Originally posted by: sanket

yum the rpm package manager is now available for AIX opensource Toolbox.
It allows automatic package installation, updates and dependency management.

For installing yum on AIX
-------------------------

1. Install the rpm.rte with "minimum version" of 4.9.1.3 or greater from https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/
     
2. Download and install the rpms from yum_bundle_v1.tar from https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/
   This bundle contains yum and all of it's dependency rpms.

Please go through README-yum from following location for detailed description and known issues of yum on AIX.

https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/README-yum

Originally posted by: Sylvain DELABARRE

Hello,

It seems to be working great, thanks. We would like to implement a local repository for AIX rpms. I do not find any
yum-config-manager command to add repositories. Are we limited to manual configuration by editing conf files
only ?

Regards, Sylvain.

Originally posted by: sanket

Thanks Sylvain.

As of now yum-config-manager / yum-utils are not provided by AIX open source toolbox.

So you will have to manually edit the conf file.

Thanks

Sanket

Originally posted by: il15012

I just installed the yum bundle on an AIX 6.1 system. Does the bundle supply man pages for yum? If not, where can they be found?

Originally posted by: il15012

Actually it does provide man pages. I had to add /opt/freeware/share/man to the MANPATH environment variable and they appeared.

Originally posted by: mmetts

Hi.  I am having an issue with installing YUM on one of our AIX 7.1 machines.  After a bit of surgery on the existing RPM packages, I was able to get YUM installed but when I say something like `yum search git` I get an ssl error that looks like this:

```

bash-4.2# yum search git
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again
```

I'm uncertain what's going on but could it be that GeoTrust self-signed one of their certs?  This particular AIX machine very likely had not certs on it at all before I installed YUM today so it seems like the error came with the certs that were installed.  Please help me out if anyone has ideas.  (Below is one more diagnostic)  Thanks, Mike

bash-4.2# openssl s_client -showcerts -connect public.dhe.ibm.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIQJDkVSCC7FI0F4uk3ZskdGzANBgkqhkiG9w0BAQsFADBE
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTYxMTMwMDAwMDAwWhcNMTgwMTI5MjM1
OTU5WjCBhDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMQ8wDQYDVQQH
DAZBcm1vbmsxNDAyBgNVBAoMK0lOVEVSTkFUSU9OQUwgQlVTSU5FU1MgTUFDSElO
RVMgQ09SUE9SQVRJT04xGzAZBgNVBAMMEnB1YmxpYy5kaGUuaWJtLmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANgdzl0QKuf4k6Vq/dJL6xr2Ctpq
NvPOMiSOOcmotdZH5V7uUy7kA6FAPAWHxh81j764Dw/vUtW66DHCYV5HdqZfaZBA
KilHFc2y4zM6Prcj24xCo8BPNPFyWJLZBtUzuxKdga3WxYqUhq1jOLdTAOb87GU/
tluOsgVsuwEiae1ecSb6Yprvok52kuuTWqB4keUIevsOF7YAUqrejXHa0Qa5NBRV
Ws9CVm0iVQdP68mlNM1+fMWsYQ09Sid5Qx8pDwrxp6EmOckHlJMlmE3+leDWk4Hr
C8T/QOEW4iCjQfHfdx+3tRBgsGzzIQlMI7/IR/VqqIXixrg9t7Eozvg+oTUCAwEA
AaOCAq0wggKpMB0GA1UdEQQWMBSCEnB1YmxpYy5kaGUuaWJtLmNvbTAJBgNVHRME
AjAAMA4GA1UdDwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ24u
c3ltY2IuY29tL2duLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYI
KwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVw
b3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVz
dC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFNJv95b0hT9yPDB9I9qFeJujfFp8
MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2duLnN5bWNkLmNv
bTAmBggrBgEFBQcwAoYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcnQwggEFBgor
BgEEAdZ5AgQCBIH2BIHzAPEAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTN
tuy+zAAAAVi2zgc3AAAEAwBIMEYCIQCBnkSbxd+D4gnkIsoqKLmV/8+OF0iOI0PM
10Hau5ixOwIhALGNXSLkdzCl6iHTIEy1LYjctzKVHYxzkHoXB9NJepdGAHYA7ku9
t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFYts4JOAAABAMARzBFAiAf
kEIjCbZasL4fJ3UyIpqXpdJL1JEDMXxGWAOAzacbogIhAOHxdivyCzMaHUwqiLAY
AFLI3eW/iWh3Ul3Jpev8FbgCMA0GCSqGSIb3DQEBCwUAA4IBAQCa+Rqn2sQzApku
yimhra7IFdghasI5QZUfZNHKU/GWM+W03qWy6lRm3BbkfHxafIX3q5Mw1FdcreyC
5Vqjyv2WOcfXnMs3iocpbHFz1acqorJSKVY/w8TjEEymkL3MDqsk5tD4dEugdJi0
Aa+qeDRd2fd9lKJU78wRAy6q9N+hSyhY0wW+UkYxGWnmdMKfYZwZxx6GBlK0p0re
2CYvjohoIW1jbV8A5fb14PczVe8oYmu9TJ8+4wYAPn4qKv+k3qpPumNizBoL9cH9
j1IWr4J80lHsrhYCbOOhkkhLSye6jKDmcgu/KwKy4crkOj14D97vVO1q7V3Lep7u
414fpU2i
-----END CERTIFICATE-----
 1 s:/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-----BEGIN CERTIFICATE-----
MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
zNSS
-----END CERTIFICATE-----
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=New York/L=Armonk/O=INTERNATIONAL BUSINESS MACHINES CORPORATION/CN=public.dhe.ibm.com
issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3686 bytes and written 647 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA
    Session-ID: 2682D01B41A193B52BEAC75A1A67CB167D9B63E9930B80CF9EBDD047EA9365DD
    Session-ID-ctx:
    Master-Key: B6916DABD4019754DEEB3FCB5CD1F3DDDD21526B9E3844A46918BDC09B6EF078C36708A622F649EFF370ED9E759E6EA7
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1490398754
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

