nixpkgs/pkgs/top-level/php-packages.nix

711 lines
22 KiB
Nix
Raw Normal View History

{ stdenv
, config
, callPackages
, lib
, pkgs
, phpPackage
, autoconf
, pkg-config
, aspell
, bzip2
, curl
, cyrus_sasl
, enchant2
, freetds
, gd
, gettext
, gmp
, html-tidy
, icu64
, libffi
, libiconv
, libkrb5
, libsodium
, libxml2
, libxslt
, libzip
, net-snmp
, nix-update-script
, oniguruma
, openldap
, openssl_1_1
, openssl
, overrideSDK
, pam
, pcre2
, postgresql
, bison
, re2c
, readline
, rsync
, sqlite
, unixODBC
, uwimap
, valgrind
, zlib
, fetchpatch
}:
2014-03-24 12:37:36 +00:00
lib.makeScope pkgs.newScope (self: with self; {
buildPecl = callPackage ../build-support/php/build-pecl.nix {
php = php.unwrapped;
};
2014-03-24 12:37:36 +00:00
composerHooks = callPackages ../build-support/php/hooks { };
mkComposerRepository = callPackage ../build-support/php/build-composer-repository.nix { };
buildComposerProject = callPackage ../build-support/php/build-composer-project.nix { };
# Wrap mkDerivation to prepend pname with "php-" to make names consistent
# with how buildPecl does it and make the file easier to overview.
mkDerivation = origArgs:
let
args = lib.fix (lib.extends
(_: previousAttrs: {
pname = "php-${previousAttrs.pname}";
passthru = (previousAttrs.passthru or { }) // {
updateScript = nix-update-script { };
};
meta = (previousAttrs.meta or { }) // {
mainProgram = previousAttrs.meta.mainProgram or previousAttrs.pname;
};
})
(if lib.isFunction origArgs then origArgs else (_: origArgs))
);
in
pkgs.stdenv.mkDerivation args;
2021-06-28 15:43:53 +00:00
# Function to build an extension which is shipped as part of the php
# source, based on the php version.
#
# Name passed is the name of the extension and is automatically used
2022-12-18 00:39:44 +00:00
# to add the configureFlag "--enable-${name}", which can be overridden.
2021-06-28 15:43:53 +00:00
#
# Build inputs is used for extra deps that may be needed. And zendExtension
# will mark the extension as a zend extension or not.
mkExtension = lib.makeOverridable
({ name
, configureFlags ? [ "--enable-${extName}" ]
, internalDeps ? [ ]
, postPhpize ? ""
, buildInputs ? [ ]
, zendExtension ? false
, doCheck ? true
, extName ? name
, ...
}@args: stdenv.mkDerivation ((builtins.removeAttrs args [ "name" ]) // {
2021-06-28 15:43:53 +00:00
pname = "php-${name}";
nixos/nextcloud: fixup openssl compat change Upon testing the change itself I realized that it doesn't build properly because * the `pname` of a php extension is `php-<name>`, not `<name>`. * calling the extension `openssl-legacy` resulted in PHP trying to compile `ext/openssl-legacy` which broke since it doesn't exist: source root is php-8.1.12 setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c patching sources cdToExtensionRootPhase /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory I didn't encounter that one before because I was mostly interested in having a sane behavior for everyone not using this "feature" and the documentation around this. My findings about the behavior with turning openssl1.1 on/off are still valid because I tested this on `master` with manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`. To work around the issue I had to slightly modify the extension build-system for PHP: * The attribute `extensionName` is now relevant to determine the output paths (e.g. `lib/openssl.so`). This is not a behavioral change for existing extensions because then `extensionName==name`. However when specifying `extName` in `php-packages.nix` this value is overridden and it is made sure that the extension called `extName` NOT `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed. The `name` still has to be kept to keep the legacy openssl available as `php.extensions.openssl-legacy`. Additionally I implemented a small VM test to check the behavior with server-side encryption: * For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix` it's checked that OpenSSL 3 is used). With that the "default" behavior of the module is checked. * It is ensured that the PHP interpreter for Nextcloud's php-fpm actually loads the correct openssl extension. * It is tested that (encrypted) files remain usable when (temporarily) installing OpenSSL3 (of course then they're not decryptable, but on a rollback that should still be possible). Finally, a few more documentation changes: * I also mentioned the issue in `nextcloud.xml` to make sure the issue is at least mentioned in the manual section about Nextcloud. Not too much detail here, but the relevant option `enableBrokenCiphersForSSE` is referenced. * I fixed a few minor wording issues to also give the full context (we're talking about Nextcloud; we're talking about the PHP extension **only**; please check if you really need this even though it's enabled by default). This is because I felt that sometimes it might be hard to understand what's going on when e.g. an eval-warning appears without telling where exactly it comes from.
