Hello,
Nice to see project ongoing, there are lot of things done so far - good tempo.
I am regular irregular sysadmin, well experienced packager and I've done
near-perfect packages of terribly written and organized software I don't wish
to ever see running, so, while testing bareos on Centos 6 and Centos 7 and want
to do some good stuff too, I've started reviewing how RPM packaging is done and
I can say it looks terrible.
I didn't see any development guidelines, especially in packaging, so, if this
post is not good for you - please let me know.
I will list some issues and it's not really hard to fix it, but need some work
to do. I can help. I am sure these issues are actual for RHEL repos too.
What was found in just two (!) minutes:
1. Repository (.repo) files have common names, like "contrib.repo", this MUST
be replaced with something like "bareos-contrib.repo"
2. Description headers in repository files have common names, resulting in
breakage of compatibility and ignoring bareos repo file:
[root@backup ~]# yum update
Loaded plugins: presto, puppetverify, rpm-warm-cache, security, upgrade-helper,
versionlock
Repository contrib is listed more than once in the configuration
No Packages marked for Update
3. No release packages like "bareos-release-14.2-1.el6.bo.noarch.rpm" are
present, no clean upgrades, no integrity checks, no requirements. Just download
repo and go? hm. very ugly.
4. No signature keys are provided for verification onsite, but available only
in repo, no HTTPS - seriously breaks security, may lead to Man-in-the-middle
attack/replacement of packages on the fly. And yes, it's done by security
agencies, yes, I've faced that. Some of these have contacted me to do that on
mirror repositories. We don't want to see users installing spyware on their
linux servers, don't we?
Keys or release packages containing keys MUST be provided in secure way. The
rest, including updates - not important, will be verified anyway.
5. php5-ZendFramework package provided for Centos 6 conflicts with
php-ZendFramework provided via de-facto everywhere used EPEL repository.
EPEL provides version 1.12.9-1.el6, while bareos provides older 1.12.6-7.1.
WTH? Are we rollling it back? Are we maintaining it better than EPEL? Are there
any incompatibilities in new version?
6. Broken dependencies, impossible to meet requirements:
Error: Package: php5-ZendFramework-dojo-1.12.6-7.1.noarch (bareos-contrib)
Requires: /usr/bin/sh
Error: Package: php5-ZendFramework-cache-backend-apc-1.12.6-7.1.noarch
(bareos-contrib)
Requires: php-APC
Error: Package: php5-ZendFramework-tests-1.12.6-7.1.noarch (bareos-contrib)
Requires: php-pear-phpunit
7. This might be a false alarm, is lzo 2.06 required over 2.03?
---> Package lzo.x86_64 0:2.03-3.1.el6_5.1 will be updated
---> Package lzo.x86_64 0:2.06-1.1 will be an update
---> Package lzo-devel.x86_64 0:2.03-3.1.el6_5.1 will be updated
---> Package lzo-devel.x86_64 0:2.06-1.1 will be an update
I'll be happy to work on improvement and testing...
Thanks
--
You received this message because you are subscribed to the Google Groups
"bareos-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to bareos-devel+unsubscr...@googlegroups.com.
To post to this group, send email to bareos-devel@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
