[asterisk-users] Recommended changes to the binary packaging system
Aaron Hunter
aaron.hunter2 at gmail.com
Sun Apr 12 07:22:44 CDT 2015
I think the way Digium has structured the binary packages could use a major
change. I rely on the binary packages rather than compiling by source
because my systems are managed by an automated CM tool (I use Ansible but
those using Chef or Puppet will face the same problems) and for security
reasons. I use the CentOS packages.
Some issues with the current package structure are:
- It installs unneeded repositories. The asterisknow package install 12
repositories, of which I use at most 4 (2 asterisk and 2 digium)
- It changes which repositories are enabled and disabled.
- It overwrites .repo files
- Packages are not signed
- It overwrites /etc/issue which is a security violation (albeit a minor
one).
- It installs packages I don't need such as the dahdi ones.( Maybe some of
these are needed for a minimal system, I could be wrong.)
- It requires the "--enablerepo=x" in the yum command line
The conflict between the Digium repositories and epel is a problem for me
as well but since I can't determine what the actual cause is (probably
package naming issues) I won't include it in my list.
These problems break the automated management of my system and cause
security concerns.
Instead of the complex current system I would recommend something more
simple:
- Remove asterisknow or at least make it optional
- Allow users to install a minimally functioning asterisk from the
asterisk-x and asterisk-current repos only. Any additional modules needed
should be installed separately, including those from the commercial digium
repositories.
- Sign the packages and enable gpgcheck
- Don't overwrite system files or current .repo files
In other words: install asterisk .repo files, yum install asterisk, install
config files, done.
If others on this list also use automated tools to manage their systems I'd
like to hear how you handle the installation and maintenance of asterisk.
Thank you,
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20150412/21258f7f/attachment.html>
More information about the asterisk-users
mailing list