Just I did, moving forward for both of them. About the better solution:
- I show that it is easy and feasible to patch the filesystem (files and directory) without creating links to a temporary directory
- the
Patch Managercan move easily from “apply at boot time” in “persistent mode” with check by--dry-runoption which probably is just implemented because currently thePatch Manageris able to detect when a patched file is changed - avoid that
Patch Managerremoves patches when the system is asked to go down for shutdown or reboot
In particular about the point #3, I have tested with success and satisfaction a killall -9 patchmanager. Obviously this would not provide persistence because /tmp/patchmanager is volatile. Now, I have to make another test based on information collected with find /tmp/patchmanager -type f.
The test will be similar to the shell script code I presented here:
- collect the list of files using
find - backup all the system files when all patches are disabled (original versions) which probably is not necessary because it is reasonable that they are stored somewhere
- kill the
patchmanger - use the list of files to remove the links and replace with real files
- start again the
patchmanagerto check how is going to behave - do a system reboot instead of point #4
Some tests, just before going to edit the two scripts that apply patches and one in perl and another in shell script.
After that, I will probably discover the SFOS ill-design choice that constrain the Patch Manager to act volatile instead of providing persistence. Or in a lucky scenario, I will simple discover that volatile for Patch Manager is not a constrain (or not anymore).
In both cases the result will be a lot of fun. 
UPDATE
About the point #2, checking the /tmp/patchmanager3/patchmanager.log I found that the check with patch -Rp0 --dry-run is exactly what Patch Manager does to check that each enabled patch is applied correctly.