Topic
  • 28 replies
  • Latest Post - ‏2017-04-07T21:29:21Z by njeffrey
sanket
sanket
64 Posts

Pinned topic yum for AIX Toolbox

‏2016-09-14T14:44:33Z | opensource toolbox yum

yum the rpm package manager is now available for AIX opensource Toolbox.
It allows automatic package installation, updates and dependency management.

For installing yum on AIX
-------------------------

1. Install the rpm.rte with "minimum version" of 4.9.1.3 or greater from https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/
     
2. Download and install the rpms from yum_bundle_v1.tar from https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/
   This bundle contains yum and all of it's dependency rpms.

Please go through README-yum from following location for detailed description and known issues of yum on AIX.

https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/README-yum

 

Updated on 2016-10-17T05:40:55Z at 2016-10-17T05:40:55Z by sanket
  • Sylvain DELABARRE
    Sylvain DELABARRE
    2 Posts

    Re: yum for AIX Toolbox

    ‏2016-09-15T07:58:54Z  

    Hello,

    It seems to be working great, thanks. We would like to implement a local repository for AIX rpms. I do not find any
    yum-config-manager command to add repositories. Are we limited to manual configuration by editing conf files
    only ?

    Regards, Sylvain.

  • sanket
    sanket
    64 Posts

    Re: yum for AIX Toolbox

    ‏2016-09-15T09:03:40Z  

    Thanks Sylvain.

    As of now yum-config-manager / yum-utils are not provided by AIX open source toolbox.

    So you will have to manually edit the conf file.

     

    Thanks

    Sanket

  • il15012
    il15012
    2 Posts

    Re: yum for AIX Toolbox

    ‏2016-12-09T17:04:45Z  

    I just installed the yum bundle on an AIX 6.1 system. Does the bundle supply man pages for yum? If not, where can they be found?

     

  • il15012
    il15012
    2 Posts

    Re: yum for AIX Toolbox

    ‏2016-12-09T17:25:57Z  

    Actually it does provide man pages. I had to add /opt/freeware/share/man to the MANPATH environment variable and they appeared.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-24T23:42:39Z  

    Hi.  I am having an issue with installing YUM on one of our AIX 7.1 machines.  After a bit of surgery on the existing RPM packages, I was able to get YUM installed but when I say something like `yum search git` I get an ssl error that looks like this:

    ```

    bash-4.2# yum search git
    https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again
    ```

    I'm uncertain what's going on but could it be that GeoTrust self-signed one of their certs?  This particular AIX machine very likely had not certs on it at all before I installed YUM today so it seems like the error came with the certs that were installed.  Please help me out if anyone has ideas.  (Below is one more diagnostic)  Thanks, Mike

