Openh264 repo enabled by-default on Server?

fedora-cisco-openh264             Fedora 41 openh264 (From Cisco) - x86_64      

I’m under the general impression that that’s only needed for GUI stuff in web browsers, and not at all on a headless server running nginx

I don’t believe I did anything to enable it on F41 Server beta, but noticed it in dnf repolist. I disabled it and didn’t notice anything negative happen.

sudo dnf config-manager 'setopt' 'fedora-cisco-openh264'.'enabled'='0'

Is there a reason why that openh264 repo is enabled by-default on Server?

There are server use cases that handle media that may need codecs.
It does not seem a problem to have the repo available and enabled.
Clearly if you do not want the codecs the repo will not be used.

They can enable the repo then?

It seems like there would be less usage of needing that repo enabled by users using headless Server for something like Apache or Wordpress (not requiring video codecs), vs the rarer situations where needing multimedia packages at all would very likely warrant the less-free RPM Fusion repos instead anyway. I’m not at all aware of where openh264 would be useful for me over ffmpeg and the whole enchilada

I’m looking at it from a security standpoint where unnecessary repos probably shouldn’t be enabled as it’s additional risk.

Who hosts the openh264 repo? Is it the same infrastructure as Fedora updates, or is it Cisco?

This codec allows you to use H.264 in WebRTC with gstreamer and Firefox.

Now I’m even more confused why it might be included on a headless Server

I’m not aware exactly what’s in that repo, but figured it had some kind of generic H264 support alongside the webrtc Firefox support. If it’s really only a plugin for Firefox, I’m confident that isn’t a requirement on Server.

I have built apps on server that use gstreamer and process media files in the past that were headless.

Sure. So what?

The point of this discussion is: Why is the opnh264 repo enabled by default, i.e. for the standard server use case which this edition serves?

In particular for a server, it does matter which external IPs a box hits by default, such as when doing a regular update and hitting repos. So worries about that are to be expected.

Now, looking at the repo file, we hit the same mirrors.fpo site as for the other updates, and I happen to hit some .edu host as I might otherwise, too. So there are no additional sites being hit due to the enabled repo, just additional traffic. This may or may not matter.

Still, for server the question should be: What goes in as a good baseline? Adding stuff in kickstart etc is always easier than removing stuff (think deps, unnecessary downloads). For other editions one might argue “discoverablity” (are users aware that they have to enable a repo). I don’t think that applies to the server edition

The packages from codecs.fedoraproject.org redirects to ciscobinary.openh264.org

Running wget wit the -S option

[0] Downloading 'https://codecs.fedoraproject.org/openh264/41/x86_64/os/Packages/o/openh264-2.4.1-2.fc41.x86_64.rpm' ...
# got header 396 bytes:
:status: 302
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: same-origin
location: http://ciscobinary.openh264.org/openh264-2.4.1-2.fc41.x86_64.rpm
content-length: 323
content-type: text/html; charset=iso-8859-1
date: Fri, 25 Oct 2024 07:46:54 GMT
server: Apache

The assumption here is that its a useless repo and should not be setup or enabled.

I’m pointing out that this is not necessariey true.

Edit: fix missing “not”.

This looks like a good statistic for Metrics! I’m still pretty sure need of this repo is low, but I’d be curious on numbers. Or maybe something easy like how many Server download hits there are to the openh264 package compared to others?

With just the base Fedora media packages, and specifically openh264 from that Cisco repo?

When I messed with GNU Mediagoblin, I could get by with the Fedora free packages, but for video support it just made sense to go all-in with RPM Fusion so my stuff could be played back in whatever other browsers someone else might connect with or whatever formats I might have to upload on-the-fly.

I’m really thinking this repo shouldn’t be enabled by default if the packages it’s offering aren’t even on Fedora’s own repos!

It is a Fedora hosted repos.

$ more fedora-cisco-openh264.repo
[fedora-cisco-openh264]
name=Fedora $releasever openh264 (From Cisco) - $basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch
type=rpm
enabled=1
metadata_expire=14d
repo_gpgcheck=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=True

It says:

It contains OpenH264 binary built inside the Fedora infrastructure, but distributed by Cisco

And https://codecs.fedoraproject.org/openh264/41/x86_64/os/Packages/o/openh264-2.4.1-2.fc41.x86_64.rpm goes to https://ciscobinary.openh264.org/openh264-2.4.1-2.fc41.x86_64.rpm

As far as I can tell, that’s someone else’s domain.

The openh264 packages are built by Fedora and they are signed by a Fedora pgp key, which is verified when installing the package.