[asterisk-users] Recommended changes to the binary packaging system

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Apr 19 11:21:43 CDT 2015 

On Sun, Apr 12, 2015 at 08:22:44AM -0400, Aaron Hunter wrote:
> I think the way Digium has structured the binary packages could use a major
> change. I rely on the binary packages rather than compiling by source
> because my systems are managed by an automated CM tool (I use Ansible but
> those using Chef or Puppet will face the same problems) and for security
> reasons. I use the CentOS packages.

If you don't like the existing packages, build your own packages.

> 
> Some issues with the current package structure are:
> - It installs unneeded repositories. The asterisknow package install 12
> repositories, of which I use at most 4 (2 asterisk and 2 digium)
> - It changes which repositories are enabled and disabled.
> - It overwrites .repo files
> - Packages are not signed
> - It overwrites /etc/issue which is a security violation (albeit a minor
> one).
> - It installs packages I don't need such as the dahdi ones.( Maybe some of
> these are needed for a minimal system, I could be wrong.)

Unless something changed recently, there's a separate package
asterisk-dahdi. Don't install it if you don't want it.

> - It requires the "--enablerepo=x" in the yum command line
> 
> The conflict between the Digium repositories and epel is a problem for me
> as well but since I can't determine what the actual cause is (probably
> package naming issues) I won't include it in my list.

Do include an example output of a conflict so we can have an idea of the
potential problem.

> 
> These problems break the automated management of my system and cause
> security concerns.
> 
> Instead of the complex current system I would recommend something more
> simple:
> - Remove asterisknow or at least make it optional
> - Allow users to install a minimally functioning asterisk from the
> asterisk-x and asterisk-current repos only. Any additional modules needed
> should be installed separately, including those from the commercial digium
> repositories.
> - Sign the packages and enable gpgcheck
> - Don't overwrite system files or current .repo files

What's the problem?

Have you considered providing your own asterisk.conf with an alternative
astetcdir?

> 
> In other words: install asterisk .repo files, yum install asterisk, install
> config files, done.

"yum install asterisk" means it installs a pre-defined set of modules.
But you preffered to have a more modular packaging.

> 
> If others on this list also use automated tools to manage their systems I'd
> like to hear how you handle the installation and maintenance of asterisk.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com

More information about the asterisk-users mailing list