Linux installation of new package with dependency resolution

I have a need to install a new package across various Linux distributions, in order to be able to deploy Symantec Endpoint Protection (required by my company on all systems). SEP has its own list of dependencies, one of which is a strong requirement for java-1.X.0-oracle (Oracle Java 1.5.0 to 1.8.0) on systems that don’t have Java. This is where my issue starts.

I couldn’t find a way to deploy a new RPM (I’m starting to test on RHEL but we’ll have to deploy the same on other distributions: CentOS, SuSe, Ubuntu, Fedora…) which would take care of finding all the dependencies. I cannot use a repo as some systems are in isolated without access to anything other than via BigFix Relays.

What would be the best method to deploy a package and have BigFix handle the installation with all the dependencies?
If this isn’t possible, how do I specify a list of pre-req to install before Oracle Java and SEP are installed?

How about using a Baseline.

Put all of the dependencies into the baseline, and make sure the application is the last Component?

Hi Tim,
I’m not sure how the baseline would help in ensuring all the dependencies are included with the installation of a RPM. I’d need to create single actions anyway to install the code (as this is a new installation and not a patch update, the existing fixlets provided by BigFix won’t help). Plus I don’t know upfront all the downstream requirements for all systems across all versions of all distributions.

Sorry, I didn’t see the reference that they were “isolated without access to anything other than BigFix Relays”.

I think you actually face a dual problem.

  1. I doubt BigFix contains Fixlets to cover all of the possible dependencies you might come across.
  2. BigFix doesn’t know the dependencies for the applications.

You would need to create a Fixlet for each potential dependency. These Fixlets could then be added to a Baseline along with a Fixlet to install SEP. That way, when the Baseline is executed against a targeted endpoint, each dependency will be installed prior to SEP attempting to install. Doing it though a baseline, with separate Fixlets for each dependency, assuming the targeting relevance is correct, will prevent “re-installation” of pre-existing components.

Hi Tim,
I started to look into that however I was wondering if there is a better solution. Let me give you an example:

  • SEP requires glibc 32bit and Oracle Java: OK; I can install those, but the trouble started
  • Java may require some other packages on systems that don’t have any JRE installed
  • these components may have other dependencies
  • even the glibc 32-bit is problematic as it would need to match the version of glibc x64

If you consider different distributions at different levels, I may have to handle over 100 RPMs and PKGs, code that then I’d need to update regularly and it may become a full time job (which I already have plenty of those).

There must be a better way and I must not be the first one with a similar deployment issue.