Welcome to the difficulty of running two package managers. Conflicts
between packages blindly overwrite each other as both package managers
assert their ownership.
IMHO the toolkit RPMs should only maintain files in /opt/freeware,
period. FreeBSD has the right idea where the core OS is /usr, and
packages are installed in a separate location (ie: /usr/local). I'm
glad to see that the Toolkit is trying to follow a similar design by
writing only to /opt/freeware.
While I appreciate the work the maintainers put into the toolkit which
keeps OSS software functional on AIX, I no longer use it. I also
recommend my customers not use it.
I'm sure that's an unpopular opinion, but it's supported by my
experience. The massive dependency hell, symlink issues, internet
access requirements, and upstream untrusted code sourcing all
contribute to my position that the Toolkit has no place in a
production AIX environment.
Sudo is the most popular request, and you can download a single
standalone RPM from
https://www.sudo.ws/getting/download/ . It's still
unsupported by IBM, and you're managing access to the root account
with it. At least it's a single file.
Regarding PATH, have you tried updating /etc/environment instead of
just shell profiles?
On Fri, Jan 27, 2023 at 03:02:30PM +0000, Maarten Van der Auwera via IBM Community wrote:
> Hello Sanket,
>
> In our company we have also struggled with this decision. The
> "solution" you suggest (to edit $PATH) also didn't properly solve
> all issues. For example, when executing scripts as root with HP
> Server Automation from Microfocus, the $PATH of the root user isn't
> loaded and scripts fail to run. It isn't documented anywhere where
> HP Server Automation gets its $PATH from and I also wasn't able to
> find it). Cron jobs also have a similar problem.
>
> As our AIX servers are mostly running legacy software, for which
> often the person knowing it might not even be alive or working for
> us anymore, it is not realistic to demand all code to be updated for
> this "new policy".
>
> Thus the only solution I see, is to recreate the symlinks after
> updating AIX Toolbox has removed them...
>
> The annoying thing is that I wasn't able to find a comprehensive
> list of which links are being removed by updating AIX Toolbox. I had
> to list /usr/s?bin before updating AIX Toolbox and once again after,
> and then run a diff to find out which link are removed. Some
> packages (like wget) explicitly say that the link will be removed,
> but most other packages just remove the link without saying
> anything. Can you please properly document this in the future (and
> retroactively also the past), so that I don't have to resort to
> user-error-sensitive methods like diff... Thanks!
>
> Next I was also wondering if the so called conflicts with AIX OS
> packages are preventable by not creating the symlink if the link
> file already exists? Would you consider it "ok" to run the following
> code in our environment for recreating the links? (keeping in mind
> that these are legacy AIX 7.1 and 7.2 environments that won't get
> many changes anymore, like new packages. Only security updates)
>
> #!/bin/bash
>
> declare -a LINKS_TO_CREATE=( \
> "/usr/bin/db_archive ../../opt/freeware/bin/db_archive" \
> "/usr/bin/db_checkpoint ../../opt/freeware/bin/db_checkpoint" \
> "/usr/bin/db_deadlock ../../opt/freeware/bin/db_deadlock" \
> "/usr/bin/db_dump ../../opt/freeware/bin/db_dump" \
> "/usr/bin/db_hotbackup ../../opt/freeware/bin/db_hotbackup" \
> "/usr/bin/db_load ../../opt/freeware/bin/db_load" \
> "/usr/bin/db_printlog ../../opt/freeware/bin/db_printlog" \
> "/usr/bin/db_recover ../../opt/freeware/bin/db_recover" \