    bash-4.2# openssl s_client -showcerts -connect public.dhe.ibm.com:443
    CONNECTED(00000003)
    depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
    verify error:num=19:self signed certificate in certificate chain
    ---
    Certificate chain
     0 s:/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    -----BEGIN CERTIFICATE-----
    MIIGAjCCBOqgAwIBAgIQJDkVSCC7FI0F4uk3ZskdGzANBgkqhkiG9w0BAQsFADBE
    MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
    R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYxMTMwMDAwMDAwWhcNMTgwMTI5MjM1
    OTU5WjCBhDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMQ8wDQYDVQQH
    DAZBcm1vbmsxNDAyBgNVBAoMK0lOVEVSTkFUSU9OQUwgQlVTSU5FU1MgTUFDSElO
    RVMgQ09SUE9SQVRJT04xGzAZBgNVBAMMEnB1YmxpYy5kaGUuaWJtLmNvbTCCASIw
    DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgdzl0QKuf4k6Vq/dJL6xr2Ctpq
    NvPOMiSOOcmotdZH5V7uUy7kA6FAPAWHxh81j764Dw/vUtW66DHCYV5HdqZfaZBA
    KilHFc2y4zM6Prcj24xCo8BPNPFyWJLZBtUzuxKdga3WxYqUhq1jOLdTAOb87GU/
    tluOsgVsuwEiae1ecSb6Yprvok52kuuTWqB4keUIevsOF7YAUqrejXHa0Qa5NBRV
    Ws9CVm0iVQdP68mlNM1+fMWsYQ09Sid5Qx8pDwrxp6EmOckHlJMlmE3+leDWk4Hr
    C8T/QOEW4iCjQfHfdx+3tRBgsGzzIQlMI7/IR/VqqIXixrg9t7Eozvg+oTUCAwEA
    AaOCAq0wggKpMB0GA1UdEQQWMBSCEnB1YmxpYy5kaGUuaWJtLmNvbTAJBgNVHRME
    AjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ24u
    c3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYI
    KwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVw
    b3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVz
    dC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYB
    BQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qFeJujfFp8
    MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2duLnN5bWNkLmNv
    bTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcnQwggEFBgor
    BgEEAdZ5AgQCBIH2BIHzAPEAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTN
    tuy+zAAAAVi2zgc3AAAEAwBIMEYCIQCBnkSbxd+D4gnkIsoqKLmV/8+OF0iOI0PM
    10Hau5ixOwIhALGNXSLkdzCl6iHTIEy1LYjctzKVHYxzkHoXB9NJepdGAHYA7ku9
    t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFYts4JOAAABAMARzBFAiAf
    kEIjCbZasL4fJ3UyIpqXpdJL1JEDMXxGWAOAzacbogIhAOHxdivyCzMaHUwqiLAY
    AFLI3eW/iWh3Ul3Jpev8FbgCMA0GCSqGSIb3DQEBCwUAA4IBAQCa+Rqn2sQzApku
    yimhra7IFdghasI5QZUfZNHKU/GWM+W03qWy6lRm3BbkfHxafIX3q5Mw1FdcreyC
    5Vqjyv2WOcfXnMs3iocpbHFz1acqorJSKVY/w8TjEEymkL3MDqsk5tD4dEugdJi0
    Aa+qeDRd2fd9lKJU78wRAy6q9N+hSyhY0wW+UkYxGWnmdMKfYZwZxx6GBlK0p0re
    2CYvjohoIW1jbV8A5fb14PczVe8oYmu9TJ8+4wYAPn4qKv+k3qpPumNizBoL9cH9
    j1IWr4J80lHsrhYCbOOhkkhLSye6jKDmcgu/KwKy4crkOj14D97vVO1q7V3Lep7u
    414fpU2i
    -----END CERTIFICATE-----
     1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
    U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
    hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
    U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
    89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
    j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
    I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
    vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
    DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
    aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
    AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
    QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
    c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
    bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
    n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
    Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
    3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
    SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
    QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
    zNSS
    -----END CERTIFICATE-----
     2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
    issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 3686 bytes and written 647 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES128-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : AES128-SHA
        Session-ID: 2682D01B41A193B52BEAC75A1A67CB167D9B63E9930B80CF9EBDD047EA9365DD
        Session-ID-ctx:
        Master-Key: B6916DABD4019754DEEB3FCB5CD1F3DDDD21526B9E3844A46918BDC09B6EF078C36708A622F649EFF370ED9E759E6EA7
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1490398754
        Timeout   : 300 (sec)
        Verify return code: 19 (self signed certificate in certificate chain)
    ---

    HTTP/1.1 400 Bad Request
    Date: Fri, 24 Mar 2017 23:39:01 GMT
    Content-Length: 321
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>400 Bad Request</title>
    </head><body>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not understand.<br />
    </p>
    <hr>
    <address>IBM_HTTP_Server/8.5.5.11-PI73984 (Unix) at public.dhe.ibm.com Port 443</address>
    </body></html>
    read:errno=0
    bash-4.2#

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-25T00:18:39Z  
    • mmetts
    • ‏2017-03-24T23:42:39Z

    Hi.  I am having an issue with installing YUM on one of our AIX 7.1 machines.  After a bit of surgery on the existing RPM packages, I was able to get YUM installed but when I say something like `yum search git` I get an ssl error that looks like this:

    ```

    bash-4.2# yum search git
    https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again
    ```

    I'm uncertain what's going on but could it be that GeoTrust self-signed one of their certs?  This particular AIX machine very likely had not certs on it at all before I installed YUM today so it seems like the error came with the certs that were installed.  Please help me out if anyone has ideas.  (Below is one more diagnostic)  Thanks, Mike

