Arch Linux

ectospasm

Member

Registered: 2015-08-28

Posts: 292

PKGBUILD review request: asterisk-lts-18

I created this PKGBUILD based on the asterisk package/PKGBUILD already in the AUR.  I posted a comment on the AUR page about my intentions to create the asterisk-lts package, and I changed the name of the package to asterisk-lts-18 (actually before I saw someone commenting on my post).  If this package gets accepted into the AUR, I anticipate becoming the maintainer of this. 

I actually have quite a vision for this package.  The Asterisk Versions page describes the Asterisk release cycle.  Since I intend only to run the Long Term Support (LTS) versions of Asterisk in my personal projects, having an LTS version in the AUR is important, and I think it would be useful for quite a few people.  In October 2022, Asterisk 20 will be released, and it will be an LTS release.  Currently the AUR asterisk package is on Asterisk 19, which is not an LTS release.  Anyone tracking the asterisk package will have a major upgrade once version 20 is published to the AUR.  Asterisk 19 will reach end of life on November 2¸ 2023, whereas Asterisk 18 will be end of life on October 20, 2025.  The end of life for Asterisk 20 has not been published, but it will likely be in October 2027.  Once Asterisk 21 (a non-LTS version) is released, I intend to create asterisk-lts-20.

Here's the PKGBUILD:

# Maintainer:  Trey Blancher <trey@blancher.net>
# Contributor: Nigel Kukard <nkukard@lbsd.net>
# Contributor: Caleb Maclennan <caleb@alerque.com>
# Contributor: Maxim Kurnosenko <asusx2@mail.ru>
# Contributor: Xavier Devlamynck <magicrhesus@ouranos.be>
# Contributor: Alessio Biancalana <dottorblaster@gmail.com>
# Contributor: Maik Broemme <mbroemme@libmpq.org>
# Contributor: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

_pkg=asterisk
pkgname=${_pkg}-lts-18
pkgver=18.12.1
pkgrel=1
pkgdesc='A complete open source PBX toolkit - Long Term Support release 18'
arch=(x86_64 i686 aarch64 armv7h)
url=https://www.asterisk.org
license=(GPL)
provides=("${_pkg}=${pkgver}")
conflicts=(${_pkg})
depends=(alsa-lib
         curl
         gsm
         imap
         jansson
         libedit
         libsrtp
         libvorbis
         libvpx
         libx11
         libxslt
         lua53
         opus
         popt
         postgresql-libs
         python
         speex)
makedepends=()
optdepends=(dahdi
            libpri
            libss7
            openr2
            postgresql
            sqlite3
            unixodbc)
_confs=(acl.conf
    adsi.conf
    aeap.conf
    agents.conf
    alarmreceiver.conf
    alsa.conf
    amd.conf
    app_mysql.conf
    app_skel.conf
    ari.conf
    ast_debug_tools.conf
    asterisk.adsi
    asterisk.conf
    calendar.conf
    ccss.conf
    cdr_adaptive_odbc.conf
    cdr_beanstalkd.conf
    cdr.conf
    cdr_custom.conf
    cdr_manager.conf
    cdr_mysql.conf
    cdr_odbc.conf
    cdr_pgsql.conf
    cdr_sqlite3_custom.conf
    cdr_syslog.conf
    cdr_tds.conf
    cel_beanstalkd.conf
    cel.conf
    cel_custom.conf
    cel_odbc.conf
    cel_pgsql.conf
    cel_sqlite3_custom.conf
    cel_tds.conf
    chan_dahdi.conf
    chan_mobile.conf
    cli_aliases.conf
    cli.conf
    cli_permissions.conf
    codecs.conf
    confbridge.conf
    config_test.conf
    console.conf
    dbsep.conf
    dnsmgr.conf
    dsp.conf
    dundi.conf
    enum.conf
    extconfig.conf
    extensions.ael
    extensions.conf
    extensions.lua
    extensions_minivm.conf
    features.conf
    festival.conf
    followme.conf
    func_odbc.conf
    hep.conf
    http.conf
    iax.conf
    iaxprov.conf
    indications.conf
    logger.conf
    manager.conf
    meetme.conf
    mgcp.conf
    minivm.conf
    misdn.conf
    modules.conf
    motif.conf
    musiconhold.conf
    muted.conf
    ooh323.conf
    osp.conf
    oss.conf
    phone.conf
    phoneprov.conf
    pjproject.conf
    pjsip.conf
    pjsip_notify.conf
    pjsip_wizard.conf
    prometheus.conf
    queuerules.conf
    queues.conf
    res_config_mysql.conf
    res_config_sqlite3.conf
    res_config_sqlite.conf
    res_corosync.conf
    res_curl.conf
    res_fax.conf
    res_ldap.conf
    res_odbc.conf
    resolver_unbound.conf
    res_parking.conf
    res_pgsql.conf
    res_pktccops.conf
    res_snmp.conf
    res_stun_monitor.conf
    rtp.conf
    say.conf
    sip.conf
    sip_notify.conf
    skinny.conf
    sla.conf
    smdi.conf
    sorcery.conf
    ss7.timers
    stasis.conf
    statsd.conf
    stir_shaken.conf
    telcordia-1.adsi
    test_sorcery.conf
    udptl.conf
    unistim.conf
    users.conf
    voicemail.conf
    vpb.conf
    xmpp.conf)
backup=("${_confs[@]/#/etc/$_pkg/}")
install=${_pkg}.install
_archive="${_pkg}-$pkgver"
source=("https://downloads.asterisk.org/pub/telephony/${_pkg}/releases/$_archive.tar.gz"
        "${_pkg}.sysusers"
        "${_pkg}.logrotated"
        "${_pkg}.tmpfile")
sha256sums=('acbb58e5c3cd2b9c7c4506fa80b717c3c3c550ce9722ff0177b4f11f98725563'
            'fc2e42f79e1672cc25b9b8ad2ba99616fbba0047641c986d30718655d0e7d4d8'
            'caa24cfec5c6b4f8cea385269e39557362acad7e2a552994c3bc24080e3bdd4e'
            '673c0c55bce8068c297f9cdd389402c2d5d5a25e2cf84732cb071198bd6fa78a')

