From cd902557bb85e0c4119e1e4e0b18bf0b03495b00 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Fri, 3 May 2024 11:16:30 +0200 Subject: [PATCH 1/4] wip --- layers/fpm-dev/Dockerfile | 3 +- php-83/Dockerfile | 339 ++---------------------------- tests/test_2_extensions.php | 4 +- utils/lib-copy/docker-compose.yml | 8 +- utils/lib-copy/libs-arm.txt | 277 ++++++++++-------------- utils/lib-copy/libs-x86.txt | 277 ++++++++++-------------- 6 files changed, 236 insertions(+), 672 deletions(-) diff --git a/layers/fpm-dev/Dockerfile b/layers/fpm-dev/Dockerfile index 87700e45..b583f562 100644 --- a/layers/fpm-dev/Dockerfile +++ b/layers/fpm-dev/Dockerfile @@ -27,8 +27,7 @@ COPY --link bref-entrypoint.sh / RUN chmod +x /bref-entrypoint.sh # Install node to run the JS app below -RUN yum install https://rpm.nodesource.com/pub_16.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm -y -RUN yum install --setopt=nodesource-nodejs.module_hotfixes=1 --setopt=skip_missing_names_on_install=False -y nodejs +RUN dnf install -y nodejs # Install the bref/local-api-gateway app in our container (avoids running 2 containers) COPY --link --from=bref/local-api-gateway /app /local-api-gateway diff --git a/php-83/Dockerfile b/php-83/Dockerfile index 6fc08241..872de7d7 100644 --- a/php-83/Dockerfile +++ b/php-83/Dockerfile @@ -11,23 +11,14 @@ ARG VERSION_PHP=8.3.6 # https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html # AWS provides a Docker image that we use here: # https://github.com/amazonlinux/container-images/tree/amzn2 -FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as build-environment +FROM public.ecr.aws/lambda/provided:al2023-${IMAGE_VERSION_SUFFIX} as build-environment RUN set -xe \ - # Download yum repository data to cache - && yum makecache \ + # Download dnf repository data to cache + && dnf makecache \ # Install default development tools (gcc, make, etc) - && yum groupinstall -y "Development Tools" --setopt=group_package_types=mandatory,default - - -# The default version of cmake is 2.8.12. We need cmake to build a few of -# our libraries, and at least one library requires a version of cmake greater than that. -# Needed to build: -# - libzip: minimum required CMAKE version 3.0. -RUN LD_LIBRARY_PATH= yum install -y cmake3 -# Override the default `cmake` -RUN ln -s /usr/bin/cmake3 /usr/bin/cmake + && dnf install -y make gcc gcc-c++ autoconf automake libtool # We need a base path for all the sourcecode we will build from. @@ -69,319 +60,17 @@ RUN mkdir -p ${BUILD_DIR} \ ${INSTALL_DIR}/share -############################################################################### -# ZLIB Build -# We compile a newer version because Lambda uses an old version (1.2.7) that -# has a security vulnerability (CVE-2022-37434). -# See https://github.com/brefphp/aws-lambda-layers/pull/110 -# Can be removed once Lambda updates their version. -# https://github.com/madler/zlib/releases -ENV VERSION_ZLIB=1.3.1 -ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib -RUN set -xe; \ - mkdir -p ${ZLIB_BUILD_DIR}; \ - curl -Ls https://github.com/madler/zlib/releases/download/v${VERSION_ZLIB}/zlib-${VERSION_ZLIB}.tar.gz \ - | tar xzC ${ZLIB_BUILD_DIR} --strip-components=1 -WORKDIR ${ZLIB_BUILD_DIR}/ -RUN set -xe; \ - make distclean \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} -RUN set -xe; \ - make install \ - && rm ${INSTALL_DIR}/lib/libz.a - - -############################################################################### -# OPENSSL -# https://github.com/openssl/openssl/releases -# Needs: -# - zlib -# Needed by: -# - curl -# - php -RUN yum install -y perl-IPC-Cmd -ENV VERSION_OPENSSL=3.3.0 -ENV OPENSSL_BUILD_DIR=${BUILD_DIR}/openssl -ENV CA_BUNDLE_SOURCE="https://curl.se/ca/cacert.pem" -ENV CA_BUNDLE="${INSTALL_DIR}/bref/ssl/cert.pem" -RUN set -xe; \ - mkdir -p ${OPENSSL_BUILD_DIR}; \ - curl -Ls https://github.com/openssl/openssl/releases/download/openssl-${VERSION_OPENSSL}/openssl-${VERSION_OPENSSL}.tar.gz \ - | tar xzC ${OPENSSL_BUILD_DIR} --strip-components=1 -WORKDIR ${OPENSSL_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./config \ - --prefix=${INSTALL_DIR} \ - --openssldir=${INSTALL_DIR}/bref/ssl \ - --release \ - enable-tls1_3 \ - no-tests \ - shared \ - zlib -# Explicitly compile make without parallelism because it fails if we use -jX (no error message) -# I'm not 100% sure why, and I already lost 4 hours on this, but I found this: -# https://github.com/openssl/openssl/issues/9931 -# https://stackoverflow.com/questions/28639207/why-cant-i-compile-openssl-with-multiple-threads-make-j3 -# Run `make install_sw install_ssldirs` instead of `make install` to skip installing man pages https://github.com/openssl/openssl/issues/8170 -RUN make -j1 install_sw install_ssldirs -RUN mkdir -p ${INSTALL_DIR}/bref/ssl && curl -Lk -o ${CA_BUNDLE} ${CA_BUNDLE_SOURCE} - - -############################################################################### -# LIBXML2 -# https://github.com/GNOME/libxml2/releases -# Uses: -# - zlib -# Needed by: -# - php -# - libnghttp2 -ENV VERSION_XML2=2.12.6 -ENV XML2_BUILD_DIR=${BUILD_DIR}/xml2 -RUN set -xe; \ - mkdir -p ${XML2_BUILD_DIR}; \ - curl -Ls https://download.gnome.org/sources/libxml2/${VERSION_XML2%.*}/libxml2-${VERSION_XML2}.tar.xz \ - | tar xJC ${XML2_BUILD_DIR} --strip-components=1 -WORKDIR ${XML2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-sysroot=${INSTALL_DIR} \ - --enable-shared \ - --disable-static \ - --with-html \ - --with-history \ - --enable-ipv6=no \ - --with-icu \ - --with-zlib \ - --without-python -RUN make install \ - && cp xml2-config ${INSTALL_DIR}/bin/xml2-config - - -############################################################################### -# LIBSSH2 -# https://github.com/libssh2/libssh2/releases -# Needs: -# - zlib -# - OpenSSL -# Needed by: -# - curl -ENV VERSION_LIBSSH2=1.11.0 -ENV LIBSSH2_BUILD_DIR=${BUILD_DIR}/libssh2 -RUN set -xe; \ - mkdir -p ${LIBSSH2_BUILD_DIR}/bin; \ - curl -Ls https://github.com/libssh2/libssh2/releases/download/libssh2-${VERSION_LIBSSH2}/libssh2-${VERSION_LIBSSH2}.tar.gz \ - | tar xzC ${LIBSSH2_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSSH2_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - # Build as a shared library (.so) instead of a static one - -DBUILD_SHARED_LIBS=ON \ - # Build with OpenSSL support - -DCRYPTO_BACKEND=OpenSSL \ - # Build with zlib support - -DENABLE_ZLIB_COMPRESSION=ON \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBNGHTTP2 -# This adds support for HTTP 2 requests in curl. -# See https://github.com/brefphp/bref/issues/727 and https://github.com/brefphp/bref/pull/740 -# https://github.com/nghttp2/nghttp2/releases -# Needs: -# - zlib -# - OpenSSL -# - libxml2 -# Needed by: -# - curl -ENV VERSION_NGHTTP2=1.61.0 -ENV NGHTTP2_BUILD_DIR=${BUILD_DIR}/nghttp2 -RUN set -xe; \ - mkdir -p ${NGHTTP2_BUILD_DIR}; \ - curl -Ls https://github.com/nghttp2/nghttp2/releases/download/v${VERSION_NGHTTP2}/nghttp2-${VERSION_NGHTTP2}.tar.gz \ - | tar xzC ${NGHTTP2_BUILD_DIR} --strip-components=1 -WORKDIR ${NGHTTP2_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --enable-lib-only \ - --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# LIBPSL -# This adds support for the public suffix list in curl. -# https://github.com/rockdaboot/libpsl/releases -# Needed by: -# - curl -ENV VERSION_LIBPSL=0.21.5 -ENV LIBPSL_BUILD_DIR=${BUILD_DIR}/libpsl -RUN set -xe; \ - mkdir -p ${LIBPSL_BUILD_DIR}; \ - curl -Ls https://github.com/rockdaboot/libpsl/releases/download/${VERSION_LIBPSL}/libpsl-${VERSION_LIBPSL}.tar.gz \ - | tar xzC ${LIBPSL_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBPSL_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} -RUN make -j $(nproc) && make install - - -############################################################################### -# CURL -# # https://github.com/curl/curl/releases -# # Needs: -# # - zlib -# # - OpenSSL -# # - libssh2 -# # - libnghttp2 -# # Needed by: -# # - php -ENV VERSION_CURL=8.6.0 -ENV CURL_BUILD_DIR=${BUILD_DIR}/curl -RUN set -xe; \ - mkdir -p ${CURL_BUILD_DIR}/bin; \ - curl -Ls https://github.com/curl/curl/archive/curl-${VERSION_CURL//./_}.tar.gz \ - | tar xzC ${CURL_BUILD_DIR} --strip-components=1 -WORKDIR ${CURL_BUILD_DIR}/ -RUN ./buildconf \ - && CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure \ - --prefix=${INSTALL_DIR} \ - --with-ca-bundle=${CA_BUNDLE} \ - --enable-shared \ - --disable-static \ - --enable-optimize \ - --disable-warnings \ - --disable-dependency-tracking \ - --with-zlib \ - --enable-http \ - --enable-ftp \ - --enable-file \ - --enable-proxy \ - --enable-tftp \ - --enable-ipv6 \ - --enable-openssl-auto-load-config \ - --enable-cookies \ - --with-gnu-ld \ - --with-ssl \ - --with-libssh2 \ - --with-nghttp2 -RUN make install - - -############################################################################### -# LIBZIP -# https://github.com/nih-at/libzip/releases -# Needed by: -# - php -ENV VERSION_ZIP=1.10.1 -ENV ZIP_BUILD_DIR=${BUILD_DIR}/zip -RUN