Great news! I'm really happy to hear we'll have official Fedora/EPEL repo. Because we've received requests for a long time.
Actually, we had a little discussion at ASF slack channel recently. If you're not there, let me know. I'll invite you. — Masaori On Tue, Apr 19, 2022 at 7:13 AM Jered Floyd <je...@convivian.com> wrote: > > > Hello! This is just a short note to introduce myself, and share a new > packaging effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes. > > You can review and test ATS 9.1.2 packages for these platforms here, but I > intend for them to be in the official repo soon. > [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ | > https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ] > > A few notes on these packages: > > 1) traffic_manager and traffic_server do not run as root; instead they run as > the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for access > to privileged ports. > > 2) I've written an SELinux policy module that is run as enforcing. It works > for me, but it's possible that I am missing permissions for some plugin > behaviors. If something isn't working right for you, please check your > SELinux logs first and let me know if tuning is needed. One this is accepted > into Fedora there will be an official bug tracker. > > 3) There is no build for CentOS Stream 9 because the tscore HKDF tests fail > with OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor > will RHEL 9). This is probably an OpenSSL bug but I haven't investigated > further yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [ > https://github.com/apache/trafficserver/issues/7341 | > https://github.com/apache/trafficserver/issues/7341 ] > > As for who I am, I standardized some years ago on ATS for my personal > infrastructure on Debian. A few years ago I joined Red Hat and this month > finally decided I should migrate to our distros as part of a platform > refresh, but ATS was not packaged.... so I foolishly decided that becoming > the Fedora package maintainer would be easier than migrating to a different > reverse proxy. :-) > > Regards, > --Jered
