NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f023810f04
kumquat-buildroot/package/asterisk/0002-sounds-do-not-download-and-check-sha1s.patch
Yann E. MORIN 05e306d8d3 package/asterisk: new package 
Asterisk: the flagship of telephony on Linux. These are the lines of
code whose continuous mission is to power small and large enterprises
telephony systems, to boldly provide IP PBX where no one has done so
before.

But it is a hell to get compiled... :-(

For starters, it needs a host tool, menuselect, to prepare its build
configuration. Unfortunately, the way it handles menuselect does not
apply very well for cross-compilation: the main ./configure calls out to
menuselect's own ./configure, and of course that runs with the same
environement, which is wrong for cross-compilation (because of variables
like CC, CFLAGS and the likes).

Furthermore, the paths to menuselect are imbricated about everywhere in
the main Makefile, so making it find menuselect in PATH is a lost cause.

Instead, we just patch-out the handling of menuselect, build it as the
host variant and copy it in place.

Now, asterisk wants to install a default set of sound files (for
answering machine stuff, I guess). They come come pre-bundled in the
official archive [0], but the buildsystem will want to download (at
install time) the sha1 files for each sound archive, to validate that
said archive is correct. However, the download is done via plain http,
so it still risks an MITM attack. And for Buildroot, it is not always
possible to download at install time, so we patch-out the sha1 check.

[0] http://downloads.asterisk.org/pub/telephony/asterisk/releases/

The official archive contains the sound archives plus a full set of
documentation. This makes it very big. Unfortunately, the hosting site
is rather slow, topping at about ~204kbps. So we get the archive from
the official mirror on Github. But that archive is missing the sound
archives, so we download them separately.

Some tests, like the crypt() one, are broken and could not have ever
possibly worked at all. Worse, the FFmpeg test is looking for headers
that FFmpeg removed more than 10 years ago and are virtually no longer
available in any distro. So, FFmpeg support is definitely not tested
by upstream and can't possibly work at all. Finally, trying to run
test-code does not work in cross-compilation.

As a final stroke of genius, asterisk checks for the re-entrant variant
of res_ninit(), and concludes that all such functions are available,
including res_nsearch(). Uclibc-ng has the former but not the latter, so
the build fails. Since there is no cache variable for that check, we
can't pre-feed that result to configure, and fixing it is a bigger
endeavour.  So we make asterisk depend on glibc for now, until someone
is brave enough to fix it.

Almost all features are disabled for now. Support for additional
features will be added in subsequent patches now that we have a working
base.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Romain Naour <romain.naour@openwide.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Arnout:
 - make libilbc a mandatory dependency instead of using the bundled one;
 - add license, license files, and license file hashes;
 - minor spelling corrections;
 - remove redundant trailing backslash reported by check-package;
 - rewrap help text to 72 columns instead of 68]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>

fixup
2017-09-23 19:20:18 +02:00

53 lines
1.8 KiB
Diff
Raw Blame History

From 3e8a9e9a1c7eae515eb628778c3c8a04338b3bb3 Mon Sep 17 00:00:00 2001
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
Date: Tue, 27 Dec 2016 11:21:09 +0100
Subject: [PATCH] sounds: do not download and check sha1s
To validate the sound archives, the corresponding sha1s are also
downloaded from the same location, and that download is done at install
time.
However, that poses at least two problems:
- in Buildroot, we already have validated the downloads with the sha1s
anyway, and trying to download anything at install time is not
always possible (e.g. for off-line builds);
- since the download scheme is not secured (plain http), a
man-in-the-middle for the sounds will also be able to MITM the
download of the sha1s, so there is absolutely no additional safety
in doing so.
So we just do without the sha1 download and checks.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
---
sounds/Makefile | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/sounds/Makefile b/sounds/Makefile
index 84d0f45..7a80d56 100644
--- a/sounds/Makefile
+++ b/sounds/Makefile
@@ -100,17 +100,7 @@ ifneq ($(SOUNDS_CACHE_DIR),)
if test ! -f "$$(SOUNDS_CACHE_DIR)/$$@"; then \
(cd "$$(SOUNDS_CACHE_DIR)"; $$(DOWNLOAD) $$(SOUNDS_URL)/$$@); \
fi; \
- if test ! -f "$$(SOUNDS_CACHE_DIR)/$$@.sha1"; then \
- (cd "$$(SOUNDS_CACHE_DIR)"; $$(DOWNLOAD) $$(SOUNDS_URL)/$$@.sha1); \
- fi; \
$$(LN) -sf "$$(SOUNDS_CACHE_DIR)/$$@" .; \
- $$(LN) -sf "$$(SOUNDS_CACHE_DIR)/$$@.sha1" .; \
- $$(SHA1SUM) -c --status $$@.sha1 || \
- ( \
- rm -f "$$(SOUNDS_CACHE_DIR)/$$@" "$$(SOUNDS_CACHE_DIR)/$$@.sha1" $$@ $$@.sha1; \
- echo "Bad checksum: $$@" 1>&2; \
- exit 1; \
- ) || exit 1; \
fi
else
$(CMD_PREFIX) \
--
2.7.4
Reference in New Issue View Git Blame Copy Permalink