2022-11-10 11:05:24 +00:00
extensionName = extName;
2021-06-28 15:43:53 +00:00
2022-04-30 00:24:55 +00:00
outputs = [ "out" "dev" ];
2021-06-28 15:43:53 +00:00
inherit (php.unwrapped) version src;
enableParallelBuilding = true;
2022-04-30 00:24:55 +00:00
nativeBuildInputs = [
php.unwrapped
autoconf
pkg-config
re2c
bison
2022-04-30 00:24:55 +00:00
];
inherit configureFlags internalDeps buildInputs zendExtension doCheck;
2021-06-28 15:43:53 +00:00
preConfigurePhases = [
"genfiles"
"cdToExtensionRootPhase"
];
genfiles = ''
if [ -f "scripts/dev/genfiles" ]; then
./scripts/dev/genfiles
fi
'';
cdToExtensionRootPhase = ''
# Go to extension source root.
nixos/nextcloud: fixup openssl compat change Upon testing the change itself I realized that it doesn't build properly because * the `pname` of a php extension is `php-<name>`, not `<name>`. * calling the extension `openssl-legacy` resulted in PHP trying to compile `ext/openssl-legacy` which broke since it doesn't exist: source root is php-8.1.12 setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c patching sources cdToExtensionRootPhase /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory I didn't encounter that one before because I was mostly interested in having a sane behavior for everyone not using this "feature" and the documentation around this. My findings about the behavior with turning openssl1.1 on/off are still valid because I tested this on `master` with manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`. To work around the issue I had to slightly modify the extension build-system for PHP: * The attribute `extensionName` is now relevant to determine the output paths (e.g. `lib/openssl.so`). This is not a behavioral change for existing extensions because then `extensionName==name`. However when specifying `extName` in `php-packages.nix` this value is overridden and it is made sure that the extension called `extName` NOT `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed. The `name` still has to be kept to keep the legacy openssl available as `php.extensions.openssl-legacy`. Additionally I implemented a small VM test to check the behavior with server-side encryption: * For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix` it's checked that OpenSSL 3 is used). With that the "default" behavior of the module is checked. * It is ensured that the PHP interpreter for Nextcloud's php-fpm actually loads the correct openssl extension. * It is tested that (encrypted) files remain usable when (temporarily) installing OpenSSL3 (of course then they're not decryptable, but on a rollback that should still be possible). Finally, a few more documentation changes: * I also mentioned the issue in `nextcloud.xml` to make sure the issue is at least mentioned in the manual section about Nextcloud. Not too much detail here, but the relevant option `enableBrokenCiphersForSSE` is referenced. * I fixed a few minor wording issues to also give the full context (we're talking about Nextcloud; we're talking about the PHP extension **only**; please check if you really need this even though it's enabled by default). This is because I felt that sometimes it might be hard to understand what's going on when e.g. an eval-warning appears without telling where exactly it comes from.
