AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

View Only

Back to Blog List

AIX Toolbox rpm packages signature

By SANGAMESH MALLAYYA posted Wed May 07, 2025 11:31 AM

To ensures integrity and authenticity of the AIX Toolbox rpm packages, AIX Toolbox team has started

signing these packages. These packages are signed and published by default using OpenPGP key

using gunpg2.

Existing four recent versions of the different rpm packages present in AIX toolbox ftp site are signed

and republished.

DNF repository data is also update with signed rpm packages.

Please read through the below instructions to see if you need to take some actions.

1. DNF and signed rpm packages

Both DNF available on AIX Toolbox, and DNF as part of the dnf_bundle are updated to enable

gpgcheck by default.

1.1. Users who already have DNF installed.

1.1.1. Download the GPG public key from Toolbox ftp site below and copy it to

/opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/RPM-GPG-KEY-IBM-AIX-Toolbox

After that manually update /opt/freeware/etc/dnf/dnf.conf with two entries

as below for AIX Toolbox repositories enabled.

gpgcheck=1

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

If gpgcheck is not enabled then DNF will still be able to install signed rpm

packages with warning.

1.1.2. Running dnf update will install dnf-4.2.17-32_53 or dnf-4.2.17-64_55,

and dnf.conf file would be updated to enable gpgcheck with two new entries

as.

gpgcheck=1

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

In these cases, the packages installed currently in the system are not signed.

If one wants to reinstall the installed packages with the signed packages from

AIX Toolbox repository then one can run

dnf reinstall `(rpm -qa | egrep -v "AIX-rpm|gpg-pubkey")`

1.2. Users who are setting DNF with dnf_aixtoolbox.sh script

DNF bundles are updated to take care of enabling gpgcheck and shipping gpgkey by

default with DNF packages.

Before setting up the DNF, one needs to download the public key from

https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/RPM-GPG-KEY-IBM-AIX-Toolbox

and import it using "rpm –-import RPM-GPG-KEY-IBM-AIX-Toolbox", so that rpms being

installed will also be verified for authenticity.

If the public key is not imported then one can expect warning messages as.

“warning: dnf-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY”

checksum details of dnf_aixtoolbox.sh script and also the public key is available at AIX Toolbox webpage.

If you see an error "gpg.errors.GPGMEError: GPGME: Invalid crypto engine"

Please make sure you have /opt/freeware/bin in $PATH environment variable.

2. Verifying signed rpm packages

2.1. Using DNF

If gpgcheck is enabled with dnf, then DNF will take care of verifying the signed rpm packages.

If gpgcheck is enabled, then we can’t be able to installed unsigned rpm packages.

All rpm packages and it’s dependencies needs to be a signed rpm packages.

2.2. Using rpm command

One can verify AIX Toolbox rpm packages manually using rpm command before installing them

with rpm install command.

1. Download the gpg public key from

https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/RPM-GPG-KEY-IBM-AIX-Toolbox

2. Import public key using “rpm –import RPM-GPG-KEY-IBM-AIX-Toolbox”

3. Verify if the gpgkey is installed with “rpm -q gpg-pubkey”

4. Verify the rpm packages with “rpm -K *.rpm”

3. Signed rpm packages and local repo server

If the local repo server is setup to serve as a DNF repo server for AIX Toolbox.

Updating local repo data with reposync should be able to sync with latest signed rpm packages from AIX Toolbox.

4. Some sample run with different scenarios.

4.1. Setting up the DNF freshly.

# ./install_dnf.sh -y

Installing rpm.rte at the latest version ...

This may take several minutes depending on the number of rpms installed...

+-----------------------------------------------------------------------------+

Pre-installation Verification...

+-----------------------------------------------------------------------------+

Verifying selections...done

Verifying requisites...done

Results...

WARNINGS

--------

Problems described in this section are not likely to be the source of any

immediate or serious failures, but further actions may be necessary or

desired.

