Hi Ayappan, I tested out the new version and everything seems to be in working order. Thanks for following up on this!
Original Message:
Sent: Tue June 20, 2023 02:02 AM
From: Ayappan P
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
@Chuck Kuykendall The fixed ca-certificates-2023.2.60-2 is now available in Toolbox.
------------------------------
Ayappan P
Original Message:
Sent: Thu May 25, 2023 01:59 AM
From: RESHMA KUMAR
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Yes, even this version has the same issue. We will publish ca-certificates-2023.2.60-2 with the fix.
------------------------------
RESHMA KUMAR
Original Message:
Sent: Wed May 24, 2023 03:22 PM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Hi Reshma. Thanks for the update, this is good to hear! Please keep me up to date on your findings.
Also, noticed that there is a new version of ca-certificates available for download (ca-certificates-2023.2.60-1.aix7.1.ppc.rpm). On the off chance that this would fix the issue, I added it to my install bundle (along with the other new versions and one new pre-req) and it still does not create the /var/ssl/certs directory structure.
------------------------------
Chuck Kuykendall
Original Message:
Sent: Fri May 12, 2023 07:44 AM
From: RESHMA KUMAR
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
We are able to reproduce the issue in our environment. We are looking into it and will come up with a fix soon.
------------------------------
RESHMA KUMAR
Original Message:
Sent: Thu May 11, 2023 09:22 AM
From: Ayappan P
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Thanks for sharing the list of rpms. We will try to reproduce this problem in our end and let you know.
------------------------------
Ayappan P
Original Message:
Sent: Tue May 09, 2023 11:45 AM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Sure! Here is the list of RPM packages that are installed in order to install ca-certificates:
# rpm -qa
libgcc10-10.3.0-6.ppc
libffi-3.4.2-1.ppc
libstdc++-10-2.ppc
libtasn1-4.16.0-1.ppc
zlib-1.2.13-1.ppc
xz-libs-5.2.5-1.ppc
libtextstyle-0.21-2.ppc
libxml2-2.10.3-1.ppc
libiconv-1.17-1.ppc
info-6.7-1.ppc
p11-kit-tools-0.23.22-1.ppc
bash-doc-5.1.16-1.ppc
AIX-rpm-7.3.1.1-3.ppc
libgcc-10-2.ppc
libstdc++10-10.3.0-6.ppc
ncurses-6.3-1.ppc
libgomp10-10.3.0-6.ppc
libgomp-10-2.ppc
glib2-2.56.1-3.ppc
libunistring-0.9.10-1.ppc
bash-5.1.16-1.ppc
gettext-0.21-2.ppc
p11-kit-0.23.22-1.ppc
ca-certificates-2021.2.52-3.ppc
#
And here is how the server looks before I begin my installation:
# rpm -qa
AIX-rpm-7.3.1.1-1.ppc
#
Since this is the only Linux software I install, the server is pretty bare-bones. If you are interested in seeing the list of RPM packages that I install in order to install DNF, here those are:
bash-5.1.16-1.aix7.1.ppc.rpm
bzip2-1.0.8-2.aix6.1.ppc.rpm
ca-certificates-2021.2.52-3.aix6.1.ppc.rpm
check-0.13.0-1.aix7.1.ppc.rpm
