Hello, Nice to see project ongoing, there are lot of things done so far - good tempo.
I am regular irregular sysadmin, well experienced packager and I've done near-perfect packages of terribly written and organized software I don't wish to ever see running, so, while testing bareos on Centos 6 and Centos 7 and want to do some good stuff too, I've started reviewing how RPM packaging is done and I can say it looks terrible. I didn't see any development guidelines, especially in packaging, so, if this post is not good for you - please let me know. I will list some issues and it's not really hard to fix it, but need some work to do. I can help. I am sure these issues are actual for RHEL repos too. What was found in just two (!) minutes: 1. Repository (.repo) files have common names, like "contrib.repo", this MUST be replaced with something like "bareos-contrib.repo" 2. Description headers in repository files have common names, resulting in breakage of compatibility and ignoring bareos repo file: [root@backup ~]# yum update Loaded plugins: presto, puppetverify, rpm-warm-cache, security, upgrade-helper, versionlock Repository contrib is listed more than once in the configuration No Packages marked for Update 3. No release packages like "bareos-release-14.2-1.el6.bo.noarch.rpm" are present, no clean upgrades, no integrity checks, no requirements. Just download repo and go? hm. very ugly. 4. No signature keys are provided for verification onsite, but available only in repo, no HTTPS - seriously breaks security, may lead to Man-in-the-middle attack/replacement of packages on the fly. And yes, it's done by security agencies, yes, I've faced that. Some of these have contacted me to do that on mirror repositories. We don't want to see users installing spyware on their linux servers, don't we? Keys or release packages containing keys MUST be provided in secure way. The rest, including updates - not important, will be verified anyway. 5. php5-ZendFramework package provided for Centos 6 conflicts with php-ZendFramework provided via de-facto everywhere used EPEL repository. EPEL provides version 1.12.9-1.el6, while bareos provides older 1.12.6-7.1. WTH? Are we rollling it back? Are we maintaining it better than EPEL? Are there any incompatibilities in new version? 6. Broken dependencies, impossible to meet requirements: Error: Package: php5-ZendFramework-dojo-1.12.6-7.1.noarch (bareos-contrib) Requires: /usr/bin/sh Error: Package: php5-ZendFramework-cache-backend-apc-1.12.6-7.1.noarch (bareos-contrib) Requires: php-APC Error: Package: php5-ZendFramework-tests-1.12.6-7.1.noarch (bareos-contrib) Requires: php-pear-phpunit 7. This might be a false alarm, is lzo 2.06 required over 2.03? ---> Package lzo.x86_64 0:2.03-3.1.el6_5.1 will be updated ---> Package lzo.x86_64 0:2.06-1.1 will be an update ---> Package lzo-devel.x86_64 0:2.03-3.1.el6_5.1 will be updated ---> Package lzo-devel.x86_64 0:2.06-1.1 will be an update I'll be happy to work on improvement and testing... Thanks -- You received this message because you are subscribed to the Google Groups "bareos-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to bareos-devel+unsubscr...@googlegroups.com. To post to this group, send email to bareos-devel@googlegroups.com. For more options, visit https://groups.google.com/d/optout.