build() {
    cd "$_archive"

    # Work around Cyrus bug #2629
    # https://github.com/cyrusimap/cyrus-imapd/issues/2629
    export LDFLAGS="${LDFLAGS/,--as-needed}"

    ./configure \
        --prefix=/usr \
        --sysconfdir=/etc \
        --localstatedir=/var \
        --runstatedir=/run \
        --sbindir=/usr/bin \
        --with-imap=system
    make menuselect.makeopts
    ./menuselect/menuselect --disable BUILD_NATIVE
    make
}

package(){
    cd "$_archive"
    make DESTDIR="$pkgdir" install
    make DESTDIR="$pkgdir" install-headers
    make DESTDIR="$pkgdir" samples

    # Not entirely convinced this part is necessary, LTS releases shouldn't be
    # adding features, so the _confs and backup arrays shouldn't change.
    # Keeping here for posterity, need to go through a few pkgver and pkgrel
    # bumps before we remove this.  2022-05-26 I was actually wrong about this,
    # Asterisk 18.12 introduced a new config file, aeap.conf.  New features could
    # be added to Asterisk 18 until 2024-10-20, when it goes into Security Fix Only.  
    # From 'asterisk' PKGBUILD:  Backup file list changes frequently and is hard
    # to keep up to date. Check that our current meta data matches whatever just
    # got packaged, else flunk with a helpful output of where the lists differ.
    # We have to compare twice because cmp has a useful exit code, comm has
    # useful output, neither both
    local _backs=($(cd "$pkgdir/etc/${_pkg}" && echo *))
    cmp -s \
        <(IFS=$'\n'; echo "${_confs[*]}" | sort) \
        <(IFS=$'\n'; echo "${_backs[*]}" | sort) ||
        (comm -3 --nocheck-order \
            <(IFS=$'\n'; echo "${_confs[*]}" | sort) \
            <(IFS=$'\n'; echo "${_backs[*]}" | sort) &&
        exit 1)

    chmod 1777 "${pkgdir}/tmp"

    sed -i -e 's,/var/run,/run,' "$pkgdir/etc/asterisk/asterisk.conf"
    install -Dm644 -t "$pkgdir/usr/share/doc/${_pkg}/examples" "$pkgdir/etc/asterisk/"*

    #mv "$pkgdir/var/run" "$pkgdir"
    # the directory "$pkgdir/var/run" shouldn't be part of the package,
    # according to namcap.  /run/asterisk will be created when asterisk starts,
    # no need to include it in the package (namcap shows it is an error)
    rmdir --parents --ignore-fail-on-non-empty "$pkgdir/var/run/asterisk"
    pushd contrib/systemd
    install -Dm644 -t "$pkgdir/usr/lib/systemd/system/" "${_pkg}"*.{service,socket}

    pushd "$srcdir"
    install -Dm644 "${_pkg}.sysusers" "$pkgdir/usr/lib/sysusers.d/${_pkg}.conf"
    install -Dm644 "${_pkg}.logrotated" "$pkgdir/etc/logrotate.d/${_pkg}"
    install -Dm644 "${_pkg}.tmpfile" "$pkgdir/usr/lib/tmpfiles.d/${_pkg}.conf"
}

The PKGBUILD refers to some files, which are also in the asterisk PKGBUILD.  I don't remember how I acquired these originally, but I include them here for completeness. 

asterisk.install:

post_install() {
    post_upgrade
}

pre_remove() {
    systemctl stop asterisk.service
}


post_upgrade() {
    chown -R asterisk:asterisk /etc/asterisk
    chown -R asterisk:asterisk /var/lib/asterisk
    chown -R asterisk:asterisk /var/log/asterisk
    chown -R asterisk:asterisk /run/asterisk
    chown -R asterisk:asterisk /var/spool/asterisk
}

asterisk.logrotated:

/var/log/asterisk/*_log /var/log/asterisk/messages {
  create 640 asterisk asterisk
  compress
  missingok
  notifempty
  postrotate
    /usr/sbin/asterisk -rx "logger reload" 1>/dev/null || true
  endscript
}

asterisk.sysusers:

g asterisk /usr/bin/asterisk
u asterisk /usr/bin/asterisk "Asterisk PBX and telephony" /run/asterisk

asterisk.tmpfile:

d /run/asterisk 0755 asterisk asterisk -

I have been using the asterisk-lts-18 package for a few months, updating it when a new version of Asterisk 18 is released.  Today when I was updating it I noticed a new configuration file, aeap.conf.  I had to add that to the _confs array in order for makepkg to complete successfully.  When I installed the package with pikaur -U asterisk-lts-18-18.12.1-1-x86_64.pkg.tar.zst, it saved my Asterisk configuration in /etc/asterisk renaming my modified files with the .pacsave suffix.  I had to rename all of the standard .conf files to the .pacnew suffix, and then move my .pacsave files back into place.  That wasn't too difficult of a task, but I hadn't had to do that in previous upgrades until the new config file was added.  Any suggestions on how to avoid that, or merely have the install portion put the new versions with the .pacnew suffix would be appreciated.

That has been the only issue thus far, it has been working pretty well otherwise.

loqs

Member

Registered: 2014-03-06

Posts: 18,113

Re: PKGBUILD review request: asterisk-lts-18

    make menuselect.makeopts
    ./menuselect/menuselect --disable BUILD_NATIVE
    make

I think you can replace that with

    make MENUSELECT_CFLAGS= OPTIMIZE= DEBUG= ASTVARRUNDIR=/run/asterisk NOISY_BUILD=1

Which also disables adding -O3 and -g3 to CFLAGS and sets the run time directory to be under /run instead of /var/run so it does not need to be fixed in package.  Taken from https://src.fedoraproject.org/rpms/aste … erisk.spec
Note you do need to then pass the same options to make in package().

    chmod 1777 "${pkgdir}/tmp"

Why package an empty /tmp ?  I would also remove the empty /run/asterisk

Have you considered dropping the .install and adding the /etc/asterisk /var/lib/asterisk /var/log/asterisk /var/spool/asterisk ownership adjustments to the tmpfiles.d snippet?  The systemd service could fix up /var/lib/asterisk /var/log/asterisk but that would still leave /etc/asterisk and /var/spool/asterisk.

g asterisk /usr/bin/asterisk
u asterisk /usr/bin/asterisk "Asterisk PBX and telephony" /run/asterisk

The group creation line is superfluous as sysusers will create a matching group for the user by default.

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

...

These are all critiques of the original asterisk package, as I didn't modify any of the parts you mentioned.  I'm happy to make these changes, but I don't want to diverge too much from the original package.  I'm sure the maintainers and contributors did it this way for some reasons, though I myself can't explain why.  I have come quite late to the party, and I was actually a little surprised the LTS version wasn't already in the AUR.

Also, the original asterisk PKGBUILD was first released in January 2008, so it is very likely to contain old ways of doing things.  I've linked this topic in a comment on the AUR page.  I'm hoping to foster some discussion here, if I may.