curl-7.86.0-1.aix7.1.ppc.rpm
cyrus-sasl-2.1.28-1.aix6.1.ppc.rpm
db-5.3.28-1.aix6.1.ppc.rpm
dnf-4.2.17-64_51.aix7.3.ppc.rpm
dnf-automatic-4.2.17-64_51.aix7.3.ppc.rpm
dnf-data-4.2.17-64_51.aix7.3.ppc.rpm
expat-2.5.0-1.aix7.1.ppc.rpm
gdbm-1.23-1.aix7.1.ppc.rpm
gettext-0.21-2.aix7.1.ppc.rpm
glib2-2.56.1-3.aix6.1.ppc.rpm
gmp-6.2.1-1.aix6.1.ppc.rpm
gnupg2-2.2.35-1.aix6.1.ppc.rpm
gnutls-3.7.2-1.aix7.1.ppc.rpm
gpgme-1.13.1-100.aix7.1.ppc.rpm
info-6.7-1.aix6.1.ppc.rpm
json-c-0.15-2.aix6.1.ppc.rpm
krb5-libs-1.18.5-2.aix7.1.ppc.rpm
libassuan-2.5.5-1.aix7.1.ppc.rpm
libcomps-0.1.11-101.aix7.1.ppc.rpm
libdnf-0.39.1-64_51.aix7.3.ppc.rpm
libffi-3.4.2-1.aix7.1.ppc.rpm
libgcc-10-2.aix7.3.ppc.rpm
libgcc10-10.3.0-6.aix7.3.ppc.rpm
libgcrypt-1.9.4-1.aix6.1.ppc.rpm
libgomp-10-2.aix7.3.ppc.rpm
libgomp10-10.3.0-6.aix7.3.ppc.rpm
libgpg-error-1.45-1.aix7.1.ppc.rpm
libiconv-1.17-1.aix7.1.ppc.rpm
libksba-1.6.2-1.aix7.1.ppc.rpm
libmodulemd-1.5.2-100.aix7.1.ppc.rpm
libnghttp2-1.46.0-1.aix6.1.ppc.rpm
librepo-1.11.0-101.aix7.1.ppc.rpm
libsmartcols-2.34-100.aix7.1.ppc.rpm
libsolv-0.7.9-64_50.aix7.3.ppc.rpm
libssh2-1.10.0-2.aix7.1.ppc.rpm
libstdcplusplus-10-2.aix7.3.ppc.rpm
libstdcplusplus10-10.3.0-6.aix7.3.ppc.rpm
libtasn1-4.16.0-1.aix6.1.ppc.rpm
libtextstyle-0.21-2.aix7.1.ppc.rpm
libunistring-0.9.10-1.aix6.1.ppc.rpm
libxml2-2.10.3-1.aix7.1.ppc.rpm
libyaml-0.2.5-1.aix7.1.ppc.rpm
libzstd-1.5.2-1.aix7.1.ppc.rpm
ncurses-6.3-1.aix7.1.ppc.rpm
nettle-3.7.3-1.aix6.1.ppc.rpm
npth-1.5-1.aix6.1.ppc.rpm
openldap-2.5.12-1.aix7.1.ppc.rpm
p11-kit-0.23.22-1.aix6.1.ppc.rpm
p11-kit-tools-0.23.22-1.aix6.1.ppc.rpm
pinentry-1.0.0-1.aix6.1.ppc.rpm
python3-3.7.15-2.aix7.1.ppc.rpm
python3-dateutil-2.8.0-1.aix6.1.noarch.rpm
python3-devel-3.7.15-2.aix7.1.ppc.rpm
python3-dnf-4.2.17-64_51.aix7.3.ppc.rpm
python3-dnf-plugin-migrate-4.0.16-6_64.aix7.1.noarch.rpm
python3-dnf-plugins-core-4.0.16-6_64.aix7.1.noarch.rpm
python3-docs-3.7.15-2.aix7.1.ppc.rpm
python3-gpg-1.13.1-100.aix7.1.ppc.rpm
python3-hawkey-0.39.1-64_51.aix7.3.ppc.rpm
python3-libcomps-0.1.11-101.aix7.1.ppc.rpm
python3-libdnf-0.39.1-64_51.aix7.3.ppc.rpm
python3-librepo-1.11.0-101.aix7.1.ppc.rpm
python3-six-1.13.0-1.aix6.1.noarch.rpm
python3-test-3.7.15-2.aix7.1.ppc.rpm
python3-tools-3.7.15-2.aix7.1.ppc.rpm
readline-8.1-1.aix6.1.ppc.rpm
rpm-python3-4.15.1-64_2.aix7.1.ppc.rpm
sqlite-3.39.3-1.aix7.1.ppc.rpm
xz-libs-5.2.5-1.aix6.1.ppc.rpm
zchunk-1.1.4-102.aix7.1.ppc.rpm
zchunk-devel-1.1.4-102.aix7.1.ppc.rpm
zchunk-libs-1.1.4-102.aix7.1.ppc.rpm
zlib-1.2.13-1.aix7.1.ppc.rpm
Let me know if you need anything else.
------------------------------
Chuck Kuykendall
Original Message:
Sent: Tue May 09, 2023 02:46 AM
From: Ayappan P
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
We need more info to debug this. You mentioned creating a bundle out of newer rpms. Can you list down the rpms and the state of the machine ( rpm -qa ) before installing all the rpms ?
