-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Official .deb / .rpm packages for gnatsd #404
Comments
Has there been any movement on this issue? I won't be able to use NATS until there's an rpm available. |
I think that this would be a great addition. If you want to get the RPM ready for EPEL, you'll need to make sure that it is built directly from source. |
Agreed on creating .debs and .rpms. This feature must meet the following requirements:
|
@petemiron As a secondary priority, I would highly recommend also adding an SELinux policy to confine the running daemon. This is required by the DISA STIGs among other regulations. |
I've updated the spec file to build from source. (Found a ready-to-go example here). Can someone please take a look at my comment one up? Once that's done we can submit it to EPEL. |
@RedShift1 I cannot comment much on the overall work (not my expertise), but to answer your question about the configuration file, the link to the actual repo is probably more up-to-date and accurate. As for building the executable from source, I would replace the build command found here by this:
This will match exactly how the release is built and published on the Github repo. Let's see if @petemiron has more insight in the gnatsd.spec file. |
@kozlovic That creates a static binary, which is frowned upon. Can that command be reworked to produce a stripped, but not statically linked binary? (Only for the RPM of course - not for the binaries published on the repo). |
Then same without |
Ok that's settled then. Only need to add documentation and a manpage for gnatsd. |
If this is dynamically linked, would it by any chance use system openssl? I'm not very experienced with packaging or development, but I know that if it uses the system openssl then it will be cryptographically valid for FIPS and other NIST guidelines. |
Added preliminary versions of the manpage for gnatsd and documented configuration file. |
@jeefberkey It does NOT use system OpenSSL (irregardless of linking), it uses the Go builtin crypto/tls package. A quick Google reveals there are bindings for OpenSSL, but this should really be discussed in a separate bug. |
Any comments on the manpage/documented configuration file? |
@RedShift1 this looks really good. I'm going to create a new issue for RPM only. Then, can you create a PR with your RPM files in: |
Regarding Debian, the easiest and best way to create packages is probably to use Michael Stapelbergs'
Unfortunately the last build fails because of test failures, but gnatsd would be built otherwise, I suppose. Then customizing debian package files and adding systemd scripts would be fairly easy. Hope it helps. |
Thanks. Will take a look. |
I may have spoken too fast: it seems to work at first because the build process installs files directly in golang's system directory, but apparently |
I wouldn't mind a default conf file with logs enabled for this. Could anyone from the team make one? |
We have built NATS Server v2.0.4 (https://github.com/nats-io/nats-server/releases/tag/v2.0.4) using Goreleaser which has produced deb and rpm packages. Closing this for now. |
It would be great if NATS provided official Debian (and RPM?) packages for gnatsd. Just add the NATS repo to the apt sources list on an x86 server or RPi ARM IoT device, and 'apt-get install gnatsd'. Would start gnatsd as a service using default config. Would auto start on reboot. Would log gnats meta activity to a standard location.
Users of gnatsd (outside Docker) must be making their own deployment wrappers using .deb, .rpm, etc. As NATS adoption grows, that represents a lot of duplicate effort.
Ideally, with official packages from NATS.io, we could apt-get update/upgrade on x86 servers and RPi ARM IoT devices to sync up with a new version the day it is released. If we look to the NATS ecosystem to provide the packages, they will be unofficial, and will tend to lag behind NATS.io releases.
Just an idea. Thanks for NATS. It's great.
The text was updated successfully, but these errors were encountered: