Hi all,
My PHP apps(s) depend on php-libsodium or php-sodium. So far it is not possible to deploy on RHEL 8 / CentOS 8 due to [1]. I'm wondering if there is a recommended approach to build either php-sodium or php-libsodium in such a way that when [1] is resolved and php-sodium is available from EPEL the upgrade will be smooth? I try to avoid Remi's repo as it will be difficult to 'unuse' it later on when EPEL is "fixed". libsodium itself is already available in EPEL.
I can see three possible approaches:
1. Build PECL php-libsodium for PHP 7.2 and 7.3 on CentOS 8, this seems to be supported at least by the PECL module itself; 2. Take the CentOS PHP source RPM/spec and enable the sodium module and rebuild the PHP package. 3. Take the ext/sodium code from the CentOS RPM source code and extract it as a separate module and build that.
I tried 2, but it conflicts with the CentOS modules, I probably do something wrong...
Not sure what is the best approach here... Any advice?
Thanks!
Regards, François
Le 17/01/2020 à 12:34, François Kooman a écrit :
I try to avoid Remi's repo as it will be difficult to 'unuse'
As difficult as running a small set of commands ?
# dnf module reset php # dnf module enable php:7.3 # dnf distro-sync
The same than for switching from one official stream to a new one
;)
On 1/17/20 1:17 PM, Remi Collet wrote:
As difficult as running a small set of commands ?
# dnf module reset php # dnf module enable php:7.3 # dnf distro-sync
The same than for switching from one official stream to a new one
Hi Remi!
Yeah, that's nice for experimentation. For our production servers running CentOS and RHEL that is not really acceptable.
It seems there's nothing we can do but wait until php-(lib)sodium becomes available either directly through the official module(s) or EPEL. Fortunately we have some years until CentOS 7 / RHEL 7 is EOL, maybe by then this module/EPEL situation is resolved :)
Regards, François
On Fri, Jan 17, 2020 at 9:01 AM François Kooman fkooman@tuxed.net wrote:
On 1/17/20 1:17 PM, Remi Collet wrote:
As difficult as running a small set of commands ?
# dnf module reset php # dnf module enable php:7.3 # dnf distro-sync
The same than for switching from one official stream to a new one
Hi Remi!
Yeah, that's nice for experimentation. For our production servers running CentOS and RHEL that is not really acceptable.
It seems there's nothing we can do but wait until php-(lib)sodium becomes available either directly through the official module(s) or EPEL. Fortunately we have some years until CentOS 7 / RHEL 7 is EOL, maybe by then this module/EPEL situation is resolved :)
If you need this fixed officially, you'll probably want to file a support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the rest of us to track, too. :)
-- 真実はいつも一つ!/ Always, there's only one truth!
Le 17/01/2020 à 15:12, Neal Gompa a écrit :
If you need this fixed officially, you'll probably want to file a support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the rest of us to track, too. :)
No, this won't help RH won't add new crypto library
Remi
On Fri, Jan 17, 2020 at 10:06 AM Remi Collet Fedora@famillecollet.com wrote:
Le 17/01/2020 à 15:12, Neal Gompa a écrit :
If you need this fixed officially, you'll probably want to file a support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the rest of us to track, too. :)
No, this won't help RH won't add new crypto library
It's unreasonable for certain core PHP functions to be broken because of a missing library. Moreover, I really don't think that they would not consider it, given how well maintained it is and how important it is for various language stacks.
On 1/17/20 3:12 PM, Neal Gompa wrote:
If you need this fixed officially, you'll probably want to file a support case with Red Hat, assuming you have a RHEL subscription. :)
Filing a bug in RHBZ against RHEL 8 would probably be helpful for the rest of us to track, too. :)
Did some digging:
https://bugzilla.redhat.com/show_bug.cgi?id=1761189 https://bugzilla.redhat.com/show_bug.cgi?id=1714591
It seems libsodium (and argon2) are not and won't (ever) be part of RHEL. I wonder if there is any chance they would be added to the PHP *module*, I guess also not, had already a discussion about this before on minisign, that escalated quickly :-)
https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject....
Cheers, François
Le 17/01/2020 à 16:09, François Kooman a écrit :
It seems libsodium (and argon2) are not and won't (ever) be part of RHEL. I wonder if there is any chance they would be added to the PHP *module*, I guess also not, had already a discussion about this before on minisign, that escalated quickly :-)
Notice that starting with PHP 7.4, argon2 is no more needed as the sodium extension provides an alternative an better (faster) implementation.
So, when RHEL 8.(1+x) will have 7.4, php-sodium in EPEL will provide the addition password algo.
With 7.2 or 7.3, this is not possible (argon2 is used by the php core)
Remi
P.S. as in Fedora 32, 7.4 don't use argon2 lib anymore.
php-devel@lists.fedoraproject.org