Already Installed

-----------------

The number of selected filesets that are either already installed

or effectively installed through superseding filesets is 1. See

the summaries at the end of this installation for details.

NOTE: Base level filesets may be reinstalled using the "Force"

option (-F flag), or they may be removed, using the deinstall or

"Remove Software Products" facility (-u flag), and then reinstalled.

<< End of Warning Section >>

+-----------------------------------------------------------------------------+

BUILDDATE Verification ...

+-----------------------------------------------------------------------------+

Verifying build dates...done

FILESET STATISTICS

------------------

1 Selected to be installed, of which:

1 Already installed (directly or via superseding filesets)

----

0 Total to be installed

Pre-installation Failure/Warning Summary

----------------------------------------

Name Level Pre-installation Failure/Warning

-------------------------------------------------------------------------------

rpm.rte 4.15.1.2013 Already superseded by 4.18.1.2004

Checking whether any of the rpms from dnf_bundle are already installed...

Takes couple of minutes to process.

warning: ca-certificates-2023.2.60-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: dnf-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: dnf-automatic-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: dnf-data-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: gnupg2-2.2.35-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libcomps-0.1.15-64_1.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libdnf-0.39.1-64_5.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libmodulemd-1.5.2-64_2.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: librepo-1.11.0-64_2.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libsmartcols-2.34-64_1.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libsolv-0.7.9-64_4.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: libzstd-1.4.4-64_2.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: p11-kit-0.23.22-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: p11-kit-tools-0.23.22-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-devel-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-dnf-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-gpg-1.13.1-64_3.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-hawkey-0.39.1-64_5.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-idle-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-libcomps-0.1.15-64_1.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-libdnf-0.39.1-64_5.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-librepo-1.11.0-64_2.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-test-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3-tkinter-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-devel-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-dnf-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-gpg-1.13.1-64_3.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-hawkey-0.39.1-64_5.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-idle-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-libcomps-0.1.15-64_1.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-libdnf-0.39.1-64_5.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-librepo-1.11.0-64_2.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-test-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-tkinter-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: rpm-python3-4.15.1-64_4.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: rpm-python3.9-4.15.1-64_4.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: yum-4.2.17-64_7.aix7.1.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: zchunk-1.1.4-64_3.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: zchunk-devel-1.1.4-64_3.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: zchunk-libs-1.1.4-64_3.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

ca-certificates-2023.2.60-0 will be installed

dnf-4.2.17-64_7 will be installed

dnf-automatic-4.2.17-64_7 will be installed

dnf-data-4.2.17-64_7 will be installed

gnupg2-2.2.35-0 will be installed

libcomps-0.1.15-64_1 will be installed

libdnf-0.39.1-64_5 will be installed

libmodulemd-1.5.2-64_2 will be installed

librepo-1.11.0-64_2 will be installed

libsmartcols-2.34-64_1 will be installed

libsolv-0.7.9-64_4 will be installed

libzstd-1.4.4-64_2 will be installed

p11-kit-0.23.22-0 will be installed

p11-kit-tools-0.23.22-0 will be installed

python3-3.9.16-0 will be installed

python3-dnf-4.2.17-64_7 will be installed

python3-gpg-1.13.1-64_3 will be installed

python3-hawkey-0.39.1-64_5 will be installed

python3-libcomps-0.1.15-64_1 will be installed

python3-libdnf-0.39.1-64_5 will be installed

python3-librepo-1.11.0-64_2 will be installed

python3.9-3.9.16-0 will be installed

warning: python3.9-devel-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

python3.9-dnf-4.2.17-64_7 will be installed

python3.9-gpg-1.13.1-64_3 will be installed

python3.9-hawkey-0.39.1-64_5 will be installed

warning: python3.9-idle-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

python3.9-libcomps-0.1.15-64_1 will be installed

python3.9-libdnf-0.39.1-64_5 will be installed

python3.9-librepo-1.11.0-64_2 will be installed

warning: python3.9-test-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

warning: python3.9-tkinter-3.9.16-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

rpm-python3-4.15.1-64_4 will be installed

rpm-python3.9-4.15.1-64_4 will be installed

yum-4.2.17-64_7 will be installed

zchunk-libs-1.1.4-64_3 will be installed

Installing the packages...

warning: ca-certificates-2023.2.60-0.aix7.1.ppc.rpm: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

Verifying... ################################# [100%]

Preparing... ################################# [100%]

Updating / installing...

