As I understand it, when lang/php80 is built with the MYSQL80 option set, the security/php81-openssl cannot be used. devel/php-composer2 however unconditionally depends on it. With this quick hack, php-composer2 can be built: -USE_PHP= ctype filter intl json mbstring openssl phar +USE_PHP= ctype filter intl json mbstring phar Obviously a better solution is needed. See also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259793 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=252420
I mentioned this to Sean via email, but while I agree that this hack is not a good solution, I do not know a good solution to the issue of PHP + MySQL 8.0 when trying to install php-composer2 or even any PHP-dependent port that requires the OpenSSL extension.
Naram, a possible solution is mentioned here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259793#c8
^Triage: Whats is the build error in this case? Please include a build log as an attachment, compressed if necessary. Loop in lang/php80 maintainer for advice, leave open maintainer-feedback for php-compoer2 pending resolution
I didn't open the bug, so I don't know if it is a build failure or not. Technically this port, php-composer2, doesn't have a build process since it is just a PHP script. The error as far as I've been told has to do more with the weird combination of PHP and MySQL 8.0 and it making the OpenSSL extension a problem. If Sean could post logs of what they were seeing without the hacks in place, that would help.
When running this command: poudriere bulk -C -j amd64-13-0 devel/php-composer2 The error I encounter is: [00:00:04] [01] [00:00:00] Building security/php80-openssl | php80-openssl-8.0.15 [00:00:18] [01] [00:00:14] Finished security/php80-openssl | php80-openssl-8.0.15: Failed: stage [00:00:18] [01] [00:00:14] Skipping devel/php-composer2 | php80-composer2-2.2.5: Dependent port security/php80-openssl | php80-openssl-8.0.15 failed security/php80-openssl fails to build, which is "normal" because of how #252420 was fixed. i.e. when MYSQL80=ON openssl is built into php itself, and php80-openssl can/must not be used. devel/php-composer2 *unconditionally* depends on security/php80-openssl, and so it consequently fails. As I understand it from comments in the related tickets, devel/php-composer2 needs to somehow depend on php80-openssl *conditionally* instead of unconditionally.
You understand the issue correctly Sean. Since this is also just a workaround, we are currently testing to build PHP with openssl as default. This would remove the issues, but must be well tested.
If the PHP port is going to be updated to make this a non-issue, that's fine with me. Especially since I don't know how to fix Composer's port to conditionally add openssl to USE_PHP. I was originally going to post the following before Torsten's post caused a mid-air collision: The problem with the suggestion (as coded by Muhammad) in the other bug is that it doesn't conditionally add openssl if it isn't built into PHP already, it is that it prevents the port from being staged at all if openssl is listed in USE_PHP. There was nothing given on HOW to make it conditionally add openssl to USE_PHP if it isn't built into PHP already, just the suggestion was made to do so. From what I saw in Composer's source code, openssl isn't REQUIRED by Composer, but without openssl support, it cannot download from https sources. So if openssl was removed from USE_PHP but the user isn't using the MYSQL80 option on PHP, then that could cripple Composer.
(In reply to Torsten Zuehlsdorff from comment #6) >we are currently testing to build PHP with openssl as default. Interesting. Is there a ticket I could CC myself on to follow progress there?
PLEASE LET US WORK ON IT and NO MORE TICKETS PLEASE. There ain't too much people looking after the php infrastructure of the tree. I am not in a mood to bring in a fight in between users who wants MYSQL80, who wants other ports that require openssl module and who might someday also want to use libressl*. :D
(In reply to Naram Qashat from comment #7) I gave the hint on howto check whether if openssl is built in php or available as a module and to change the port in a way and I didn't mention that this was the fix. :D I am not a maintainer of composer so it's not my work to complete it. There are thousand of ports OPTIONS combinations which cannot always be tested and fixed. But we try to ensure before sending a commit it's building and usability capacity with DEFAULT options although despite our attempts there are unintentional mistakes that we make. With the DEFAULT options of php8[01] composer builds fine. However we are past that point. We have a solution but the testing path is longer than expected. So hold tight and grab a coffee while we are fixing it.
@koobs: There has been lots of changes in php ports in this quarter and cherry-picking this specific commit will be trickier as we will have to merge lots of things which will eventually endup rebuilding nearly 1500 ports in the quarterly branch which is counter productive at the moment considering there is no specific emergency vulnerabilities.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e8d9493812a510f7c1cc94632836e1d5731de250 commit e8d9493812a510f7c1cc94632836e1d5731de250 Author: Muhammad Moinur Rahman <bofh@FreeBSD.org> AuthorDate: 2022-02-12 15:38:24 +0000 Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org> CommitDate: 2022-02-12 15:41:51 +0000 lang/php8[01]: Make openssl as DEFAULT After the 91fdbed776033fd4b210135429a171ab5fed549b commit fixing the issue for MySQL80 introduced another problem for the ports that depends on php8[01]-openssl port couldn't be built as the fix prevented php8[01]-openssl from being installed as it's already built with default php installation. As the problem has grown much bigger now and php80 is currently the DEFAULT php version so we are switching the behavior of php8[01] ports making the openssl module as default. - Remove non-default OPTION MYSQL80 from lang/php8[01] - Remove ports security/php8[01]-openssl - Remove OPTION OPENSSL from lang/php8[01]-extensions - Mark lang/php8[01] to IGNORE with libressl and libressl-devel Although php builds fine with those most of the extensions do not as they have dependency on curl. So mark it early. - OPTIONIZE lang/php80 - Change openssl_DEPENDS to conditional for php74 only as this module is default from php80 with this commit. php74 do not have the issue where it fails to connect to MySQL80 due to new caching_sha2_password - Remove hash_DEPENDS from php.mk as it is a default module for all php - Change json_DEPENDS to conditional for php74 only as this module is default from php80 PR: 261797 259793 252420 Reported by: sean@rogue-research.com martin@waschbuesch.de Approved by: tz (private email) ale (private email) Sponsored by: Bounce Experts MOVED | 2 + Mk/Uses/php.mk | 11 ++- UPDATING | 12 +++ lang/php80-extensions/Makefile | 8 +- lang/php80/Makefile | 47 ++++----- lang/php80/Makefile.ext | 173 +++++++++------------------------ lang/php81-extensions/Makefile | 5 +- lang/php81/Makefile | 66 ++++--------- security/Makefile | 2 - security/php80-openssl/Makefile (gone) | 9 -- security/php81-openssl/Makefile (gone) | 7 -- 11 files changed, 109 insertions(+), 233 deletions(-)
I've tested and confirm this fixes the issue for me. Thanks to all!