    bash-4.2# openssl s_client -showcerts -connect public.dhe.ibm.com:443
    CONNECTED(00000003)
    depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
    verify error:num=19:self signed certificate in certificate chain
    ---
    Certificate chain
     0 s:/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    -----BEGIN CERTIFICATE-----
    MIIGAjCCBOqgAwIBAgIQJDkVSCC7FI0F4uk3ZskdGzANBgkqhkiG9w0BAQsFADBE
    MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
    R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYxMTMwMDAwMDAwWhcNMTgwMTI5MjM1
    OTU5WjCBhDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMQ8wDQYDVQQH
    DAZBcm1vbmsxNDAyBgNVBAoMK0lOVEVSTkFUSU9OQUwgQlVTSU5FU1MgTUFDSElO
    RVMgQ09SUE9SQVRJT04xGzAZBgNVBAMMEnB1YmxpYy5kaGUuaWJtLmNvbTCCASIw
    DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgdzl0QKuf4k6Vq/dJL6xr2Ctpq
    NvPOMiSOOcmotdZH5V7uUy7kA6FAPAWHxh81j764Dw/vUtW66DHCYV5HdqZfaZBA
    KilHFc2y4zM6Prcj24xCo8BPNPFyWJLZBtUzuxKdga3WxYqUhq1jOLdTAOb87GU/
    tluOsgVsuwEiae1ecSb6Yprvok52kuuTWqB4keUIevsOF7YAUqrejXHa0Qa5NBRV
    Ws9CVm0iVQdP68mlNM1+fMWsYQ09Sid5Qx8pDwrxp6EmOckHlJMlmE3+leDWk4Hr
    C8T/QOEW4iCjQfHfdx+3tRBgsGzzIQlMI7/IR/VqqIXixrg9t7Eozvg+oTUCAwEA
    AaOCAq0wggKpMB0GA1UdEQQWMBSCEnB1YmxpYy5kaGUuaWJtLmNvbTAJBgNVHRME
    AjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ24u
    c3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYI
    KwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVw
    b3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVz
    dC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYB
    BQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qFeJujfFp8
    MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2duLnN5bWNkLmNv
    bTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcnQwggEFBgor
    BgEEAdZ5AgQCBIH2BIHzAPEAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTN
    tuy+zAAAAVi2zgc3AAAEAwBIMEYCIQCBnkSbxd+D4gnkIsoqKLmV/8+OF0iOI0PM
    10Hau5ixOwIhALGNXSLkdzCl6iHTIEy1LYjctzKVHYxzkHoXB9NJepdGAHYA7ku9
    t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFYts4JOAAABAMARzBFAiAf
    kEIjCbZasL4fJ3UyIpqXpdJL1JEDMXxGWAOAzacbogIhAOHxdivyCzMaHUwqiLAY
    AFLI3eW/iWh3Ul3Jpev8FbgCMA0GCSqGSIb3DQEBCwUAA4IBAQCa+Rqn2sQzApku
    yimhra7IFdghasI5QZUfZNHKU/GWM+W03qWy6lRm3BbkfHxafIX3q5Mw1FdcreyC
    5Vqjyv2WOcfXnMs3iocpbHFz1acqorJSKVY/w8TjEEymkL3MDqsk5tD4dEugdJi0
    Aa+qeDRd2fd9lKJU78wRAy6q9N+hSyhY0wW+UkYxGWnmdMKfYZwZxx6GBlK0p0re
    2CYvjohoIW1jbV8A5fb14PczVe8oYmu9TJ8+4wYAPn4qKv+k3qpPumNizBoL9cH9
    j1IWr4J80lHsrhYCbOOhkkhLSye6jKDmcgu/KwKy4crkOj14D97vVO1q7V3Lep7u
    414fpU2i
    -----END CERTIFICATE-----
     1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
    U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
    hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
    U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
    89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
    j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
    I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
    vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
    DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
    AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
    aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
    AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
    QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
    c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
    bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
    n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
    Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
    3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
    SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
    QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
    zNSS
    -----END CERTIFICATE-----
     2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    -----BEGIN CERTIFICATE-----
    MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
    EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
    R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
    9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
    fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
    iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
    1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
    bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
    MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
    ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
    uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
    Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
    tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
    PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
    hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
    5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
    -----END CERTIFICATE-----
    ---
    Server certificate
    subject=/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
    issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 3686 bytes and written 647 bytes
    ---
    New, TLSv1/SSLv3, Cipher is AES128-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : AES128-SHA
        Session-ID: 2682D01B41A193B52BEAC75A1A67CB167D9B63E9930B80CF9EBDD047EA9365DD
        Session-ID-ctx:
        Master-Key: B6916DABD4019754DEEB3FCB5CD1F3DDDD21526B9E3844A46918BDC09B6EF078C36708A622F649EFF370ED9E759E6EA7
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        Start Time: 1490398754
        Timeout   : 300 (sec)
        Verify return code: 19 (self signed certificate in certificate chain)
    ---

    HTTP/1.1 400 Bad Request
    Date: Fri, 24 Mar 2017 23:39:01 GMT
    Content-Length: 321
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>400 Bad Request</title>
    </head><body>
    <h1>Bad Request</h1>
    <p>Your browser sent a request that this server could not understand.<br />
    </p>
    <hr>
    <address>IBM_HTTP_Server/8.5.5.11-PI73984 (Unix) at public.dhe.ibm.com Port 443</address>
    </body></html>
    read:errno=0
    bash-4.2#

    So, just to add:  is there a good way to fix this?  Also, if there's a more appropriate place for me to ask this, by all means, please let me know.  Thanks.