1:python3.9-3.9.16-0 ################################# [ 3%]

2:python3-3.9.16-0 ################################# [ 6%]

3:libzstd-1.4.4-64_2 ################################# [ 9%]

4:libmodulemd-1.5.2-64_2 ################################# [ 13%]

5:libsolv-0.7.9-64_4 ################################# [ 16%]

6:libsmartcols-2.34-64_1 ################################# [ 19%]

7:zchunk-libs-1.1.4-64_3 ################################# [ 22%]

8:librepo-1.11.0-64_2 ################################# [ 25%]

9:python3.9-gpg-1.13.1-64_3 ################################# [ 28%]

10:rpm-python3.9-4.15.1-64_4 ################################# [ 31%]

11:dnf-data-4.2.17-64_7 ################################# [ 34%]

12:rpm-python3-4.15.1-64_4 ################################# [ 38%]

13:libdnf-0.39.1-64_5 ################################# [ 41%]

14:python3.9-libdnf-0.39.1-64_5 ################################# [ 44%]

15:python3.9-hawkey-0.39.1-64_5 ################################# [ 47%]

16:python3.9-librepo-1.11.0-64_2 ################################# [ 50%]

17:p11-kit-0.23.22-0 ################################# [ 53%]

18:p11-kit-tools-0.23.22-0 ################################# [ 56%]

19:libcomps-0.1.15-64_1 ################################# [ 59%]

20:python3.9-libcomps-0.1.15-64_1 ################################# [ 63%]

21:python3.9-dnf-4.2.17-64_7 ################################# [ 66%]

22:python3-dnf-4.2.17-64_7 ################################# [ 69%]

23:dnf-4.2.17-64_7 ################################# [ 72%]

24:dnf-automatic-4.2.17-64_7 ################################# [ 75%]

25:yum-4.2.17-64_7 ################################# [ 78%]

26:python3-libcomps-0.1.15-64_1 ################################# [ 81%]

27:ca-certificates-2023.2.60-0 ################################# [ 84%]

28:python3-librepo-1.11.0-64_2 ################################# [ 88%]

29:python3-hawkey-0.39.1-64_5 ################################# [ 91%]

30:python3-libdnf-0.39.1-64_5 ################################# [ 94%]

31:python3-gpg-1.13.1-64_3 ################################# [ 97%]

32:gnupg2-2.2.35-0 ################################# [100%]

dnf installed successfully.

Please run 'dnf update' to update packages to the latest level.

Please note, RPM packages are downloaded in dnf cache /var/cache/dnf.

RPM packages install files go under the path /opt.

Hence it is recommended to always keep at least 512MB of free space in /var & /opt

to avoid any download and installation/update failures.

# cat /opt/freeware/etc/dnf/dnf.conf

[main]

cachedir=/var/cache/dnf

keepcache=1

debuglevel=2

logfile=/var/log/dnf.log

obsoletes=1

plugins=1

gpgcheck=1

installonly_limit=3

clean_requirements_on_remove=True

best=True

skip_if_unavailable=True

[AIX_Toolbox]

name=AIX generic repository

baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/

enabled=1

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-AIX-Toolbox

gpgcheck=1

[AIX_Toolbox_noarch]

name=AIX noarch repository

baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/

enabled=1

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-AIX-Toolbox

gpgcheck=1

[AIX_Toolbox_73]

name=AIX 7.3 specific repository

baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/

enabled=1

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

gpgcheck=1

# dnf -y update

AIX generic repository 4.2 MB/s | 8.3 MB 00:01

AIX noarch repository 3.3 MB/s | 3.4 MB 00:01

AIX 7.3 specific repository 732 kB/s | 417 kB 00:00

Dependencies resolved.

