Welcome to Centmin Mod Community
Become a Member

Beta Branch update EL9 PHP 7.4/8.0 compatibility with OpenSSL 3.0 system in 130.00beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Oct 26, 2023.

  1. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    6:30 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    update EL9 PHP 7.4/8.0 compatibility with OpenSSL 3.0 system in 130.00beta01

    - PHP 7.4 and PHP 8.0 officially do not support OpenSSL 3.0. For EL9 systems like AlmaLinux 9, Rocky Linux 9 or Oracle Linux 9 using OpenSSL 3.0, minimum PHP 8.1 version is required. However, Centmin Mod has patched PHP 7.4.33 and PHP 8.0 workarounds to be able to compile on EL9 OpenSSL 3.0. The patches are from REMI PHP YUM repo for EL9 systems
    - This may not be 100% and is provided as is. If you need PHP <=8.0, you should use EL8 systems like AlmaLinux 8, Rocky Linux 8 or Oracle Linux 8 which have compatible system OpenSSL 1.1.1 version
    - This adds support for PHP 7.4/8.0 with EL9 for centmin.sh menu option 5 upgrade/recompile routine right now and has not been tested for initial install PHP 7.4/8.0 default on EL9 systems
    - When you run centmin.sh menu option 5 to switch to PHP 7.4.33 or PHP 8.0.x on EL9 system, an additional note is presented to inform users. Example below:


    Enter PHP Version number you want to upgrade/downgrade to: 8.0.30

    ###########################################################################
    EL9 OpenSSL 3.0 Compatibility Note
    ###########################################################################
    Detected EL9 system running OpenSSL 3.0 system library ...
    PHP 7.4 and PHP 8.0 officially do not support OpenSSL 3.0
    For EL9 systems using OpenSSL 3.0, minimum PHP 8.1 version
    is required. However, Centmin Mod has patched PHP 7.4.33 and
    PHP 8.0 workarounds to be able to compile on EL9 OpenSSL 3.0.
    This may not be 100% and is provided as is.

    If you need PHP <=8.0, you should use EL8 systems with OpenSSL 1.1.1
    ###########################################################################

    Do you still want to continue? [y/n]

    Continue reading...

    130.00beta01 branch

    Support Centmin Mod


    If you find Centmin Mod useful, please help support Centmin Mod
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    6:30 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Example PHP 8.0.30 compile on AlmaLinux 9.2 with OpenSSL 3.0 system library
    Code (Text):
    cat /etc/os-release 
    NAME="AlmaLinux"
    VERSION="9.2 (Turquoise Kodkod)"
    ID="almalinux"
    ID_LIKE="rhel centos fedora"
    VERSION_ID="9.2"
    PLATFORM_ID="platform:el9"
    PRETTY_NAME="AlmaLinux 9.2 (Turquoise Kodkod)"
    ANSI_COLOR="0;34"
    LOGO="fedora-logo-icon"
    CPE_NAME="cpe:/o:almalinux:almalinux:9::baseos"
    HOME_URL="https://almalinux.org/"
    DOCUMENTATION_URL="https://wiki.almalinux.org/"
    BUG_REPORT_URL="https://bugs.almalinux.org/"
    ALMALINUX_MANTISBT_PROJECT="AlmaLinux-9"
    ALMALINUX_MANTISBT_PROJECT_VERSION="9.2"
    REDHAT_SUPPORT_PRODUCT="AlmaLinux"
    REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
    

    Code (Text):
    php -v
    PHP 8.0.30 (cli) (built: Oct 26 2023 10:56:45) ( NTS )
    Copyright (c) The PHP Group
    Zend Engine v4.0.30, Copyright (c) Zend Technologies
        with Zend OPcache v8.0.30, Copyright (c), by Zend Technologies
    

    Code (Text):
    php --ri openssl
    openssl
    OpenSSL support => enabled
    OpenSSL Library Version => OpenSSL 3.0.7 1 Nov 2022
    OpenSSL Header Version => OpenSSL 3.0.7 1 Nov 2022
    Openssl default config => /etc/pki/tls/openssl.cnf
    Directive => Local Value => Master Value
    openssl.cafile => no value => no value
    openssl.capath => no value => no value
    