  • AyappanP
    AyappanP
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T14:11:43Z  
    • mmetts
    • ‏2017-03-25T00:18:39Z

    So, just to add:  is there a good way to fix this?  Also, if there's a more appropriate place for me to ask this, by all means, please let me know.  Thanks.

    Hi,

    Did the ca-certificates rpm installed properly in the machines ?

    Share the output of the below command ?

    ls -l /var/ssl/certs/ | grep Geo

     

    Thanks

    Ayappan P

     

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T14:39:08Z  
    • AyappanP
    • ‏2017-03-27T14:11:43Z

    Hi,

    Did the ca-certificates rpm installed properly in the machines ?

    Share the output of the below command ?

    ls -l /var/ssl/certs/ | grep Geo

     

    Thanks

    Ayappan P

     

    here are the results of the command (below).  the files are in place.  but we also wonder if there aren't other fundamental things one should to to get openssl (and YUM) setup on a system such as this.

     

    i want to also note that we see at least 2 versions of openssl installed:  1.0.1i-1 via RPM and 1.0.2.800 via installp (tried to list these but it trips the spam filter for some reason).  please advise if you think this might be contributing to our difficulties. 

     

    would really like to get this working.  Thanks.

     

    -bash-4.2$ ls -l /var/ssl/certs | grep Geo
    -rw-r--r--    1 root     system         1555 Mar 24 15:15 GeoTrustSSLCA-G3.crt
    lrwxrwxrwx    1 root     system           50 Mar 24 14:17 GeoTrust_Global_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt
    lrwxrwxrwx    1 root     system           52 Mar 24 14:17 GeoTrust_Global_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA_2.crt
    lrwxrwxrwx    1 root     system           72 Mar 24 14:17 GeoTrust_Primary_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
    lrwxrwxrwx    1 root     system           53 Mar 24 14:17 GeoTrust_Universal_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt
    lrwxrwxrwx    1 root     system           55 Mar 24 14:17 GeoTrust_Universal_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt

     

  • sangameshm
    sangameshm
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:10:36Z  
    • mmetts
    • ‏2017-03-27T14:39:08Z

    here are the results of the command (below).  the files are in place.  but we also wonder if there aren't other fundamental things one should to to get openssl (and YUM) setup on a system such as this.

     

    i want to also note that we see at least 2 versions of openssl installed:  1.0.1i-1 via RPM and 1.0.2.800 via installp (tried to list these but it trips the spam filter for some reason).  please advise if you think this might be contributing to our difficulties. 

     

    would really like to get this working.  Thanks.

     

    -bash-4.2$ ls -l /var/ssl/certs | grep Geo
    -rw-r--r--    1 root     system         1555 Mar 24 15:15 GeoTrustSSLCA-G3.crt
    lrwxrwxrwx    1 root     system           50 Mar 24 14:17 GeoTrust_Global_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt
    lrwxrwxrwx    1 root     system           52 Mar 24 14:17 GeoTrust_Global_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA_2.crt
    lrwxrwxrwx    1 root     system           72 Mar 24 14:17 GeoTrust_Primary_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
    lrwxrwxrwx    1 root     system           53 Mar 24 14:17 GeoTrust_Universal_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt
    lrwxrwxrwx    1 root     system           55 Mar 24 14:17 GeoTrust_Universal_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt

     

    Looks like hashes for certificate files mayn't have been created.

    Do you see the files name something *.0 in /var/ssl/certs and whether a file name /usr/linux/bin/c_rehash is being present ?

    If no hash files are present then try running "c_rehash /var/ssl/certs" and see if it creates *.0 files under /var/ssl/certs.

     

    Thanks,

    Sangamesh

    Updated on 2017-03-27T15:10:49Z at 2017-03-27T15:10:49Z by sangameshm
  • AyappanP
    AyappanP
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:19:26Z  
    • mmetts
    • ‏2017-03-27T14:39:08Z

    here are the results of the command (below).  the files are in place.  but we also wonder if there aren't other fundamental things one should to to get openssl (and YUM) setup on a system such as this.

     

    i want to also note that we see at least 2 versions of openssl installed:  1.0.1i-1 via RPM and 1.0.2.800 via installp (tried to list these but it trips the spam filter for some reason).  please advise if you think this might be contributing to our difficulties. 

     

    would really like to get this working.  Thanks.

