Patch Management Solution for Linux: Patches fail to install as some dependencies are missing

A combination of software installed on managed SUSE Linux computers and channels selected in Symantec Management Console may lead to patch installation failure

There can be different causes for this situation and Symantec has already mentioned it in "Patch Management Solution for Linux 7.1 from Symantec™ Release Notes" - http://www.symantec.com/docs/DOC3506.

1. Solution for Linux cannot check for second-level dependencies.

==================================

Sometimes a software update cannot be installed because a dependency that was added to the policy is dependent on other software. Currently, Patch Management Solution for Linux does not run a dependency check for dependent software. Workaround: Add dependent packages to the policy manually.

==================================

2. Steps to do if installation fails.

==================================

Sometimes bulletin can fail to install because of a conflicting bulletin included into the same software update policy. To work around this issue, Symantec recommends that you create a software update policy for this failing bulletin only. If it still fails, you can set the log level to DEVNOTE and examine the rpm output. You can also try to install the update and its dependencies manually.

==================================

However the document does not explain what to do in case of similar situations.

This article will describe the steps which helped to add the missing dependencies and install the patches in one scenario.

a. Server - Symantec Management Platform with Patch Management Solution installed Client - Suse Linux Enterprise Server 11 SP3.

b. One of Symantec customers configured software channels for Enterprise Server 11 SP3, downloaded metadata and tried to distribute the packages.

c. The policies were created and the packages were delivered successfully to the clients. However, later on the clients, when running "aex-patchinstall -l" to verify the patch policies status, it was noticed, that some patches filed to install, for example "slessp3-acl-10012".

d. "DEVNOTE" log mode was enabled (the process described here http://www.symantec.com/docs/HOWTO35960).

e. Another attempt to install the failed patch was made using "aex-patchinstall -i" command.

f. The log output was analyzed and the following lines discovered related to the installation failure

-----

error: Failed dependencies: python-m2crypto is needed by python-pywbem-0.7-6.20.1.x86_64

-----

g. The missing package was added from the corresponding policy "General" tab, "Software Update" field.

h. The policies refreshed on the clients after some times and patch was successfully installed.