aix:aix_package
Table of Contents
AIX: extract files from an AIX package
With the new Power 7 C models, these versions of AIX and VIOS are supported: AIX 5.3 TL12 SP5 AIX 6.1 TL5 SP7 AIX 6.1 TL6 SP6 AIX 7.1 TL0 SP4 AIX 7.1 TL1 VIOS 2.2.1
Standard commands to list AIX levels
AIX main level:
# oslevel
AIX TL technology level:
# oslevel -l
AIX SP service pack:
# oslevel -s
# instfix -i : list all APAR (correction for one or more problems) To list complete or incomplete TL (grep 6100-) and SP (grep 61-) are also consider as APAR # emgr -P : list efix, it's a temporary fix for 1 problem # instfix -ci | grep ":-:" : list all packages, into incomplete APARs (packages not at right level) # instfix -ci |grep 61-06-061140|grep ":-:" : lists all packages at a lower level than the given reference (61-06-061140) # instfix -ci |grep 61-06-061140|grep ":=:" : lists all packages at the same level than the given reference (61-06-061140) # instfix -ci |grep 61-06-061140|grep ":+:" : lists all packages at a higher level than the given reference (61-06-061140)
Efix inventory is stored in a text file: “/usr/emgrdata/DBS/efix.db” and “/usr/emgrdata/DBS/pkglck.db”
[root@aix01]/root# cat "/usr/emgrdata/DBS/efix.db" IJ36810s3a|:|IJ36810 Potential security issue|:|.|:|.|:|.|:|.|:|0|:|1|:|00F7CD554C00121710122121|:|1|:|05/02/22 12:21:09|:|S|:|0|:|7|:|.|:|.|:|.|:|0|:|1|:|1|:|. 1022103a|:|Ifix for Openssl CVE-2022-0778|:|.|:|.|:|.|:|.|:|0|:|1|:|00F787C74C00042206045322|:|5|:|06/30/22 08:52:53|:|S|:|0|:|7|:|.|:|.|:|.|:|0|:|1|:|1|:|. [root@aix01]/root# cat "/usr/emgrdata/DBS/pkglck.db" IJ36810s3a|:|1|:|/usr/bin/lscore|:|bos.rte.security|:|1|:|1|:|050212051122|:|7.2.5.101 1022103a|:|1|:|/usr/lib/libcrypto.a|:|openssl.base|:|1|:|5|:|063008060322|:|1.0.2.2103 1022103a|:|2|:|/usr/lib/libssl.a|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103 1022103a|:|3|:|/usr/lib/libcrypto.a.min|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103 1022103a|:|4|:|/usr/bin/openssl|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103 1022103a|:|5|:|/usr/bin/openssl64|:|openssl.base|:|1|:|5|:|063008060522|:|1.0.2.2103
To find all known maintenance or service levels
To see all known maintenance levels: oslevel -rq
To see all known service levels: oslevel -sq
Comparing installed file sets to a given and known service or maintenance level, you can use -l option to list file sets earlier (older) than the reference, or -g to list those later (never) than the reference level.
Example
To list all known service levels: # oslevel -sq 6100-06-03-1048 6100-06-02-1044 6100-04-06-1034 6100-04-05-1015 6100-04-04-1014 6100-03-07-1036 . . .