HTTP/1.1 400 Bad Request
Date: Fri, 24 Mar 2017 23:39:01 GMT
Content-Length: 321
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>IBM_HTTP_Server/8.5.5.11-PI73984 (Unix) at public.dhe.ibm.com Port 443</address>
</body></html>
read:errno=0
bash-4.2#

Originally posted by: mmetts

So, just to add:  is there a good way to fix this?  Also, if there's a more appropriate place for me to ask this, by all means, please let me know.  Thanks.

Originally posted by: AyappanP

Hi,

Did the ca-certificates rpm installed properly in the machines ?

Share the output of the below command ?

ls -l /var/ssl/certs/ | grep Geo

Thanks

Ayappan P

Originally posted by: mmetts

here are the results of the command (below).  the files are in place.  but we also wonder if there aren't other fundamental things one should to to get openssl (and YUM) setup on a system such as this.

i want to also note that we see at least 2 versions of openssl installed:  1.0.1i-1 via RPM and 1.0.2.800 via installp (tried to list these but it trips the spam filter for some reason).  please advise if you think this might be contributing to our difficulties. 

would really like to get this working.  Thanks.

-bash-4.2$ ls -l /var/ssl/certs | grep Geo
-rw-r--r--    1 root     system         1555 Mar 24 15:15 GeoTrustSSLCA-G3.crt
lrwxrwxrwx    1 root     system           50 Mar 24 14:17 GeoTrust_Global_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA.crt
lrwxrwxrwx    1 root     system           52 Mar 24 14:17 GeoTrust_Global_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Global_CA_2.crt
lrwxrwxrwx    1 root     system           72 Mar 24 14:17 GeoTrust_Primary_Certification_Authority.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.crt
lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.crt
lrwxrwxrwx    1 root     system           77 Mar 24 14:17 GeoTrust_Primary_Certification_Authority_-_G3.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.crt
lrwxrwxrwx    1 root     system           53 Mar 24 14:17 GeoTrust_Universal_CA.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA.crt
lrwxrwxrwx    1 root     system           55 Mar 24 14:17 GeoTrust_Universal_CA_2.crt -> /opt/freeware/etc/ssl/certs/GeoTrust_Universal_CA_2.crt

Originally posted by: sangameshm

Looks like hashes for certificate files mayn't have been created.

Do you see the files name something *.0 in /var/ssl/certs and whether a file name /usr/linux/bin/c_rehash is being present ?

If no hash files are present then try running "c_rehash /var/ssl/certs" and see if it creates *.0 files under /var/ssl/certs.

Thanks,

Sangamesh

Originally posted by: mmetts

the command ran but does not appear to have created any files in /var/ssl/certs or in /opt/freeware/etc/ssl/certs  ...sit have the problem.

Originally posted by: sangameshm

Could you check the /usr/bin/c_rehash and grep for the pattern "FILE: foreach" and what is the complete line for that pattern ?

I guess by default c_rehash in your case is /usr/bin/c_rehash
and /usr/bin/c_rehash has this entry
FILE: foreach $fname (grep {/\.pem$/} @flist) {

If /usr/bin/c_rehash doesn't have crt, cer related files support then change the line to
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
And run the c_rehash command.

When we install ca-certificate it will copy the /usr/bin/c_rehash to /usr/linux/bin/c_rehash, change the line
from
FILE: foreach $fname (grep {/\.pem$/} @flist) {
to
FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)
And runs /usr/linux/bin/c_rehash /var/ssl/certs

Wondering whether /usr/linux/bin/c_rehash file has been created and the line "FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist)" does exists.

