Using RHSM download plug-ins

The download plug-in is an executable program that downloads relevant packages directly from the patch vendor. Fixlets use an internal protocol to communicate with the download plug-in to download files. These Fixlets are based on updates made by the vendor.

You must create and download identification certificates through the Red Hat Subscription Management system to use the RHSM Download Plug-in. For the Fixlet to be able to use the protocol, register the download plug-in on the BigFix server or BigFix relay. Use the Manage Download Plug-ins dashboard to register the appropriate plug-in.

The Red Hat Subscription Management (RHSM) download plug-in is an enhanced version of the download plug-in for Red Hat that uses the RHSM to download and cache patches from a vendor's website to the BigFix server. The enhanced download plug-in enable the following possibilities.
  • Customize available repositories through a user extensible repository list.
  • Installation and dependency resolution can easily be extended to all repositories, not just those that are shipped out of the box.
  • Customers and service teams can easily extend functionalities.
  • Eliminates dependencies on utilities such as bzip2, gzip, and similar.

The RHSM download plug-in does not work for RHEL7 patching when the Require SHA-256 Downloads option in the BigFix Administration tool is enabled. When this option is enabled, all download verification use only the SHA-256 algorithm. However, RHEL7 repository metadata from the vendor, which do not contain SHA-256 values for packages in the repository that are used by the plug-in.

Consider disabling the Require SHA-256 Downloads option to successfully deploy a RHEL7 patch. For more information about the download option, see BigFix Platform Installation Guide at

The YUM Transaction History dashboard supports the use of the RHSM download plug-in with the following Red Hat versions: RHEL 6, RHEL 6 for System z, RHEL 7 for System z, RHEL 7, RHEL 7 PPC64LE, and RHEL 7 PPC64LE. Endpoints must be subscribed to the Patching Support site.