     

    -bash-4.2$ ls -l /var/ssl/certs | grep Geo
    -rw-r--r--    1 root     system         1555 Mar 24 15:15 GeoTrustSSLCA-G3.crt
    lrwxrwxrwx    1 root     system           50 Mar 24 14:17 GeoTrust_Global_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt
    lrwxrwxrwx    1 root     system           52 Mar 24 14:17 GeoTrust_Global_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA_2.crt
    lrwxrwxrwx    1 root     system           72 Mar 24 14:17 GeoTrust_Primary_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
    lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
    lrwxrwxrwx    1 root     system           53 Mar 24 14:17 GeoTrust_Universal_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt
    lrwxrwxrwx    1 root     system           55 Mar 24 14:17 GeoTrust_Universal_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt

     

    Okay so you have openssl installed via rpm also. That is not recommended. We won't provide rpms for openssl through AIX Toolbox. 

    It's better we can remove the rpm and use only the one via installp. Removing the rpm may erase some files coming from installp openssl.

    So you have to make sure it doesn't mess up things. (Reinstalling the openssl fileset will bring back to original state).

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:19:58Z  

    Looks like hashes for certificate files mayn't have been created.

    Do you see the files name something *.0 in /var/ssl/certs and whether a file name /usr/linux/bin/c_rehash is being present ?

    If no hash files are present then try running "c_rehash /var/ssl/certs" and see if it creates *.0 files under /var/ssl/certs.

     

    Thanks,

    Sangamesh

    the command ran but does not appear to have created any files in /var/ssl/certs or in /opt/freeware/etc/ssl/certs  ...sit have the problem.

  • sangameshm
    sangameshm
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:31:07Z  
    • mmetts
    • ‏2017-03-27T15:19:58Z

    the command ran but does not appear to have created any files in /var/ssl/certs or in /opt/freeware/etc/ssl/certs  ...sit have the problem.

    Could you check the /usr/bin/c_rehash and grep for the pattern "FILE: foreach" and what is the complete line for that pattern ?

    I guess by default c_rehash in your case is /usr/bin/c_rehash
    and /usr/bin/c_rehash has this entry
    FILE: foreach $fname (grep {/\.pem$/} @flist) {

    If /usr/bin/c_rehash doesn't have crt, cer related files support then change the line to
    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
    And run the c_rehash command.

    When we install ca-certificate it will copy the /usr/bin/c_rehash to /usr/linux/bin/c_rehash, change the line
    from
    FILE: foreach $fname (grep {/\.pem$/} @flist) {
    to
    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
    And runs /usr/linux/bin/c_rehash /var/ssl/certs

    Wondering whether /usr/linux/bin/c_rehash file has been created and the line "FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)" does exists.

     

    Thanks,

    Sangamesh

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:39:13Z  
    • AyappanP
    • ‏2017-03-27T15:19:26Z

    Okay so you have openssl installed via rpm also. That is not recommended. We won't provide rpms for openssl through AIX Toolbox. 

    It's better we can remove the rpm and use only the one via installp. Removing the rpm may erase some files coming from installp openssl.

    So you have to make sure it doesn't mess up things. (Reinstalling the openssl fileset will bring back to original state).

    where do i get a copy of the correct openssl fileset to have handy in case i mess something up while removing the RPM versions?

    Updated on 2017-03-27T15:39:40Z at 2017-03-27T15:39:40Z by mmetts
  • AyappanP
    AyappanP
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T15:58:47Z  
    • mmetts
    • ‏2017-03-27T15:39:13Z

    where do i get a copy of the correct openssl fileset to have handy in case i mess something up while removing the RPM versions?

    https://w3-01.ibm.com/marketing/automation/iwm/preview/web/reg/pick.do?source=aixbp&lang=en_US

    You can get it from the above link.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T16:40:20Z  
    • AyappanP
    • ‏2017-03-27T15:58:47Z

    this link doesn't work for me.  is it just something on fix central?  I just want to make sure I don't screw anything up worse.  also should do an `installp -u` followed by  `installp -aXYgd $PWD all` or should I do something like `installp -F -aXYd $PWD all` ?

     

    should I make these changes before attempting any of the other steps discussed here?

  • AyappanP
    AyappanP
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:02:50Z  
    • mmetts
    • ‏2017-03-27T16:40:20Z

    this link doesn't work for me.  is it just something on fix central?  I just want to make sure I don't screw anything up worse.  also should do an `installp -u` followed by  `installp -aXYgd $PWD all` or should I do something like `installp -F -aXYd $PWD all` ?

     

    should I make these changes before attempting any of the other steps discussed here?

    That is not fix central. If you have IBM Id you can log into that and download OpenSSL. 

    Use the -F option in installp.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:05:47Z  
    • AyappanP
    • ‏2017-03-27T17:02:50Z

    That is not fix central. If you have IBM Id you can log into that and download OpenSSL. 

    Use the -F option in installp.

    okay but i can't get that URL to work.  it says it's unreachable.

