Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

Regarding Clamav and Cryptography updates.

  • 1.  Regarding Clamav and Cryptography updates.

    Posted Thu August 29, 2024 08:09 AM
    Edited by Aditya Kamath Thu September 05, 2024 12:58 PM

    Hi all,

    Packages like Python3-cryptography (43.0.0) and Clamav (1.0.6), in their recent versions, have code written in Rust apart from C/C++. We will be uploading these new versions in AIX Toolbox soon. In AIX, Rust compiled binaries has runtime dependency on libunwind library.

    If one encounters the issue  "requires libunwind.a(libunwind.so.1)" while installing the rpms , one needs to install libunwind.rte and run the updtvpkg command.

    And then try to install these RPMs. Users can get the runtime libraries from the below URL: https://www.ibm.com/support/pages/fix-list-xl-cc-runtime-aix The latest version at the time of writing is IBM_OPEN_XL_CPP_RUNTIME_17.1.1.8_AIX.tar.Z Users can extract the above tar file and need only libc++.rte, libc++abi.rte and libunwind.rte filesets to be installed.

    Also, the minimum Os level requirement for the same will be 7.2.



    ------------------------------
    Aditya Kamath
    ------------------------------


    #AIXOpenSource


  • 2.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 01:02 AM

    Update: Cryptography - 43.0.0 and Clamav - 1.0.6 are available in the AIX toolbox for updates.



    ------------------------------
    Aditya Kamath
    ------------------------------



  • 3.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 04:27 AM

    i can not find the SPEC file or the source rpm for the new python cryptography package on your servers...where are they located?



    ------------------------------
    I regret starting this entire conversation
    ------------------------------

    Original Message


  • 4.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 04:55 AM

    https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/python3-cryptography/python3.9-cryptography-43.0.0-1.src.rpm



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 5.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 05:06 AM

    thank you...are there any plans to upload prebuild wheels to pypi, especially maturin and its dependencies?  i'am asking because i had major problems with isolated venvs which require rust dependent stuff.



    ------------------------------
    I regret starting this entire conversation
    ------------------------------

    Original Message


  • 6.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 05:15 AM

    There are no plans as of now to upload prebuilt wheels to pypi site. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 7.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 02, 2024 06:22 AM

    As Ayappan mentioned, no plans to upload, but Maturin is also available on the AIX toolbox.



    ------------------------------
    Aditya Kamath
    ------------------------------

    Original Message


  • 8.  RE: Regarding Clamav and Cryptography updates.

    Posted Wed September 04, 2024 01:13 PM

    Dear madam and sir,

    We found the following phenomenon, when we tried to install RPM of ClamAV-1.0.6 on our AIX7.3, and failed in installation.

    We did not receive the message of "requires libunwind.a(libunwind.so.2)", but received "libunwind.a(libunwind.so.1) is needed by
    clamav-1:1.0.6-1.ppc".

    However we got IBM_OPEN_XL_CPP_RUNTIME_17.1.1.8_AIX.tar.Z from;
    https://www.ibm.com/support/pages/fix-list-xl-cc-runtime-aix


    Our AIX7.3 system already has the installed the same version of the file set.

    It shows as followings in the download page 17.1.1.8. ;
    " Note: V17.1.1 Fix Pack 8 _does not_change the C++ Runtime fileset levels. It keeps it at 17.1.1.4. It simply updates the
    libomp.rte fileset as mentioned below.
    Therefore it seems that the version is a latest one which we can get by the following command.

    #  lslpp -l|grep 'C++ Runtime'
      libc++.rte                17.1.1.4  COMMITTED  IBM XL C++ Runtime
    for AIX 7.1
      libc++abi.rte             17.1.1.4  COMMITTED  IBM XL C++ Runtime
    for AIX 7.2
      libunwind.rte             17.1.1.4  COMMITTED  IBM XL C++ Runtime
    for AIX 7.2
      xlC.aix61.rte            16.1.0.10  COMMITTED  IBM XL C++ Runtime
    for AIX 6.1
      xlC.msg.en_US.rte        16.1.0.10  COMMITTED  IBM XL C++ Runtime
      xlC.rte                  16.1.0.10  COMMITTED  IBM XL C++ Runtime
    for AIX
      xlC.sup.aix50.rte          9.0.0.1  COMMITTED  XL C/C++ Runtime for
    AIX 5.2


    And also, we worried the following point such as:
    Shared library in requested ' libunwind.a ' is not "libunwind.so.2", but "libunwind.so.1".

