What's new in this update release

This release of BigFix Patch for CentOS contains various enhancements for patching.

CentOS 8 content support

The CentOS Linux™ Enterprise 8 (x86_64) content is published in a new site called Patches for CentOS 8.

This release supports the package manager’s native command-line interface: DNF, which allows you to patch CentOS 8 systems. DNF is a wrapper on YUM and also reduces dependency issues, improves performance and is more reliable in terms of installing security patches.

CentOS Download Plug-in R2 enhancements

The CentOS Download Plug-in R2 v1.0.0.2 or later has the ability to use packages that are cached by the CentOS R2 Download Cacher’s download_dir (referred to as localCache in the plugin.ini file) and get packages from the internet at the same time.

Previously, the CentOS Download Plug-in R2 was used in BigFIx server that was in either of the following scenarios:
  • The BigFix Server is fully air-gapped and uses the CentOS Download Cacher R2, or
  • The BigFix Server is internet-enabled and does not use the CentOS Download Cacher R2
With this enhancement, you can cache the packages offline to save time downloading the packages.

For more information, see Setting the download cache.

CentOS Download Cacher R2 enhancements

The following enhancements are included in the CentOS Download Cacher R2 v1.0.0.2 or later:
Package sha1 download support
The CentOS Download Cacher R2 can now download packages as sha1 files instead of the RPM format using --sha1_download_dir.
Previously, when using the "buildRepo –key centos-7-x64" with the download cacher, the CentOS repository "centos-7-x64" structure is mirrored offline. This might result to duplication of packages if they are found in multiple repositories.
Using --sha1_download_dir will download all packages from all repositories (keys) as files with a sha1 filename into a single flat directory.
Repository access check
New commands to verify if you have access to the BigFix supported CentOS base repositories and sub-repositories: check-baserepos and check-allrepos
Storage space requirement check
New command to calculate and check the storage space requirement when using the builRepo command: check-storagereq
This command outputs the required space to download the repository metadata and packages with and without the use of the --sha1_download_dir option.
Space-saving benchmarks
Space-saving benchmarks have been established with the use of the --sha1_download_dir option.
Using the --sha1_download_dir option have shown significant decrease in storage size, download size, and time when caching multiple repositories of the same CentOS version. This is because many packages are duplicated among repositories with the same CentOS version (for example, centos-6.8-x64, centos-6.7-x64, centos-6.6-x64). Space is not saved if you only cache a single repository for each CentOS version (for example, centos-6.8-x64, centos-7.1-x64).
For more information, see the following topics:
Table 1. Previous updates
Enhancement or Feature Description Resources
Multiple-package baseline installation BigFix Patch offers a solution that can combine the installation of updates for multiple packages into a single task, effectively reducing the execution time of the baseline.

This solution is available on Fixlets from the Patches for CentOS6 Plugin R2 and Patches for CentOS7 Plugin R2 sites.

 Multiple-Package Baseline Installation
Enhanced logging and error handling Redesigned error logs and debug outputs to provide clearer error reporting to help reduce the time spent troubleshooting and debugging issues.

This enhancement is available on Fixlets from the Patches for CentOS6 Plugin R2 and Patches for CentOS7 Plugin R2 sites.

 Setting the logging level
Custom repository support With the custom repository support, you can use YUM to download patches from the local repositories and distribute them to CentOS endpoints. You can also use your custom repositories to deliver custom software through BigFix. Custom repositories management
YUM Transaction History dashboard BigFix allows users to view all YUM-related transactions in a single dashboard to monitor the operations and commands that were run against the endpoints. This dashboard is also equipped with transaction management features such as rollback, undo, and redo. YUM transaction management
CentOS 7 content support

The CentOS Linux Enterprise 7 (x86_64) content is published in a new site called Patches for CentOS 7.

This release supports the package manager native command-line interface, YUM, which allows you to patch CentOS 7 systems. YUM reduces dependency issues, improves performance, and is more reliable in terms of installing security patches.

You must install the bzip2 utility on the endpoints to use the patches from the Patches for CentOS 7 site. The bzip2 utility decompresses the metadata file that contains all the package information to the endpoints.

Note: The bzip2 utility might not be included in the CentOS 7 base installation, therefore manual installation of this compression utility is required.

Use the Fixlet named Install bzip2 (ID #1) to identify the endpoints that require the installation of the bzip2 utility. Download the installation package from the vendor website and use the RPM Deployment Wizard, which is available from the Linux RPM Patching site, to deploy the package to various endpoints.

Supported platforms and updates

Patching method

Use the RPM Deployment Wizard
CentOS 8 content support

The CentOS Linux™ Enterprise 8 (x86_64) content is published in a new site called Patches for CentOS 8.

This release supports the package manager’s native command-line interface: DNF, which allows you to patch CentOS 8 systems. DNF is a wrapper on YUM which reduces dependence issues, improves performance and is more reliable in terms of installing security patches.

Announcements

CentOS 8 will not make announcements on its official site as in earlier versions. BigFix Patch team retrieves the package information from https://feeds.centos.org/ for generating the content based on the changes mentioned in BaseOS and AppStream change list.
Red Hat API’s are used to get all the dependent packages and errata information.

Supersedence

CentOS 8 repositories metadata now contains information related to latest available packages, hence all the superseded fixlets are expected to fail with an error No matching Package found.
Once the fixlet is superseded, the fixlet is made non-relevant by default. The value(client) of _BESClient_CentOS_EnableSupersededEval is removed for superseded fixlets and relevance for superseded fixlets will be set to false <Relevance>False</Relevance>. Please deploy only the latest available patches.
In order to deploy superseded fixlet using custom site, the relevant repository metadata and packages must be precedently cached.

Note: You should sync all the Baselines before proceeding with installation because having superseded fixlets in the Baseline would lead to errors and installation failures. The latest available packages are deployed with the baseline.
 Patches for CentOS 8 site only supports BaseOS and AppStream repositories. For more information, see Supported CentOS Repositories