  • AyappanP
    AyappanP
    46 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:38:34Z  
    • mmetts
    • ‏2017-03-27T17:05:47Z

    okay but i can't get that URL to work.  it says it's unreachable.

    Search for AIX web download pack programs. You will get the link.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:46:24Z  
    • AyappanP
    • ‏2017-03-27T17:38:34Z

    Search for AIX web download pack programs. You will get the link.

    found it.  i'll get 1.0.2.1000 ... should it get it with FIPS 2.0.13?  seems like there's an optional version.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:49:36Z  
    • mmetts
    • ‏2017-03-27T17:46:24Z

    found it.  i'll get 1.0.2.1000 ... should it get it with FIPS 2.0.13?  seems like there's an optional version.

    also, it has the rpm of openldap installed, shall i remove that too?  are their other ill-advised RPMs i should also remove while I'm at it?  list below...

     

    bash-4.2# rpm -qa
    a2ps-4.13-2.ppc
    autoconf-2.63-1.noarch
    bash-4.2-3.ppc
    bzip2-devel-1.0.6-1.ppc
    coreutils-8.23-1.ppc
    cups-1.6.4-1.ppc
    expat-2.0.1-3.ppc
    fontconfig-2.10.2-1.ppc
    gdbm-1.10-1.ppc
    git-2.1.3-1.ppc
    gmp-6.0.0a-1.ppc
    info-4.13a-2.ppc
    jbigkit-libs-2.0-2.ppc
    krb5-libs-1.9.4-1.ppc
    libXrender-0.9.8-1.ppc
    libcroco-0.6.5-1.ppc
    libffi-3.1-1.ppc
    libiconv-1.14-2.ppc
    libpaper-1.1.24-1.ppc
    libstdc++-4.8.3-1.ppc
    libtiff-4.0.3-1.ppc
    libxcb-1.7-1.ppc
    libyaml-0.1.6-1.ppc
    lzo-2.06-1.ppc
    openldap-2.4.23-0.3.ppc
    openssl-1.0.1i-1.ppc
    perl-5.8.8-2.ppc
    pkg-config-0.19-6.ppc
    pspell-0.12.2-2.ppc
    readline-6.3-5.ppc
    tcl-8.4.7-3.ppc
    wget-1.9.1-3.ppc
    xz-devel-5.2.2-1.ppc
    xz-lzma-compat-5.2.2-1.ppc
    AIX-rpm-7.1.4.30-3.ppc
    gettext-0.19.7-1.ppc
    yum-metadata-parser-1.1.4-2.ppc
    python-2.7.10-1.ppc
    python-iniparse-0.4-1.noarch
    curl-7.52.1-1.ppc
    python-urlgrabber-3.10.1-1.noarch
    python-devel-2.7.10-1.ppc
    automake-1.11-1.noarch
    bzip2-1.0.6-1.ppc
    cups-libs-1.6.4-1.ppc
    expect-5.42.1-3.ppc
    freetype2-2.5.3-1.ppc
    gmp-devel-6.0.0a-1.ppc
    gzip-1.6-2.ppc
    jasper-1.900.1-2.ppc
    krb5-devel-1.9.4-1.ppc
    less-382-1.ppc
    libart_lgpl-2.3.21-1.ppc
    libdatrie-0.2.4-1.ppc
    libgcc-4.8.3-1.ppc
    libjpeg-9a-1.ppc
    libpng-1.6.12-1.ppc
    libssh2-1.4.3-2.ppc
    libthai-0.1.18-1.ppc
    libtool-1.5.8-2.ppc
    libxml2-2.9.1-1.ppc
    logrotate-3.8.2-1.ppc
    m4-1.4.13-1.ppc
    openldap-devel-2.4.23-0.3.ppc
    pixman-0.28.2-1.ppc
    popt-1.16-1.ppc
    rsync-3.0.6-1.ppc
    tar-1.22-1.ppc
    tk-8.4.7-3.ppc
    xz-5.2.2-1.ppc
    xz-libs-5.2.2-1.ppc
    zlib-1.2.8-1.ppc
    sqlite-3.15.2-1.ppc
    glib2-2.14.6-2.ppc
    db-4.8.24-3.ppc
    pysqlite-1.1.7-2.ppc
    ca-certificates-2016.10.7-1.ppc
    python-pycurl-7.19.3-1.ppc
    yum-3.4.3-4.noarch
    python-tools-2.7.10-1.ppc
     

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T17:53:00Z  
    • mmetts
    • ‏2017-03-27T17:49:36Z

    also, it has the rpm of openldap installed, shall i remove that too?  are their other ill-advised RPMs i should also remove while I'm at it?  list below...