Last edited by ectospasm (2022-05-27 01:58:11)

loqs

Member

Registered: 2014-03-06

Posts: 18,113

Re: PKGBUILD review request: asterisk-lts-18

    chmod 1777 "${pkgdir}/tmp"

Is only in asterisk-lts-18,  asterisk when it was on pkgver 18 removed it https://aur.archlinux.org/cgit/aur.git/ … 79967c947f

Also, the original asterisk PKGBUILD was first released in January 2008, so it is very likely to contain old ways of doing things.  I've linked this topic in a comment on the AUR page.  I'm hoping to foster some discussion here, if I may.

Happy to discuss.

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

    chmod 1777 "${pkgdir}/tmp"

Is only in asterisk-lts-18,  asterisk when it was on pkgver 18 removed it https://aur.archlinux.org/cgit/aur.git/ … 79967c947f

I don't recall putting that there (I typically use the symbolic mode notation rather than the octal), and that link doesn't appear to show that it was removed.  I can definitely remove it, I don't see it in the current asterisk PKGBUILD.

loqs

Member

Registered: 2014-03-06

Posts: 18,113

Re: PKGBUILD review request: asterisk-lts-18

    chmod 1777 "${pkgdir}/tmp"

Is only in asterisk-lts-18,  asterisk when it was on pkgver 18 removed it https://aur.archlinux.org/cgit/aur.git/ … 79967c947f

I don't recall putting that there (I typically use the symbolic mode notation rather than the octal), and that link doesn't appear to show that it was removed.  I can definitely remove it, I don't see it in the current asterisk PKGBUILD.

The relevant change in the linked diff is as the very end:

-  # Remove stray /tmp
-  rmdir "$pkgdir/tmp"
-

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

    make menuselect.makeopts
    ./menuselect/menuselect --disable BUILD_NATIVE
    make

I think you can replace that with

    make MENUSELECT_CFLAGS= OPTIMIZE= DEBUG= ASTVARRUNDIR=/run/asterisk NOISY_BUILD=1

Which also disables adding -O3 and -g3 to CFLAGS and sets the run time directory to be under /run instead of /var/run so it does not need to be fixed in package.  Taken from https://src.fedoraproject.org/rpms/aste … erisk.spec
Note you do need to then pass the same options to make in package().

    chmod 1777 "${pkgdir}/tmp"

Why package an empty /tmp ?  I would also remove the empty /run/asterisk

Have you considered dropping the .install and adding the /etc/asterisk /var/lib/asterisk /var/log/asterisk /var/spool/asterisk ownership adjustments to the tmpfiles.d snippet?  The systemd service could fix up /var/lib/asterisk /var/log/asterisk but that would still leave /etc/asterisk and /var/spool/asterisk.

g asterisk /usr/bin/asterisk
u asterisk /usr/bin/asterisk "Asterisk PBX and telephony" /run/asterisk

The group creation line is superfluous as sysusers will create a matching group for the user by default.

Hi there loqs,

I'm one of the current maintainers for the AUR asterisk package. Thank you very much for the above suggestions.

I was always wanting to get rid of the .install file, but was a bit apprehensive to add the /etc/asterisk /var/lib/asterisk /var/log/asterisk /var/spool/asterisk ownership adjustments to the tmpfiles.d snippet.

I think the only issue we're going to sit with is if there is a permissions change on upgrade that all the config files are suffixed with .pacsave instead of the new ones suffixed with .pacnew.

I'm also not sure how we can tackle this.

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

The relevant change in the linked diff is as the very end:

-  # Remove stray /tmp
-  rmdir "$pkgdir/tmp"
-

But that's not the same as the chmod command you recommended removing, that's why I missed it when I scanned through the commit you cited.  I don't see the rmdir, and I have removed the chmod.

loqs

Member

Registered: 2014-03-06

Posts: 18,113

Re: PKGBUILD review request: asterisk-lts-18

I was always wanting to get rid of the .install file, but was a bit apprehensive to add the /etc/asterisk /var/lib/asterisk /var/log/asterisk /var/spool/asterisk ownership adjustments to the tmpfiles.d snippet.

I think the only issue we're going to sit with is if there is a permissions change on upgrade that all the config files are suffixed with .pacsave instead of the new ones suffixed with .pacnew.

I'm also not sure how we can tackle this.