Pick one of the service levels and list all filesets early than that level:
[root@labotest]/root# oslevel -sg 6100-06-03-1048 Fileset Actual Level Service Pack Level ----------------------------------------------------------------------------- bos.64bit 6.1.6.3 6.1.6.2 bos.esagent 6.6.6.3 6.6.6.2 bos.rte.install 6.1.6.16 6.1.6.3 bos.rte.libc 6.1.6.3 6.1.6.2 bos.rte.security 6.1.6.3 6.1.6.2 bos.rte.shell 6.1.6.3 6.1.6.2 bos.wpars 6.1.6.2 6.1.6.1 devices.chrp.base.diag 6.1.6.3 6.1.6.2 devices.common.IBM.ethernet.rte 6.1.6.2 6.1.6.1 devices.common.IBM.sissas.rte 6.1.6.2 6.1.6.1 devices.ethernet.ct3.cdli 6.1.6.3 6.1.6.2 devices.fcp.disk.rte 6.1.6.2 6.1.6.1 devices.pci.4f11c800.rte 6.1.6.2 6.1.6.1 devices.pciex.e4143a16e4143009.diag 6.1.6.2 6.1.6.1 devices.pciex.e4143a16e4143009.rte 6.1.6.3 6.1.6.2 printers.rte 6.1.6.2 6.1.6.1
Alternatively use the instfix command which gives more information but less readable:
[root@labotest]/root# instfix -ci |grep 61-06-061140|grep :=: 61-06-061140_SP:bos.rte.install:6.1.6.16:6.1.6.16:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:clic.rte.kernext:4.7.0.1:4.7.0.1:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:clic.rte.lib:4.7.0.1:4.7.0.1:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:devices.chrp.base.ServiceRM:1.5.0.1:1.5.0.1:=:AIX 6100-06-06 Ser vice Pack 61-06-061140_SP:rsct.compat.basic.hacmp:3.1.0.1:3.1.0.1:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:rsct.core.errm:3.1.0.2:3.1.0.2:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:rsct.core.fsrm:3.1.0.1:3.1.0.1:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:rsct.core.sec:3.1.0.2:3.1.0.2:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:rsct.core.sensorrm:3.1.0.1:3.1.0.1:=:AIX 6100-06-06 Service Pack 61-06-061140_SP:rsct.core.sr:3.1.0.2:3.1.0.2:=:AIX 6100-06-06 Service Pack
Standard commands to manage AIX packages
List the content of a repository (with detailed packages)
[root@aix01]/root# installp -L -d /export/softs/PowerHA/7.2.5.3/ cluster.adt.es:cluster.adt.es.client.include:7.2.5.0::I:T:::::N:PowerHA SystemMirror Client Include Files::::0:0743: cluster.adt.es:cluster.adt.es.client.include:7.2.5.1::S:T:::::N:PowerHA SystemMirror Client Include Files::::0:0743:
# lslpp -l : list all AIX packages # lslpp -L : list only latest version of packages # lslpp -Lc : list with ":" as separator # lslpp -f <package_name> : list all files from an installed package # lslpp -w <command_full_path> : list the package from which the command belong to # lslpp -qch : list hostory on packages # install_all_updates -d ./ -rc -Y : update all packages from current directory (-Y: accept licenses) # installp -gXY -d ./ rpm.rte : update only one package # installp -agXY -d ./ xlC.rte : install a specific packages from current directory (-Y: accept licenses) # installp -F -acN -d ./ cas.agent : Force the reinstall of a broken package # installp -u -g <package name> : remove installed package and dependencies
Best practice for updating you OS:
- first update the install tools
- preview the remainder of the TL update
- apply the TL update
installp -d <path> -i installp -d <path> -p installp -d <path>
IMPORTANT If you have a trouble during upgrade of packages like ios.cli.rte on a VIOS, you can use the following command to retry the upgrade on the root part of the package (for this package the base install is not available):
# installp -Or -agX ios.cli.rte
Date of package update
Date for latest kernel upgrade
