I’m using Asterisk 18 as self maintained Add-On.
After an update of the toolchain and core to 195, I can’t build the Add-On anymore. Compilation stops with the following download error:
checking for openssl >= 1.1.0... yes
checking for embedded jansson (may have to download)... configuring
[jansson] Downloading https://raw.githubusercontent.com/asterisk/third-party/master/jansson/2.14/jansson-2.14.tar.bz2 to /tmp/jansson-2.14.tar.bz2
[jansson] Retrying download
[jansson] Downloading https://raw.githubusercontent.com/asterisk/third-party/master/jansson/2.14/jansson-2.14.tar.bz2 to /tmp/jansson-2.14.tar.bz2
make[1]: *** [Makefile:68: /tmp/jansson-2.14.tar.bz2] Error 4
make[1]: *** Deleting file '/tmp/jansson-2.14.tar.bz2' failed
Seems there is a problem to download the bundled jansson (same for pjsip, if I skip jansson). The download source is correct.
Using the chrooted shell, I can manually start the configuration which is working fine:
checking for openssl >= 1.1.0... yes
checking for embedded jansson (may have to download)... configuring
[jansson] Downloading https://raw.githubusercontent.com/asterisk/third-party/master/jansson/2.14/jansson-2.14.tar.bz2 to /tmp/jansson-2.14.tar.bz2
[jansson] Verifying /tmp/jansson-2.14.tar.bz2
[jansson] Verify successful
[jansson] Verifying /tmp/jansson-2.14.tar.bz2
[jansson] Verify successful
[jansson] Unpacking /tmp/jansson-2.14.tar.bz2
[jansson] Applying patches /usr/src/asterisk-18.26.2/third-party/jansson/patches /usr/src/asterisk-18.26.2/third-party/jansson/source
No patches in /usr/src/asterisk-18.26.2/third-party/jansson/patches
[jansson] Rebuilding
[jansson] Configuring
checking for bundled jansson... yes
checking for embedded pjproject (may have to download)... configuring
[pjproject] Downloading https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.14.1/pjproject-2.14.1.tar.bz2 to /tmp/pjproject-2.14.1.tar.bz2
[pjproject] Verifying /tmp/pjproject-2.14.1.tar.bz2
May anyone of the development team point me in the right direction, why make.sh build fails, while a manual ./configure in make.sh shell correctly downloads the files?
This is technically not a bug, but a security feature. The build environment has no chance to connect to the internet. This is so that we can run deterministic builds that cannot download any malware and add it into the distribution at compile time.
It looks like Asterisk wants jansson, a JSON library which is available in IPFire:
Hi Michael,
thanks a lot for getting back to me so fast and clarifying this.
I’m using Asterisk by configuration to use the bundled jansson (ignoring any already installed version) and pjsip libs. It’s a recommendation of the Asterisk project. That way, they ensure, that the dependent (bundled) libs match the asterisk version it was tested with.
I wasn’t aware that the build environment can’t connect to the internet anymore. Must be a recent change. Anyway it makes sense to get the build deterministic.
I there a switch to enable connectivity on a “I know what I am doing” basis?
If not, I have to use the default jansson lib and build pjsip as extra Add-On.
It has been like that at least since I started doing builds around 5 years ago.
That is your easiest option.
If it worked in the past then the configure script was probably finding the jansson version in the IPFire build but they have probably changed something to only look for their bundled version now.
Thanks a lot!
I’m using asterisks external-cache feature now, downloading the according files manually and setting up a cache path.
This is working fine.
@bonnietwin, this is really strange, I’ve built the Asterisk Add-on last year with the very same config without any problems.
Anyway, static files are way more clean.
I definitely know that downloading anything via the internet during the build is blocked because with every new rust dependency the rust cargo package first tries to download the new dependency and then comes back with the error message saying that the dependency could not be obtained and I then manually install that new dependency.
Similar thing with new python dependencies where it tries to download the new package via pip.
Is the Asterisk version you built last year, the same version number as you are now trying to build or is this an updated version?
you mean possibly that there was no nameserver in resolv.conf configured which could easily be changed by adding one. Since Aug. 2024 the entire network access has been disabled → git.ipfire.org Git - ipfire-2.x.git/commit .
That’s exactly the point here!
resolv.conf is 127.0.0.1 by default.
To make the downloads work, I’ve always modified this to my internal DNS first, like 192.168.1.1.
The referenced commit perfectly explains my situation, why this is not working anymore!
Again: THANKS!
It was never meant to be, but there were ways to make it possible. Since we don’t want that at all, a lot of changes have been introduced last summer. There is more detail on the development mailing list:
Not really, we only have networking enabled in the shell.
Generally yes, that is the way to go. We don’t like bundled libraries, because it makes patching security vulnerabilities much harder when there is multiple versions of the same software.
So using the system version is always the preferred option.
Building PJSIP and using the system’s jansson would be the cleanest way forward.