The current situation as I understand it is:
/etc/asterisk and all its contents are packaged owned root:root during the build.
On installation the .install file calls systemd-sysusers to create the asterisk user then recursively chowns /etc/asterisk to asterisk:asterisk
On update the config files will be subject to backup file handling according to [1].  After that /etc/asterisk will be recursively chowned.
On removal modified config files will be renamed with the .pacsave extension [2] https://wiki.archlinux.org/title/Pacman … e#.pacsave

With the use of tmpfiles:
/etc/asterisk and all its contents are packaged owned root:root during the build.
On installation systemd-sysusers is called by a hook to create the asterisk user then systemd-tmpfiles is called by a hook recursively chowns /etc/asterisk to asterisk:asterisk
On update the config files will be subject to backup file handling according to [1].  After that /etc/asterisk will be recursively chowned.
On removal modified config files will be renamed with the .pacsave extension [2] https://wiki.archlinux.org/title/Pacman … e#.pacsave

[1] https://wiki.archlinux.org/title/Pacman … _explained
[2] https://wiki.archlinux.org/title/Pacman … e#.pacsave

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

I updated my asterisk-lts-18 PKGBUILD to match the current asterisk PKGBUILD:

# Maintainer:  Trey Blancher <trey@blancher.net>
# Contributor: Nigel Kukard <nkukard@lbsd.net>
# Contributor: Caleb Maclennan <caleb@alerque.com>
# Contributor: Maxim Kurnosenko <asusx2@mail.ru>
# Contributor: Xavier Devlamynck <magicrhesus@ouranos.be>
# Contributor: Alessio Biancalana <dottorblaster@gmail.com>
# Contributor: Maik Broemme <mbroemme@libmpq.org>
# Contributor: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

_pkg=asterisk
pkgname=${_pkg}-lts-18
pkgver=18.13.0
pkgrel=1
pkgdesc='A complete open source PBX toolkit - Long Term Support release 18'
arch=(x86_64 i686 aarch64 armv7h)
url=https://www.asterisk.org
license=(GPL)
provides=("${_pkg}=${pkgver}")
conflicts=(${_pkg})
depends=(alsa-lib
         curl
         gsm
         imap
         jansson
         libedit
         libsrtp
         libvorbis
         libxml2
         libvpx
         libx11
         libxslt
         lua53
         opus
         popt
         postgresql-libs
         python
         speex)
makedepends=(gsm
             sqlite3)
optdepends=(dahdi
            libpri
            libss7
            openr2
            postgresql
            sqlite3
            unixodbc)
_confs=(acl.conf
        adsi.conf
        aeap.conf
        agents.conf
        alarmreceiver.conf
        alsa.conf
        amd.conf
        app_mysql.conf
        app_skel.conf
        ari.conf
        ast_debug_tools.conf
        asterisk.adsi
        asterisk.conf
        calendar.conf
        ccss.conf
        cdr_adaptive_odbc.conf
        cdr_beanstalkd.conf
        cdr.conf
        cdr_custom.conf
        cdr_manager.conf
        cdr_mysql.conf
        cdr_odbc.conf
        cdr_pgsql.conf
        cdr_sqlite3_custom.conf
        cdr_syslog.conf
        cdr_tds.conf
        cel_beanstalkd.conf
        cel.conf
        cel_custom.conf
        cel_odbc.conf
        cel_pgsql.conf
        cel_sqlite3_custom.conf
        cel_tds.conf
        chan_dahdi.conf
        chan_mobile.conf
        cli_aliases.conf
        cli.conf
        cli_permissions.conf
        codecs.conf
        confbridge.conf
        config_test.conf
        console.conf
        dbsep.conf
        dnsmgr.conf
        dsp.conf
        dundi.conf
        enum.conf
        extconfig.conf
        extensions.ael
        extensions.conf
        extensions.lua
        extensions_minivm.conf
        features.conf
        festival.conf
        followme.conf
        func_odbc.conf
        hep.conf
        http.conf
        iax.conf
        iaxprov.conf
        indications.conf
        logger.conf
        manager.conf
        meetme.conf
        mgcp.conf
        minivm.conf
        misdn.conf
        modules.conf
        motif.conf
        musiconhold.conf
        muted.conf
        ooh323.conf
        osp.conf
        oss.conf
        phone.conf
        phoneprov.conf
        pjproject.conf
        pjsip.conf
        pjsip_notify.conf
        pjsip_wizard.conf
        prometheus.conf
        queuerules.conf
        queues.conf
        res_config_mysql.conf
        res_config_sqlite3.conf
        res_config_sqlite.conf
        res_corosync.conf
        res_curl.conf
        res_fax.conf
        res_ldap.conf
        res_odbc.conf
        resolver_unbound.conf
        res_parking.conf
        res_pgsql.conf
        res_pktccops.conf
        res_snmp.conf
        res_stun_monitor.conf
        rtp.conf
        say.conf
        sip.conf
        sip_notify.conf
        skinny.conf
        sla.conf
        smdi.conf
        sorcery.conf
        ss7.timers
        stasis.conf
        statsd.conf
        stir_shaken.conf
        telcordia-1.adsi
        test_sorcery.conf
        udptl.conf
        unistim.conf
        users.conf
        voicemail.conf
        vpb.conf
        xmpp.conf)
backup=("${_confs[@]/#/etc/$_pkg/}")
install=${_pkg}.install
_archive="${_pkg}-$pkgver"
source=("https://downloads.asterisk.org/pub/telephony/${_pkg}/releases/$_archive.tar.gz"
        "${_pkg}.sysusers"
        "${_pkg}.logrotated"
        "${_pkg}.tmpfiles")
sha256sums=('92681b928b75309860ebfd192ad8d1db3df3cdaebab401a2abc666ffaea096bf'
            '38a53911647fb2308482179cba605ebf12345df37eed23eb4ea67bf0bf041486'
            'b97dc10a262621c95e4b75e024834712efd58561267b59b9171c959ecd9f7164'
            '673c0c55bce8068c297f9cdd389402c2d5d5a25e2cf84732cb071198bd6fa78a')

