.00 11