> "/usr/bin/db_stat ../../opt/freeware/bin/db_stat" \
> "/usr/bin/db_upgrade ../../opt/freeware/bin/db_upgrade" \
> "/usr/bin/db_verify ../../opt/freeware/bin/db_verify" \
> "/usr/bin/envsubst ../../opt/freeware/bin/envsubst" \
> "/usr/bin/gettext ../../opt/freeware/bin/gettext" \
> "/usr/bin/gettext.sh ../../opt/freeware/bin/gettext.sh" \
> "/usr/bin/msgattrib ../../opt/freeware/bin/msgattrib" \
> "/usr/bin/msgcat ../../opt/freeware/bin/msgcat" \
> "/usr/bin/msgcmp ../../opt/freeware/bin/msgcmp" \
> "/usr/bin/msgcomm ../../opt/freeware/bin/msgcomm" \
> "/usr/bin/msgconv ../../opt/freeware/bin/msgconv" \
> "/usr/bin/msgen ../../opt/freeware/bin/msgen" \
> "/usr/bin/msgexec ../../opt/freeware/bin/msgexec" \
> "/usr/bin/msgfilter ../../opt/freeware/bin/msgfilter" \
> "/usr/bin/msgfmt ../../opt/freeware/bin/msgfmt" \
> "/usr/bin/msggrep ../../opt/freeware/bin/msggrep" \
> "/usr/bin/msginit ../../opt/freeware/bin/msginit" \
> "/usr/bin/msgmerge ../../opt/freeware/bin/msgmerge" \
> "/usr/bin/msgunfmt ../../opt/freeware/bin/msgunfmt" \
> "/usr/bin/msguniq ../../opt/freeware/bin/msguniq" \
> "/usr/bin/ngettext ../../opt/freeware/bin/ngettext" \
> "/usr/bin/recode-sr-latin ../../opt/freeware/bin/recode-sr-latin" \
> "/usr/bin/xgettext ../../opt/freeware/bin/xgettext" \
> "/usr/bin/curl ../../opt/freeware/bin/curl" \
> "/usr/bin/sqlite3 ../../opt/freeware/bin/sqlite3" \
> "/usr/bin/rsync ../../opt/freeware/bin/rsync" \
> "/usr/bin/wget ../../opt/freeware/bin/wget" \
> "/usr/bin/xmlwf ../../opt/freeware/bin/xmlwf" \
> "/usr/bin/git ../../opt/freeware/bin/git" \
> "/usr/sbin/lsof ../../opt/freeware/sbin/lsof" \
> )
>
> for LINK_TO_CREATE in "${LINKS_TO_CREATE[@]}"; do
> LINK_FILE="$(echo ${LINK_TO_CREATE} | awk '{print $1}')"
> LINK_TARGET="$(echo ${LINK_TO_CREATE} | awk '{print $2}')"
>
> if [[ -e "${LINK_FILE}" ]]; then
> echo "Link file path ${LINK_FILE} is not available (details on the line below)! Not creating the link..."
> ls -la "${LINK_FILE}"
> echo
> else
> if [[ -e "$(dirname "${LINK_FILE}")/${LINK_TARGET}" ]]; then
> ln -s "${LINK_TARGET}" "${LINK_FILE}"
> else
> echo "Link target $(dirname "${LINK_FILE}")/${LINK_TARGET} does not exist! Not creating the link..."
> echo
> fi
> fi
> done
>
> Thanks for your hard work!
>
>
>
>
> ------------------------------
> Maarten Van der Auwera
> ------------------------------
> -------------------------------------------
> Original Message:
> Sent: Thu September 17, 2020 08:53 AM
> From: SANKET RATHI
> Subject: Removal of symlink/files from /usr for AIX Toolbox packages
>
>
>
> Over the years we have seen some issues where packages from AIX
> toolbox and base AIX have conflict.
>
> This happens because some of the open source rpm packages creates
> symlinks in /usr or install in /usr, sometime this causes
> overwriting of base AIX symlinks.
>
> For example some libraries and utilities are provided by both base
> AIX and open source rpm packages and when rpm packages get installed
> they overwrite base AIX provided files/links.
>
> We have fixed these issues over the time but we do not want this to
> ever happen again.
>
> Also we want to have AIX toolbox/open source environment separate
> from base AIX.
>
> Hence AIX toolbox packages are not going to provide binaries,
> libraries and include files in /usr.
>
> Going forward with each packages update from AIX toolbox it will be
> verified that package should not provide any files/symblinks in
> /usr.
>
> This will make sure we do not overwrite anything on base AIX and
> create a totally separate environment in /opt/freeware for open
> source packages that does not conflict with base AIX.