     

    bash-4.2# rpm -qa
    a2ps-4.13-2.ppc
    autoconf-2.63-1.noarch
    bash-4.2-3.ppc
    bzip2-devel-1.0.6-1.ppc
    coreutils-8.23-1.ppc
    cups-1.6.4-1.ppc
    expat-2.0.1-3.ppc
    fontconfig-2.10.2-1.ppc
    gdbm-1.10-1.ppc
    git-2.1.3-1.ppc
    gmp-6.0.0a-1.ppc
    info-4.13a-2.ppc
    jbigkit-libs-2.0-2.ppc
    krb5-libs-1.9.4-1.ppc
    libXrender-0.9.8-1.ppc
    libcroco-0.6.5-1.ppc
    libffi-3.1-1.ppc
    libiconv-1.14-2.ppc
    libpaper-1.1.24-1.ppc
    libstdc++-4.8.3-1.ppc
    libtiff-4.0.3-1.ppc
    libxcb-1.7-1.ppc
    libyaml-0.1.6-1.ppc
    lzo-2.06-1.ppc
    openldap-2.4.23-0.3.ppc
    openssl-1.0.1i-1.ppc
    perl-5.8.8-2.ppc
    pkg-config-0.19-6.ppc
    pspell-0.12.2-2.ppc
    readline-6.3-5.ppc
    tcl-8.4.7-3.ppc
    wget-1.9.1-3.ppc
    xz-devel-5.2.2-1.ppc
    xz-lzma-compat-5.2.2-1.ppc
    AIX-rpm-7.1.4.30-3.ppc
    gettext-0.19.7-1.ppc
    yum-metadata-parser-1.1.4-2.ppc
    python-2.7.10-1.ppc
    python-iniparse-0.4-1.noarch
    curl-7.52.1-1.ppc
    python-urlgrabber-3.10.1-1.noarch
    python-devel-2.7.10-1.ppc
    automake-1.11-1.noarch
    bzip2-1.0.6-1.ppc
    cups-libs-1.6.4-1.ppc
    expect-5.42.1-3.ppc
    freetype2-2.5.3-1.ppc
    gmp-devel-6.0.0a-1.ppc
    gzip-1.6-2.ppc
    jasper-1.900.1-2.ppc
    krb5-devel-1.9.4-1.ppc
    less-382-1.ppc
    libart_lgpl-2.3.21-1.ppc
    libdatrie-0.2.4-1.ppc
    libgcc-4.8.3-1.ppc
    libjpeg-9a-1.ppc
    libpng-1.6.12-1.ppc
    libssh2-1.4.3-2.ppc
    libthai-0.1.18-1.ppc
    libtool-1.5.8-2.ppc
    libxml2-2.9.1-1.ppc
    logrotate-3.8.2-1.ppc
    m4-1.4.13-1.ppc
    openldap-devel-2.4.23-0.3.ppc
    pixman-0.28.2-1.ppc
    popt-1.16-1.ppc
    rsync-3.0.6-1.ppc
    tar-1.22-1.ppc
    tk-8.4.7-3.ppc
    xz-5.2.2-1.ppc
    xz-libs-5.2.2-1.ppc
    zlib-1.2.8-1.ppc
    sqlite-3.15.2-1.ppc
    glib2-2.14.6-2.ppc
    db-4.8.24-3.ppc
    pysqlite-1.1.7-2.ppc
    ca-certificates-2016.10.7-1.ppc
    python-pycurl-7.19.3-1.ppc
    yum-3.4.3-4.noarch
    python-tools-2.7.10-1.ppc
     

    btw, almost all of these pre-date the install of YUM.  i am practicing on this LPAR because we have a very important LPAR on which a lot of shell programming takes place and we're really desperate to get YUM to work there and switch to a pure IBM feed of freeware.  the steps I'm taking here (and more) will almost certainly have to be repeated on the next LPAR so I'm trying to get this right with less risk before attempting it on the next LPAR.

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T18:23:01Z  
    • mmetts
    • ‏2017-03-27T17:53:00Z

    btw, almost all of these pre-date the install of YUM.  i am practicing on this LPAR because we have a very important LPAR on which a lot of shell programming takes place and we're really desperate to get YUM to work there and switch to a pure IBM feed of freeware.  the steps I'm taking here (and more) will almost certainly have to be repeated on the next LPAR so I'm trying to get this right with less risk before attempting it on the next LPAR.

    ok.  i have forcibly removed the openssl RPM package.  and then installed the installp package openssl-1.0.2.1000 over what had been there prior.  currently i get