------------------------------
Ayappan P
Original Message:
Sent: Mon May 08, 2023 04:09 PM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Hi there, is there any update to this issue? I'm pretty sure we're talking about something being wrong with the ca-certificates package not creating the /var/ssl/certs directory. Also, as another piece of evidence, here is some additional output from the server:
# rpm -q --whatprovides /var/ssl/certs
ca-certificates-2021.2.52-3.ppc
#
Any updates would be welcome, thanks!
------------------------------
Chuck Kuykendall
Original Message:
Sent: Fri April 28, 2023 12:18 PM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
That's where I started, but the first thing I did once DNF was installed was run "dnf update." I took note of all the additional rpm packages that were downloaded and I made a NIM package out of all of them (an installp_bundle) so that i could install the software with it and all its dependencies at the current level. This is all in an effort to make DNF available on a new server at build time and making it into a NIM resource greatly simplifies that process.
EDIT - I'd like to not make the conversation about the installation of DNF as that isn't part of the issue, that is just me offering some insight as to why I'm installing ca-certificates. To this point, i've un-installed all rpm packages from my server and removed the /var/ssl/certs directory. After installing only the latest level of ca-certificates and all its pre-requisites, it seems the problem is still there and the /var/ssl/certs directory and its contents are not installed.
------------------------------
Chuck Kuykendall
Original Message:
Sent: Fri April 28, 2023 03:04 AM
From: Ayappan P
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
You mentioned "installing DNF using NIM onto an AIX server". Can you explain it more on how this is done ?
Generally users install dnf through dnf_aixtoolbox.sh script which downloads dnf bundle which has ca-certificates-2020.06.01-0. Then a dnf update successfully updates it to ca-certificates-2021.2.52-3. We haven't seen any issues so far with this.
------------------------------
Ayappan P
Original Message:
Sent: Thu April 27, 2023 12:03 PM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Hi Ayappan! This is a fresh install of the latest version, not an upgrade from a previous version. I've noticed that this has been an issue for the last handful of versions as well. Is there any data I can provide?
------------------------------
Chuck Kuykendall
Original Message:
Sent: Thu April 27, 2023 02:26 AM
From: Ayappan P
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Yes, the older versions of ca-certificates had issues creating the certificates. All the issues are fixed in the latest ca-certificates release (2021.2.52-3). So not sure why it is failing in your case. Are you facing issue while updating from a particular ca-certificates version to the new one ?
------------------------------
Ayappan P
Original Message:
Sent: Wed April 26, 2023 05:00 PM
From: Chuck Kuykendall
Subject: Problems fully installing latest ca-certificates rpm package from Linux Toolbox
Hello. I am installing DNF using NIM onto an AIX server and one of its pre-reqs is ca-certificates, but it appears that the install of ca-certificates isn't complete because the directory /var/ssl/certs and all its contents are missing. By the following commands, I can tell that this directory structure should be created by installing this rpm package:
By querying the installed package:
# rpm -ql ca-certificates
.
.
.
/var/ssl/64/certs
/var/ssl/cert.pem
/var/ssl/certs
/var/ssl/certs/ACCVRAIZ1.crt
/var/ssl/certs/AC_RAIZ_FNMT-RCM.crt
/var/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
.
.
.
#
And by querying the contents of the rpm file:
# rpm -q -filesbypkg -p ca-certificates-2021.2.52-3.aix6.1.ppc.rpm
.
.
.
ca-certificates /var/ssl/64/certs
ca-certificates /var/ssl/cert.pem
ca-certificates /var/ssl/certs
ca-certificates /var/ssl/certs/ACCVRAIZ1.crt
ca-certificates /var/ssl/certs/AC_RAIZ_FNMT-RCM.crt
ca-certificates /var/ssl/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
.
.
.
#
I've done some searching on this site and found this problem for older versions of the rpm package, but this problem still persists in the latest available version and I've seen no resolution. As a workaround, I can manually create the /var/ssl/certs directory and force a re-install of the rpm package, but I'd like to see the problem fixed. Is this the proper place to address this issue? If not, is there a contact for the parties that maintain the package? Let me know if you have any questions, and thanks in advance.
------------------------------
Chuck Kuykendall
------------------------------