Server Automation (SA): The win_purge_unused_superseded_patches.pyc utility appears to provide false info

  • KM03150489
  • 23-Apr-2018
  • 09-Jun-2021


There is an undocumented Server Automation utility called "win_purge_unused_superseded_patches.pyc" for Server Automation (SA) that appears to provide incorrect information when run with the "-li" option. Patches are being reported by the tool that are still in use by existing SA patch policies.


Starting with Server Automation (SA) versions 10.50 and above, a utility called "win_purge_unused_superseded_patches.pyc" was provided by SA rollups and will be found in the directory /opt/opsware/mm_wordbot/util on SA cores.  Running this utility with the "-li" option seems to provide incorrect information as patches listed in the utilities output can be found in existing SA patch policies (when reviewing these policies in the SA java gui).





This tool does not have a man page that accompanies it.  Running the command with the "-h" option will show the following.. 


# /opt/opsware/bin/python  /opt/opsware/mm_wordbot/util/win_purge_unused_superseded_patches.pyc -h

This utility deletes all Windows patches that are superseded and are not in
use.  It operates by querying a list of unused windows patches and then
invoking "WindowsPatchService.remove" against them all.  If an error occurs,
it will be printed to stdout and the utility will move on to other patches.
Usage: /opt/opsware/mm_wordbot/util/win_purge_unused_superseded_patches.pyc [-h] [-l] [-li] [-t <num>] [-u <hpsa_username>]
    Shows this help usage info.
    List all superseded patches that are not currently in use.
    List all superseded patches that are currently in use.
  [-t <num>]
    Number of worker threads to use for the deletion process.  Default is 5.
  [-u <hpsa_username>]
    HPSA username to use for authenticating with the twist, default is no
    authentication, which for local pytwist is the same as "detuser".


Therefore, using the command with the "-li" option is showing what was intended.. superseded patches present in the SA database that are being actively used by SA patch policies.  To see a list of the unused superseded patches in the SA database, use the "-l" option instead.

Note:  In addition to patch policies, other aspects of SA will be searched for the existence of these superseded patches.  This includes patch policy exceptions and any patches that have been registered as having been installed via HPSA.