build() {
    cd "$_archive"

    # Work around Cyrus bug #2629
    # https://github.com/cyrusimap/cyrus-imapd/issues/2629
    export LDFLAGS="${LDFLAGS/,--as-needed}"

    ./configure \
        --prefix=/usr \
        --sysconfdir=/etc \
        --localstatedir=/var \
        --sbindir=/usr/bin \
        --with-imap=system

	make MENUSELECT_CFLAGS= OPTIMIZE= DEBUG= ASTVARRUNDIR=/run/asterisk NOISY_BUILD=1
}

package(){
    cd "$_archive"
    make DESTDIR="$pkgdir" install
    make DESTDIR="$pkgdir" install-headers
    make DESTDIR="$pkgdir" samples

    # Not entirely convinced this part is necessary, LTS releases shouldn't be
    # adding features, so the _confs and backup arrays shouldn't change.
    # Keeping here for posterity, need to go through a few pkgver and pkgrel
    # bumps before we remove this.  2022-05-26 I was actually wrong about this,
    # Asterisk 18.12 introduced a new config file, aeap.conf.  New features could
    # be added to Asterisk 18 until 2024-10-20, when it goes into Security Fix Only.  
    # From 'asterisk' PKGBUILD:  Backup file list changes frequently and is hard
    # to keep up to date. Check that our current meta data matches whatever just
    # got packaged, else flunk with a helpful output of where the lists differ.
    # We have to compare twice because cmp has a useful exit code, comm has
    # useful output, neither both
    local _backs=($(cd "$pkgdir/etc/${_pkg}" && echo *))
    cmp -s \
        <(IFS=$'\n'; echo "${_confs[*]}" | sort) \
        <(IFS=$'\n'; echo "${_backs[*]}" | sort) ||
        (comm -3 --nocheck-order \
            <(IFS=$'\n'; echo "${_confs[*]}" | sort) \
            <(IFS=$'\n'; echo "${_backs[*]}" | sort) &&
        exit 1)

    sed -i -e 's,/var/run,/run,' "$pkgdir/etc/asterisk/asterisk.conf"
    install -Dm644 -t "$pkgdir/usr/share/doc/${_pkg}/examples" "$pkgdir/etc/asterisk/"*

    mv "$pkgdir/var/run" "$pkgdir"

	pushd contrib/systemd
	install -Dm644 -t "$pkgdir/usr/lib/systemd/system/" "$pkname"*.{service,socket}

    pushd "$srcdir"
    install -Dm644 "${_pkg}.sysusers" "$pkgdir/usr/lib/sysusers.d/${_pkg}.conf"
    install -Dm644 "${_pkg}.logrotated" "$pkgdir/etc/logrotate.d/${_pkg}"
    install -Dm644 "${_pkg}.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/${_pkg}.conf"
}

I renamed asterisk.tmpfile to asterisk.tmpfiles:

d /run/asterisk 0755 asterisk asterisk -

Here's the updated asterisk.sysusers:

u asterisk /usr/bin/asterisk "Asterisk PBX and telephony" /run/asterisk

And asterisk.logrotated:

/var/log/asterisk/*_log /var/log/asterisk/messages.log {
  create 640 asterisk asterisk
  compress
  missingok
  notifempty
  postrotate
    /usr/sbin/asterisk -rx "logger reload" 1>/dev/null || true
  endscript
}

asterisk.install is no longer referenced by the PKGBUILD, so I removed it.  Let me know if there's anything more I can do for asterisk-lts-18.

