So just to summarize, a bit from this thread, and from some other input, I think we’re going to try and do the following.
- Repositories for all maintained branches of Suricata. There seems to be demand for Suricata 5.0.x RPMs on EPEL 7, and to a lesser degree Suricata 4.1.x on EPEL 8. And these are the main uses cases I’d like to support.
- We will install to the usual locations. So this means the OISF RPMs would conflict with EPEL RPMs. But for most users I think this is best, as all the documentation would line up. This isn’t really any change from the current RPMs, or users who install to /usr. As it is, the EPEL RPMs pretty following all our defaults anyways.
- We will try to improve the RPMs where possible. For something like EPEL 7 this might mean pulling in our own Hyperscan package. For EPEL 8 it would mean helping, or testing Hyperscan in EPEL to make it a reality.
The one thing I’m having an issue deciding how to do best is make sure that someone who is following the 4.1.x branch to not be automatically updated to 5.0, for example a CentOS 8 system using our 4.1.x RPMs. I can think of 2 approaches:
- Name the RPM “oisf-suricata”, this would “provide” Suricata, and conflict with other Suricata packages.
- Set the epoch. This isn’t exactly the correct usage of epoch, but I don’t think its a bad abuse of it either.
I would like to do one of the other in my test repos for testing soon.
Thanks.