Patching method

BigFix offers more flexibility to the patch management solution by using native tools.

BigFix provides several different methods to manage patches for SUSE Linux Enterprise.

Patching by using the Endpoint Dependency Resolution (EDR) method

Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.

The Patches for SLE11 System Z site uses the EDR method.

The EDR method uses a dependency resolution tool that requires the system to be compliant before it can do calculations. It requires dependencies of all of the installed packages on the system to be satisfied.

If these dependencies are not satisfied, the deployment fails and logs the error output of the EDR Plug-in in the EDR_DeploymentResults.txt file, which is located in the directory <client folder>\EDRDeployData\. Some dependency requirements cannot be determined by Fixlet relevance. In some cases, multiple levels of dependencies or conflicting third-party packages can prevent the installation of a Fixlet content. It is therefore recommended to minimize the number of third-party packages installed on the system. For more information about dependency issues, see Troubleshooting.

With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.

When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations. For more information about the dashboard, see Using the Preference Lists Dashboard.

Note: This method applies to patch management for SUSE Linux Enterprise Server 11 and 12, and SUSE Linux Enterprise Desktop 11 and 12 environments only.

The Fixlets for all SUSE content use zypper, the default package manager for SUSE Linux Enterprise. Zypper gives you more flexibility in terms of patch deployment and in providing results that are suitable for SUSE Linux Enterprise solutions. It uses a command-line interface and simplifies the process of installing, uninstalling, updating, and querying software packages. It is based on ZYpp, also known as libzypp. For more information about Zypper, see the documentation at or see the Novell Support website at

Zypper reduces dependency issues, improves performance, and is more reliable in terms of installing security patches. This method also allows you to use custom repositories for patching. For more information about custom repository support, see Custom repositories management.

The Zypper approach is introduced to replace the EDR utilities that Patch Management for SUSE Linux Enterprise previously used. The following native tools sites are available for you to use:
  • Patches for SLE 15
  • Patches for SLE 15 on System z
  • Patches for SLE 15 PPC64LE
  • Patches for SLE 12 Native Tools
  • Patches for SLE 12 on System z
  • Patches for SLE 12 PPC64LE
  • Patches for SLE 11 Native Tools
  • Patches for SLE 11 on System z Native Tools
The Zypper native tools implementation has an external dependency on the expect utility. BigFix provides a task to install the expect utility on systems that are configured with Zypper repositories. Task ID 101: Install expect is available from the Patches for SLE 11 Native Tools site.
Note: The expect tool is not necessary for SUSE Linux Enterprise 12.
Zypper utility configuration settings

The native tools sites use all the settings in /etc/zypp/zypp.conf.

The following Zypper configuration settings are set to values that come from another file, which is dynamically created during Fixlet execution:
  • cachedir
  • configdir
  • metadatadir
  • packagesdir
  • reposdir
  • repo.add.probe
  • repo.refresh.delay
  • solvfilesdir
Identifying file relevance with Native tools content

The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.

Patching method matrix

The following table lists the applicable sites and features for each of the patching methods that are available for managing your SUSE Linux Enterprise endpoints.
Patching method Applicable sites Applicable features
Endpoint Dependency Resolution (EDR)
  • Linux RPM Patching
  • Patches for SLE11 System Z
  • SUSE Download Plug-in
  • SUSE Download Cacher
  • RPM Deployment
  • Preference List
Native tools (Zypper)
  • Patching Support
  • Patches for SLE 11 Native Tools
  • Patches for SLE 12 Native Tools
  • SCC Download Plug-in
  • SCC Download Cacher
  • Custom Repository Support
  • Btrfs snapshot management
  • Multiple-Package Baseline Installation