Re: [asterisk-dev] The CI/CD pipeline on Jenkins
On Sun, May 15, 2022 at 1:55 PM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > > > > On May 15, 2022, at 8:46 AM, Dennis Buteyn > wrote: > > > > On 5/14/22 20:01, Philip Prindeville wrote: > >> Why are we building against an EOL version of CentOS and an equally old > version of Openssl 1.0.x? > > > > CentOS 7 continues to receive maintenance updates until the end of June > 2024 (https://wiki.centos.org/About/Product). > > > > One of the key features of LTS releases is that nothing gets updated, > this includes OpenSSL. > > > > > If it's not updated (not even for CVE's), then how is that any different > from EOL? > > On a different topic, can we add -std=c11 to CFLAGS for Asterisk? > Why, and what is the actual impact to the user base? Something to keep in mind when it comes to Asterisk when thinking about this stuff is that it's not a small project. There's a large user base, so everything like this (not supporting CentOS 7, adding -std=c11 to CFLAGS) has to be completely understood with its impact before consideration. We can't just deprecate things without ample notice, change build requirements on a whim, etc. That's not how we roll as a project. -- Joshua C. Colp Asterisk Technical Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] The CI/CD pipeline on Jenkins
> On May 15, 2022, at 8:46 AM, Dennis Buteyn wrote: > > On 5/14/22 20:01, Philip Prindeville wrote: >> Why are we building against an EOL version of CentOS and an equally old >> version of Openssl 1.0.x? > > CentOS 7 continues to receive maintenance updates until the end of June 2024 > (https://wiki.centos.org/About/Product). > > One of the key features of LTS releases is that nothing gets updated, this > includes OpenSSL. > If it's not updated (not even for CVE's), then how is that any different from EOL? On a different topic, can we add -std=c11 to CFLAGS for Asterisk? Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] The CI/CD pipeline on Jenkins
On 5/14/22 20:01, Philip Prindeville wrote: Why are we building against an EOL version of CentOS and an equally old version of Openssl 1.0.x? CentOS 7 continues to receive maintenance updates until the end of June 2024 (https://wiki.centos.org/About/Product). One of the key features of LTS releases is that nothing gets updated, this includes OpenSSL. -- Dennis Buteyn Xorcom Ltd -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] The CI/CD pipeline on Jenkins
On Sun, May 15, 2022 at 1:25 AM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > Hi, > > >> > >> Why are we building against an EOL version of CentOS and an equally old > version of Openssl 1.0.x? > > > > CentOS 7 is still widely used and is something we're supporting. It's > the oldest distro I think really that we're still supporting, which is why > CI/CD uses it. > > > Then maybe bracket things, with a 2nd build environment that's relatively > modern and with current releases of runtimes and toolchains? > It is certainly possible to do this. > Can we deprecate res_crypto.so on Openssl 1.0.x and say it's no longer > supported? > This is not something that we'd do. > > > >> Can we update the CI/CD recipe to something more current? Like CentOS > 8.5? > > > > Update? No. Add in addition? Possibly, but I don't want to sink time > into it at this point because we're planning to move away from our current > environment and usage (not for a few months, email and wiki page coming in > the future). > > > Then... my reviews are parked until they can get a successful build? > > Or do we just test the reviews outside of CI/CD? > > I've added a workaround for the bug in Openssl 1.0.2f, and confirmed that > it was fixed for the 1.1.0 release. > > At the very least builds against Openssl 1.1.x or 3.0 (maybe with a tag or > attribute in the Gerrit review so that not every review consumes the > resources unnecessarily) would give coverage... > Until your reviews are actually looked at and thought about I don't think any direction can be decided or enacted. -- Joshua C. Colp Asterisk Technical Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] The CI/CD pipeline on Jenkins
Hi, > On May 14, 2022, at 1:54 PM, Joshua C. Colp wrote: > >> On Sat, May 14, 2022 at 2:04 PM Philip Prindeville >> wrote: >> Hi, >> >> I was trying to figure out why builds on my laptop on Ubuntu 20.04 LTS and >> Openssl 1.1.1f and 3.0 both succeed, but CI/CD is failing. >> >> OpenSSL 1.0.2k-fips 26 Jan 2017 >> >> NAME="CentOS Linux" >> VERSION="7 (Core)" >> ID="centos" >> ID_LIKE="rhel fedora" >> VERSION_ID="7" >> PRETTY_NAME="CentOS Linux 7 (Core)" >> ANSI_COLOR="0;31" >> CPE_NAME="cpe:/o:centos:centos:7" >> HOME_URL="https://www.centos.org/; >> BUG_REPORT_URL="https://bugs.centos.org/; >> CENTOS_MANTISBT_PROJECT="CentOS-7" >> CENTOS_MANTISBT_PROJECT_VERSION="7" >> REDHAT_SUPPORT_PRODUCT="centos" >> REDHAT_SUPPORT_PRODUCT_VERSION="7" >> >> Why are we building against an EOL version of CentOS and an equally old >> version of Openssl 1.0.x? > > CentOS 7 is still widely used and is something we're supporting. It's the > oldest distro I think really that we're still supporting, which is why CI/CD > uses it. Then maybe bracket things, with a 2nd build environment that's relatively modern and with current releases of runtimes and toolchains? Can we deprecate res_crypto.so on Openssl 1.0.x and say it's no longer supported? >> Can we update the CI/CD recipe to something more current? Like CentOS 8.5? > > Update? No. Add in addition? Possibly, but I don't want to sink time into it > at this point because we're planning to move away from our current > environment and usage (not for a few months, email and wiki page coming in > the future). Then... my reviews are parked until they can get a successful build? Or do we just test the reviews outside of CI/CD? I've added a workaround for the bug in Openssl 1.0.2f, and confirmed that it was fixed for the 1.1.0 release. At the very least builds against Openssl 1.1.x or 3.0 (maybe with a tag or attribute in the Gerrit review so that not every review consumes the resources unnecessarily) would give coverage... THanks, -Philip -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
Re: [asterisk-dev] The CI/CD pipeline on Jenkins
On Sat, May 14, 2022 at 2:04 PM Philip Prindeville < philipp_s...@redfish-solutions.com> wrote: > Hi, > > I was trying to figure out why builds on my laptop on Ubuntu 20.04 LTS and > Openssl 1.1.1f and 3.0 both succeed, but CI/CD is failing. > > OpenSSL 1.0.2k-fips 26 Jan 2017 > > NAME="CentOS Linux" > VERSION="7 (Core)" > ID="centos" > ID_LIKE="rhel fedora" > VERSION_ID="7" > PRETTY_NAME="CentOS Linux 7 (Core)" > ANSI_COLOR="0;31" > CPE_NAME="cpe:/o:centos:centos:7" > HOME_URL="https://www.centos.org/; > BUG_REPORT_URL="https://bugs.centos.org/; > CENTOS_MANTISBT_PROJECT="CentOS-7" > CENTOS_MANTISBT_PROJECT_VERSION="7" > REDHAT_SUPPORT_PRODUCT="centos" > REDHAT_SUPPORT_PRODUCT_VERSION="7" > > Why are we building against an EOL version of CentOS and an equally old > version of Openssl 1.0.x? > CentOS 7 is still widely used and is something we're supporting. It's the oldest distro I think really that we're still supporting, which is why CI/CD uses it. > > Can we update the CI/CD recipe to something more current? Like CentOS 8.5? > Update? No. Add in addition? Possibly, but I don't want to sink time into it at this point because we're planning to move away from our current environment and usage (not for a few months, email and wiki page coming in the future). -- Joshua C. Colp Asterisk Technical Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
