5:34 a.m.
Hi all,
My PHP apps(s) depend on php-libsodium or php-sodium. So far it is not
possible to deploy on RHEL 8 / CentOS 8 due to [1]. I'm wondering if
there is a recommended approach to build either php-sodium or
php-libsodium in such a way that when [1] is resolved and php-sodium is
available from EPEL the upgrade will be smooth? I try to avoid Remi's
repo as it will be difficult to 'unuse' it later on when EPEL is
"fixed". libsodium itself is already available in EPEL.
I can see three possible approaches:
1. Build PECL php-libsodium for PHP 7.2 and 7.3 on CentOS 8, this seems
to be supported at least by the PECL module itself;
2. Take the CentOS PHP source RPM/spec and enable the sodium module and
rebuild the PHP package.
3. Take the ext/sodium code from the CentOS RPM source code and extract
it as a separate module and build that.
I tried 2, but it conflicts with the CentOS modules, I probably do
something wrong...
Not sure what is the best approach here... Any advice?
Thanks!
Regards,
François
[1] https://pagure.io/epel/issue/75
6:17 a.m.
Le 17/01/2020 à 12:34, François Kooman a écrit :
I try to avoid Remi's repo as it will be difficult to
'unuse'
As difficult as running a small set of commands ?
# dnf module reset php
# dnf module enable php:7.3
# dnf distro-sync
The same than for switching from one official stream to a new one
;)
8:01 a.m.
On 1/17/20 1:17 PM, Remi Collet wrote:
As difficult as running a small set of commands ?
# dnf module reset php
# dnf module enable php:7.3
# dnf distro-sync
The same than for switching from one official stream to a new one
Hi Remi!
Yeah, that's nice for experimentation. For our production servers
running CentOS and RHEL that is not really acceptable.
It seems there's nothing we can do but wait until php-(lib)sodium
becomes available either directly through the official module(s) or
EPEL. Fortunately we have some years until CentOS 7 / RHEL 7 is EOL,
maybe by then this module/EPEL situation is resolved :)
Regards,
François
8:12 a.m.
On Fri, Jan 17, 2020 at 9:01 AM François Kooman <fkooman(a)tuxed.net> wrote:
On 1/17/20 1:17 PM, Remi Collet wrote:
> As difficult as running a small set of commands ?
>
> # dnf module reset php
> # dnf module enable php:7.3
> # dnf distro-sync
>
> The same than for switching from one official stream to a new one
Hi Remi!
Yeah, that's nice for experimentation. For our production servers
running CentOS and RHEL that is not really acceptable.
It seems there's nothing we can do but wait until php-(lib)sodium
becomes available either directly through the official module(s) or
EPEL. Fortunately we have some years until CentOS 7 / RHEL 7 is EOL,
maybe by then this module/EPEL situation is resolved :)
If you need this fixed officially, you'll probably want to file a
support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the
rest of us to track, too. :)
--
真実はいつも一つ!/ Always, there's only one truth!
9:06 a.m.
Le 17/01/2020 à 15:12, Neal Gompa a écrit :
If you need this fixed officially, you'll probably want to file
a
support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the
rest of us to track, too. :)
No, this won't help
RH won't add new crypto library
Remi
9:09 a.m.
On Fri, Jan 17, 2020 at 10:06 AM Remi Collet <Fedora(a)famillecollet.com> wrote:
Le 17/01/2020 à 15:12, Neal Gompa a écrit :
> If you need this fixed officially, you'll probably want to file a
> support case with Red Hat, assuming you have a RHEL subscription. :)
>
> Filing a bug in RHBZ against RHEL 8 would probably be helpful for the
> rest of us to track, too. :)
No, this won't help
RH won't add new crypto library
It's unreasonable for certain core PHP functions to be broken because
of a missing library. Moreover, I really don't think that they would
not consider it, given how well maintained it is and how important it
is for various language stacks.
--
真実はいつも一つ!/ Always, there's only one truth!
9:09 a.m.
On 1/17/20 3:12 PM, Neal Gompa wrote:
If you need this fixed officially, you'll probably want to file
a
support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the
rest of us to track, too. :)
Did some digging:
https://bugzilla.redhat.com/show_bug.cgi?id=1761189
https://bugzilla.redhat.com/show_bug.cgi?id=1714591
It seems libsodium (and argon2) are not and won't (ever) be part of
RHEL. I wonder if there is any chance they would be added to the PHP
*module*, I guess also not, had already a discussion about this before
on minisign, that escalated quickly :-)
https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproje...
Cheers,
François
1:59 a.m.
Le 17/01/2020 à 16:09, François Kooman a écrit :
It seems libsodium (and argon2) are not and won't (ever) be part
of
RHEL. I wonder if there is any chance they would be added to the PHP
*module*, I guess also not, had already a discussion about this before
on minisign, that escalated quickly :-)
Notice that starting with PHP 7.4, argon2 is no more needed
as the sodium extension provides an alternative an better (faster)
implementation.
So, when RHEL 8.(1+x) will have 7.4, php-sodium in EPEL will provide
the addition password algo.
With 7.2 or 7.3, this is not possible (argon2 is used by the php core)
Remi
P.S. as in Fedora 32, 7.4 don't use argon2 lib anymore.
1567
days inactive
1568
days old
php-devel@lists.fedoraproject.org
7 comments
3 participants
participants (3)
-
François Kooman -
Neal Gompa -
Remi Collet