root@nimprod /root> lslpp -h | grep -p bos.mp bos.mp64 7.2.5.203 COMMIT COMPLETE 07/24/23 15:05:28 7.2.5.205 COMMIT COMPLETE 11/15/23 10:27:26
installp in debug mode
Set the following variable before starting installation
export INST_DEBUG=y
check package consistency
Check AIX package consistency: normal, checksum, deep, file list, links
# lppchk -v # lppchk -c # lppchk -vm3 # lppchk -f # lppchk -l
Convert bff AIX packages
In order to have 1 kind of package format, with an extension .U (update) or .I (install); you can convert package .bff or packages without extension into this format with smit bffcreate or this command:
# bffcreate -v -d /software -t /export/softs/tsm all -v: verbose -d : for source directory -t: for target
Cleanup an lppsource
To remove duplicate packages from a directory ppc and put unused files into /software/ppc (lppmgr command):
# /usr/lib/instl/lppmgr -d ppc -ubx -m /software/lpp -V
Manually extract files from an AIX package
To list all files into an AIX package:
[root@labotest:/root/]# restore -Tqvf openssh.base.5.4.0.6100.I New volume on openssh.base.5.4.0.6100.I: Cluster 51200 bytes (100 blocks). Volume number 1 Date of backup: Fri Jun 11 20:33:09 2010 Files backed up by name User BUILD 0 ./ 813 ./lpp_name 0 ./usr 0 ./usr/lpp 0 ./usr/lpp/openssh.base 10214 ./usr/lpp/openssh.base/liblpp.a 0 ./usr/lpp/openssh.base/inst_root 15012 ./usr/lpp/openssh.base/inst_root/liblpp.a 2183447 ./usr/sbin/sshd 939809 ./usr/sbin/sftp-server 358171 ./usr/sbin/ssh-pkcs11-helper 0 ./usr/lpp/openssh.base/inst_root/etc/ssh 3173 ./usr/lpp/openssh.base/inst_root/etc/ssh/sshd_config 307 ./usr/lpp/openssh.base/inst_root/etc/rc.d/rc2.d/Ksshd 308 ./usr/lpp/openssh.base/inst_root/etc/rc.d/rc2.d/Ssshd 0 ./usr/lpp/openssh.base/inst_root/var/empty 1591501 ./usr/bin/ssh 175350 ./usr/bin/scp 341077 ./usr/bin/sftp 468780 ./usr/bin/ssh-add 653846 ./usr/bin/ssh-keygen 879015 ./usr/bin/ssh-keyscan 386534 ./usr/bin/ssh-agent 873859 ./usr/sbin/ssh-keysign 128891 ./usr/sbin/ssh-rand-helper 0 ./usr/openssh 3135 ./usr/openssh/README 16000 ./usr/openssh/license_ssh.txt 2341 ./usr/lpp/openssh.base/inst_root/etc/ssh/ssh_prng_cmds 1555 ./usr/lpp/openssh.base/inst_root/etc/ssh/ssh_config 132839 ./usr/lpp/openssh.base/inst_root/etc/ssh/moduli total size: 9165977 files archived: 31
Extract all files from package (packages have relative paths):
[root@labotest:/root/]# restore -xqvf openssh.base.5.4.0.6100.I
Extract one file:
[root@labotest:/root/]# restore -xqvf openssh.base.5.4.0.6100.I ./usr/lpp/openssh.base/inst_root/liblpp.a New volume on openssh.base.5.4.0.6100.I: Cluster 51200 bytes (100 blocks). Volume number 1 Date of backup: Fri Jun 11 20:33:09 2010 Files backed up by name User BUILD x 15012 ./usr/lpp/openssh.base/inst_root/liblpp.a total size: 15012 files restored: 1
To read header, and scripts files contained into a package:
- First extract the file liblpp.a as above: # restore -xqvf <package_name> ./usr/lpp/<package>/inst_root/liblpp.a
- Then extract from this archive file all the content: # ar -xv ./usr/lpp/<package>/inst_root/liblpp.a
To read the content of an archive: ar -tv <archive_file>
- Now you can read all files Example, post install script from openssh package:
[root@labotest:/root/usr/lpp/openssh.base/inst_root/]# cat openssh.base.server.post_i
#!/usr/bin/ksh
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# 61pkgssh54A src/packages/openssh/base/server/root/openssh.base.server.post_i.sh 1.10