>
> Please make sure if you use /usr path for any of the binaries,
> libraries or include files from AIX toolbox then change it to
> /opt/freeware.
>
> You can always add /opt/freeware/bin and /opt/freeware/sbin path in
> your PATH environment variable.
>
> Thanks
>
>
> ------------------------------
> SANKET RATHI
> ------------------------------
>
>
> Reply to Sender :
https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6211&MID=353798&SenderKey=ec5c515a-1ff7-44b0-a989-07ce0f729269>
> Reply to Discussion :
https://community.ibm.com/community/user/eGroups/PostReply?GroupId=6211&MID=353798>
>
>
> You are subscribed to "AIX Open Source" as
Russell.Adams@AdamsSystems.nl. To change your subscriptions, go to
http://community.ibm.com/community/user/preferences?section=Subscriptions. To unsubscribe from this community discussion, go to
http://community.ibm.com/HigherLogic/eGroups/Unsubscribe.aspx?UserKey=c23dfccc-9910-40ae-beeb-fdcbced5bf1f&sKey=KeyRemoved&GroupKey=af5415f8-d8d8-4ac4-b3cb-08a8da184054.------------------------------------------------------------------
Russell Adams
Russell.Adams@AdamsSystems.nlPrincipal Consultant Adams Systems Consultancy
https://adamssystems.nl/
Original Message:
Sent: 1/27/2023 8:19:00 AM
From: Maarten Van der Auwera
Subject: RE: Removal of symlink/files from /usr for AIX Toolbox packages
Hello Sanket,
In our company we have also struggled with this decision. The "solution" you suggest (to edit $PATH) also didn't properly solve all issues. For example, when executing scripts as root with HP Server Automation from Microfocus, the $PATH of the root user isn't loaded and scripts fail to run. It isn't documented anywhere where HP Server Automation gets its $PATH from and I also wasn't able to find it). Cron jobs also have a similar problem.
As our AIX servers are mostly running legacy software, for which often the person knowing it might not even be alive or working for us anymore, it is not realistic to demand all code to be updated for this "new policy".
Thus the only solution I see, is to recreate the symlinks after updating AIX Toolbox has removed them...
The annoying thing is that I wasn't able to find a comprehensive list of which links are being removed by updating AIX Toolbox. I had to list /usr/s?bin before updating AIX Toolbox and once again after, and then run a diff to find out which link are removed. Some packages (like wget) explicitly say that the link will be removed, but most other packages just remove the link without saying anything.
Can you please properly document this in the future (and retroactively also the past), so that I don't have to resort to user-error-sensitive methods like diff... Thanks!
Next I was also wondering if the so called conflicts with AIX OS packages are preventable by not creating the symlink if the link file already exists? Would you consider it "ok" to run the following code in our environment for recreating the links? (keeping in mind that these are legacy AIX 7.1 and 7.2 environments that won't get many changes anymore, like new packages. Only security updates)
#!/bin/bash
declare -a LINKS_TO_CREATE=( \
"/usr/bin/db_archive ../../opt/freeware/bin/db_archive" \
"/usr/bin/db_checkpoint ../../opt/freeware/bin/db_checkpoint" \
"/usr/bin/db_deadlock ../../opt/freeware/bin/db_deadlock" \
"/usr/bin/db_dump ../../opt/freeware/bin/db_dump" \
"/usr/bin/db_hotbackup ../../opt/freeware/bin/db_hotbackup" \
"/usr/bin/db_load ../../opt/freeware/bin/db_load" \
"/usr/bin/db_printlog ../../opt/freeware/bin/db_printlog" \
"/usr/bin/db_recover ../../opt/freeware/bin/db_recover" \
"/usr/bin/db_stat ../../opt/freeware/bin/db_stat" \
