Patching method

BigFix offers more flexibility to the patch management solution by using native tools.

BigFix provides several different methods to manage patches for CentOS Linux Enterprise.

Patching by using the Endpoint Dependency Resolution (EDR) method

Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.

The following sites that use the EDR method have been deprecated as of December 31, 2016:

Patches for CentOS 5
Patches for CentOS 6

The EDR method uses a dependency resolution tool that requires dependencies of all of the installed packages on the system to be satisfied. To view the EDR results, see the EDR_DeploymentResults.txt file that is located in the directory <client folder>\EDRDeployData\.

With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.

When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations.

The Fixlets for all CentOS content use the Yellow dog Updater, Modified (YUM), the default patch manager for CentOS. YUM is a package management tool that updates, installs, and removes Red Hat Package Manager (RPM) packages. YUM uses a command-line interface and simplifies the process of installing, uninstalling, and updating packages, provided that there is access to the YUM repository.

Previously, the BigFix Patch for CentOS sites used a set of utilities that are called Endpoint Dependency Resolver (EDR) utilities to handle package dependencies on the endpoint. YUM replaces these EDR utilities and gives you more flexibility in terms of patch deployment and providing results that are in parallel with Red Hat and CentOS solutions. The following sites are available for

It is highly suggested that users start to use the CentOS Native tools sites because YUM reduces dependency issues and improves performance. There is no marked difference in how the EDR and YUM native tools sites are used when deploying patches. To use YUM, users must subscribe to the Patches for CentOS natives tool sites.

YUM utility configuration settings

The BigFix Patch for CentOS sites that apply the YUM utility use Fixlet settings in /etc/yum.conf. except for the following YUM configuration settings:

cachedir
keepcache
plugins
reposdir
pluginpath
pluginconfpath
metadata_expire
installonlypkgs

Identifying file relevance with Native tools content: The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.

Patching method matrix

The following table lists the applicable sites and features for each of the patching methods that are available for managing your CentOS endpoints.

Patching method	Applicable sites	Applicable features
Endpoint Dependency Resolution (EDR)	Linux RPM Patching Patches for CentOS 5* Patches for CentOS 6*	Download Plug-ins RPM Deployment Preference List
Native tools (YUM)	Patching Support Patches for CentOS 5 Native Tools Patches for CentOS 6 Native Tools Patches for CentOS7 Plugin R2	Download Plug-ins
Native tools (DNF)	Patches for CentOS 8	Download Plug-ins

*The Patches for CentOS 5 site and Patches for CentOS 6 site have been deprecated on December 31, 2016. BigFix Patch no longer provides content and support for these sites.