Hacker News new | ask | show | jobs
by dozzie 3885 days ago
Vendor packages are rarely properly built, so this is a large no-no for Elasticsearch.
3 comments
voltagex_ 3884 days ago
Lintian says:

    E: elasticsearch: file-in-usr-marked-as-conffile usr/lib/systemd/system/elasticsearch.service
    E: elasticsearch: description-starts-with-package-name
    W: elasticsearch: description-too-long
    E: elasticsearch: extended-description-is-empty
    W: elasticsearch: non-standard-dir-perm etc/elasticsearch/ 0750 != 0755
    W: elasticsearch: executable-is-not-world-readable etc/elasticsearch/elasticsearch.yml 0750
    W: elasticsearch: executable-is-not-world-readable etc/elasticsearch/logging.yml 0750
    W: elasticsearch: non-standard-dir-perm etc/elasticsearch/scripts/ 0750 != 0755
    E: elasticsearch: dir-or-file-in-var-run var/run/elasticsearch/
    E: elasticsearch: postrm-contains-additional-updaterc.d-calls etc/init.d/elasticsearch
    W: elasticsearch: script-in-etc-init.d-not-registered-via-update-rc.d etc/init.d/elasticsearch
    W: elasticsearch: executable-not-elf-or-script etc/elasticsearch/elasticsearch.yml
    W: elasticsearch: executable-not-elf-or-script etc/elasticsearch/logging.yml
    W: elasticsearch: maintainer-script-calls-systemctl postinst:82
    W: elasticsearch: maintainer-script-calls-systemctl postrm:72
    W: elasticsearch: maintainer-script-calls-systemctl prerm:51
Doesn't look too bad, I'd want to fix the permissions but it's not the worst thing I've seen
link
pliu 3885 days ago
I don't necessarily agree with this statement, but I suppose it depends on the vendor huh.

For what it's worth, I am currently running off the official packages at moderate scale (~30 machines all together) and have not yet had an issue with it, though it's certainly possible that one will arise and I will thereafter curse Elasticsearch forever.

In this particular case though, security updates are critical, so what other choice is there unless you want to package your own?

link
thawkins 3885 days ago
The redhat/fedora repository versions of ES are so badly broken that they are a hazzard. It would be a service for redhat to pull them too.
link