Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Securing passwords etc during deb based install #7

Open
Robbt opened this issue Apr 25, 2019 · 1 comment
Open

Securing passwords etc during deb based install #7

Robbt opened this issue Apr 25, 2019 · 1 comment

Comments

@Robbt
Copy link
Member

Robbt commented Apr 25, 2019

So I recently installed the Airtime 2.5.1 debian file and I noticed that it had a number of security features that we still don't currently have in LibreTime such as promtping the user to set the icecast password to something other than hackme and setting up SSL.

It also didn't have a install screen after you set it up. I'm thinking it would be easy to avoid this screen if we just wrote the /etc/airtime.conf during install. We could also set the rabbitmq password to something other than default.

I'm wondering if we could do something similar with our debian packages.

Also another question for future security etc would be the idea of setting up a repo on libretime.org so that people could install libretime that way and have it automatically updated to the newest version via apt-get upgrade - how much work is that ?

I would like to help with these things but I don't know whether the ramp up time to learn how to do the debian related package building tasks would be helpful compared with working on other code related tasks I'm already familiar with.

@paddatrapper
Copy link
Collaborator

Icecast password should be prompted when installing the icecast package (at least it used to, I haven't installed it from an interactive shell in a while).

I don't understand - did it have the screen or not? It should have the screen because airtime.conf isn't currently written. A default setup would probably be a good idea. The rabbitmq password should be set during rabbitmq package install, I am reluctant to modify it in the LibreTime deb as that would make getting LibreTime into Debian repos more difficult (packages shouldn't modify anything managed by other packages).

I want to get LibreTime into Debian proper so that we support it through the usual distro mechanisms, but I will only do that after 3.0.0 is released and we are able to support a specific release for the full duration of an Ubuntu LTS. An apt repo would be useful for the interim. We could use a Launchpad PPA to do Ubuntu packages, as it would automatically build for all supported Ubuntu releases on amd64 and x86 architectures. Then hosting our own apt repo for Debian would be pretty simple - would only need to build for current stable and unstable. I have a couple looming deadlines in the next week or so, so I'm going to be a little scarce until I've got them done. After that I plan on looking into apt repo and PPA hosting, support, etc

I think working on the code is where you're needed at the moment. I will continue to create issues to track upstream changes I need for packaging. I also will create issues here to track issues that need fixing before LibreTime can enter Debian proper (the licencing with embedded dependencies is a nightmare...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants