Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.

#Power

View Only

Back to discussions

Expand all | Collapse all

Package installation fails via dnf on AIX 7.3

1. Package installation fails via dnf on AIX 7.3

Like
Dharmesh Kamdar
Posted Mon June 09, 2025 04:09 PM
Edited by Dharmesh Kamdar Mon June 09, 2025 06:04 PM

Reply
Hello,

We have an LPAR with AIX 7300-01-01-2246. When we try to set-up AIX toolbox for linux, we get the following error :

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Total 10 MB/s | 204 MB 00:19
warning: [fd 23]: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY
AIX generic repository 3.0 MB/s | 3.1 kB 00:00
Traceback (most recent call last):
File "/opt/freeware/bin/dnf", line 59, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 191, in user_main
errcode = main(args)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 65, in main
return _main(base, args, cli_class, option_parser_class)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 98, in _main
return cli_run(cli, base)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 122, in cli_run
ret = resolving(cli, base)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 166, in resolving
base.do_transaction(display=displays)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/cli.py", line 235, in do_transaction
self.gpgsigcheck(install_pkgs)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/cli.py", line 287, in gpgsigcheck
self._get_key_for_package(po, fn)
File "/opt/freeware/lib/python3.9/site-packages/dnf/base.py", line 2313, in _get_key_for_package
keys = dnf.crypto.retrieve(keyurl, repo)
File "/opt/freeware/lib/python3.9/site-packages/dnf/crypto.py", line 177, in retrieve
keyinfos = rawkey2infos(handle)
File "/opt/freeware/lib/python3.9/site-packages/dnf/crypto.py", line 158, in rawkey2infos
with pubring_dir(pb_dir), Context() as ctx:
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 220, in __init__
self.protocol = protocol
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 169, in __setattr__
super(GpgmeWrapper, self).__setattr__(key, value)
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 1123, in protocol
errorcheck(gpgme.gpgme_engine_check_version(value))
File "/opt/freeware/lib64/python3.9/site-packages/gpg/errors.py", line 129, in errorcheck
raise GPGMEError(retval, extradata)
gpg.errors.GPGMEError: GPGME: Invalid crypto engine

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Here are some relevant details :

root@aix_73:/> echo $PATH
/usr/bin:/etc:/usr/sbin:/opt/freeware/bin

root@aix_73:/> lslpp -l | grep -i openssl
openssl.base 3.0.5.101 COMMITTED Open Secure Socket Layer
openssl.man.en_US 3.0.5.101 COMMITTED Open Secure Socket Layer
openssl.base 3.0.5.101 COMMITTED Open Secure Socket Layer

root@aix_73:/> rpm -qa | grep -i rpm
AIX-rpm-7.3.1.1-2.ppc
rpm-python3.9-4.15.1-64_5.ppc
rpm-python3-4.15.1-64_5.ppc

root@aix_73:/> rpm -qa | grep -i dnf-4
python3-dnf-4.2.17-64_7.noarch
python3.9-dnf-4.2.17-64_7.noarch
dnf-4.2.17-64_7.noarch

root@aix_73:/> python3 -V
Python 3.9.12
root@aix_73:/> which python3
/usr/bin/python3

root@aix_73:/> /opt/freeware/bin/python3 -V
Python 3.9.16

root@aix_73:/> dnf repolist
repo id repo name
AIX_Toolbox AIX generic repository

Just as an additional info, here is our /opt/freeware/etc/dnf/dnf.conf

root@aix_73:/> cat /opt/freeware/etc/dnf/dnf.conf
[main]
cachedir=/var/cache/dnf
keepcache=1
debuglevel=2
logfile=/var/log/dnf.log
obsoletes=1
plugins=1
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=True

[AIX_Toolbox]
name=AIX generic repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1

[AIX_Toolbox_noarch]
name=AIX noarch repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1

[AIX_Toolbox_73]
name=AIX 7.3 specific repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1

And we do see presence of RPM-GPG-KEY-IBM-AIX-Toolbox in /opt/freeware/etc/dnf/ as can be seen from following snippet :

root@aix_73:/> pwd
/opt/freeware/etc/dnf

root@aix_73:/> ls -ltr RPM*
-rw-r--r-- 1 root system 3187 May 01 10:47 RPM-GPG-KEY-IBM-AIX-Toolbox
root@aix_73:/>

Will appreciate if anyone know of possible resolution.

