Overview
JetPatch patches at the Errata level, which means it requires advisory information (Security, Bugfix, Enhancement) to be present in the endpoint's assigned repository.
If the local repository is not configured to pull this advisory data, JetPatch will be unable to identify or deploy the correct patches.
This article explains how to identify whether the issue is endpoint-specific or repository-wide, and provides two methods for fixing missing advisory information in EL-based local repositories.
| Note: This article applies to Enterprise Linux (EL) based distributions: RHEL, Oracle Linux, AlmaLinux, Rocky Linux, and CentOS. It does not cover Debian/Ubuntu (apt) or SUSE (zypper) environments. |
Context
JetPatch patches at the Errata level
Users must be configured to retrieve advisory information from their assigned repo.
Once configured, JetPatch collects patch information by writing scan results to the client in the following location:
| /var/cache/JetPatch/scan_result.txt |
Identifying the Scope of the Problem
Further Actions
Case 1: Only a Few Machines Not Working
The repository is fine, JetPatch shows outdated results. Reset the local cache on the affected endpoint:
| rm -rf /var/cache/JetPatch/scan_result.txt && /usr/local/scan_updates.sh true null null |
This clears the stale cache and forces JetPatch to generate a fresh scan_result.txt file during the next scan (typically every couple of hours).
Case 2: All Machines Not Working
Make sure your repository is advisory-based by using the following three commands:
For Security Advisories:
| dnf updateinfo list security all |
For Bug Fixes:
| dnf updateinfo list bugfixes all |
For Enhancements:
| dnf updateinfo list enhancements all |
If one of these results is empty, the repository is not fully pulling advisory information. Use one of the two methods below to fix this.
Automatic: Using the yum-plugin-security Plugin
|
Important: The yum-plugin-security plugin is intended for RHEL/EL 7 and earlier. On RHEL/EL 8 and above, security advisory functionality is built into DNF and does not require a separate plugin installation. |
To use the yum-plugin-security plugin to automatically download and add advisory information to your local repository, follow these steps:
- Install the yum-plugin-security plugin:
| dnf install yum-plugin-security |
- Enable the plugin in your /etc/yum.conf file:
| plugins=security |
- Update your local repository:
|
dnf clean all dnf update |
The yum-plugin-security plugin will automatically download the latest advisory information from the Red Hat website and add it to your local repository.
Manual: Downloading and Adding Advisory Information
| Important: Take a backup of the local repo server before proceeding. |
Follow the steps below to download and integrate updateinfo.xml for a local repository.
AppStream
- Download the updateinfo.xml file.
- Place the file in the AppStream repodata path, for example:
| /var/www/html/rhel8/AppStream/repodata/ |
- Update the repository metadata:
| modifyrepo /var/www/html/rhel8/Appstream/repodata/updateinfo.xml /var/www/html/rhel8/AppStream/repodata/ |
BaseOS
- Download the updateinfo.xml file.
- Place the file in the BaseOS repodata path, for example:
| /var/www/html/rhel8/BaseOS/repodata/ |
- Update the repository metadata:
| modifyrepo /var/www/html/rhel8/BaseOS/repodata/updateinfo.xml /var/www/html/rhel8/BaseOS/repodata/ |
Verify Advisory Information
Once the repository metadata is updated, verify the advisory information by running:
|
dnf clean all dnf updateinfo |
Comments
0 comments
Please sign in to leave a comment.