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

@ectospasm I'm about to make the tmpfiles change on my end aswell, but one thing I noticed is all config files are globally readable ... we should probably decide if we're going to 0750 the /etc/asterisk directory, or if we're going to set 0640 on the config files.

Many of these config files can contain secrets and its probably not in the best interest of security that they be world readable.

Let me know what you think.

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

@ectospasm I'm about to make the tmpfiles change on my end aswell, but one thing I noticed is all config files are globally readable ... we should probably decide if we're going to 0750 the /etc/asterisk directory, or if we're going to set 0640 on the config files.

Many of these config files can contain secrets and its probably not in the best interest of security that they be world readable.

Let me know what you think.

That sounds like a good idea to me.  I don't think there is anything in there that needs the execute bit, so I was going to set the permissions to 0640 unless you're aware of something I am not.  But my asterisk.tmpfiles doesn't have an entry for /etc/asterisk, could you provide the example?  The directory itself should be 0750, but its contents should be 0640.

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

@ectospasm I'm about to make the tmpfiles change on my end aswell, but one thing I noticed is all config files are globally readable ... we should probably decide if we're going to 0750 the /etc/asterisk directory, or if we're going to set 0640 on the config files.

Many of these config files can contain secrets and its probably not in the best interest of security that they be world readable.

Let me know what you think.

That sounds like a good idea to me.  I don't think there is anything in there that needs the execute bit, so I was going to set the permissions to 0640 unless you're aware of something I am not.  But my asterisk.tmpfiles doesn't have an entry for /etc/asterisk, could you provide the example?  The directory itself should be 0750, but its contents should be 0640.

Here is what I was thinking...

d /etc/asterisk 0750 asterisk asterisk -
z /etc/asterisk/*.adsi 0640 asterisk asterisk
z /etc/asterisk/*.ael 0640 asterisk asterisk
z /etc/asterisk/*.conf 0640 asterisk asterisk
z /etc/asterisk/*.lua 0640 asterisk asterisk
d /run/asterisk 0750 asterisk asterisk -
d /var/lib/asterisk 0750 asterisk asterisk -
d /var/log/asterisk 0750 asterisk asterisk -
d /var/spool/asterisk 0750 asterisk asterisk -

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

Here is what I was thinking...

d /etc/asterisk 0750 asterisk asterisk -
z /etc/asterisk/*.adsi 0640 asterisk asterisk
z /etc/asterisk/*.ael 0640 asterisk asterisk
z /etc/asterisk/*.conf 0640 asterisk asterisk
z /etc/asterisk/*.lua 0640 asterisk asterisk
d /run/asterisk 0750 asterisk asterisk -
d /var/lib/asterisk 0750 asterisk asterisk -
d /var/log/asterisk 0750 asterisk asterisk -
d /var/spool/asterisk 0750 asterisk asterisk -

Should we also include *.pacsave and *.pacnew?  I'm not sure what happens to the permissions (if anything) when pacman creates these.

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

Here is what I was thinking...

d /etc/asterisk 0750 asterisk asterisk -
z /etc/asterisk/*.adsi 0640 asterisk asterisk
z /etc/asterisk/*.ael 0640 asterisk asterisk
z /etc/asterisk/*.conf 0640 asterisk asterisk
z /etc/asterisk/*.lua 0640 asterisk asterisk
d /run/asterisk 0750 asterisk asterisk -
d /var/lib/asterisk 0750 asterisk asterisk -
d /var/log/asterisk 0750 asterisk asterisk -
d /var/spool/asterisk 0750 asterisk asterisk -

Should we also include *.pacsave and *.pacnew?  I'm not sure what happens to the permissions (if anything) when pacman creates these.

Well, .pacnew wouldn't contain any secrets and as far as I can tell from the docs loqs shared, the .conf files are renamed which should preserve perms. I think we're good there.

If you're in agreement with the above, I can push that change with the update thats pending so long.

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

Well, .pacnew wouldn't contain any secrets and as far as I can tell from the docs loqs shared, the .conf files are renamed which should preserve perms. I think we're good there.

