Patching method

The Fixlets for all Rocky Linux content use the Yellow dog Updater, Modified (DNF), the default patch manager for Rocky Linux. DNF is a package management tool that updates, installs, and removes Red Hat Package Manager (RPM) packages. DNF uses a command-line interface and simplifies the process of installing, uninstalling, and updating packages, provided that there is access to the DNF repository.

Previously, the BigFix Patch for Rocky Linux sites used a set of utilities that are called Endpoint Dependency Resolver (EDR) utilities to handle package dependencies on the endpoint. DNF replaces these EDR utilities and gives you more flexibility in terms of patch deployment and providing results that are in parallel with Red Hat and Rocky Linux solutions. The following sites are available for:

It is highly suggested that users start to use the Rocky Linux Native tools sites because DNF reduces dependency issues and improves performance. There is no marked difference in how the EDR and DNF native tools sites are used when deploying patches. To use DNF, users must subscribe to the Patches for Rocky Linux natives tool sites.

DNF utility configuration settings

The BigFix Patch for Rocky Linux sites that apply the DNF utility use Fixlet settings in /etc/dnf.conf. except for the following DNF configuration settings:

• cachedir
• keepcache
• plugins
• reposdir
• pluginpath
• pluginconfpath
• metadata_expire
• installonlypkgs

Identifying file relevance with Native tools content

The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.

Patching method matrix