AIX Open Source

 View Only
  • 1.  Thank You (and HELP!)

    IBM Champion
    Posted Fri September 10, 2021 01:30 PM
    I would like to start by saying "Thank You" for including YUM repo data *in* the Partner World downloadable bundle for the Toolbox. This is an excellent step in the right direction for out-of-the-box usability. Thank you.

    I was excited for another reason: sudo_noldap has made it into the bundle, and that was a package that I had to do special handling for. I can't include code that isn't strictly needed when installing software for this project (the project requires reduced attack surface), so installing OpenLDAP just to get sudo was a non-starter for me. So that is awesome and very helpful.

    Now for the part where you guys are killing me.

    Using the new Toolbox release, I did "yum upgrade" and was confronted with a transaction that I can't run... Because yum depends on curl, and curl now inexplicably depends on openldap, which of course (rightfully) depends on cyrus_sasl, krb5, and many others that weren't there before.

    Please, why does curl suddenly depend on OpenLDAP?

    Liberty,

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649

    This e-mail and files transmitted with it are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you are not one of the named recipient(s) or otherwise have reason to believe that you received this message in error, please immediately notify sender by e-mail, and destroy the original message.


  • 2.  RE: Thank You (and HELP!)

    Posted Mon September 13, 2021 06:08 AM
    Some users were asking for ldap support in curl. So we enabled it and that''s why curl has a dependency on OpenLDAP. 
    From the changelog , I can see we did this in Sep 2018.

    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: Thank You (and HELP!)

    IBM Champion
    Posted Mon September 13, 2021 12:25 PM
    So the curl that is in the yum bundle that I downloaded sometime *after* 10/2020 does not have an OpenLDAP dependency - maybe that one hasn't been updated in a while (or maybe wasn't at the time)?

    That means that all current YUM installations require OpenLDAP... That seems a little heavy.

    It looks like in December of 2020 there was a thread about DNF depending (through curl) on at least Kerberos. Is it possible that dnf can include an embedded version of curl with only the dnf-required features enabled? Or is it possible that curl could be built such that it only tries to load libraries when it uses a feature, so the dependencies would be soft? (I think I remember dlopen being *very* different on AIX vs. Linux so that may be impossible - it's been too many years.)

    I'm working on a project where the amount of installed code needs to be minimized (these systems will eventually be STIG compliant). What can I do to help accomplish that in the context of the Toolbox?

    -- 
    Stephen L. Ulmer
    Enterprise Architect
    Mainline Information Systems
    (m) 352-870-8649










  • 4.  RE: Thank You (and HELP!)

    Posted Mon September 20, 2021 02:56 AM
    Hi Stephen,

    This is a hard problem we are trying to work for some time.
    Many users ask for new features in packages that increase the dependencies and other users want minimal functionality.
    The current dnf from AIX toolbox has embedded curl and does not require toolbox curl to be installed. But if you install any package after that from AIX toolbox that requires curl and openldap will also be installed.

    Here is the list of packages those are needed for dnf they are part of dnf_bundle_aix_71_72.tar
    ca-certificates-2020.06.01-0.aix7.1.ppc.rpm
    dnf-4.2.17-32_1.aix7.1.noarch.rpm
    dnf-automatic-4.2.17-32_1.aix7.1.noarch.rpm
    dnf-data-4.2.17-32_1.aix7.1.noarch.rpm
    libcomps-0.1.11-32_1.aix7.1.ppc.rpm
    libdnf-0.39.1-32_1.aix7.1.ppc.rpm
    libmodulemd-1.5.2-32_1.aix7.1.ppc.rpm
    librepo-1.11.0-32_1.aix7.1.ppc.rpm
    libsmartcols-2.34-32_1.aix7.1.ppc.rpm
    libsolv-0.7.9-32_1.aix7.1.ppc.rpm
    libzstd-1.4.4-32_1.aix7.1.ppc.rpm
    p11-kit-0.23.16-0.aix7.1.ppc.rpm
    p11-kit-tools-0.23.16-0.aix7.1.ppc.rpm
    python3-3.7.9-0.aix7.1.ppc.rpm
    python3-dateutil-2.8.0-1.aix6.1.noarch.rpm
    python3-devel-3.7.9-0.aix7.1.ppc.rpm
    python3-dnf-4.2.17-32_1.aix7.1.noarch.rpm
    python3-dnf-plugin-migrate-4.0.16-32_1.aix7.1.noarch.rpm
    python3-dnf-plugins-core-4.0.16-32_1.aix7.1.noarch.rpm
    python3-docs-3.7.9-0.aix7.1.ppc.rpm
    python3-gpgme-1.13.1-32_1.aix7.1.ppc.rpm
    python3-hawkey-0.39.1-32_1.aix7.1.ppc.rpm
    python3-libcomps-0.1.11-32_1.aix7.1.ppc.rpm
    python3-libdnf-0.39.1-32_1.aix7.1.ppc.rpm
    python3-librepo-1.11.0-32_1.aix7.1.ppc.rpm
    python3-six-1.13.0-1.aix6.1.noarch.rpm
    python3-test-3.7.9-0.aix7.1.ppc.rpm
    python3-tools-3.7.9-0.aix7.1.ppc.rpm
    rpm-python3-4.15.1-32_1.aix7.1.ppc.rpm
    yum-4.2.17-32_1.aix7.1.noarch.rpm
    zchunk-1.1.4-32_1.aix7.1.ppc.rpm
    zchunk-devel-1.1.4-32_1.aix7.1.ppc.rpm
    zchunk-libs-1.1.4-32_1.aix7.1.ppc.rpm

    You can install dnf either using dnf_aixtoolbox.sh (if your system can connect to AIX toolbox repo) or download tar file mentioned above and run install_dnf.sh script from that.

    ------------------------------
    SANKET RATHI
    ------------------------------