If you're in agreement with the above, I can push that change with the update thats pending so long.

LGTM (Looks Good To Me).  I'll make the change in my local copy.

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

Hrmmm, seems we may have a problem...

Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/telcordia-1.adsi (owned by root) during canonicalization of /etc/asterisk/telcordia-1.adsi.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/asterisk.adsi (owned by root) during canonicalization of /etc/asterisk/asterisk.adsi.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/extensions.ael (owned by root) during canonicalization of /etc/asterisk/extensions.ael.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/acl.conf (owned by root) during canonicalization of /etc/asterisk/acl.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/res_config_sqlite3.conf (owned by root) during canonicalization of /etc/asterisk/res_config_sqlite3.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/asterisk.conf (owned by root) during canonicalization of /etc/asterisk/asterisk.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/aeap.conf (owned by root) during canonicalization of /etc/asterisk/aeap.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/osp.conf (owned by root) during canonicalization of /etc/asterisk/osp.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/cdr_beanstalkd.conf (owned by root) during canonicalization of /etc/asterisk/cdr_beanstalkd.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/meetme.conf (owned by root) during canonicalization of /etc/asterisk/meetme.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/dundi.conf (owned by root) during canonicalization of /etc/asterisk/dundi.conf.
Detected unsafe path transition /etc/asterisk (owned by asterisk) → /etc/asterisk/cel.conf (owned by root) during canonicalization of /etc/asterisk/cel.conf.
...

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

Let me see what I can come up with

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

well ... this works

Z /etc/asterisk - asterisk asterisk
d /etc/asterisk 0750 - - -
z /etc/asterisk/*.adsi 0640 - -
z /etc/asterisk/*.ael 0640 - -
z /etc/asterisk/*.conf 0640 - -
z /etc/asterisk/*.lua 0640 - -
z /etc/asterisk/*.timers 0640 - -
d /run/asterisk 0750 asterisk asterisk -
d /var/lib/asterisk 0750 asterisk asterisk -
d /var/log/asterisk 0750 asterisk asterisk -
d /var/spool/asterisk 0750 asterisk asterisk -

Last edited by nkukard (2022-07-06 18:23:03)

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

Here is my new AUR package!

Lone_Wolf

Administrator

From: Netherlands, Europe

Registered: 2005-10-04

Posts: 13,024

Re: PKGBUILD review request: asterisk-lts-18

It is mostly commonly used for volatile and temporary files and directories (such as those located under /run/, /tmp/, /var/tmp/, the API file systems such as /sys/ or /proc/, as well as some other directories below /var/).

Are you two sure using tmpfiles for the asterisk folder in /etc is a good idea ?

If yes, did you ensure the age parameter is set correctly so the /etc/asterisk folder won't be cleaned (removed) ?

---

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

It is mostly commonly used for volatile and temporary files and directories (such as those located under /run/, /tmp/, /var/tmp/, the API file systems such as /sys/ or /proc/, as well as some other directories below /var/).

Are you two sure using tmpfiles for the asterisk folder in /etc is a good idea ?

If yes, did you ensure the age parameter is set correctly so the /etc/asterisk folder won't be cleaned (removed) ?

I believe so, that is what loqs suggested.

As you can see above, age is set to -.

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder

ectospasm

Member

Registered: 2015-08-28

Posts: 292

Re: PKGBUILD review request: asterisk-lts-18

I noticed when installing the resulting package, I get a few warnings about differing permissions:

warning: directory permissions differ on /etc/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /run/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /tmp/
filesystem: 1777  package: 755
warning: directory permissions differ on /var/lib/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /var/log/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /var/spool/asterisk/
filesystem: 750  package: 755

It looks like the tmpfiles hook runs well after this, is there any way to avoid these warnings to begin with?

nkukard

Member

Registered: 2018-12-26

Posts: 24

Re: PKGBUILD review request: asterisk-lts-18

I noticed when installing the resulting package, I get a few warnings about differing permissions:

warning: directory permissions differ on /etc/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /run/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /tmp/
filesystem: 1777  package: 755
warning: directory permissions differ on /var/lib/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /var/log/asterisk/
filesystem: 750  package: 755
warning: directory permissions differ on /var/spool/asterisk/
filesystem: 750  package: 755

It looks like the tmpfiles hook runs well after this, is there any way to avoid these warnings to begin with?

Fixes are in my package

---

irc.libera.chat ~ nkukard
Discord ~ discord.gg/linuxchat ~ OpenSourceCoder