We resolved the issue. The issue went away after we updated the openssl package on AIX LPARs from 3.0.5.101 to 3.0.15.1000 on our AIX LPARs (7300-01-01-2246). Not sure if there is a some sort of minimum required level of openssl for AIX 7.3 to work with AIX Toolbox ?
Original Message:
Sent: Tue June 10, 2025 10:15 AM
From: Dharmesh Kamdar
Subject: Package installation fails via dnf on AIX 7.3
Hello Reshma,
Yes I did have a look at that link and Sangamesh's blog here (https://community.ibm.com/community/user/blogs/sangamesh-mallayya1/2025/05/07/aix-toolbox-rpm-packages-signature) as well...As you can see from my post, I did put /opt/freeware/bin in the path, and we do have the GPG key as well. So still not sure what is the cause of the failure ?
One thing we have NOT tried is to disable "gpgcheck" in dnf.conf...that is our next step as a test.
But if you have any other ideas or solution, please let me know.
Thanks,
Dharmesh.
------------------------------
Dharmesh Kamdar
Original Message:
Sent: Tue June 10, 2025 09:29 AM
From: RESHMA KUMAR
Subject: Package installation fails via dnf on AIX 7.3
Hi Dharmesh,
Please refer this forum post
https://community.ibm.com/community/user/discussion/aix-72-rpm-nokey-gpgcheck-1-now-in-aix-toolbox-and-aix-toolbox-noarch-causing-gpgme-invalid-crypto-engine
------------------------------
RESHMA KUMAR
Original Message:
Sent: Mon June 09, 2025 04:08 PM
From: Dharmesh Kamdar
Subject: Package installation fails via dnf on AIX 7.3
Hello,
We have an LPAR with AIX 7300-01-01-2246. When we try to set-up AIX toolbox for linux, we get the following error :
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Total 10 MB/s | 204 MB 00:19
warning: [fd 23]: Header V4 RSA/SHA256 Signature, key ID 41eea8e0: NOKEY
AIX generic repository 3.0 MB/s | 3.1 kB 00:00
Traceback (most recent call last):
File "/opt/freeware/bin/dnf", line 59, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 191, in user_main
errcode = main(args)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 65, in main
return _main(base, args, cli_class, option_parser_class)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 98, in _main
return cli_run(cli, base)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 122, in cli_run
ret = resolving(cli, base)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/main.py", line 166, in resolving
base.do_transaction(display=displays)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/cli.py", line 235, in do_transaction
self.gpgsigcheck(install_pkgs)
File "/opt/freeware/lib/python3.9/site-packages/dnf/cli/cli.py", line 287, in gpgsigcheck
self._get_key_for_package(po, fn)
File "/opt/freeware/lib/python3.9/site-packages/dnf/base.py", line 2313, in _get_key_for_package
keys = dnf.crypto.retrieve(keyurl, repo)
File "/opt/freeware/lib/python3.9/site-packages/dnf/crypto.py", line 177, in retrieve
keyinfos = rawkey2infos(handle)
File "/opt/freeware/lib/python3.9/site-packages/dnf/crypto.py", line 158, in rawkey2infos
with pubring_dir(pb_dir), Context() as ctx:
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 220, in __init__
self.protocol = protocol
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 169, in __setattr__
super(GpgmeWrapper, self).__setattr__(key, value)
File "/opt/freeware/lib64/python3.9/site-packages/gpg/core.py", line 1123, in protocol
errorcheck(gpgme.gpgme_engine_check_version(value))
File "/opt/freeware/lib64/python3.9/site-packages/gpg/errors.py", line 129, in errorcheck
raise GPGMEError(retval, extradata)
gpg.errors.GPGMEError: GPGME: Invalid crypto engine
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here are some relevant details :
root@aix_73:/> echo $PATH
/usr/bin:/etc:/usr/sbin:/opt/freeware/bin
root@aix_73:/> lslpp -l | grep -i openssl
openssl.base 3.0.5.101 COMMITTED Open Secure Socket Layer
openssl.man.en_US 3.0.5.101 COMMITTED Open Secure Socket Layer
openssl.base 3.0.5.101 COMMITTED Open Secure Socket Layer
root@aix_73:/> rpm -qa | grep -i rpm
AIX-rpm-7.3.1.1-2.ppc
rpm-python3.9-4.15.1-64_5.ppc
rpm-python3-4.15.1-64_5.ppc
root@aix_73:/> rpm -qa | grep -i dnf-4
python3-dnf-4.2.17-64_7.noarch
python3.9-dnf-4.2.17-64_7.noarch
dnf-4.2.17-64_7.noarch
root@aix_73:/> python3 -V
Python 3.9.12
root@aix_73:/> which python3
/usr/bin/python3
root@aix_73:/> /opt/freeware/bin/python3 -V
Python 3.9.16
root@aix_73:/> dnf repolist
repo id repo name
AIX_Toolbox AIX generic repository
Just as an additional info, here is our /opt/freeware/etc/dnf/dnf.conf
root@aix_73:/> cat /opt/freeware/etc/dnf/dnf.conf
[main]
cachedir=/var/cache/dnf
keepcache=1
debuglevel=2
logfile=/var/log/dnf.log
obsoletes=1
plugins=1
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=True
[AIX_Toolbox]
name=AIX generic repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
[AIX_Toolbox_noarch]
name=AIX noarch repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
[AIX_Toolbox_73]
name=AIX 7.3 specific repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
And we do see presence of RPM-GPG-KEY-IBM-AIX-Toolbox in /opt/freeware/etc/dnf/ as can be seen from following snippet :
root@aix_73:/> pwd
/opt/freeware/etc/dnf
root@aix_73:/> ls -ltr RPM*
-rw-r--r-- 1 root system 3187 May 01 10:47 RPM-GPG-KEY-IBM-AIX-Toolbox
root@aix_73:/>
Will appreciate if anyone know of possible resolution.
Thanks,
Dharmesh.
------------------------------
Dharmesh Kamdar
------------------------------