"/usr/bin/db_upgrade ../../opt/freeware/bin/db_upgrade" \
"/usr/bin/db_verify ../../opt/freeware/bin/db_verify" \
"/usr/bin/envsubst ../../opt/freeware/bin/envsubst" \
"/usr/bin/gettext ../../opt/freeware/bin/gettext" \
"/usr/bin/gettext.sh ../../opt/freeware/bin/gettext.sh" \
"/usr/bin/msgattrib ../../opt/freeware/bin/msgattrib" \
"/usr/bin/msgcat ../../opt/freeware/bin/msgcat" \
"/usr/bin/msgcmp ../../opt/freeware/bin/msgcmp" \
"/usr/bin/msgcomm ../../opt/freeware/bin/msgcomm" \
"/usr/bin/msgconv ../../opt/freeware/bin/msgconv" \
"/usr/bin/msgen ../../opt/freeware/bin/msgen" \
"/usr/bin/msgexec ../../opt/freeware/bin/msgexec" \
"/usr/bin/msgfilter ../../opt/freeware/bin/msgfilter" \
"/usr/bin/msgfmt ../../opt/freeware/bin/msgfmt" \
"/usr/bin/msggrep ../../opt/freeware/bin/msggrep" \
"/usr/bin/msginit ../../opt/freeware/bin/msginit" \
"/usr/bin/msgmerge ../../opt/freeware/bin/msgmerge" \
"/usr/bin/msgunfmt ../../opt/freeware/bin/msgunfmt" \
"/usr/bin/msguniq ../../opt/freeware/bin/msguniq" \
"/usr/bin/ngettext ../../opt/freeware/bin/ngettext" \
"/usr/bin/recode-sr-latin ../../opt/freeware/bin/recode-sr-latin" \
"/usr/bin/xgettext ../../opt/freeware/bin/xgettext" \
"/usr/bin/curl ../../opt/freeware/bin/curl" \
"/usr/bin/sqlite3 ../../opt/freeware/bin/sqlite3" \
"/usr/bin/rsync ../../opt/freeware/bin/rsync" \
"/usr/bin/wget ../../opt/freeware/bin/wget" \
"/usr/bin/xmlwf ../../opt/freeware/bin/xmlwf" \
"/usr/bin/git ../../opt/freeware/bin/git" \
"/usr/sbin/lsof ../../opt/freeware/sbin/lsof" \
)
for LINK_TO_CREATE in "${LINKS_TO_CREATE[@]}"; do
LINK_FILE="$(echo ${LINK_TO_CREATE} | awk '{print $1}')"
LINK_TARGET="$(echo ${LINK_TO_CREATE} | awk '{print $2}')"
if [[ -e "${LINK_FILE}" ]]; then
echo "Link file path ${LINK_FILE} is not available (details on the line below)! Not creating the link..."
ls -la "${LINK_FILE}"
echo
else
if [[ -e "$(dirname "${LINK_FILE}")/${LINK_TARGET}" ]]; then
ln -s "${LINK_TARGET}" "${LINK_FILE}"
else
echo "Link target $(dirname "${LINK_FILE}")/${LINK_TARGET} does not exist! Not creating the link..."
echo
fi
fi
done
Thanks for your hard work!
------------------------------
Maarten Van der Auwera
------------------------------
Original Message:
Sent: Thu September 17, 2020 08:53 AM
From: SANKET RATHI
Subject: Removal of symlink/files from /usr for AIX Toolbox packages
Over the years we have seen some issues where packages from AIX toolbox and base AIX have conflict.
This happens because some of the open source rpm packages creates symlinks in /usr or install in /usr, sometime this causes overwriting of base AIX symlinks.
For example some libraries and utilities are provided by both base AIX and open source rpm packages and when rpm packages get installed they overwrite base AIX provided files/links.
We have fixed these issues over the time but we do not want this to ever happen again.
Also we want to have AIX toolbox/open source environment separate from base AIX.
Hence AIX toolbox packages are not going to provide binaries, libraries and include files in /usr.
Going forward with each packages update from AIX toolbox it will be verified that package should not provide any files/symblinks in /usr.
This will make sure we do not overwrite anything on base AIX and create a totally separate environment in /opt/freeware for open source packages that does not conflict with base AIX.
Please make sure if you use /usr path for any of the binaries, libraries or include files from AIX toolbox then change it to /opt/freeware.
You can always add /opt/freeware/bin and /opt/freeware/sbin path in your PATH environment variable.
Thanks
------------------------------
SANKET RATHI
------------------------------