Recommended Changes To The Binary Packaging System
I think the way Digium has structured the binary packages could use a major change. I rely on the binary packages rather than compiling by source because my systems are managed by an automated CM tool (I use Ansible but those using Chef or Puppet will face the same problems) and for security reasons. I use the CentOS packages.
Some issues with the current package structure are:
– It installs unneeded repositories. The asterisknow package install 12
repositories, of which I use at most 4 (2 asterisk and 2 digium)
– It changes which repositories are enabled and disabled.
– It overwrites .repo files
– Packages are not signed
– It overwrites /etc/issue which is a security violation (albeit a minor one).
– It installs packages I don’t need such as the dahdi ones.( Maybe some of these are needed for a minimal system, I could be wrong.)
– It requires the “–enablerepo=x” in the yum command line
The conflict between the Digium repositories and epel is a problem for me as well but since I can’t determine what the actual cause is (probably package naming issues) I won’t include it in my list.
These problems break the automated management of my system and cause security concerns.
Instead of the complex current system I would recommend something more simple:
– Remove asterisknow or at least make it optional
– Allow users to install a minimally functioning asterisk from the asterisk-x and asterisk-current repos only. Any additional modules needed should be installed separately, including those from the commercial digium repositories.
– Sign the packages and enable gpgcheck
– Don’t overwrite system files or current .repo files
In other words: install asterisk .repo files, yum install asterisk, install config files, done.
If others on this list also use automated tools to manage their systems I’d like to hear how you handle the installation and maintenance of asterisk.
Thank you, Aaron
One thought on - Recommended Changes To The Binary Packaging System
If you don’t like the existing packages, build your own packages.
Unless something changed recently, there’s a separate package asterisk-dahdi. Don’t install it if you don’t want it.
Do include an example output of a conflict so we can have an idea of the potential problem.
What’s the problem?
Have you considered providing your own asterisk.conf with an alternative astetcdir?
“yum install asterisk” means it installs a pre-defined set of modules. But you preffered to have a more modular packaging.