The patchinfo.jar utility enables you to query your AM or IG deployment for v2.1 and the newer v2.2 patches issued by ForgeRock Support. This information is requested before any new patches are issued during a support ticket; the team building the patch need to understand what patches are already installed as the new patch could impact functionality from an earlier patch.
When the utility runs, it attempts to gather information on:
- The version of the product.
- Details of any security patches installed.
- Details of any t or d type patches installed:
- A d type patch is issued to provide more debugging information as part of a troubleshooting exercise when looking into an issue and is not meant to be deployed to production unless this is the only environment where the issue occurs. A d type patch should be removed as soon as it is no longer required or has been replaced with a t type patch.
- A t type patch is issued to fix a specific bug or issue encountered on a specific product version.
The patchinfo utility relies on metadata (the patchInfo.json files for example) that comes with each patch. If these files are removed when the patch is installed, these patches will not be discoverable by the patchinfo utility.
The AM or IG environment does not need to be running when using the patchinfo utility but the utility does have to open files for reading as part of the process. If there are any concerns about what might happen when using it against a running environment, you should work with a copy of the war or WEB-INF files instead.
The following options are available when you run the patchinfo utility (you can view these by running the patchinfo utility without any arguments):
|-f [WEB-INF directory or war file]||
Indicates which WEB-INF directory or war file should be checked for patchinfo files. You should specify the full path to the directory or file.
Shows the raw patchinfo JSON; is used in conjunction with the -f option.
Shows version details before processing.
The only prerequisite is an installation of Java® 1.8 or higher, which should be available on the host running AM or IG. If working with a local copy of the AM or IG installation, then a local installation of Java is also required to run the utility.
You can check the Java version you are using with the following command:$ java -version
- Download the patchinfo JAR file to a location where there is a deployment (or a copy) of AM or IG that you wish to check for installed patches. The current version of the utility is: Version: 1.1 Built: 2020-03-30 19:41
- Run the patchinfo utility with the -f option specified at a minimum to indicate which AM or IG location should be checked. For example:
- AM WEB-INF directory: $ java -jar patchinfo.jar -f /path/to/tomcat/webapps/openam/WEB-INF
- AM war file: $ java -jar patchinfo.jar -f /path/to/tomcat/webapps/openam.war
- IG WEB-INF directory: $ java -jar patchinfo.jar -f /path/to/jetty/webapps/root/WEB-INF
- IG war file: $ java -jar patchinfo.jar -f /path/to/jetty/webapps/IG-6.0.0.war
Change the path as appropriate for the environment where the patchinfo utility is being run.
You should paste the output of the patchinfo utility into the ForgeRock Support ticket as-is so that the information can be passed to the team building the new patch.
The following example output is from an AM 5.5.1 installation that has the 201801 security patch installed along with 2 t patches:$ java -jar patchinfo.jar -f /opt/tomcat/webapps/am.war Found the following details in: /opt/tomcat/webapps/am.war Product Version: ForgeRock Access Management 5.5.1 Build 96b47ad4f1 (2017-October-26 15:41) Security Patches:  PatchInfo: CaseID:12345, Product:OPENAM, Version:5.5.1, JIRA(s):[OPENAM-10501], Type:t CaseID:67890, Product:OPENAM, Version:5.5.1, JIRA(s):[OPENAM-12226], Type:t