Solaris upgrade on attach, sort of

Over a year ago when "update on attach" became available for zones in Solaris 10 I suggested an enhancement for this feature. Update on attach today only updates packages that _must_ be in sync between the global and local zones, all others are left untouched. A nice use of this feature would be to first upgrade a global zone, then move local zones one by one and have them updated as they attached, but doing this now will leave many packages in an older state, and the global and local zones would be out of sync, if yet in a supported state.

Now for the good news: zone update on attach all suggests something very similar, all attached zones will be in the same state as a newly installed zone, not only updating packages with "SUNW_PKG_ALL_ZONES" set to true in the package. I have no idea when this will be implemented and/or available in S10, but it's something that could make life easier for people with large zone deployments. If it only could be released as a patch for the current Solaris update release, and not a patch as in you must patch your way to a whole new update.

From PSARC/2010/082:

"The current behavior of zones "update on attach" [1] with the "native"
brand using SVr4 packaging is to update the minimal set of packages
needed to make the zone usable.  This is specified with the -u option.
We have heard from many users that this is not meeting their needs
or expectations.  Instead, what they want is to update the maximal
set of SVr4 packages.  That is, they want to update the same set of
packages as would be installed in a newly created zone so that they
can compare an updated zone to a new zone and see that they are
the same [2].  This case adds a new attach option, -U, to the "native"
SVr4 branded zone so that users can use "update on attach" to update
all of the packages as would be installed into a new zone."