Best practice for applying Program Temporary Fixes (PTFs)
This document (7016640) is provided subject to the disclaimer at the end of this document.
Please note that such a PTF is fully supported by SUSE until the respective Maintenance Update containing the fix (can be reviewed within the changelog) has been released via the regular update repositories.
Customers running PTF fixes will be notified via the related service request once a patch for a PTF has been released. The download directory of the PTF is provided by the Support Engineer assigned to the case and is located on
To download, the PTF login credentials (different from the SCC login credentials) are necessary. These are identical with SUSE Bugzilla Login and are handled by https://idp-portal.suse.com
Customers who had active accounts during 2018 and 2019 were migrated and just need to set a new password at https://idp-portal.suse.com/univention/self-service/#page=passwordreset
In case password reset doesn't work, kindly create new account at https://idp-portal.suse.com/univention/self-service/#page=createaccount
Migration details can be found at https://idp-portal-info.suse.com
Now the question is: How should a PTF be applied to a server? Please see the next section.
Program Temporary Fixes on the other hand are not distributed as repositories but as plain http directories and as such require a download of the packages. The easiest and most convenient solution is to download the whole
http directory via wget and to install the packages in the folder using rpm -Fvh. This procedure ensures all packages are being fetched but only those already installed on the system will be updated.
Note of caution : Please pay extra attention to the following procedure in case of Kernel PTF's.
*never* use 'zypper' and *always* use 'rpm' as detailed in the 'Special Case : kernel RPMs' section below when installing kernel PTF's
The procedure would be:
- Create a folder "PTF":
mkdir /root/PTFinstall-$(date +"%F-%H-%M")
- Change into the previously created directory:
Download the provided URL recursively using wget:
wget --no-directories --recursive --reject "index.html*" --user=<SUSE_IDP/Bugzilla_account_username> --ask-password --no-parent <URL>
NOTE: If the above <URL> is pointing to a directory, be sure the URL ends with a trailing slash (/). Otherwise, wget can interpret it as a file, and may traverse up into the parent directory and then down other subdirectories. This is true despite the use of "--no=parent" on the command line.
Install the RPMs (apply kernel RPM's per the 'Special Case' note below):
rpm -Fvh *rpm
Alternatively you could also zypper:
zypper install <rpm-name>The advantage is that zypper will also check other dependencies, which rpm will not do. The biggest disadvantage is that all packages in the directory will be installed and often from a PTF not all packages are needed (e.g. source and debug). When using "rpm -Fvh" only the packages that are installed will be updated.
Special Case : kernel RPMs
While the above procedure is very convenient, special attention should be paid to kernel RPMs. The used rpm -F option will replace the existing RPM and hence a preinstalled kernel will be replaced by the new one. This behaviour may not be desired and the TEST-/PTF should get installed in parallel to the existing one.
In this case, please identify which kernel RPMs have been installed previously (rpm -qa | grep kernel-) and install the PTF-RPMs using
rpm -ivh rpm1 rpm2 rpm3 ...
As there may be several kernel flavors in an architecture specific HTTP directory, please pay special attention to the kernel flavors and only install those kernel RPMs that are needed.
Special Case on CaasP product RPMs
When that is happening, please do the following :
- Install the PTFs with the command :
transactional-update pkg install *PTF*rpm
transactional-update ptf install *PTF*rpm
In the case "Signature verification failed" messages are observed, please use "i" to ignore, otherwise the PTF will not be installed.
Reboot the admin note manually
- Once the system is back up, verify the rpm is installed with :
rpm -qa |grep PTF
- Create a lock on the package using zypper, so that the next update will not overwrite the PTF with a possible problem version again.
zypper al <PTF_PACKAGE_NAME>
- Verify the lock was properly set using :
ATTENTION: Once the PTF is superseded with a regular maintenance update, and that update is released / included in the regular update repositories, please make sure to remove the lock that was set on the package before applying these updates, so the package(s) can be properly updated again going forward.
1. The packages have been downloaded using the above described procedure and the directory contains the following files:
sles11sp3:~/PTFinstall-2016-05-26-10-00 # l total 1159804 drwxr-xr-x 2 root root 4096 May 26 10:07 ./ drwx------ 10 root root 4096 May 26 10:00 ../ -rw-r--r-- 1 root root 7058123 May 12 13:59 kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.nosrc.rpm -rw-r--r-- 1 root root 24281811 May 12 13:59 kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 15551478 May 12 13:59 kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 303585616 May 12 13:59 kernel-default-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 52651476 May 12 13:59 kernel-default-debugsource-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 6353063 May 12 13:59 kernel-default-devel-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 26063477 May 12 13:59 kernel-default-devel-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 14489809 May 12 13:59 kernel-default-extra-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 4759014 May 12 13:59 kernel-default-hmac-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 119311862 May 12 12:30 kernel-source-3.0.101-0.47.79.1.10806.1.PTF.974428.src.rpm -rw-r--r-- 1 root root 91798255 May 12 12:30 kernel-source-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 88043183 May 12 12:30 kernel-source-vanilla-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 7057543 May 12 14:46 kernel-xen-3.0.101-0.47.79.1.10806.1.PTF.974428.nosrc.rpm -rw-r--r-- 1 root root 24034382 May 12 14:46 kernel-xen-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 14660596 May 12 14:46 kernel-xen-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 286017607 May 12 14:46 kernel-xen-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 51501488 May 12 14:46 kernel-xen-debugsource-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 6292081 May 12 14:46 kernel-xen-devel-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 23449988 May 12 14:46 kernel-xen-devel-debuginfo-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 14508510 May 12 14:46 kernel-xen-extra-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm -rw-r--r-- 1 root root 4754534 May 12 14:46 kernel-xen-hmac-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
2. Identify the installed kernel RPMs
sles11sp3:~/PTFinstall-2016-05-26-10-00 # rpm -qa | grep kernel- kernel-default-base-3.0.101-0.47.71.1 kernel-firmware-20110923-0.52.3 kernel-default-3.0.101-0.47.71.1
3. Install the required packages only:
rpm -ivh kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428.x86_64.rpm
As the kernel-firmware was was not provided, it does not need to get updated. As mentioned, this will install the PTF kernel beside the existing kernel and not replace it so it can act as fallback. So a rpm -qa | grep kernel- will look afterwards:
sles11sp3:~/PTFinstall-2016-05-26-10-00 # rpm -qa | grep kernel- kernel-default-3.0.101-0.47.79.1.10806.1.PTF.974428 kernel-default-base-3.0.101-0.47.71.1 kernel-default-base-3.0.101-0.47.79.1.10806.1.PTF.974428 kernel-firmware-20110923-0.52.3 kernel-default-3.0.101-0.47.71.1
Kindly check TID 000018545 for information on How to import suse_key for signed PTF packages
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7016640
- Creation Date: 30-Jun-2015
- Modified Date:29-Mar-2022
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org