set -xe; \ - mkdir -p ${ZIP_BUILD_DIR}/bin/; \ - curl -Ls https://github.com/nih-at/libzip/releases/download/v${VERSION_ZIP}/libzip-${VERSION_ZIP}.tar.gz \ - | tar xzC ${ZIP_BUILD_DIR} --strip-components=1 -WORKDIR ${ZIP_BUILD_DIR}/bin/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - cmake .. \ - -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \ - -DCMAKE_BUILD_TYPE=RELEASE -RUN cmake --build . --target install - - -############################################################################### -# LIBSODIUM -# https://github.com/jedisct1/libsodium/releases -# Needed by: -# - php -ENV VERSION_LIBSODIUM=1.0.19 -ENV LIBSODIUM_BUILD_DIR=${BUILD_DIR}/libsodium -RUN set -xe; \ - mkdir -p ${LIBSODIUM_BUILD_DIR}; \ - curl -Ls https://github.com/jedisct1/libsodium/archive/${VERSION_LIBSODIUM}.tar.gz \ - | tar xzC ${LIBSODIUM_BUILD_DIR} --strip-components=1 -WORKDIR ${LIBSODIUM_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./autogen.sh \ -&& ./configure --prefix=${INSTALL_DIR} -RUN make install - - -############################################################################### -# Postgres -# https://github.com/postgres/postgres/releases -# Needs: -# - OpenSSL -# Needed by: -# - php -ENV VERSION_POSTGRES=16.2 -ENV POSTGRES_BUILD_DIR=${BUILD_DIR}/postgres -RUN set -xe; \ - mkdir -p ${POSTGRES_BUILD_DIR}/bin; \ - curl -Ls https://github.com/postgres/postgres/archive/REL_${VERSION_POSTGRES//./_}.tar.gz \ - | tar xzC ${POSTGRES_BUILD_DIR} --strip-components=1 -WORKDIR ${POSTGRES_BUILD_DIR}/ -RUN CFLAGS="" \ - CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ - LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ - ./configure --prefix=${INSTALL_DIR} --with-openssl --without-icu --without-readline -RUN cd ${POSTGRES_BUILD_DIR}/src/interfaces/libpq && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/bin/pg_config && make && make install -RUN cd ${POSTGRES_BUILD_DIR}/src/backend && make generated-headers -RUN cd ${POSTGRES_BUILD_DIR}/src/include && make install - - -############################################################################### -# Oniguruma -# This library is not packaged in PHP since PHP 7.4. -# See https://github.com/php/php-src/blob/43dc7da8e3719d3e89bd8ec15ebb13f997bbbaa9/UPGRADING#L578-L581 -# We do not install the system version because I didn't manage to make it work... -# Ideally we shouldn't compile it ourselves. -# https://github.com/kkos/oniguruma/releases -# Needed by: -# - php mbstring -ENV VERSION_ONIG=6.9.9 -ENV ONIG_BUILD_DIR=${BUILD_DIR}/oniguruma -RUN set -xe; \ - mkdir -p ${ONIG_BUILD_DIR}; \ - curl -Ls https://github.com/kkos/oniguruma/releases/download/v${VERSION_ONIG}/onig-${VERSION_ONIG}.tar.gz \ - | tar xzC ${ONIG_BUILD_DIR} --strip-components=1 -WORKDIR ${ONIG_BUILD_DIR} -RUN ./configure --prefix=${INSTALL_DIR} -RUN make && make install - - ############################################################################### # Install some dev files for using old libraries already on the system +# libcurl-devel : needed for the curl extension +# zlib-devel : needed for zlib/gz in PHP # readline-devel : needed for the readline extension # gettext-devel : needed for the --with-gettext flag # libicu-devel : needed for intl # libxslt-devel : needed for the XSL extension # sqlite-devel : Since PHP 7.4 this must be installed (https://github.com/php/php-src/blob/99b8e67615159fc600a615e1e97f2d1cf18f14cb/UPGRADING#L616-L619) -RUN LD_LIBRARY_PATH= yum install -y readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel +# libsodium-devel : needed for the sodium extension +RUN LD_LIBRARY_PATH= dnf install -y libcurl-devel zlib-devel readline-devel gettext-devel libicu-devel libxslt-devel sqlite-devel libzip-devel oniguruma-devel libpq-devel openssl-devel libsodium-devel # Note: this variable is used when building extra/custom extensions, do not remove @@ -446,10 +135,10 @@ RUN CFLAGS="-fstack-protector-strong -fpic -fpie -O3 -I${INSTALL_DIR}/include -I --enable-pcntl \ --with-zip \ --enable-bcmath \ - --with-pdo-pgsql=shared,${INSTALL_DIR} \ + --with-pdo-pgsql=shared \ --enable-intl=shared \ --enable-soap \ - --with-xsl=${INSTALL_DIR} \ + --with-xsl \ # necessary for `pecl` to work (to install PHP extensions) --with-pear \ # extra compilation flags @@ -482,7 +171,7 @@ RUN cp ${INSTALL_DIR}/bin/php /bref-layer/bin/php && chmod +x /bref-layer/bin/ph RUN cp $(php -r 'echo ini_get("extension_dir");')/* /bref-layer/bref/extensions/ # Copy all the required system libraries from: -# - /lib | /lib64 (system libraries installed with `yum`) +# - /lib | /lib64 (system libraries installed with `dnf`) # - /opt/bin | /opt/lib | /opt/lib64 (libraries compiled from source) # into `/bref-layer` (the temp directory for the future Lambda layer) COPY --link utils/lib-copy /bref/lib-copy @@ -493,13 +182,13 @@ RUN php /bref/lib-copy/copy-dependencies.php /bref-layer/bref/extensions/opcache RUN php /bref/lib-copy/copy-dependencies.php /bref-layer/bref/extensions/pdo_mysql.so /bref-layer/lib RUN php /bref/lib-copy/copy-dependencies.php /bref-layer/bref/extensions/pdo_pgsql.so /bref-layer/lib -# Copy the OpenSSL certificates file -RUN cp ${CA_BUNDLE} /bref-layer/bref/ssl/cert.pem +# Create a symbolic link to the OpenSSL certificates file for BC purposes +RUN ln -s /etc/ssl/cert.pem /bref-layer/bref/ssl/cert.pem # --------------------------------------------------------------- # Start from a clean image to copy only the files we need -FROM public.ecr.aws/lambda/provided:al2-${IMAGE_VERSION_SUFFIX} as isolation +FROM public.ecr.aws/lambda/provided:al2023-${IMAGE_VERSION_SUFFIX} as isolation # We selected the files in /bref-layer, now we copy them to /opt (the real directory for the Lambda layer) COPY --link --from=build-environment /bref-layer /opt diff --git a/tests/test_2_extensions.php b/tests/test_2_extensions.php index a378cddf..9993ad6e 100644 --- a/tests/test_2_extensions.php +++ b/tests/test_2_extensions.php @@ -86,7 +86,9 @@ // https://github.com/brefphp/aws-lambda-layers/issues/53 'curl-openssl-certificates' => file_exists(openssl_get_cert_locations()['default_cert_file']), // Check its location has not changed (would be a breaking change) - 'curl-openssl-certificates-location' => openssl_get_cert_locations()['default_cert_file'] === '/opt/bref/ssl/cert.pem', + 'curl-openssl-certificates-location' => openssl_get_cert_locations()['default_cert_file'] === '/etc/pki/tls/cert.pem', + // Check the file in previous Bref versions is still here (would be a breaking change) + 'curl-openssl-certificates-backwards-compatibility' => file_exists('/opt/bref/ssl/cert.pem'), // Make sure we are using curl with our compiled libssh 'curl-libssh' => version_compare(str_replace('libssh2/', '', curl_version()['libssh_version']), '1.10.0', '>='), 'json' => function_exists('json_encode'), diff --git a/utils/lib-copy/docker-compose.yml b/utils/lib-copy/docker-compose.yml index caa1c97c..50210fa7 100644 --- a/utils/lib-copy/docker-compose.yml +++ b/utils/lib-copy/docker-compose.yml @@ -4,9 +4,9 @@ services: # List all files from `/lib64` into `libs-x86.txt` update-x86: - image: public.ecr.aws/lambda/provided:al2-x86_64 + image: public.ecr.aws/lambda/provided:al2023-x86_64 entrypoint: /bin/sh - command: [ "-c", "find /lib64/ -maxdepth 1 -not -type d -printf '%f\n' | sort > /libs-x86.txt" ] + command: [ "-c", "dnf install -y findutils && find /lib64/ -maxdepth 1 -not -type d -printf '%f\n' | sort > /libs-x86.txt" ] # Alternative approach from https://gist.github.com/vladgolubev/439559fc7597a4fb51eaa9e97b72f319 # but it seems to list less files, so I'm not sure we should use that alternative # command: [ "-c", "/sbin/ldconfig -p | awk '{print $$1}' | sort > /al2-x64.txt" ] @@ -15,8 +15,8 @@ services: # List all files from `/lib64` into `libs-arm.txt` update-arm: - image: public.ecr.aws/lambda/provided:al2-arm64 + image: public.ecr.aws/lambda/provided:al2023-arm64 entrypoint: /bin/sh - command: [ "-c", "find /lib64/ -maxdepth 1 -not -type d -printf '%f\n' | sort > /libs-arm.txt" ] + command: [ "-c", "dnf install -y findutils && find /lib64/ -maxdepth 1 -not -type d -printf '%f\n' | sort > /libs-arm.txt" ] volumes: - ./libs-arm.txt:/libs-arm.txt diff --git a/utils/lib-copy/libs-arm.txt b/utils/lib-copy/libs-arm.txt index 6bc3cbd8..d669ac03 100644 --- a/utils/lib-copy/libs-arm.txt +++ b/utils/lib-copy/libs-arm.txt @@ -1,248 +1,185 @@ -ld-2.26.so -ld-linux-aarch64.so.1 +.libgmp.so.10.4.1.hmac +.libgmp.so.10.hmac +libBrokenLocale.so.1 +libSegFault.so libacl.so.1 -libacl.so.1.1.0 -libanl-2.26.so +libacl.so.1.1.2301 libanl.so.1 +libarchive.so.13 +libarchive.so.13.5.3 libassuan.so.0 -libassuan.so.0.4.0 +libassuan.so.0.8.5 libattr.so.1 -libattr.so.1.1.0 +libattr.so.1.1.2501 +libaudit.so.1 +libaudit.so.1.0.0 +libauparse.so.0 +libauparse.so.0.0.0 libblkid.so.1 libblkid.so.1.1.0 -libBrokenLocale-2.26.so -libBrokenLocale.so.1 libbz2.so.1 -libbz2.so.1.0.6 -libc-2.26.so +libbz2.so.1.0.8 +libc.so.6 +libc_malloc_debug.so.0 +libcap-ng.so.0 +libcap-ng.so.0.0.0 