     

    bash-4.2# lslpp -l | grep open
      CentrifyDC.openssh     7.1.530.208  COMMITTED  OpenSSH dynamically linked
      openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
      openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
      openssh.license         6.0.0.6201  COMMITTED  Open Secure Shell License
      openssh.man.en_US       6.0.0.6201  COMMITTED  Open Secure Shell
      openssh.msg.en_US       6.0.0.6201  COMMITTED  Open Secure Shell Messages -
      openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer
      openssl.license         1.0.2.1000  COMMITTED  Open Secure Socket License
      openssl.man.en_US       1.0.2.1000  COMMITTED  Open Secure Socket Layer
      openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
      openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
      openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer

     

    and yum check says

    bash-4.2# yum check
    cups-libs-1.6.4-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    git-2.1.3-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    git-2.1.3-1.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
    git-2.1.3-1.ppc has missing requires of libssl.a(libssl.so.1.0.1)
    krb5-libs-1.9.4-1.ppc has missing requires of db4 >= ('0', '4.7.25', '2')
    libssh2-1.4.3-2.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    libssh2-1.4.3-2.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
    openldap-2.4.23-0.3.ppc has missing requires of openssl >= ('0', '0.9.8', None)
    Error: check all
     

    ...which suggests that things like git can't find libcrypto saying this:

    bash-4.2# git
    exec(): 0509-036 Cannot load program git because of the following errors:
            0509-150   Dependent module /usr/lib/libcrypto.a(libcrypto.so.1.0.1) could not be loaded.
            0509-152   Member libcrypto.so.1.0.1 is not found in archive
     


     

     

  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T18:24:48Z  
    • mmetts
    • ‏2017-03-27T18:23:01Z

    ok.  i have forcibly removed the openssl RPM package.  and then installed the installp package openssl-1.0.2.1000 over what had been there prior.  currently i get

     

    bash-4.2# lslpp -l | grep open
      CentrifyDC.openssh     7.1.530.208  COMMITTED  OpenSSH dynamically linked
      openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
      openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
      openssh.license         6.0.0.6201  COMMITTED  Open Secure Shell License
      openssh.man.en_US       6.0.0.6201  COMMITTED  Open Secure Shell
      openssh.msg.en_US       6.0.0.6201  COMMITTED  Open Secure Shell Messages -
      openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer
      openssl.license         1.0.2.1000  COMMITTED  Open Secure Socket License
      openssl.man.en_US       1.0.2.1000  COMMITTED  Open Secure Socket Layer
      openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
      openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
      openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer

     

    and yum check says

    bash-4.2# yum check
    cups-libs-1.6.4-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    git-2.1.3-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    git-2.1.3-1.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
    git-2.1.3-1.ppc has missing requires of libssl.a(libssl.so.1.0.1)
    krb5-libs-1.9.4-1.ppc has missing requires of db4 >= ('0', '4.7.25', '2')
    libssh2-1.4.3-2.ppc has missing requires of openssl >= ('0', '1.0.1', None)
    libssh2-1.4.3-2.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
    openldap-2.4.23-0.3.ppc has missing requires of openssl >= ('0', '0.9.8', None)
    Error: check all
     

    ...which suggests that things like git can't find libcrypto saying this:

    bash-4.2# git
    exec(): 0509-036 Cannot load program git because of the following errors:
            0509-150   Dependent module /usr/lib/libcrypto.a(libcrypto.so.1.0.1) could not be loaded.
            0509-152   Member libcrypto.so.1.0.1 is not found in archive
     


     

     

    should there be a symbolic link to fake this last bit?  I'm planning on removing all the RPM packages that are complaining right now.  Make sense?

    Updated on 2017-03-27T18:37:31Z at 2017-03-27T18:37:31Z by mmetts
  • mmetts
    mmetts
    15 Posts

    Re: yum for AIX Toolbox

    ‏2017-03-27T18:37:06Z  

    Could you check the /usr/bin/c_rehash and grep for the pattern "FILE: foreach" and what is the complete line for that pattern ?

    I guess by default c_rehash in your case is /usr/bin/c_rehash
    and /usr/bin/c_rehash has this entry
    FILE: foreach $fname (grep {/\.pem$/} @flist) {

    If /usr/bin/c_rehash doesn't have crt, cer related files support then change the line to
    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
    And run the c_rehash command.

    When we install ca-certificate it will copy the /usr/bin/c_rehash to /usr/linux/bin/c_rehash, change the line
    from
    FILE: foreach $fname (grep {/\.pem$/} @flist) {
    to
    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
    And runs /usr/linux/bin/c_rehash /var/ssl/certs

    Wondering whether /usr/linux/bin/c_rehash file has been created and the line "FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)" does exists.

     

    Thanks,

    Sangamesh

    so I've removed the openssl RPM and cleaned up any dangling dependencies.  now what.  do i attempt to rehash the contents of /var/ssl/certs ... I'm not clear on the instructions above