2022-11-10 11:05:24 +00:00
cd "ext/${extName}"
'';
2021-06-28 15:43:53 +00:00
preConfigure = ''
nullglobRestore=$(shopt -p nullglob)
shopt -u nullglob # To make ?-globbing work
# Some extensions have a config0.m4 or config9.m4
if [ -f config?.m4 ]; then
mv config?.m4 config.m4
fi
$nullglobRestore
2022-04-30 00:24:55 +00:00
2021-06-28 15:43:53 +00:00
phpize
${postPhpize}
2022-04-30 00:24:55 +00:00
${lib.concatMapStringsSep
"\n"
2021-06-28 15:43:53 +00:00
(dep: "mkdir -p ext; ln -s ${dep.dev}/include ext/${dep.extensionName}")
2022-04-30 00:24:55 +00:00
internalDeps
}
2021-06-28 15:43:53 +00:00
'';
2022-04-30 00:24:55 +00:00
checkPhase = ''
runHook preCheck
2022-04-30 00:24:55 +00:00
NO_INTERACTION=yes SKIP_PERF_SENSITIVE=yes make test
runHook postCheck
'';
2022-04-30 00:24:55 +00:00
2021-06-28 15:43:53 +00:00
installPhase = ''
runHook preInstall
2021-06-28 15:43:53 +00:00
mkdir -p $out/lib/php/extensions
nixos/nextcloud: fixup openssl compat change Upon testing the change itself I realized that it doesn't build properly because * the `pname` of a php extension is `php-<name>`, not `<name>`. * calling the extension `openssl-legacy` resulted in PHP trying to compile `ext/openssl-legacy` which broke since it doesn't exist: source root is php-8.1.12 setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c patching sources cdToExtensionRootPhase /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory I didn't encounter that one before because I was mostly interested in having a sane behavior for everyone not using this "feature" and the documentation around this. My findings about the behavior with turning openssl1.1 on/off are still valid because I tested this on `master` with manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`. To work around the issue I had to slightly modify the extension build-system for PHP: * The attribute `extensionName` is now relevant to determine the output paths (e.g. `lib/openssl.so`). This is not a behavioral change for existing extensions because then `extensionName==name`. However when specifying `extName` in `php-packages.nix` this value is overridden and it is made sure that the extension called `extName` NOT `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed. The `name` still has to be kept to keep the legacy openssl available as `php.extensions.openssl-legacy`. Additionally I implemented a small VM test to check the behavior with server-side encryption: * For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix` it's checked that OpenSSL 3 is used). With that the "default" behavior of the module is checked. * It is ensured that the PHP interpreter for Nextcloud's php-fpm actually loads the correct openssl extension. * It is tested that (encrypted) files remain usable when (temporarily) installing OpenSSL3 (of course then they're not decryptable, but on a rollback that should still be possible). Finally, a few more documentation changes: * I also mentioned the issue in `nextcloud.xml` to make sure the issue is at least mentioned in the manual section about Nextcloud. Not too much detail here, but the relevant option `enableBrokenCiphersForSSE` is referenced. * I fixed a few minor wording issues to also give the full context (we're talking about Nextcloud; we're talking about the PHP extension **only**; please check if you really need this even though it's enabled by default). This is because I felt that sometimes it might be hard to understand what's going on when e.g. an eval-warning appears without telling where exactly it comes from.
2022-11-10 11:05:24 +00:00
cp modules/${extName}.so $out/lib/php/extensions/${extName}.so
2021-06-28 15:43:53 +00:00
mkdir -p $dev/include
${rsync}/bin/rsync -r --filter="+ */" \
--filter="+ *.h" \
--filter="- *" \
--prune-empty-dirs \
. $dev/include/
runHook postInstall
2021-06-28 15:43:53 +00:00
'';
meta = {
description = "PHP upstream extension: ${name}";
inherit (php.meta) maintainers homepage license;
};
}));
2021-06-28 15:43:53 +00:00
php = phpPackage;