    Code (Text):
    php-config
    Usage: /usr/local/bin/php-config [OPTION]
    Options:
      --prefix            [/usr/local]
      --includes          [-I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib]
      --ldflags           [ -L/usr/lib64/../lib64 -L/usr/local/lib64]
      --libs              [-lcrypt  -lc-client  -ltidy -largon2 -lncurses -laspell -lpspell -lrt -lldap -llber -lstdc++ -lcrypt -lpam -lgmp -lbz2 -lrt -lm  -lsystemd -lxml2 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -lsqlite3 -lz -lcurl -lssl -lcrypto -lxml2 -lenchant -lgmodule-2.0 -lglib-2.0 -lffi -lssl -lcrypto -lz -lpng16 -lwebp -ljpeg -lXpm -lX11 -lfreetype -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto -licuio -licui18n -licuuc -licudata -lonig -lsqlite3 -ledit -lxml2 -lnetsnmp -lm -lm -lssl -lssl -lcrypto -lxml2 -lsodium -largon2 -lxml2 -lxml2 -lxml2 -lxslt -lxml2 -lexslt -lxslt -lxml2 -lzip -lz -lssl -lcrypto -lcrypt ]
      --extension-dir     [/usr/local/lib/php/extensions/no-debug-non-zts-20200930]
      --include-dir       [/usr/local/include/php]
      --man-dir           [/usr/local/php/man]
      --php-binary        [/usr/local/bin/php]
      --php-sapis         [ cli embed fpm phpdbg cgi]
      --ini-path          [/usr/local/lib]
      --ini-dir           [/etc/centminmod/php.d]
      --configure-options [--enable-fpm --enable-opcache --enable-intl --enable-pcntl --with-mcrypt --with-snmp --enable-embed=shared --with-mhash --with-zlib --with-gettext --enable-exif --with-zip --with-libzip --with-bz2 --enable-soap --enable-sockets --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-mysql-sock=/var/lib/mysql/mysql.sock --with-curl --enable-gd --with-xmlrpc --enable-bcmath --enable-calendar --enable-ftp --enable-gd-native-ttf --with-freetype --with-jpeg --with-png-dir=/usr --with-xpm --with-webp --with-t1lib=/usr --enable-shmop --with-pear --enable-mbstring --with-openssl --with-mysql=mysqlnd --with-libdir=lib64 --with-mysqli=mysqlnd --enable-pdo --with-pdo-sqlite --with-pdo-mysql=mysqlnd --enable-inline-optimization --with-imap --with-imap-ssl --with-kerberos --with-readline --with-libedit --with-gmp --with-pspell --with-tidy --with-enchant --with-fpm-user=nginx --with-fpm-group=nginx --with-ldap --with-ldap-sasl --with-password-argon2 --with-sodium=/usr/local --with-config-file-scan-dir=/etc/centminmod/php.d --with-fpm-systemd --with-ffi --with-xsl PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig PNG_CFLAGS=-I/usr/include PNG_LIBS=-L/usr/lib64 -lpng16 ICU_CFLAGS=-I/usr/include ICU_LIBS=-L/usr/lib64 -licuio -licui18n -licuuc -licudata ONIG_CFLAGS=-I/usr/include ONIG_LIBS=-L/usr/lib64 -lonig LIBSODIUM_CFLAGS=-I/usr/local/include LIBSODIUM_LIBS=-L/usr/local/lib64 -lsodium LIBZIP_CFLAGS=-I/usr/local/include LIBZIP_LIBS=-L/usr/local/lib64 -lzip]
      --version           [8.0.30]
      --vernum            [80030]
    

    Code (Text):
    ldd $(which php) | grep crypt
            libcrypt.so.2 => /usr/lib64/../lib64/libcrypt.so.2 (0x00007f4a662de000)
            libk5crypto.so.3 => /usr/lib64/../lib64/libk5crypto.so.3 (0x00007f4a65e5f000)
            libcrypto.so.3 => /usr/lib64/../lib64/libcrypto.so.3 (0x00007f4a65200000)
            libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007f4a624c7000)
    
     
  3. buik

    buik “The best traveler is one without a camera.”

    1,982
    517
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,644
    Local Time:
    10:30 PM
    PHP 8 is working 100% feature wise. EL9 was originally released with PHP 8.0 and OpenSSL 3.0 on May 10, 2022. Besides, Remi is working for Red Hat and is their PHP maintainer.

    PHP 7.4 I wouldn't spend any more time on for the future CMM EL9 release. That is still too much before release. Then the version is way too old and gives way too much work.
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    6:30 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah the wonderful Remi is keeping things working on RHEL. IIRC, the PHP 8.0 OpenSSL 3.0 patch dates back to September 2021 but had 2 additional revisions to the patch, this update actually updated my original Remi patch to the 3rd edition :)

    Yeah true, though Centmin Mod has PHP 7.4 with OpenSSL 3.0 on EL9 working now anyway :)
     
  5. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    6:30 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. buik

    buik “The best traveler is one without a camera.”

    1,982
    517
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,644
    Local Time:
    10:30 PM
    They could hardly do otherwise, either.
    Otherwise EL7, 8 and 9 were based on OpenSSL 1.*
    That's just a little too much of a good thing, since development of EL after Fedora takes about a year + 10 years of support time and then extended support on top of that. Then it is apparently easier to make software with less impact than OpenSSL, such as PHP; Compatible with only a few backport patches. Than running everything on an old OpenSSL. With all its consequences.