libcap.so.2 -libcap.so.2.54 -libcidn-2.26.so -libcidn.so.1 +libcap.so.2.48 libcom_err.so.2 libcom_err.so.2.1 -libcrypt-2.26.so -libcrypto.so.10 -libcrypto.so.1.0.2k -.libcrypto.so.1.0.2k.hmac -.libcrypto.so.10.hmac -libcrypt.so.1 -libc.so.6 +libcrypto.so.3 +libcrypto.so.3.0.8 libcurl.so.4 -libcurl.so.4.7.0 -libdb-5.3.so -libdb-5.so -libdl-2.26.so +libcurl.so.4.8.0 libdl.so.2 -libelf-0.176.so -libelf.so.1 -libexpat.so.1 -libexpat.so.1.6.0 -libffi.so.6 -libffi.so.6.0.1 -libfontconfig.so.1 -libfontconfig.so.1.11.1 +libdnf.so.2 +libdrop_ambient.so.0 +libdrop_ambient.so.0.0.0 +libffi.so.8 +libffi.so.8.1.2 libform.so.6 -libform.so.6.0 +libform.so.6.2 libformw.so.6 -libformw.so.6.0 -libfreebl3.chk -libfreebl3.so -libfreeblpriv3.chk -libfreeblpriv3.so -libfreetype.so.6 -libfreetype.so.6.14.0 -libgcc_s-7-20180712.so.1 +libformw.so.6.2 +libgcc_s-11-20230605.so.1 libgcc_s.so.1 -libgcrypt.so.11 -libgcrypt.so.11.8.2 -.libgcrypt.so.11.hmac -libgdbm_compat.so.4 -libgdbm_compat.so.4.0.0 -libgdbm.so.4 -libgdbm.so.4.0.0 +libgcrypt.so.20 +libgcrypt.so.20.4.2 libgio-2.0.so.0 -libgio-2.0.so.0.5600.1 +libgio-2.0.so.0.7400.7 +libgirepository-1.0.so.1 +libgirepository-1.0.so.1.0.0 libglib-2.0.so.0 -libglib-2.0.so.0.5600.1 +libglib-2.0.so.0.7400.7 libgmodule-2.0.so.0 -libgmodule-2.0.so.0.5600.1 +libgmodule-2.0.so.0.7400.7 libgmp.so.10 -libgmp.so.10.2.0 -libgmpxx.so.4 -libgmpxx.so.4.4.0 +libgmp.so.10.4.1 libgobject-2.0.so.0 -libgobject-2.0.so.0.5600.1 +libgobject-2.0.so.0.7400.7 libgpg-error.so.0 -libgpg-error.so.0.10.0 -libgpgme-pthread.so.11 -libgpgme-pthread.so.11.8.1 +libgpg-error.so.0.32.0 libgpgme.so.11 -libgpgme.so.11.8.1 +libgpgme.so.11.24.1 libgssapi_krb5.so.2 libgssapi_krb5.so.2.2 libgssrpc.so.4 libgssrpc.so.4.2 libgthread-2.0.so.0 -libgthread-2.0.so.0.5600.1 -libhistory.so.6 -libhistory.so.6.2 -libicudata.so.50 -libicudata.so.50.2 -libicui18n.so.50 -libicui18n.so.50.2 -libicuio.so.50 -libicuio.so.50.2 -libicule.so.50 -libicule.so.50.2 -libiculx.so.50 -libiculx.so.50.2 -libicutest.so.50 -libicutest.so.50.2 -libicutu.so.50 -libicutu.so.50.2 -libicuuc.so.50 -libicuuc.so.50.2 +libgthread-2.0.so.0.7400.7 +libhistory.so.8 +libhistory.so.8.1 libidn2.so.0 libidn2.so.0.3.7 +libjson-c.so.5 +libjson-c.so.5.0.0 libk5crypto.so.3 libk5crypto.so.3.1 -libkdb5.so.8 -libkdb5.so.8.0 +libkdb5.so.10 +libkdb5.so.10.0 libkeyutils.so.1 -libkeyutils.so.1.5 +libkeyutils.so.1.10 libkrad.so.0 libkrad.so.0.0 libkrb5.so.3 libkrb5.so.3.3 libkrb5support.so.0 libkrb5support.so.0.1 -liblber-2.4.so.2 -liblber-2.4.so.2.10.7 -libldap-2.4.so.2 -libldap-2.4.so.2.10.7 -libldap_r-2.4.so.2 -libldap_r-2.4.so.2.10.7 -liblua-5.1.so +liblua-5.3.so +liblua-5.4.so +liblz4.so.1 +liblz4.so.1.9.4 liblzma.so.5 -liblzma.so.5.2.2 -libm-2.26.so +liblzma.so.5.2.5 +libm.so.6 libmagic.so.1 libmagic.so.1.0.0 libmemusage.so libmenu.so.6 -libmenu.so.6.0 +libmenu.so.6.2 libmenuw.so.6 -libmenuw.so.6.0 +libmenuw.so.6.2 +libmodulemd.so.2 +libmodulemd.so.2.13.0 libmount.so.1 libmount.so.1.1.0 -libm.so.6 +libmpfr.so.6 +libmpfr.so.6.1.0 libncurses.so.6 -libncurses.so.6.0 +libncurses.so.6.2 libncursesw.so.6 -libncursesw.so.6.0 +libncursesw.so.6.2 libnghttp2.so.14 -libnghttp2.so.14.20.0 -libnsl-2.26.so -libnsl.so.1 -libnspr4.so -libnss3.so -libnssckbi.so -libnss_compat-2.26.so +libnghttp2.so.14.25.0 +libnpth.so.0 +libnpth.so.0.1.2 libnss_compat.so.2 -libnssdbm3.chk -libnssdbm3.so -libnss_dns-2.26.so libnss_dns.so.2 -libnss_files-2.26.so libnss_files.so.2 -libnsspem.so -libnsssysinit.so -libnssutil3.so +libnssckbi.so libp11-kit.so.0 libp11-kit.so.0.3.0 libpanel.so.6 -libpanel.so.6.0 +libpanel.so.6.2 libpanelw.so.6 -libpanelw.so.6.0 +libpanelw.so.6.2 libpcprofile.so -libpcre16.so.0 -libpcre16.so.0.2.0 -libpcre32.so.0 -libpcre32.so.0.0.0 -libpcrecpp.so.0 -libpcrecpp.so.0.0.0 -libpcreposix.so.0 -libpcreposix.so.0.0.1 -libpcre.so.1 -libpcre.so.1.2.0 -libplc4.so -libplds4.so -libpng15.so.15 -libpng15.so.15.13.0 +libpcre2-8.so.0 +libpcre2-8.so.0.11.0 +libpcre2-posix.so.3 +libpcre2-posix.so.3.0.2 +libpeas-1.0.so.0 +libpeas-1.0.so.0.3200.0 libpopt.so.0 -libpopt.so.0.0.0 +libpopt.so.0.0.1 +libpsl.so.5 +libpsl.so.5.3.3 libpsx.so.2 -libpsx.so.2.54 -libpthread-2.26.so +libpsx.so.2.48 libpthread.so.0 -libpth.so.20 -libpth.so.20.0.27 -libpython2.7.so.1.0 -libreadline.so.6 -libreadline.so.6.2 -libresolv-2.26.so +libreadline.so.8 +libreadline.so.8.1 +librepo.so.0 libresolv.so.2 -librpmbuild.so.3 -librpmbuild.so.3.2.2 -librpmio.so.3 -librpmio.so.3.2.2 -librpmsign.so.1 -librpmsign.so.1.2.2 -librpm.so.3 -librpm.so.3.2.2 -librt-2.26.so +librpm.so.9 +librpm.so.9.1.3 +librpmio.so.9 +librpmio.so.9.1.3 librt.so.1 -libsasl2.so.3 -libsasl2.so.3.0.0 -libSegFault.so libselinux.so.1 -libsepol.so.1 -libslapi-2.4.so.2 -libslapi-2.4.so.2.10.7 -libsmime3.so -libsoftokn3.chk -libsoftokn3.so +libsepol.so.2 +libsigsegv.so.2 +libsigsegv.so.2.0.6 +libsmartcols.so.1 +libsmartcols.so.1.1.0 +libsolv.so.1 +libsolvext.so.1 libsqlite3.so.0 libsqlite3.so.0.8.6 -libssh2.so.1 -libssh2.so.1.0.1 -libssl3.so -libssl.so.10 -libssl.so.1.0.2k -.libssl.so.1.0.2k.hmac -.libssl.so.10.hmac +libssl.so.3 +libssl.so.3.0.8 libstdc++.so.6 -libstdc++.so.6.0.24 +libstdc++.so.6.0.29 libtasn1.so.6 -libtasn1.so.6.5.3 -libthread_db-1.0.so +libtasn1.so.6.6.3 libthread_db.so.1 libtic.so.6 -libtic.so.6.0 +libtic.so.6.2 libtinfo.so.6 -libtinfo.so.6.0 -libunistring.so.0 -libunistring.so.0.1.2 -libutil-2.26.so +libtinfo.so.6.2 +libunistring.so.2 +libunistring.so.2.1.0 libutil.so.1 libuuid.so.1 libuuid.so.1.3.0 libverto.so.1 libverto.so.1.0.0 libxml2.so.2 -libxml2.so.2.9.1 +libxml2.so.2.10.4 +libyaml-0.so.2 +libyaml-0.so.2.0.9 libz.so.1 -libz.so.1.2.7 +libz.so.1.2.11 +libzstd.so.1 +libzstd.so.1.5.5 p11-kit-proxy.so -p11-kit-trust.so diff --git a/utils/lib-copy/libs-x86.txt b/utils/lib-copy/libs-x86.txt index a4cf64eb..e1165b43 100644 --- a/utils/lib-copy/libs-x86.txt +++ b/utils/lib-copy/libs-x86.txt @@ -1,250 +1,187 @@ -ld-2.26.so +.libgmp.so.10.4.1.hmac +.libgmp.so.10.hmac ld-linux-x86-64.so.2 +libBrokenLocale.so.1 +libSegFault.so libacl.so.1 -libacl.so.1.1.0 -libanl-2.26.so +libacl.so.1.1.2301 libanl.so.1 +libarchive.so.13 +libarchive.so.13.5.3 libassuan.so.0 -libassuan.so.0.4.0 +libassuan.so.0.8.5 libattr.so.1 -libattr.so.1.1.0 +libattr.so.1.1.2501 +libaudit.so.1 +libaudit.so.1.0.0 +libauparse.so.0 +libauparse.so.0.0.0 libblkid.so.1 libblkid.so.1.1.0 -libBrokenLocale-2.26.so -libBrokenLocale.so.1 libbz2.so.1 -libbz2.so.1.0.6 -libc-2.26.so +libbz2.so.1.0.8 +libc.so.6 +libc_malloc_debug.so.0 +libcap-ng.so.0 +libcap-ng.so.0.0.0 libcap.so.2 -libcap.so.2.54 -libcidn-2.26.so -libcidn.so.1 +libcap.so.2.48 libcom_err.so.2 libcom_err.so.2.1 -libcrypt-2.26.so -libcrypto.so.10 -libcrypto.so.1.0.2k -.libcrypto.so.1.0.2k.hmac -.libcrypto.so.10.hmac -libcrypt.so.1 -libc.so.6 +libcrypto.so.3 +libcrypto.so.3.0.8 libcurl.so.4 -libcurl.so.4.7.0 -libdb-5.3.so -libdb-5.so -libdl-2.26.so +libcurl.so.4.8.0 libdl.so.2 -libelf-0.176.so -libelf.so.1 -libexpat.so.1 -libexpat.so.1.6.0 -libffi.so.6 -libffi.so.6.0.1 -libfontconfig.so.1 -libfontconfig.so.1.11.1 +libdnf.so.2 +libdrop_ambient.so.0 +libdrop_ambient.so.0.0.0 +libffi.so.8 +libffi.so.8.1.2 libform.so.6 -libform.so.6.0 +libform.so.6.2 libformw.so.6 -libformw.so.6.0 -libfreebl3.chk -libfreebl3.so -libfreeblpriv3.chk -libfreeblpriv3.so -libfreetype.so.6 -libfreetype.so.6.14.0 -libgcc_s-7-20180712.so.1 +libformw.so.6.2 +libgcc_s-11-20230605.so.1 libgcc_s.so.1 -libgcrypt.so.11 -libgcrypt.so.11.8.2 -.libgcrypt.so.11.hmac -libgdbm_compat.so.4 -libgdbm_compat.so.4.0.0 -libgdbm.so.4 -libgdbm.so.4.0.0 +libgcrypt.so.20 +libgcrypt.so.20.4.2 libgio-2.0.so.0 -libgio-2.0.so.0.5600.1 +libgio-2.0.so.0.7400.7 +libgirepository-1.0.so.1 +libgirepository-1.0.so.1.0.0 libglib-2.0.so.0 -libglib-2.0.so.0.5600.1 +libglib-2.0.so.0.7400.7 libgmodule-2.0.so.0 -libgmodule-2.0.so.0.5600.1 +libgmodule-2.0.so.0.7400.7 libgmp.so.10 -libgmp.so.10.2.0 -libgmpxx.so.4 -libgmpxx.so.4.4.0 +libgmp.so.10.4.1 libgobject-2.0.so.0 -libgobject-2.0.so.0.5600.1 +libgobject-2.0.so.0.7400.7 libgpg-error.so.0 -libgpg-error.so.0.10.0 -libgpgme-pthread.so.11 -libgpgme-pthread.so.11.8.1 +libgpg-error.so.0.32.0 libgpgme.so.11 -libgpgme.so.11.8.1 +libgpgme.so.11.24.1 libgssapi_krb5.so.2 libgssapi_krb5.so.2.2 libgssrpc.so.4 libgssrpc.so.4.2 libgthread-2.0.so.0 -libgthread-2.0.so.0.5600.1 -libhistory.so.6 -libhistory.so.6.2 -libicudata.so.50 -libicudata.so.50.2 -libicui18n.so.50 -libicui18n.so.50.2 -libicuio.so.50 -libicuio.so.50.2 -libicule.so.50 -libicule.so.50.2 -libiculx.so.50 -libiculx.so.50.2 -libicutest.so.50 -libicutest.so.50.2 -libicutu.so.50 -libicutu.so.50.2 -libicuuc.so.50 -libicuuc.so.50.2 +libgthread-2.0.so.0.7400.7 +libhistory.so.8 +libhistory.so.8.1 libidn2.so.0 libidn2.so.0.3.7 +libjson-c.so.5 +libjson-c.so.5.0.0 libk5crypto.so.3 libk5crypto.so.3.1 -libkdb5.so.8 -libkdb5.so.8.0 +libkdb5.so.10 +libkdb5.so.10.0 libkeyutils.so.1 -libkeyutils.so.1.5 +libkeyutils.so.1.10 libkrad.so.0 libkrad.so.0.0 libkrb5.so.3 libkrb5.so.3.3 libkrb5support.so.0 libkrb5support.so.0.1 -liblber-2.4.so.2 -liblber-2.4.so.2.10.7 -libldap-2.4.so.2 -libldap-2.4.so.2.10.7 -libldap_r-2.4.so.2 -libldap_r-2.4.so.2.10.7 -liblua-5.1.so +liblua-5.3.so +liblua-5.4.so +liblz4.so.1 +liblz4.so.1.9.4 liblzma.so.5 -liblzma.so.5.2.2 -libm-2.26.so +liblzma.so.5.2.5 +libm.so.6 libmagic.so.1 libmagic.so.1.0.0 libmemusage.so libmenu.so.6 -libmenu.so.6.0 +libmenu.so.6.2 libmenuw.so.6 -libmenuw.so.6.0 +libmenuw.so.6.2 +libmodulemd.so.2 +libmodulemd.so.2.13.0 libmount.so.1 libmount.so.1.1.0 -libm.so.6 -libmvec-2.26.so +libmpfr.so.6 +libmpfr.so.6.1.0 libmvec.so.1 libncurses.so.6 -libncurses.so.6.0 +libncurses.so.6.2 libncursesw.so.6 -libncursesw.so.6.0 +libncursesw.so.6.2 libnghttp2.so.14 -libnghttp2.so.14.20.0 -libnsl-2.26.so -libnsl.so.1 -libnspr4.so -libnss3.so -libnssckbi.so -libnss_compat-2.26.so +libnghttp2.so.14.25.0 +libnpth.so.0 +libnpth.so.0.1.2 libnss_compat.so.2 -libnssdbm3.chk -libnssdbm3.so -libnss_dns-2.26.so libnss_dns.so.2 -libnss_files-2.26.so libnss_files.so.2 -libnsspem.so -libnsssysinit.so -libnssutil3.so +libnssckbi.so libp11-kit.so.0 libp11-kit.so.0.3.0 libpanel.so.6 -libpanel.so.6.0 +libpanel.so.6.2 libpanelw.so.6 -libpanelw.so.6.0 +libpanelw.so.6.2 libpcprofile.so -libpcre16.so.0 -libpcre16.so.0.2.0 -libpcre32.so.0 -libpcre32.so.0.0.0 -libpcrecpp.so.0 -libpcrecpp.so.0.0.0 -libpcreposix.so.0 -libpcreposix.so.0.0.1 -libpcre.so.1 -libpcre.so.1.2.0 -libplc4.so -libplds4.so -libpng15.so.15 -libpng15.so.15.13.0 +libpcre2-8.so.0 +libpcre2-8.so.0.11.0 +libpcre2-posix.so.3 +libpcre2-posix.so.3.0.2 +libpeas-1.0.so.0 +libpeas-1.0.so.0.3200.0 libpopt.so.0 -libpopt.so.0.0.0 +libpopt.so.0.0.1 +libpsl.so.5 +libpsl.so.5.3.3 libpsx.so.2 -libpsx.so.2.54 -libpthread-2.26.so +libpsx.so.2.48 libpthread.so.0 -libpth.so.20 -libpth.so.20.0.27 -libpython2.7.so.1.0 -libreadline.so.6 -libreadline.so.6.2 -libresolv-2.26.so +libreadline.so.8 +libreadline.so.8.1 +librepo.so.0 libresolv.so.2 -librpmbuild.so.3 -librpmbuild.so.3.2.2 -librpmio.so.3 -librpmio.so.3.2.2 -librpmsign.so.1 -librpmsign.so.1.2.2 -librpm.so.3 -librpm.so.3.2.2 -librt-2.26.so +librpm.so.9 +librpm.so.9.1.3 +librpmio.so.9 +librpmio.so.9.1.3 librt.so.1 -libsasl2.so.3 -libsasl2.so.3.0.0 -libSegFault.so libselinux.so.1 -libsepol.so.1 -libslapi-2.4.so.2 -libslapi-2.4.so.2.10.7 -libsmime3.so -libsoftokn3.chk -libsoftokn3.so +libsepol.so.2 +libsigsegv.so.2 +libsigsegv.so.2.0.6 +libsmartcols.so.1 +libsmartcols.so.1.1.0 +libsolv.so.1 +libsolvext.so.1 libsqlite3.so.0 libsqlite3.so.0.8.6 -libssh2.so.1 -libssh2.so.1.0.1 -libssl3.so -libssl.so.10 -libssl.so.1.0.2k -.libssl.so.1.0.2k.hmac -.libssl.so.10.hmac +libssl.so.3 +libssl.so.3.0.8 libstdc++.so.6 -libstdc++.so.6.0.24 +libstdc++.so.6.0.29 libtasn1.so.6 -libtasn1.so.6.5.3 -libthread_db-1.0.so +libtasn1.so.6.6.3 libthread_db.so.1 libtic.so.6 -libtic.so.6.0 +libtic.so.6.2 libtinfo.so.6 -libtinfo.so.6.0 -libunistring.so.0 -libunistring.so.0.1.2 -libutil-2.26.so +libtinfo.so.6.2 +libunistring.so.2 +libunistring.so.2.1.0 libutil.so.1 libuuid.so.1 libuuid.so.1.3.0 libverto.so.1 libverto.so.1.0.0 libxml2.so.2 -libxml2.so.2.9.1 +libxml2.so.2.10.4 +libyaml-0.so.2 +libyaml-0.so.2.0.9 libz.so.1 -libz.so.1.2.7 +libz.so.1.2.11 +libzstd.so.1 +libzstd.so.1.5.5 p11-kit-proxy.so -p11-kit-trust.so From ac68d32b2ad457a190011cd26cb005a63cd88d7d Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 23 Oct 2024 19:22:29 +0200 Subject: [PATCH 2/4] Update with main (only PHP 8.3) --- layers/bootstrap.php | 12 ++++++++---- layers/fpm-dev/Dockerfile | 3 +++ php-83/Dockerfile | 2 +- tests/test_2_extensions.php | 10 ++++++++++ utils/lib-copy/copy-dependencies.php | 8 +++++++- 5 files changed, 29 insertions(+), 6 deletions(-) diff --git a/layers/bootstrap.php b/layers/bootstrap.php index 505c3171..383fc187 100644 --- a/layers/bootstrap.php +++ b/layers/bootstrap.php @@ -2,11 +2,15 @@ $appRoot = getenv('LAMBDA_TASK_ROOT'); -if (getenv('BREF_AUTOLOAD_PATH')) { - require getenv('BREF_AUTOLOAD_PATH'); -} elseif (file_exists($appRoot . '/vendor/autoload.php')) { - require $appRoot . '/vendor/autoload.php'; +$autoloadPath = $_SERVER['BREF_AUTOLOAD_PATH'] ?? null; +if (! $autoloadPath) { + $autoloadPath = $appRoot . '/vendor/autoload.php'; } +if (! file_exists($autoloadPath)) { + throw new RuntimeException('Could not find the Composer vendor directory. Did you run "composer require bref/bref"? Read https://bref.sh/docs/environment/php#custom-vendor-path if your Composer vendor directory is in a custom path.'); +} + +require $autoloadPath; $runtimeClass = getenv('RUNTIME_CLASS'); diff --git