Using wget and proxy to download patches from MOS
Posted by Martin Bach on February 23, 2011
This is a rather quick note, but can be quite useful in certain situations. I currently look after a system which is quite difficult to jump on. That means before I get to do a “sudo su – oracle” I need to get to a jump-off box, ssh to 2 other machines and then log in as myself. It’s secure, but not user friendly. Especially in this case where I needed to run the latest RDA for an an open support request.
So rather than “dragging” the RDA with me on each box I used the new (Flash) interface to get a small shell script which you just need to deploy to your machine and run. It then connects to updates.oracle.com and does its magic.
The script works mostly fine, but depending on your environment you have to make small changes. My example is for Solaris 10, any Linux should just work out of the box.
To start with you need to log in to the Flash version of My Oracle Support (unsurprisingly) and click on “patches and updates”. Enter your patch number, for example 10376971 for RDA on Solaris SPARC 64bit. On the results page, click on the description (“remote Diagnostics Agent OCM Bundle….”). The line will now be highlighted. Next, click on the download icon to view a new pop up window.The magic is in the “wget options” link down to the left. Clicking on it you have the option to have a script created or either copy the script to the clipboard.
UPDATE 130820: the Flash interface has been decommissioned by now, but the wget option is still there. Just as before search for the patch you want to apply and click on it on the search results page. It will take you to a more detailed description. On the right hand side you will see a download button (next to ReadMe and Add to Plan). Don’t be shy, click on the download button and you will see the same dialog window appear as shown to the right (click to enlarge). However you cannot seem to copy the script to the clipboard, you have to download it.
I chose the latter, and created /tmp/get.sh with the contents from the clipboard. The script is shown here:
#!/bin/sh # # Generated Wed, 23 Feb 2011 08:49:57 Coordinated Universal Time # Start of user configurable variables # # SSO username and password SSO_USERNAMEemail@example.com SSO_PASSWORD= # E-Delivery token # The EPD_TOKEN will expire 48 hours after the following generation date # Wed, 23 Feb 2011 08:49:57 Coordinated Universal Time EPD_TOKEN= # Path to wget command WGET="/usr/bin/wget" # Location of cookie file COOKIE_FILE=/tmp/$$.cookies # Log directory and file LOGDIR=. LOGFILE=$LOGDIR/wgetlog-`date +%m-%d-%y-%H:%M`.log # Output directory and file OUTPUT_DIR=. # # End of user configurable variable # if [ "$SSO_PASSWORD " = " " ] then echo "Please edit script and set SSO_PASSWORD" exit fi # Contact updates site so that we can get SSO Params for logging in SSO_RESPONSE=`$WGET https://updates.oracle.com/Orion/Services/download 2>&1|grep Location` # Extract request parameters for SSO SSO_TOKEN=`echo $SSO_RESPONSE| cut -d '=' -f 2|cut -d ' ' -f 1` SSO_SERVER=`echo $SSO_RESPONSE| cut -d ' ' -f 2|cut -d 'p' -f 1,2` SSO_AUTH_URL=sso/auth AUTH_DATA="ssousername=$SSO_USERNAME&password=$SSO_PASSWORD&site2pstoretoken=$SSO_TOKEN" # The following command to authenticate uses HTTPS. This will work only if the wget in the environment # where this script will be executed was compiled with OpenSSL. Remove the --secure-protocol option # if wget was not compiled with OpenSSL # Depending on the preference, the other options are --secure-protocol= auto|SSLv2|SSLv3|TLSv1 $WGET --secure-protocol=auto --post-data $AUTH_DATA --save-cookies=$COOKIE_FILE --keep-session-cookies $SSO_SERVER$SSO_AUTH_URL -O sso.out >> $LOGFILE 2>&1 rm -f sso.out $WGET --load-cookies=$COOKIE_FILE --save-cookies=$COOKIE_FILE --keep-session-cookies "https://updates.oracle.com/Orion/Services/download/p10376971_422_SOLARIS64.zip?aru=13243257&patch_file=p10376971_422_SOLARIS64.zip" -OUTPUT_DIR/p10376971_422_SOLARIS64.zip >> $LOGFILE 2>&1 # Cleanup rm -f $COOKIE_FILE
You need to check the SSO_USERNAME and SSO_PASSWORD variables to match your settings. I needed to do some minor modifications for my Solaris 10 installation . For example, wget is in the Sun Freeware directory (/usr/sfw/bin), which is not in the PATH. Change wget to “not check for certificates”, as shown in this example, line 20:
I also had to set a proxy-set the following environment variables, either in the script or on the command line:
With this set, everything worked smoothly. It pays off to run the script with the -x option as in bash -x /tmp/get.sh. As you can see the script writes a log file to your current working directory, and it saves the patch in it as well. Be careful not to fill up /tmp/ with a 3GB download :)
This technique obviously depends on the wget utility to be available. For security reasons your sys admin may not have installed it in which case you might use some fancy cascaded port-forwarding to get the patch to your box (or ask someome with more permissions after having spent 30 minutes raising a ticket which is going to be executed in the next 3 weeks)