On 18.03.21 at 17:09 Alexander Traud wrote:
Some folks might not download the whole Asterisk, apply their patches, and
build Asterisk but download just the last diff/patch, apply that, and re-build
Asterisk.
Those diffs/patches are available via
<https://downloads.asterisk.org/pub/telephony/asterisk/> which is terrible
handy when you have many custom patches.
Now comes my concern. The last security fix included a patch for the bundled
PJ-Project (ASTERISK-29196). With that applied, the PJ-Project does not
re-build automatically. One has to touch
third-party/pjproject/patches/config_site.h for example, to trigger a fresh
build of the PJ-Project.
I am not sure everyone knows that. Those users have the latest version of
Asterisk but not of the PJ-Project. That is a headache for support. In this
case, they even face a security concern. I am thinking about changing one file
permission twice within the patch file. Any other idea?
You're probably right. But people seriously operating a phone environment
(especially if they have (a lot of) own patches), should be very careful about
their version management and how to easily revert to a known working version
without loosing any data.
That's why I'm always building asterisk from scratch based on a carefully
documented spec file. This ensures / provides:
- proper versioning
- documentation about changes and added (own) patches
- easy deployment
- easy fall back if problems occur with the new version
- reproducibility
Building asterisk nowadays each time from scratch in a clean environment shouldn't
be any headache. I'm doing this on a VM in < 1 minute including rpm debuginfo package.
As a starting point, you can use the sangoma srpm e.g. and modify this one
according your own requirements.
Thanks
Michael
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-dev