==========================================================================================================================

Package Architecture Version Repository Size

==========================================================================================================================

Upgrading:

ca-certificates ppc 2024.2.66-1 AIX_Toolbox 1.0 M

gnupg2 ppc 2.4.7-1 AIX_Toolbox 11 M

libcomps ppc 0.1.15-101 AIX_Toolbox 622 k

libmodulemd ppc 1.5.2-100 AIX_Toolbox 1.2 M

librepo ppc 1.11.0-103 AIX_Toolbox 336 k

libsmartcols ppc 2.34-101 AIX_Toolbox 614 k

libzstd ppc 1.5.2-3 AIX_Toolbox 1.5 M

p11-kit ppc 0.25.5-2 AIX_Toolbox 4.6 M

p11-kit-tools ppc 0.25.5-2 AIX_Toolbox 321 k

python3 ppc 3.9.20-1 AIX_Toolbox 9.0 k

python3-gpg ppc 1.13.1-101 AIX_Toolbox 7.1 k

python3-libcomps ppc 0.1.15-101 AIX_Toolbox 15 k

python3-librepo ppc 1.11.0-103 AIX_Toolbox 13 k

python3.9 ppc 3.9.20-1 AIX_Toolbox 40 M

python3.9-gpg ppc 1.13.1-101 AIX_Toolbox 1.7 M

python3.9-libcomps ppc 0.1.15-101 AIX_Toolbox 589 k

python3.9-librepo ppc 1.11.0-103 AIX_Toolbox 223 k

zchunk-libs ppc 1.1.4-103 AIX_Toolbox 824 k

dnf ppc 4.2.17-64_55 AIX_Toolbox_73 12 k

replacing yum.noarch 4.2.17-64_7

dnf-automatic ppc 4.2.17-64_55 AIX_Toolbox_73 12 k

dnf-data ppc 4.2.17-64_55 AIX_Toolbox_73 27 k

libdnf ppc 0.39.1-64_52 AIX_Toolbox_73 2.3 M

libsolv ppc 0.7.9-64_52 AIX_Toolbox_73 545 k

python3-dnf ppc 4.2.17-64_55 AIX_Toolbox_73 8.5 k

python3-hawkey ppc 0.39.1-64_52 AIX_Toolbox_73 23 k

python3-libdnf ppc 0.39.1-64_52 AIX_Toolbox_73 23 k

python3.9-dnf ppc 4.2.17-64_55 AIX_Toolbox_73 193 k

python3.9-hawkey ppc 0.39.1-64_52 AIX_Toolbox_73 427 k

python3.9-libdnf ppc 0.39.1-64_52 AIX_Toolbox_73 2.3 M

Installing dependencies:

