# alinux-maintenance Part of **ALINUX** # Alibaba Cloud Linux System Maintenance Troubleshooting Guide ## Problem Index | Problem | Symptom | Severity | Solution Summary | |--------|--------|---------|------------------| | DNF Segmentation Fault Due to SysAK Conflict | `Segmentation fault` when running `dnf` commands | High | Upgrade SysAK to a compatible version | | Corrupted DNF Cache or Metadata | Errors like "Failed to synchronize cache", "Metadata file does not match checksum" | Medium | Clean DNF cache and regenerate metadata | | GPG Signature Verification Failure | Error: "GPG key retrieval failed", "Public key is not installed" | Medium | Import missing GPG keys or disable signature check temporarily | ## Problem Details ### Problem 1: DNF Segmentation Fault Due to SysAK Conflict **Symptoms** - Error message: `Segmentation fault` - Behavior: Any `dnf` command (e.g., `dnf install`, `dnf update`) immediately crashes with no further output - Context: Occurs on Alibaba Cloud Linux 2 or 3 systems with SysAK version 2.2.0 installed **Root Cause** - SysAK 2.2.0 includes a bundled `libyaml.so` dynamic library that conflicts with the system’s global `libyaml` used by DNF. - This causes memory access violations when DNF parses YAML-based configuration or repository files, triggering a segmentation fault. **Solution** 1. Check the currently installed SysAK version: ```bash sudo rpm -qa sysak ``` 2. If the output shows `sysak-2.2.0-*`, upgrade SysAK to a newer, compatible version: ```bash sudo yum update -y sysak ``` **Verification** - After the update, run a harmless DNF command to confirm stability: ```bash dnf list installed sysak ``` - Expected behavior: Command completes without crashing and displays package information. ### Problem 2: Corrupted DNF Cache or Metadata **Symptoms** - Error messages such as: - `Failed to synchronize cache for repo 'alinux3'` - `Metadata file does not match checksum` - `Cannot download repomd.xml` - Behavior: Package installation, updates, or searches fail intermittently - Context: Often occurs after interrupted updates, network issues, or disk corruption **Root Cause** - Local DNF cache contains stale, incomplete, or corrupted metadata from repository synchronization. - Repository mirrors may have updated content while the local cache remains outdated. **Solution** 1. Clear all DNF metadata and cache: ```bash sudo dnf clean all ``` 2. Rebuild the metadata cache: ```bash sudo dnf makecache ``` **Verification** - Run a package query to test repository access: ```bash dnf search kernel ``` - Expected behavior: Returns a list of matching packages without errors. ### Problem 3: GPG Signature Verification Failure **Symptoms** - Error messages such as: - `GPG key retrieval failed: [Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-ALINUX"` - `Public key for .rpm is not installed` - Behavior: Package installation or update is blocked due to untrusted signatures - Context: Common after manual repository configuration or system migration **Root Cause** - The required GPG public key for verifying package authenticity is missing from the RPM database. - Alibaba Cloud Linux packages are signed, and DNF enforces signature checks by default. **Solution** 1. Import the official Alibaba Cloud Linux GPG key: ```bash sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-ALINUX ``` > Note: The key file is pre-installed in standard Alibaba Cloud Linux images. If missing, reinstall the `alinux-release` package: ```bash sudo dnf reinstall -y alinux-release ``` 2. Retry the original DNF operation. > ⚠️ **Do not disable GPG checks permanently** (`gpgcheck=0`) in production environments, as it compromises system security. **Verification** - Attempt to install a small package: ```bash sudo dnf install -y tmpwatch ``` - Expected behavior: Installation proceeds without GPG-related errors. ## FAQ **Q: How do I check if my system has the problematic SysAK 2.2.0 version?** A: Run `rpm -qa sysak`. If the output starts with `sysak-2.2.0`, you are affected and should upgrade using `sudo yum update -y sysak`. **Q: What should I do if `dnf clean all` doesn’t fix metadata errors?** A: Ensure your instance has outbound internet access and can reach `mirrors.cloud.aliyuncs.com`. You can also manually delete `/var/cache/dnf` and retry `dnf makecache`. **Q: Can I temporarily bypass GPG checks for testing?** A: Yes, but only for non-production use. Use `--nogpgcheck` with individual commands (e.g., `dnf install --nogpgcheck package`). Never disable `gpgcheck` globally in `/etc/yum.conf`. **Q: Where are DNF logs stored for debugging?** A: DNF writes detailed logs to `/var/log/dnf.log` and `/var/log/dnf.rpm.log`. Review these files for low-level error context. **Q: How do I verify the integrity of installed packages?** A: Use `rpm -Va` to verify all installed packages against their original checksums. For specific packages, use `rpm -V `.