RHEL Patching ft DJ Polkit

Usage and Config Patch
1

I’m confused on RHEL patching in the “Patches for RHEL 7” site. I’ve got 3 main confusions.

So taking “RHSA-2020:1135 - Polkit Security And Bug Fix Update - Red Hat Enterprise Linux 7 (x86_64)” as an example, I run this on a box that has pokit 0.112-18.el7_6.1 (x86_64)

The description of the Fixlet conuses me in two places. First, it says…

Target RPMs:

polkit-0.112-26.el7.i686.rpm
polkit-0.112-26.el7.x86_64.rpm
polkit-devel-0.112-26.el7.i686.rpm
polkit-devel-0.112-26.el7.x86_64.rpm
polkit-docs-0.112-26.el7.noarch.rpm

This may just be me not having enough time on RHEL, but who is targeting what? Are we targeting an installation of polkit-0.112-26.el7 that exists on the client? Or is the client targeting a package to install polkit-0.112-26.el7 on itself?

Second confusion: The description says the Fixlet provides a test without actually installing the packages. Then it says it provides a solution to reduce the execution time for patching when using baselines. It never actually says that this Fixlet installs anything… so does this Fixlet install polkit-0.112-26.el7? Or is it just for you to test and to speed up when using baselines?
(Yes, the Action section claims to update the current packages, but nothing in the description corroborates this.)

Third and final confusion: This fails every single time. Every line shows “Completed” for status, except the final exit line:

image

So if none of these lines failed, then what happened? This goes back to the second confusion… if this is just a test, then it seems to be telling me that I can’t install this version for reasons. If this is an install, then it’s not completing despite the step claiming to complete, although it could be that “Completed” isn’t being used as a synonym for “Successful,” so…

Who is targeting what?
Does this just test as described, or does it install?
If everything completes, why is my exit failing (and how does an exit fail??)?

Thanks guys!

2

Hi ,

  1. If already polkit exist then only it will comes to applicable to that server , it’s not a new installation.
  2. had you deployed import gpg-key task ?
  3. had you set prefetch plugin timeout setting to the endpoints? if it is not set some patches will get fail.
3

Have you tried to look at this in the fixleten:


if {not exists setting “_BESClient_RHEL_AllowYumDownloads” whose (value of it = “1”) of client}
if {(exists file “/etc/redhat-release” whose (exists line whose (exists match (regex “Red Hat Enterprise Linux Server release 7”) of it) of it))}
add nohash prefetch item name=repolist.json url=RHSMProtocol://get.repo.list.content/server/7/x86_64
endif
if {(exists file “/etc/redhat-release” whose (exists line whose (exists match (regex “Red Hat Enterprise Linux Client release 7”) of it) of it))}
add nohash prefetch item name=repolist.json url=RHSMProtocol://get.repo.list.content/client/7/x86_64
endif
if {(exists file “/etc/redhat-release” whose (exists line whose (exists match (regex “Red Hat Enterprise Linux Workstation release 7”) of it) of it))}
add nohash prefetch item name=repolist.json url=RHSMProtocol://get.repo.list.content/workstation/7/x86_64
endif”

this will give you this error code
if you make this client setting “_BESClient_RHEL_AllowYumDownloads to 1” as a test.

4

Coming back to this…

@sekar , thank you. It took some time (and of course our usual IT emergencies) before I knew enough to be able to answer your questions.

1.) Yes, this box already has Polkit.
2.) Nope, your question is the first time I have ever heard of importing the gpg-key. From what I’ve read since seeing your question, it seems critical. Odd that it wasn’t called out at least as poorly as manual caching is. Oh well.
3.) I had not set the prefetch plugin timeout, since that task states the default is 30 minutes and no step failed except for the final Exit step.

I’m running those GPG-Key imports now.

@daniel.dk something tells me that Sekar’s advice is going to be a prerequisite for yours to be meaningful, so I’ll circle back after getting that sorted.

Thanks guys!