search

rabbitmq / erlang-rpm

Latest Erlang/OTP releases packaged as a zero dependency RPM, just enough for running RabbitMQ
https://rabbitmq.com/install-rpm.html
Other
545 stars 117 forks source link

Extend support for CentOS/Redhat 7 for erlang (openssl issue) #120

Closed antoinetran closed 1 year ago

antoinetran commented 1 year ago

Is your feature request related to a problem? Please describe.

Doc says:

Older distributions can also lack a recent enough version of OpenSSL. Erlang 24 cannot be used on distributions that do not provide OpenSSL 1.1 as a system library. CentOS 7 and Fedora releases older than 26 are examples of such distributions.

Thus we cannot install rabbitmq > 3.10.7 because the more recent version relies on erlang 24.X.

Describe the solution you'd like

We can extends support very easily without compromising on security: EPEL yum repository already provides openssl 1.1.1 (openssl11-1.1.1k-5.el7.x86_64.rpm)

We cannot update the core openssl version of CentOS/Redhat 7 from their repositories but we can rely on the newer version installed from EPEL.

Describe alternatives you've considered

Forcing update to CentOS/Redhat 8 or 9 is a solution but rather drastic and customer that has paid support for Redhat 7 has still support from Redhat (Maintenance Support 2 ends on June 30, 2024). I believe we should let customers the time to upgrade because for some project, this is costly.

Additional context

No response

antoinetran commented 1 year ago

Linked to #83

michaelklishin commented 1 year ago

You have a support subscription with Red Hat, not our team. You get this package for free, it is open source, you can build packages in any environment that can run Docker.

CentOS and RHEL offer these crazy support timelines if 10 years, sorry, I am not signing up for anything like that, in particular for tools you expect to get for free.

You can fork this repo and build your own packages with any modifications you need.

michaelklishin commented 1 year ago

I find it very ironic that such projects exist because CentOS and RedHat have dropped the ball on maintaining up-to-date Erlang (and other software) packages, and are always years behind on everything.

And now their paying customers expect open source maintainers to do the job of the RHEL packaging team for free, maintaining a distribution from 2013 in 2023.

Pretty unbelievable.

antoinetran commented 1 year ago

@michaelklishin

I am just offering a technical and almost "effortless" (the openssl library is already packaged) to get a little more support. Anyway, I understand your position. I won't argue with the "politic" arguments and you are probably right.

michaelklishin commented 1 year ago

A team at VMware might need a CentOS 7 package of Erlang 24 or 25, so I decided to try it and so far, I've noticed that the OpenSSL 1.1 package is x86_64 only, and so is everything related to CentOS 7.

I need to set up an x86_64 host to continue but since we support x86_64 or aarch64 builds now, this is a yet another example of how CentOS 7 is hopelessly behind the times.

antoinetran commented 1 year ago

Thanks for the try! Ok I see openssl is indeed not in aarch64, not ideal!

michaelklishin commented 1 year ago

Thanks to @Gsantomaggio we now have a one-off pair of CentOS 7 packages of Erlang 25.3.1 that are statically linked against OpenSSL 1.1.x.

They were added to the release. We do not plan on regularly building these versions but if it works well for CentOS 7 users, it would allow them to run even RabbitMQ 3.12.x (expected to ship this month).