Thanks,

Sangamesh

Originally posted by: mmetts

so I've removed the openssl RPM and cleaned up any dangling dependencies.  now what.  do i attempt to rehash the contents of /var/ssl/certs ... I'm not clear on the instructions above

Originally posted by: AyappanP

Okay so you have openssl installed via rpm also. That is not recommended. We won't provide rpms for openssl through AIX Toolbox. 

It's better we can remove the rpm and use only the one via installp. Removing the rpm may erase some files coming from installp openssl.

So you have to make sure it doesn't mess up things. (Reinstalling the openssl fileset will bring back to original state).

Originally posted by: mmetts

where do i get a copy of the correct openssl fileset to have handy in case i mess something up while removing the RPM versions?

Originally posted by: AyappanP

https://w3-01.ibm.com/marketing/automation/iwm/preview/web/reg/pick.do?source=aixbp&lang=en_US

You can get it from the above link.

Originally posted by: mmetts

this link doesn't work for me.  is it just something on fix central?  I just want to make sure I don't screw anything up worse.  also should do an `installp -u` followed by  `installp -aXYgd $PWD all` or should I do something like `installp -F -aXYd $PWD all` ?

should I make these changes before attempting any of the other steps discussed here?

Originally posted by: AyappanP

That is not fix central. If you have IBM Id you can log into that and download OpenSSL. 

Use the -F option in installp.

Originally posted by: mmetts

okay but i can't get that URL to work.  it says it's unreachable.

Originally posted by: AyappanP

Search for AIX web download pack programs. You will get the link.

Originally posted by: mmetts

found it.  i'll get 1.0.2.1000 ... should it get it with FIPS 2.0.13?  seems like there's an optional version.

Originally posted by: mmetts

also, it has the rpm of openldap installed, shall i remove that too?  are their other ill-advised RPMs i should also remove while I'm at it?  list below...

bash-4.2# rpm -qa
a2ps-4.13-2.ppc
autoconf-2.63-1.noarch
bash-4.2-3.ppc
bzip2-devel-1.0.6-1.ppc
coreutils-8.23-1.ppc
cups-1.6.4-1.ppc
expat-2.0.1-3.ppc
fontconfig-2.10.2-1.ppc
gdbm-1.10-1.ppc
git-2.1.3-1.ppc
gmp-6.0.0a-1.ppc
info-4.13a-2.ppc
jbigkit-libs-2.0-2.ppc
krb5-libs-1.9.4-1.ppc
libXrender-0.9.8-1.ppc
libcroco-0.6.5-1.ppc
libffi-3.1-1.ppc
libiconv-1.14-2.ppc
libpaper-1.1.24-1.ppc
libstdc++-4.8.3-1.ppc
libtiff-4.0.3-1.ppc
libxcb-1.7-1.ppc
libyaml-0.1.6-1.ppc
lzo-2.06-1.ppc
openldap-2.4.23-0.3.ppc
openssl-1.0.1i-1.ppc
perl-5.8.8-2.ppc
pkg-config-0.19-6.ppc
pspell-0.12.2-2.ppc
readline-6.3-5.ppc
tcl-8.4.7-3.ppc
wget-1.9.1-3.ppc
xz-devel-5.2.2-1.ppc
xz-lzma-compat-5.2.2-1.ppc
AIX-rpm-7.1.4.30-3.ppc
gettext-0.19.7-1.ppc
yum-metadata-parser-1.1.4-2.ppc
python-2.7.10-1.ppc
python-iniparse-0.4-1.noarch
curl-7.52.1-1.ppc
python-urlgrabber-3.10.1-1.noarch
python-devel-2.7.10-1.ppc
automake-1.11-1.noarch
bzip2-1.0.6-1.ppc
cups-libs-1.6.4-1.ppc
expect-5.42.1-3.ppc
freetype2-2.5.3-1.ppc
gmp-devel-6.0.0a-1.ppc
gzip-1.6-2.ppc
jasper-1.900.1-2.ppc
krb5-devel-1.9.4-1.ppc
less-382-1.ppc
libart_lgpl-2.3.21-1.ppc
libdatrie-0.2.4-1.ppc
libgcc-4.8.3-1.ppc
libjpeg-9a-1.ppc
libpng-1.6.12-1.ppc
libssh2-1.4.3-2.ppc
libthai-0.1.18-1.ppc
libtool-1.5.8-2.ppc
libxml2-2.9.1-1.ppc
logrotate-3.8.2-1.ppc
m4-1.4.13-1.ppc
openldap-devel-2.4.23-0.3.ppc
pixman-0.28.2-1.ppc
popt-1.16-1.ppc
rsync-3.0.6-1.ppc
tar-1.22-1.ppc
tk-8.4.7-3.ppc
xz-5.2.2-1.ppc
xz-libs-5.2.2-1.ppc
zlib-1.2.8-1.ppc
sqlite-3.15.2-1.ppc
glib2-2.14.6-2.ppc
db-4.8.24-3.ppc
pysqlite-1.1.7-2.ppc
ca-certificates-2016.10.7-1.ppc
python-pycurl-7.19.3-1.ppc
yum-3.4.3-4.noarch
python-tools-2.7.10-1.ppc
 