Thanks,

Dharmesh.

------------------------------
Dharmesh Kamdar
------------------------------

#AIXOpenSource
2. RE: Package installation fails via dnf on AIX 7.3

Like
RESHMA KUMAR
Posted Tue June 10, 2025 09:29 AM

Reply
Hi Dharmesh,
Please refer this forum post
https://community.ibm.com/community/user/discussion/aix-72-rpm-nokey-gpgcheck-1-now-in-aix-toolbox-and-aix-toolbox-noarch-causing-gpgme-invalid-crypto-engine

------------------------------
RESHMA KUMAR
------------------------------

Original Message
3. RE: Package installation fails via dnf on AIX 7.3

Like
Dharmesh Kamdar
Posted Tue June 10, 2025 10:16 AM

Reply
Hello Reshma,

Yes I did have a look at that link and Sangamesh's blog here (https://community.ibm.com/community/user/blogs/sangamesh-mallayya1/2025/05/07/aix-toolbox-rpm-packages-signature) as well...As you can see from my post, I did put /opt/freeware/bin in the path, and we do have the GPG key as well. So still not sure what is the cause of the failure ?

One thing we have NOT tried is to disable "gpgcheck" in dnf.conf...that is our next step as a test.

But if you have any other ideas or solution, please let me know.

Thanks,

Dharmesh.

------------------------------
Dharmesh Kamdar
------------------------------

Original Message
4. RE: Package installation fails via dnf on AIX 7.3

Like
Dharmesh Kamdar
Posted Tue June 10, 2025 12:58 PM

Reply
We resolved the issue. The issue went away after we updated the openssl package on AIX LPARs from 3.0.5.101 to 3.0.15.1000 on our AIX LPARs (7300-01-01-2246). Not sure if there is a some sort of minimum required level of openssl for AIX 7.3 to work with AIX Toolbox ?

Hope this helps !

Regards,

Dharmesh.

------------------------------
Dharmesh Kamdar
------------------------------

Original Message

Open Source Development

Power Open Source Development

Package installation fails via dnf on AIX 7.3

Dharmesh KamdarMon June 09, 2025 04:09 PM

RESHMA KUMARTue June 10, 2025 09:29 AM

Dharmesh KamdarTue June 10, 2025 10:16 AM

Dharmesh KamdarTue June 10, 2025 12:58 PM

1. Package installation fails via dnf on AIX 7.3

2. RE: Package installation fails via dnf on AIX 7.3

3. RE: Package installation fails via dnf on AIX 7.3

4. RE: Package installation fails via dnf on AIX 7.3

Additional
Resources

Office

Quick Links

Open Source Development

Power Open Source Development

Package installation fails via dnf on AIX 7.3

Dharmesh KamdarMon June 09, 2025 04:09 PM

RESHMA KUMARTue June 10, 2025 09:29 AM

Dharmesh KamdarTue June 10, 2025 10:16 AM

Dharmesh KamdarTue June 10, 2025 12:58 PM

1. Package installation fails via dnf on AIX 7.3

2. RE: Package installation fails via dnf on AIX 7.3

3. RE: Package installation fails via dnf on AIX 7.3

4. RE: Package installation fails via dnf on AIX 7.3

Related Content

AIX Toolbox rpm packages signature

Migrating to python3.9 for AIX Toolbox python3 ecosystem

AIX migration with DNF

Planning and Maintaining AIX Toolbox Packages

DNF is now available on AIX Toolbox

Additional Resources

Office

Quick Links

Additional
Resources