bzip2 ppc 1.0.8-2 AIX_Toolbox 238 k

check ppc 0.13.0-1 AIX_Toolbox 93 k

curl ppc 8.11.1-2 AIX_Toolbox 2.0 M

cyrus-sasl ppc 2.1.28-1 AIX_Toolbox 1.2 M

db ppc 1:5.3.28-1 AIX_Toolbox 17 M

expat ppc 2.6.3-1 AIX_Toolbox 855 k

gdbm ppc 1.23-1 AIX_Toolbox 283 k

gettext ppc 0.21-2 AIX_Toolbox 14 M

glib2 ppc 2.83.2-1 AIX_Toolbox 16 M

gmp ppc 6.3.0-1 AIX_Toolbox 1.0 M

gnutls ppc 3.8.7-1 AIX_Toolbox 4.3 M

gpgme ppc 1.13.1-101 AIX_Toolbox 518 k

info ppc 7.2-1 AIX_Toolbox 659 k

json-c ppc 0.17-1 AIX_Toolbox 381 k

krb5-libs ppc 1.21.3-2 AIX_Toolbox 7.5 M

libassuan ppc 2.5.6-1 AIX_Toolbox 332 k

libffi ppc 3.4.4-2 AIX_Toolbox 73 k

libgcrypt ppc 1.10.3-1 AIX_Toolbox 2.7 M

libgpg-error ppc 1.49-1 AIX_Toolbox 515 k

libiconv ppc 1.17-1 AIX_Toolbox 1.6 M

libksba ppc 1.6.3-1 AIX_Toolbox 932 k

libnghttp2 ppc 1.62.1-1 AIX_Toolbox 311 k

libssh2 ppc 1.11.0-1 AIX_Toolbox 975 k

libtasn1 ppc 4.19.0-1 AIX_Toolbox 227 k

libtextstyle ppc 0.21-2 AIX_Toolbox 1.1 M

libunistring ppc 1.1-1 AIX_Toolbox 3.0 M

libxml2 ppc 2.12.9-1 AIX_Toolbox 3.1 M

libyaml ppc 0.2.5-1 AIX_Toolbox 509 k

ncurses ppc 6.5-1 AIX_Toolbox 6.6 M

nettle ppc 3.9.1-1 AIX_Toolbox 3.1 M

npth ppc 1.5-1 AIX_Toolbox 220 k

openldap ppc 2.5.16-3 AIX_Toolbox 4.0 M

pcre2 ppc 10.45-2 AIX_Toolbox 1.5 M

readline ppc 8.2-1 AIX_Toolbox 2.3 M

sqlite ppc 3.45.3-1 AIX_Toolbox 11 M

xz-libs ppc 5.4.3-1 AIX_Toolbox 575 k

zlib ppc 1.2.13-1 AIX_Toolbox 345 k

libgcc ppc 1:10-2 AIX_Toolbox_73 15 k

libgcc10 ppc 10.3.0-6 AIX_Toolbox_73 794 k

libgomp ppc 1:10-2 AIX_Toolbox_73 14 k

libgomp10 ppc 10.3.0-6 AIX_Toolbox_73 2.0 M

libstdc++ ppc 1:10-2 AIX_Toolbox_73 14 k

libstdc++10 ppc 10.3.0-6 AIX_Toolbox_73 19 M

Installing weak dependencies:

pinentry ppc 1.0.0-1 AIX_Toolbox 115 k

Transaction Summary

==========================================================================================================================

Install 44 Packages

Upgrade 29 Packages

Total size: 204 M

Downloading Packages:

warning: [fd 22]: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

AIX generic repository 3.0 MB/s | 3.1 kB 00:00

Importing GPG key 0x41EEA8E0:

Userid : "IBM AIX Toolbox OSS (AIX Toolbox for Open Source Software)"

Fingerprint: 7951 53B3 DEAD 076A F00A FECD 8B0E F149 41EE A8E0

From : /opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

Key imported successfully

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : libgcc10-10.3.0-6.ppc 1/103

Installing : libgcc-1:10-2.ppc 2/103

Installing : zlib-1.2.13-1.ppc 3/103

Installing : libffi-3.4.4-2.ppc 4/103

Installing : libstdc++10-10.3.0-6.ppc 5/103

Upgrading : libzstd-1.5.2-3.ppc 6/103

Installing : libstdc++-1:10-2.ppc 7/103

Installing : ncurses-6.5-1.ppc 8/103

Installing : bzip2-1.0.8-2.ppc 9/103

Installing : expat-2.6.3-1.ppc 10/103

Installing : json-c-0.17-1.ppc 11/103

Installing : libtasn1-4.19.0-1.ppc 12/103

Installing : xz-libs-5.4.3-1.ppc 13/103

Installing : check-0.13.0-1.ppc 14/103

Installing : gmp-6.3.0-1.ppc

…………

4.2. Installing packages using already installed DNF with gpgcheck enabled.

Make sure dnf.conf file is updated with

gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

gpgcheck=1

And public key is copied manually to opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

# rpm -q dnf

dnf-4.2.17-64_54.ppc

# dnf install rsync sudo

Last metadata expiration check: 0:03:50 ago on May 2, 2025 at 10:06:28 AM CDT.

Dependencies resolved.

=========================================================================================================================

Package Architecture Version Repository Size

=========================================================================================================================

Installing:

rsync ppc 3.4.1-1 AIX_Toolbox 884 k

sudo ppc 1.9.15p5-1 AIX_Toolbox 3.2 M

Installing dependencies:

lz4 ppc 1.9.4-1 AIX_Toolbox 456 k

Transaction Summary

=========================================================================================================================

Install 3 Packages

Total size: 4.5 M

Installed size: 14 M

Is this ok [y/N]: y

Downloading Packages:

warning: [fd 18]: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

AIX generic repository 3.0 MB/s | 3.1 kB 00:00

Importing GPG key 0x41EEA8E0:

Userid : "IBM AIX Toolbox OSS (AIX Toolbox for Open Source Software)"

Fingerprint: 7951 53B3 DEAD 076A F00A FECD 8B0E F149 41EE A8E0

From : /opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

Is this ok [y/N]: y

Key imported successfully

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : lz4-1.9.4-1.ppc 1/3

Installing : rsync-3.4.1-1.ppc 2/3

Running scriptlet: rsync-3.4.1-1.ppc 2/3

rsync version effective # 3.2.7 default rsync daemon config is now /opt/freeware/etc/rsyncd.conf

Installing : sudo-1.9.15p5-1.ppc 3/3

Verifying : lz4-1.9.4-1.ppc 1/3

Verifying : rsync-3.4.1-1.ppc 2/3

Verifying : sudo-1.9.15p5-1.ppc 3/3

Installed:

rsync-3.4.1-1.ppc sudo-1.9.15p5-1.ppc lz4-1.9.4-1.ppc

Complete!

4.3. Running dnf update to update to latest toolbox dnf package.

In this case we see updated DNF packages with gpgcheck enabled by default and public key installed.

# rpm -q dnf

dnf-4.2.17-64_54.ppc

# dnf update

Last metadata expiration check: 0:00:17 ago on May 4, 2025 at 07:30:47 AM CDT.

Dependencies resolved.

=========================================================================================================================

Package Architecture Version Repository Size

=========================================================================================================================

Upgrading:

dnf ppc 4.2.17-64_55 AIX_Toolbox_73 12 k

dnf-automatic ppc 4.2.17-64_55 AIX_Toolbox_73 12 k

dnf-data ppc 4.2.17-64_55 AIX_Toolbox_73 28 k

python3-dnf ppc 4.2.17-64_55 AIX_Toolbox_73 8.5 k

python3.9-dnf ppc 4.2.17-64_55 AIX_Toolbox_73 193 k

Transaction Summary

=========================================================================================================================

Upgrade 5 Packages

Total size: 253 k

Is this ok [y/N]: y

Downloading Packages:

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Upgrading : dnf-data-4.2.17-64_55.ppc 1/10

warning: /opt/freeware/etc/dnf/dnf.conf created as /opt/freeware/etc/dnf/dnf.conf.rpmnew

