VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
aaron.hunter2 at gmail...
Guest
|
 Posted: Sun Apr 12, 2015 7:23 am Post subject: [asterisk-users] Recommended changes to the binary packaging |
 |
|
I think the way Digium has structured the binary packages could use a major change. I rely on the binary packages rather than compiling by source because my systems are managed by an automated CM tool (I use Ansible but those using Chef or Puppet will face the same problems) and for security reasons. I use the CentOS packages.
Some issues with the current package structure are:
- It installs unneeded repositories. The asterisknow package install 12 repositories, of which I use at most 4 (2 asterisk and 2 digium)
- It changes which repositories are enabled and disabled.
- It overwrites .repo files
- Packages are not signed
- It overwrites /etc/issue which is a security violation (albeit a minor one).
- It installs packages I don't need such as the dahdi ones.( Maybe some of these are needed for a minimal system, I could be wrong.)
- It requires the "--enablerepo=x" in the yum command line
The conflict between the Digium repositories and epel is a problem for me as well but since I can't determine what the actual cause is (probably package naming issues) I won't include it in my list.
These problems break the automated management of my system and cause security concerns.
Instead of the complex current system I would recommend something more simple:
- Remove asterisknow or at least make it optional
- Allow users to install a minimally functioning asterisk from the asterisk-x and asterisk-current repos only. Any additional modules needed should be installed separately, including those from the commercial digium repositories.
- Sign the packages and enable gpgcheck
- Don't overwrite system files or current .repo files
In other words: install asterisk .repo files, yum install asterisk, install config files, done.
If others on this list also use automated tools to manage their systems I'd like to hear how you handle the installation and maintenance of asterisk.
Thank you,
Aaron |
|
| Back to top |
|
 |
tzafrir.cohen at xorco...
Guest
|
| Posted: Sun Apr 19, 2015 11:22 am Post subject: [asterisk-users] Recommended changes to the binary packaging |
|
|
On Sun, Apr 12, 2015 at 08:22:44AM -0400, Aaron Hunter wrote:
| Quote: | I think the way Digium has structured the binary packages could use a major
change. I rely on the binary packages rather than compiling by source
because my systems are managed by an automated CM tool (I use Ansible but
those using Chef or Puppet will face the same problems) and for security
reasons. I use the CentOS packages.
|
If you don't like the existing packages, build your own packages.
| Quote: |
Some issues with the current package structure are:
- It installs unneeded repositories. The asterisknow package install 12
repositories, of which I use at most 4 (2 asterisk and 2 digium)
- It changes which repositories are enabled and disabled.
- It overwrites .repo files
- Packages are not signed
- It overwrites /etc/issue which is a security violation (albeit a minor
one).
- It installs packages I don't need such as the dahdi ones.( Maybe some of
these are needed for a minimal system, I could be wrong.)
|
Unless something changed recently, there's a separate package
asterisk-dahdi. Don't install it if you don't want it.
| Quote: | - It requires the "--enablerepo=x" in the yum command line
The conflict between the Digium repositories and epel is a problem for me
as well but since I can't determine what the actual cause is (probably
package naming issues) I won't include it in my list.
|
Do include an example output of a conflict so we can have an idea of the
potential problem.
| Quote: |
These problems break the automated management of my system and cause
security concerns.
Instead of the complex current system I would recommend something more
simple:
- Remove asterisknow or at least make it optional
- Allow users to install a minimally functioning asterisk from the
asterisk-x and asterisk-current repos only. Any additional modules needed
should be installed separately, including those from the commercial digium
repositories.
- Sign the packages and enable gpgcheck
- Don't overwrite system files or current .repo files
|
What's the problem?
Have you considered providing your own asterisk.conf with an alternative
astetcdir?
| Quote: |
In other words: install asterisk .repo files, yum install asterisk, install
config files, done.
|
"yum install asterisk" means it installs a pre-defined set of modules.
But you preffered to have a more modular packaging.
| Quote: |
If others on this list also use automated tools to manage their systems I'd
like to hear how you handle the installation and maintenance of asterisk.
|
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen@xorcom.com
+972-50-7952406 mailto:tzafrir.cohen@xorcom.com
http://www.xorcom.com
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
