Hi Major,
Hau idatzi du Major Hayden (major(a)mhtx.net) erabiltzaileak (2023 mai.
8(a), al. (22:51)):
Hey there,
I've been working on packaging the AWS SSM Agent[0] in Fedora on and off for a few
months now and I finally got a free moment to work on it again. However, there are a few
problems that have me scratching my head a little.
Just to level set, AWS Systems Manager[1] is an offering that allows AWS customers to
manage their instances outside the instance itself. We all know (and love) cloud-init, but
it really only handles the first boot provisioning of the instance. The SSM agent has
similarities to Azure's WALinuxAgent as it allows for management *after* the first
boot.
(For reference, WALinuxAgent is already packaged in Fedora and automatically enabled when
Fedora lands in an Azure instance.)
The main issue is around dependencies:
----------
# No commits since Mar 2021 ๐
'golang(github.com/Workiva/go-datastructures)'
# Should be covered by the existing aws-sdk-go package ๐ค
'golang(github.com/aws/aws-sdk-go/service/backupstorage)'
'golang(github.com/aws/aws-sdk-go/service/privatenetworks)'
'golang(github.com/aws/aws-sdk-go/service/ssm/ssmiface/mocks)'
'golang(github.com/aws/aws-sdk-go/service/ssmmds)'
'golang(github.com/aws/aws-sdk-go/service/ssmmds/ssmmdsiface)'
'golang(github.com/aws/aws-sdk-go/service/ssmmds/ssmmdsiface/mocks)'
# No commits since Jan 2017 ๐
'golang(github.com/carlescere/scheduler)'
# No commits since Jan 2017 ๐
'golang(github.com/cihub/seelog)'
# No commits since Sep 2018 ๐
'golang(github.com/digitalocean/go-smbios/smbios)'
# No commits since Sep 2016 ๐
'golang(github.com/pborman/ansi)'
# Last commit Feb 2023 ๐
'golang(github.com/xtaci/smux)'
----------
Some of these have not been updated in quite some time and many of them have several
unresolved bugs that are years old. Although I'd like to get the SSM Agent packaged in
Fedora, I don't like the idea of packaging quite a few packages which aren't being
actively maintained.
One potential option is to work with upstream (AWS) to change these dependencies out for
actively maintained ones instead, but that likely requires significant development work.
๐ฅต
Another option might be to vendor these dependencies in the main SSM package, but that
still means we're building against unmaintained code and it likely violates some
Fedora policies. ๐ฑ
How should I proceed?
My option would be to package those "dead" deps.
The impact for Fedora is very limited, as only SSM Agent require those
packages and, hopefully, no other packages will require them. If in
the future builds start to fail, upstream should be also affected
sooner or later, so upstream should be interested on fixing.
IMO the major (no pun intended) problem would be for you, as it can be
challenging to keep the dep stack up to date.
Kind regards,
Mikel