Running scriptlet: dnf-data-4.2.17-64_55.ppc 1/10

Upgrading : python3.9-dnf-4.2.17-64_55.ppc 2/10

Upgrading : python3-dnf-4.2.17-64_55.ppc 3/10

Upgrading : dnf-4.2.17-64_55.ppc 4/10

Upgrading : dnf-automatic-4.2.17-64_55.ppc 5/10

Cleanup : dnf-automatic-4.2.17-64_54.ppc 6/10

Cleanup : dnf-4.2.17-64_54.ppc 7/10

Cleanup : python3-dnf-4.2.17-64_54.ppc 8/10

Cleanup : python3.9-dnf-4.2.17-64_54.ppc 9/10

Cleanup : dnf-data-4.2.17-64_54.ppc 10/10

Verifying : dnf-4.2.17-64_55.ppc 1/10

Verifying : dnf-4.2.17-64_54.ppc 2/10

Verifying : dnf-automatic-4.2.17-64_55.ppc 3/10

Verifying : dnf-automatic-4.2.17-64_54.ppc 4/10

Verifying : dnf-data-4.2.17-64_55.ppc 5/10

Verifying : dnf-data-4.2.17-64_54.ppc 6/10

Verifying : python3-dnf-4.2.17-64_55.ppc 7/10

Verifying : python3-dnf-4.2.17-64_54.ppc 8/10

Verifying : python3.9-dnf-4.2.17-64_55.ppc 9/10

Verifying : python3.9-dnf-4.2.17-64_54.ppc 10/10

Upgraded:

dnf-4.2.17-64_55.ppc dnf-automatic-4.2.17-64_55.ppc dnf-data-4.2.17-64_55.ppc python3-dnf-4.2.17-64_55.ppc

python3.9-dnf-4.2.17-64_55.ppc

Complete!

# dnf install tar sudo

AIX generic repository 3.0 MB/s | 3.0 kB 00:00

AIX noarch repository 3.0 MB/s | 3.0 kB 00:00

AIX 7.3 specific repository 3.0 MB/s | 3.0 kB 00:00

Dependencies resolved.

=========================================================================================================================

Package Architecture Version Repository Size

=========================================================================================================================

Installing:

sudo ppc 1.9.15p5-1 AIX_Toolbox 3.2 M

tar ppc 1.35-2 AIX_Toolbox 1.6 M

Transaction Summary

=========================================================================================================================

Install 2 Packages

Total size: 4.8 M

Installed size: 15 M

Is this ok [y/N]: y

Downloading Packages:

warning: [fd 18]: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY

AIX generic repository 3.0 MB/s | 3.1 kB 00:00

Importing GPG key 0x41EEA8E0:

Userid : "IBM AIX Toolbox OSS (AIX Toolbox for Open Source Software)"

Fingerprint: 7951 53B3 DEAD 076A F00A FECD 8B0E F149 41EE A8E0

From : /opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox

Is this ok [y/N]: y

Key imported successfully

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing : 1/1

Installing : tar-1.35-2.ppc 1/2

Running scriptlet: tar-1.35-2.ppc 1/2

Installing : sudo-1.9.15p5-1.ppc 2/2

Verifying : sudo-1.9.15p5-1.ppc 1/2

Verifying : tar-1.35-2.ppc 2/2

Installed:

sudo-1.9.15p5-1.ppc tar-1.35-2.ppc

Complete!

NOTE:

1. python2 modules are not signed and published.

2. If we enable gpgcheck and try to install python2 modules and related packages then

installation might fail.

3. This testing doesn’t cover packages built with RPMv3 packages.

This is the one reason we haven’t signed all available rpm packages in AIX Toolbox ftp site.

References:

1. https://access.redhat.com/articles/3359321

2. https://www.redhat.com/sysadmin/rpm-gpg-verify-packages

3. https://www.redhat.com/en/blog/securing-rpm-signing-keys

1 comment

688 views

Permalink

https://community.ibm.com/community/user/blogs/sangamesh-mallayya1/2025/05/07/aix-toolbox-rpm-packages-signature

Comments

Andrey Klyachkin

Thu May 08, 2025 05:06 AM

Excellent and correct decision. Thank you!

AIX Open Source

AIX Open Source

AIX Toolbox rpm packages signature

By SANGAMESH MALLAYYA posted Wed May 07, 2025 11:31 AM

Permalink

Comments

Additional
Resources

Office

Quick Links

AIX Open Source

AIX Open Source

AIX Toolbox rpm packages signature

By SANGAMESH MALLAYYA posted Wed May 07, 2025 11:31 AM

Permalink

Comments

Additional Resources

Office

Quick Links

Additional
Resources