To (finally) follow up on this, ATS 9.1.2 is now in the Fedora and EPEL8 repos, and should land in EPEL7 and EPEL9 shortly: https://bodhi.fedoraproject.org/updates/?packages=trafficserver
Regards, --Jered ----- On Apr 18, 2022, at 6:12 PM, Jered Floyd je...@convivian.com wrote: > Hello! This is just a short note to introduce myself, and share a new > packaging > effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes. > > You can review and test ATS 9.1.2 packages for these platforms here, but I > intend for them to be in the official repo soon. > [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ | > https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ] > > A few notes on these packages: > > 1) traffic_manager and traffic_server do not run as root; instead they run as > the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for access to > privileged ports. > > 2) I've written an SELinux policy module that is run as enforcing. It works > for > me, but it's possible that I am missing permissions for some plugin behaviors. > If something isn't working right for you, please check your SELinux logs first > and let me know if tuning is needed. One this is accepted into Fedora there > will be an official bug tracker. > > 3) There is no build for CentOS Stream 9 because the tscore HKDF tests fail > with > OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor will > RHEL 9). This is probably an OpenSSL bug but I haven't investigated further > yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [ > https://github.com/apache/trafficserver/issues/7341 | > https://github.com/apache/trafficserver/issues/7341 ] > > As for who I am, I standardized some years ago on ATS for my personal > infrastructure on Debian. A few years ago I joined Red Hat and this month > finally decided I should migrate to our distros as part of a platform refresh, > but ATS was not packaged.... so I foolishly decided that becoming the Fedora > package maintainer would be easier than migrating to a different reverse > proxy. > :-) > > Regards, > --Jered
