Using the download plug-in

The download plug-in is an executable program that downloads relevant packages directly from the patch vendor. Fixlets use an internal protocol to communicate with the download plug-in to download files. These Fixlets are based on updates made by the vendor.

For the Fixlet to be able to use the protocol, register the download plug-in on the BigFix server. Use the Manage Download Plug-ins dashboard to register the appropriate plug-in.
Notes:
  • Download plug-ins support basic authentication only.
  • The BigFix server and the BigFix client must be on the same version to avoid a null error.

To install SUSE patches for x86, x86_64, and s390x endpoints, you must register the SUSE Customer Center (SCC) download plug-in on the BigFix server. For more information, see Registering the SCC download plug-in. The SCC download plug-in is required for the SUSE Linux Enterprise Fixlet sites.

To install SUSE patches for System Z (s390x) endpoints, which are in the Patches for SLE11 System Z site, you must register the SUSE download plug-in on the BigFix server. For more information about registering the SCC download plug-in, see Registering the SUSE download plug-in.

The SCC download plug-in is required for the Patches for SLE 12 Native Tools and Patches for SLE 11 Native Tools sites only.

The SCC download plug-in uses SCC to download and cache patches from a vendor's website to the BigFix server. It does not parse data from the vendor website, therefore removing its dependency on the vendor's errata page format. It retrieves package data directly from the vendor, which improves the accuracy and reliability of package dependency resolution and repository support.

Note: The SCC download plug-in does not work when the Require SHA-256 Downloads option in the BigFix Administration tool is enabled. When this option is enabled, all download verification use only the SHA-256 algorithm. However, there are certain SUSE repository metadata from the vendor, which do not contain SHA-256 values for packages in the repository that are used by the plug-in.

Consider disabling the Require SHA-256 Downloads option to successfully deploy a patch. Security and package integrity is not compromised as another layer of checking and verification is done using the GPG signature of the package. For more information about the download option, see BigFix Platform Installation Guide at https://help.hcl-software.com/bigfix/9.5/platform/Platform/Installation/c_security_settings.html.

The download plug-in is highly extensible and robust, enabling such possibilities:
  • Customize available repositories through a user extensible repository list.
  • Installation and dependency resolution can easily be extended to all repositories, not just those that are shipped out of the box.
  • Functionalities can easily be extended by customers and service teams.
  • Eliminates dependencies on utilities such as bzip2, expect, and similar.
It improves performance related to downloading large numbers of packages, which consequently shortens the turnaround time for patching.

SCC download plug-in

The SCC download plug-in is required for the Patches for SLE 12 Native Tools and Patches for SLE 11 Native Tools sites only.

It is an enhanced version of the download plug-in for SUSE that uses SCC to download and cache patches from a vendor's website to the BigFix server. The SCC download plug-in does not parse data from the vendor website, therefore removing its dependency on the vendor's errata page format. It retrieves package data directly from the vendor, which improves the accuracy and reliability of package dependency resolution and repository support.

The Fixlets in the native tools sites are updated to use the SCC download plug-in to help improve your patching experience.

Note: The SCC download plug-in does not work when the Require SHA-256 Downloads option in the BigFix Administration tool is enabled. When this option is enabled, all download verification use only the SHA-256 algorithm. However, there are certain SUSE repository metadata, which do not contain SHA-256 values for packages in the repository, that are used by the plug-in. Consider disabling the Require SHA-256 Downloads option to successfully deploy a patch. Security and package integrity is not compromised as another layer of checking and verification is done using the GPG signature of the package. For more information about the download option, see BigFix Platform Installation Guide at https://help.hcl-software.com/bigfix/9.5/platform/Platform/Installation/c_security_settings.html.
All these enhancements to the download plug-in make it highly extensible and robust, enabling such possibilities:
  • Customize available repositories through a user extensible repository list.
  • Installation and dependency resolution can easily be extended to all repositories, not just those that are shipped out of the box.
  • Functionalities can easily be extended by customers and service teams.
  • Eliminates dependencies on utilities such as bzip2, expect, and similar.
The SCC download plug-in improves performance related to downloading large numbers of packages, which consequently shortens the turnaround time for patching.
The SCC download plug-in accesses the following URLs:
  • https://scc.suse.com:443
  • https://updates.suse.com:443

SUSE download plug-in

The SUSE download plug-in is required for the Patches for SLE11 System Z site only.

Note: The SUSE Plug-in still works with earlier versions of Fixlets that were released from the Patches for SLE 12 Native Tools site and Patches for SLE 11 Native Tools site. These include Fixlets that are used in baselines and custom sites. You can still use these Fixlets from your existing baselines and custom sites, however, they are no longer supported.

To ensure continuous patching and uninterrupted access to the BigFix content, sync the content of your baseline with the external sites and register the SCC Plug-in. You can use the Baseline Synchronization Dashboard to make sure that your baseline components are in sync with the source Fixlets to prevent issues when you deploy actions across an entire network. For more information about the dashboard, see Baseline Synchronization Dashboard.