#
# Licensed Materials - Property of IBM
#
# COPYRIGHT International Business Machines Corp. 2001,2003
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
# Create the 'host' private and public keys for the sshd daemon to load
#
# chkconfig: 2345 55 25
# Check to see if customer is installing ssh during a BOS install
if [[ -n $INUBOSTYPE ]]; then
# Customer is doing a BOS install. ssh does not have the necessary
# random bits to perform ssh-keygen right now. Instead, we want this
# script to run after the machine has rebooted from BOS install, so
# copy this script over to /etc/firstboot
# We need to touch the hostkey files. Otherwirse, the install will fail,
# reporting that the hostkey files do not exist. We will touch the files now
# and create the real hostkeys after the reboot.
touch /etc/ssh/ssh_host_key
touch /etc/ssh/ssh_host_key.pub
touch /etc/ssh/ssh_host_rsa_key
touch /etc/ssh/ssh_host_rsa_key.pub
touch /etc/ssh/ssh_host_dsa_key
touch /etc/ssh/ssh_host_dsa_key.pub
# After the BOS install reboot, remove the touched hostkey files, otherwise the ssh-keygen
# command will stop and ask the user if these files should be overwritten
print "rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub" >> /etc/firstboot
print "/usr/lpp/openssh.base/inst_root/openssh.base.server.post_i" >> /etc/firstboot
else
# Not doing a BOS install, so perform ssh installation as normal
#generate the RSA host key
if [ ! -s /etc/ssh/ssh_host_rsa_key ]
then
/usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N '' >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "RSA key generation failed"
exit 1
fi
fi
# generate the RSA1 host key for the ssh daemon
if [ ! -s /etc/ssh/ssh_host_key ]
then
/usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -C '' -N '' > /dev/null 2>&1
if [ $? -ne 0 ]
then
echo "RSA1 key generation failed"
exit 1
fi
fi
#generate the DSA host key
if [ ! -s /etc/ssh/ssh_host_dsa_key ]
then
/usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N '' >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "DSA key generation failed"
exit 1
fi
fi
fi
exit 0
Library static/library dynamic
List libraries contained into .a
[root@nim]/tmp/bull# ar -X32_64 -t -v /opt/freeware/lib/libintl.a rwxr-xr-x 0/0 81732 Mar 9 16:28 2017 libintl.so.9 rwxr-xr-x 0/0 89207 Mar 9 16:40 2017 libintl.so.9 rwxr-xr-x 0/0 114582 Mar 9 16:40 2017 libintl.so.1 rwxr-xr-x 0/0 130986 Mar 9 16:40 2017 libintl.so.1 rwxr-xr-x 0/0 81610 Mar 9 16:40 2017 libintl.so.8 rwxr-xr-x 0/0 89181 Mar 9 16:40 2017 libintl.so.8
Extract the 32 bit library so.9
[root@aix01]/tmp/bull# ar -X32 -x -v /opt/freeware/lib/libintl.a -o libintl.so.9 ar: 0707-109 Member name -o does not exist. x - libintl.so.9
Covert the .so.9 in .a:
[root@aix01]/tmp/bull# ar -rv libintl.a libintl.so.9 ar: Creating an archive file libintl.a. a - libintl.so.9
List version of .so library
[root@aix01]/tmp/bull# dump -H /usr/opt/freeware/lib/libsqlite3.so /usr/opt/freeware/lib/libsqlite3.so: ***Loader Section*** Loader Header Information VERSION# #SYMtableENT #RELOCent LENidSTR 0x00000001 0x00000152 0x00000a6f 0x0000006d #IMPfilID OFFidSTR LENstrTBL OFFstrTBL 0x00000004 0x00009d04 0x00001951 0x00009d71 ***Import File Strings*** INDEX PATH BASE MEMBER 0 /opt/freeware/lib:/opt/freeware/lib:/usr/lib:/lib 1 libgcc_s.a shr.o 2 libc.a shr.o 3 libpthread.a shr_xpg5.o
To convert a library file .so from dynamic to a static file .a
- Use the command:
# ar -rv <lib.a> <lib.so>
To convert a library file .a from static to a dynamic file .so
- Use the command (here 64 bits):
# /opt/freeware/bin/gcc -maix64 -shared -Wall /opt/freeware/lib/libgmp.a -o libgmp.so.10
Now check if library 32 or 64 bits (32b 'll failed)
[root@aix06] /opt/freeware/lib> dump -X32 -H /opt/freeware/lib/libgmp.so.10 /opt/freeware/lib/libgmp.so.10: dump: /opt/freeware/lib/libgmp.so.10: 0654-108 file is not valid in the current object file mode. Use the -X option to specify the desired object mode. [root@aix06] /opt/freeware/lib> dump -X64 -H /opt/freeware/lib/libgmp.so.10 /opt/freeware/lib/libgmp.so.10: ***Loader Section*** Loader Header Information VERSION# #SYMtableENT #RELOCent LENidSTR 0x00000001 0x00000007 0x0000001c 0x000000d3 #IMPfilID OFFidSTR LENstrTBL OFFstrTBL 0x00000002 0x000002a0 0x0000009b 0x00000373 ***Import File Strings*** INDEX PATH BASE MEMBER 0 /opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/10/ppc64:/opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/10:/opt/freeware/lib/gcc/powerpc-ibm-aix7.2.0.0/10/../../..:/opt/freeware/lib:/usr/lib:/lib 1 libgcc_s.a shr.o
Old command
# gcc -shared -Wl,--whole-archive library.a -o library.so
When a reboot is needed ?
If process init appears in the list after upgrade, the reboot you LPAR:
[root@nim]/root# genld -u Proc_pid: 1 Proc_name: init Proc_pid: 15466758 Proc_name: sshd ...
aix/aix_package.txt · Last modified: 2025/01/16 12:37 by manu
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