    Our system shows;
    The library installed in libunwind.a is libunwind.so.1. as follows.

    # ar -v -t /usr/lpp/xlC/lib/libunwind.a

    rwxr-xr-x 
    579812/1057214  79191 May 25 06:55 2023 libunwind.so.1
    rw-r--r-- 579812/1057214    975 May 25 06:55 2023 version.cpp.o
    rw-r--r-- 579812/1057214    394 Apr 14 14:27 2023 libunwind.imp



    ------------------------------
    直也 酒井
    ------------------------------



  • 9.  RE: Regarding Clamav and Cryptography updates.

    Posted Thu September 05, 2024 08:09 AM

    Yes, it requires libunwind.so.1. We will the correct post. 
    You need to run "updtvpkg" command (which will update rpm database about this library ) before trying to install the clamav rpms. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 10.  RE: Regarding Clamav and Cryptography updates.

    Posted Thu September 05, 2024 02:43 AM

    did a quick check of the the new cryptography package...seems it needs a relative recent openssl fileset but it let me install without informing me about a incompatible openssl version which leads to this...

    >>> from cryptography.fernet import Fernet
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/freeware/lib64/python3.9/site-packages/cryptography/fernet.py", line 14, in <module>
    from cryptography.exceptions import InvalidSignature
  File "/opt/freeware/lib64/python3.9/site-packages/cryptography/exceptions.py", line 9, in <module>
    from cryptography.hazmat.bindings._rust import exceptions as rust_exceptions
ImportError:    Symbol PEM_read_bio_DSA_PUBKEY (number 1117) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol PEM_read_bio_ECPrivateKey (number 1116) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol PEM_write_bio_ECPrivateKey (number 1115) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol PEM_read_bio_EC_PUBKEY (number 1114) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol PEM_read_bio_DHparams (number 1113) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol HMAC_CTX_new (number 1084) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
        Symbol HMAC_CTX_free (number 1083) is not exported from dependent
          module /usr/lib/libcrypto.a(libcrypto.so.3).
Additional errors occurred but are not reported.
Examine .loader section symbols with the 'dump -Tv' command.

    openssl version was:

    root@aixtest01: /root # lslpp -l | grep openssl
  openssl.base            3.0.7.1000  COMMITTED  Open Secure Socket Layer
  openssl.license         3.0.7.1000  COMMITTED  Open Secure Socket License
  openssl.man.en_US       3.0.7.1000  COMMITTED  Open Secure Socket Layer
  openssl.base            3.0.7.1000  COMMITTED  Open Secure Socket Layer

    with openssl 3.0.10.1001 it worked...

    Python 3.9.19 (main, Apr  5 2024, 05:08:51)
[GCC 10.3.0] on aix
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.fernet import Fernet
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"my deep dark secret")
>>> token
b'gAAAAABm2VEPdbwHP8oeYLYWfCdkePpU0cYNDhEKcV9lwkZqEMFa1qBePYqzZa7mry5sxPGKoPlXkIaXYB89G0r1wSlDn43RnUaN-AxW-LquMA7ASn5DpAM='
>>> f.decrypt(token)
b'my deep dark secret'


    ------------------------------
    I regret starting this entire conversation
    ------------------------------



  • 11.  RE: Regarding Clamav and Cryptography updates.

    Posted Mon September 09, 2024 08:39 AM

    Thank you for reporting this. We'll look into this.



    ------------------------------
    Aditya Kamath
    ------------------------------

    Original Message


Related Content