What's new in this update release

This release of BigFix Patch for Rocky Linux contains various enhancements for patching.

Rocky Linux content support

The Rocky Linux™ 9 (x86_64) content is published in a new site called Patches for Rocky Linux 9.

This release supports the package manager’s native command-line interface: DNF, which allows you to patch Rocky Linux systems. DNF is a wrapper on DNF and also reduces dependency issues, improves performance and is more reliable in terms of installing security patches.

Rocky Linux Download Plug-in enhancements

The Rocky Linux Download Plug-in has the ability to use packages that are cached by the Rocky Linux Download Cacher’s download_dir (referred to as localCache in the plugin.ini file) and get packages from the internet at the same time.

Previously, the Rocky Linux Download Plug-in was used in BigFix server that was in either of the following scenarios:
  • The BigFix server is fully air-gapped and uses the Rocky Linux Download Cacher, or
  • The BigFix server is internet-enabled and does not use the Rocky Linux Download Cacher
With this enhancement, you can cache the packages offline to save time downloading the packages.

For more information, see Configuring the advanced Rocky Linux Download Plug-in settings.

Rocky Linux Download Cacher enhancements

The following enhancements are included in the Rocky Linux Download Cacher:
Package sha1 download support
The Rocky Linux Download Cacher can now download packages as sha1 files instead of the RPM format using --sha1_download_dir.
Previously, when using the "buildRepo –key Rocky Linux-8-x64" with the download cacher, the Rocky Linux repository "Rocky Linux-8-x64" structure is mirrored offline. This might result to duplication of packages if they are found in multiple repositories.
Using --sha1_download_dir will download all packages from all repositories (keys) as files with a sha1 filename into a single flat directory.
Repository access check
New commands to verify if you have access to the BigFix supported Rocky Linux base repositories and sub-repositories: check-baserepos and check-allrepos
Storage space requirement check
New command to calculate and check the storage space requirement when using the builRepo command: check-storagereq
This command outputs the required space to download the repository metadata and packages with and without the use of the --sha1_download_dir option.
Space-saving benchmarks
Space-saving benchmarks have been established with the use of the --sha1_download_dir option.
Using the --sha1_download_dir option have shown significant decrease in storage size, download size, and time when caching multiple repositories of the same Rocky Linux version. This is because many packages are duplicated among repositories with the same Rocky Linux version (for example, rockylinux-8.3-x64, rockylinux-8.4-x64, rockylinux-8.5-x64). Space is not saved if you only cache a single repository for each Rocky Linux version (for example, rockylinux-8.4-x64, rockylinux-8.5-x64).
For more information, see the following topics:
Table 1. Enhancements or Features of Rocky Linux
Enhancement or Feature Description Resources
Multiple-package baseline installation BigFix Patch offers a solution that can combine the installation of updates for multiple packages into a single task, effectively reducing the execution time of the baseline.

This solution is available on Fixlets from the Patches for Rocky Linux 8 Plugin sites.

 Multiple-Package Baseline Installation
Enhanced logging and error handling Redesigned error logs and debug outputs to provide clearer error reporting to help reduce the time spent troubleshooting and debugging issues.

This enhancement is available on Fixlets from the Patches for Rocky Linux 8 Plugin sites.

 Configuring the advanced Rocky Linux Download Plug-in settings
Rocky Linux 8 content support

The Rocky Linux™ BaseOS 8 (x86_64) content is published in a new site called Patches for Rocky Linux 8.

This release supports the package manager’s native command-line interface: DNF, which allows you to patch Rocky Linux 8 systems. DNF is a wrapper on DNF which reduces dependence issues, improves performance and is more reliable in terms of installing security patches.

Announcements

Rocky Linux 8 will not make announcements on its official site as in earlier versions. BigFix Patch team retrieves the package information from http://dl.rockylinux.org for generating the content based on the changes mentioned in BaseOS and AppStream change list.
Red Hat API’s are used to get all the dependent packages and errata information.

Supersedence

Rocky Linux 8 repositories metadata now contains information related to latest available packages, hence all the superseded fixlets are expected to fail with an error No matching Package found.
Once the fixlet is superseded, the fixlet is made non-relevant by default. The value(client) of _BESClient_Rocky Linux_EnableSupersededEval is removed for superseded fixlets and relevance for superseded fixlets will be set to false <Relevance>False</Relevance>. Please deploy only the latest available patches.
In order to deploy superseded fixlet using custom site, the relevant repository metadata and packages must be precedently cached.

Note: You should sync all the Baselines before proceeding with installation because having superseded Fixlets in the Baseline would lead to errors and installation failures. The latest available packages are deployed with the baseline.
 Patches for Rocky Linux 8 site only supports BaseOS and AppStream repositories. For more information, see Supported Rocky Linux Repositories