Originally posted by: mmetts

btw, almost all of these pre-date the install of YUM.  i am practicing on this LPAR because we have a very important LPAR on which a lot of shell programming takes place and we're really desperate to get YUM to work there and switch to a pure IBM feed of freeware.  the steps I'm taking here (and more) will almost certainly have to be repeated on the next LPAR so I'm trying to get this right with less risk before attempting it on the next LPAR.

Originally posted by: mmetts

ok.  i have forcibly removed the openssl RPM package.  and then installed the installp package openssl-1.0.2.1000 over what had been there prior.  currently i get

bash-4.2# lslpp -l | grep open
  CentrifyDC.openssh     7.1.530.208  COMMITTED  OpenSSH dynamically linked
  openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
  openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
  openssh.license         6.0.0.6201  COMMITTED  Open Secure Shell License
  openssh.man.en_US       6.0.0.6201  COMMITTED  Open Secure Shell
  openssh.msg.en_US       6.0.0.6201  COMMITTED  Open Secure Shell Messages -
  openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer
  openssl.license         1.0.2.1000  COMMITTED  Open Secure Socket License
  openssl.man.en_US       1.0.2.1000  COMMITTED  Open Secure Socket Layer
  openssh.base.client     6.0.0.6201  COMMITTED  Open Secure Shell Commands
  openssh.base.server     6.0.0.6201  COMMITTED  Open Secure Shell Server
  openssl.base            1.0.2.1000  COMMITTED  Open Secure Socket Layer

and yum check says

bash-4.2# yum check
cups-libs-1.6.4-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
git-2.1.3-1.ppc has missing requires of openssl >= ('0', '1.0.1', None)
git-2.1.3-1.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
git-2.1.3-1.ppc has missing requires of libssl.a(libssl.so.1.0.1)
krb5-libs-1.9.4-1.ppc has missing requires of db4 >= ('0', '4.7.25', '2')
libssh2-1.4.3-2.ppc has missing requires of openssl >= ('0', '1.0.1', None)
libssh2-1.4.3-2.ppc has missing requires of libcrypto.a(libcrypto.so.1.0.1)
openldap-2.4.23-0.3.ppc has missing requires of openssl >= ('0', '0.9.8', None)
Error: check all
 

...which suggests that things like git can't find libcrypto saying this:

bash-4.2# git
exec(): 0509-036 Cannot load program git because of the following errors:
        0509-150   Dependent module /usr/lib/libcrypto.a(libcrypto.so.1.0.1) could not be loaded.
        0509-152   Member libcrypto.so.1.0.1 is not found in archive
 

Originally posted by: mmetts

should there be a symbolic link to fake this last bit?  I'm planning on removing all the RPM packages that are complaining right now.  Make sense?

Originally posted by: mmetts

ok.  I've reach the end for today on this.  i still get this error:

bash-4.2# yum search git
anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml: [Errno 14] curl#60 - "SSL certificate problem: self signed certificate in certificate chain"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: AIX_Toolbox. Please verify its path and try again

i have removed the non-AIX version of openssl and otherwise cleaned up the install freeware to the point where `yum check` comes back clean.  in addition, I've played with c_rehash but it actually appear to not do anything no matter which directory i point it at.  unclear what to do now.  there doesn't seem to be a lot to grab onto out on the web so i think I'm kind of stuck.  I'm considering calling in a ticket with IBM.  please let me know what you think.  thanks.
 

Originally posted by: mmetts

Hey guys.  I'm serious about getting YUM working.  Is there some way I/we can make this move faster?  Will normal support route work?

Originally posted by: sangameshm

Can you please send us the mail directly to smallayy@in.ibm.com & ayappap2@in.ibm.com

Originally posted by: njeffrey

You can work around this SSL-related error by telling yum to use plain HTTP instead of HTTPS.

Edit the /opt/freeware/etc/yum/yum.conf file, and replace the instances of "https" with "http"

Originally posted by: FTetart

Edit the /opt/freeware/etc/yum/yum.conf file, and replace the instances of "https" with "http"

 Hello,

It worked for me.

Thanks a lot.