a/layers/fpm-dev/Dockerfile b/layers/fpm-dev/Dockerfile index b583f562..d8d223d6 100644 --- a/layers/fpm-dev/Dockerfile +++ b/layers/fpm-dev/Dockerfile @@ -36,6 +36,9 @@ EXPOSE 8000 # Add `php/conf.dev.d` to the path where PHP looks for configuration files ENV PHP_INI_SCAN_DIR="/opt/bref/etc/php/conf.d:/var/task/php/conf.d:/var/task/php/conf.dev.d" +# Add composer +COPY --link --from=composer/composer:2-bin /composer /usr/bin/composer + # Originally the entrypoint is `/lambda-entrypoint.sh` and CMD contains the handler name # We override the entrypoint to run our own logic ENTRYPOINT [ "/bref-entrypoint.sh" ] diff --git a/php-83/Dockerfile b/php-83/Dockerfile index 872de7d7..1ebd3959 100644 --- a/php-83/Dockerfile +++ b/php-83/Dockerfile @@ -4,7 +4,7 @@ ARG IMAGE_VERSION_SUFFIX # https://www.php.net/downloads -ARG VERSION_PHP=8.3.6 +ARG VERSION_PHP=8.3.12 # Lambda uses a custom AMI named Amazon Linux 2 diff --git a/tests/test_2_extensions.php b/tests/test_2_extensions.php index 9993ad6e..e94289b5 100644 --- a/tests/test_2_extensions.php +++ b/tests/test_2_extensions.php @@ -91,6 +91,16 @@ 'curl-openssl-certificates-backwards-compatibility' => file_exists('/opt/bref/ssl/cert.pem'), // Make sure we are using curl with our compiled libssh 'curl-libssh' => version_compare(str_replace('libssh2/', '', curl_version()['libssh_version']), '1.10.0', '>='), + 'openssl' => (function() { + $private_key = openssl_pkey_new(['private_key_bits' => 2048]); + if ($private_key === false) { + return false; + } + + $public_key_pem = openssl_pkey_get_details($private_key)['key']; + $details = openssl_pkey_get_details(openssl_pkey_get_public($public_key_pem)); + return $details['bits'] === 2048; + })(), 'json' => function_exists('json_encode'), 'bcmath' => function_exists('bcadd'), 'ctype' => function_exists('ctype_digit'), diff --git a/utils/lib-copy/copy-dependencies.php b/utils/lib-copy/copy-dependencies.php index 7094571e..8bfb92c6 100644 --- a/utils/lib-copy/copy-dependencies.php +++ b/utils/lib-copy/copy-dependencies.php @@ -36,7 +36,13 @@ $librariesThatExistOnLambda = array_map('trim', $librariesThatExistOnLambda); // For some reason some libraries are actually not in Lambda, despite being in the docker image 🤷 $librariesThatExistOnLambda = array_filter($librariesThatExistOnLambda, function ($library) { - return ! str_contains($library, 'libgcrypt.so') && ! str_contains($library, 'libgpg-error.so'); + return ! str_contains($library, 'libgcrypt.so') + && ! str_contains($library, 'libassuan.so') + && ! str_contains($library, 'libgobject-2.0.so') + && ! str_contains($library, 'libgpg-error.so') + && ! str_contains($library, 'libgpgme-pthread.so') + && ! str_contains($library, 'libgpgme.so') + ; }); $requiredLibraries = listDependencies($pathToCheck); From e98941ed2f883344903244f75cd4b0a2d13b083e Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 23 Oct 2024 19:33:43 +0200 Subject: [PATCH 3/4] Update comment --- php-83/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php-83/Dockerfile b/php-83/Dockerfile index 1ebd3959..95c642fb 100644 --- a/php-83/Dockerfile +++ b/php-83/Dockerfile @@ -7,7 +7,7 @@ ARG IMAGE_VERSION_SUFFIX ARG VERSION_PHP=8.3.12 -# Lambda uses a custom AMI named Amazon Linux 2 +# Lambda uses a custom AMI named Amazon Linux 2023 # https://docs.aws.amazon.com/lambda/latest/dg/current-supported-versions.html # AWS provides a Docker image that we use here: # https://github.com/amazonlinux/container-images/tree/amzn2 From 0cafc917cb6581a57aea68eacbae63866165ea16 Mon Sep 17 00:00:00 2001 From: Matthieu Napoli Date: Wed, 23 Oct 2024 21:52:17 +0200 Subject: [PATCH 4/4] Remove support for libssh2 in curl --- tests/test_2_extensions.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/test_2_extensions.php b/tests/test_2_extensions.php index e94289b5..b12b6350 100644 --- a/tests/test_2_extensions.php +++ b/tests/test_2_extensions.php @@ -89,8 +89,6 @@ 'curl-openssl-certificates-location' => openssl_get_cert_locations()['default_cert_file'] === '/etc/pki/tls/cert.pem', // Check the file in previous Bref versions is still here (would be a breaking change) 'curl-openssl-certificates-backwards-compatibility' => file_exists('/opt/bref/ssl/cert.pem'), - // Make sure we are using curl with our compiled libssh - 'curl-libssh' => version_compare(str_replace('libssh2/', '', curl_version()['libssh_version']), '1.10.0', '>='), 'openssl' => (function() { $private_key = openssl_pkey_new(['private_key_bits' => 2048]); if ($private_key === false) {