2018-12-10 14:33:53 +00:00
# This is a set of interactive tools based on PHP.
tools = {
box = callPackage ../development/php-packages/box { };
2019-04-20 14:09:05 +00:00
2023-09-01 13:14:18 +00:00
castor = callPackage ../development/php-packages/castor { };
composer = callPackage ../development/php-packages/composer { };
2021-05-05 12:19:41 +00:00
deployer = callPackage ../development/php-packages/deployer { };
2022-02-12 21:39:48 +00:00
grumphp = callPackage ../development/php-packages/grumphp { };
2022-12-28 09:30:10 +00:00
phan = callPackage ../development/php-packages/phan { };
2022-02-24 20:08:05 +00:00
phing = callPackage ../development/php-packages/phing { };
2022-03-13 10:33:30 +00:00
phive = callPackage ../development/php-packages/phive { };
php-codesniffer = callPackage ../development/php-packages/php-codesniffer { };
php-cs-fixer = callPackage ../development/php-packages/php-cs-fixer { };
php-parallel-lint = callPackage ../development/php-packages/php-parallel-lint { };
phpmd = callPackage ../development/php-packages/phpmd { };
2023-11-29 08:44:58 +00:00
phpspy = callPackage ../development/php-packages/phpspy { };
phpstan = callPackage ../development/php-packages/phpstan { };
psalm = callPackage ../development/php-packages/psalm { };
2019-11-17 19:27:45 +00:00
psysh = callPackage ../development/php-packages/psysh { };
} // lib.optionalAttrs config.allowAliases {
phpcbf = throw "`phpcbf` is now deprecated, use `php-codesniffer` instead which contains both `phpcs` and `phpcbf`.";
phpcs = throw "`phpcs` is now deprecated, use `php-codesniffer` instead which contains both `phpcs` and `phpcbf`.";
};
# This is a set of PHP extensions meant to be used in php.buildEnv
# or php.withExtensions to extend the functionality of the PHP
# interpreter.
# The extensions attributes is composed of three sections:
# 1. The contrib conditional extensions, which are only available on specific PHP versions
# 2. The contrib extensions available
# 3. The core extensions
extensions =
# Contrib extensions
{
2021-10-08 16:10:44 +00:00
amqp = callPackage ../development/php-packages/amqp { };
apcu = callPackage ../development/php-packages/apcu { };
2019-09-30 16:08:20 +00:00
ast = callPackage ../development/php-packages/ast { };
2020-02-19 19:28:05 +00:00
blackfire = callPackage ../development/tools/misc/blackfire/php-probe.nix { };
couchbase = callPackage ../development/php-packages/couchbase { };
2020-02-19 19:28:05 +00:00
datadog_trace = callPackage ../development/php-packages/datadog_trace {
buildPecl = buildPecl.override {
stdenv = if stdenv.isDarwin then overrideSDK stdenv "11.0" else stdenv;
};
inherit (pkgs) darwin;
};
2022-01-26 20:17:02 +00:00
ds = callPackage ../development/php-packages/ds { };
event = callPackage ../development/php-packages/event { };
2021-11-23 19:06:39 +00:00
gnupg = callPackage ../development/php-packages/gnupg { };
2022-05-18 17:18:25 +00:00
grpc = callPackage ../development/php-packages/grpc { };
igbinary = callPackage ../development/php-packages/igbinary { };
imagick = callPackage ../development/php-packages/imagick { };
inotify = callPackage ../development/php-packages/inotify { };
ioncube-loader = callPackage ../development/php-packages/ioncube-loader { };
mailparse = callPackage ../development/php-packages/mailparse { };
maxminddb = callPackage ../development/php-packages/maxminddb { };
2023-09-11 10:55:42 +00:00
memcache = callPackage ../development/php-packages/memcache { };
memcached = callPackage ../development/php-packages/memcached { };
meminfo = callPackage ../development/php-packages/meminfo { };
memprof = callPackage ../development/php-packages/memprof { };
mongodb = callPackage ../development/php-packages/mongodb {
inherit (pkgs) darwin;
};
msgpack = callPackage ../development/php-packages/msgpack { };
oci8 = callPackage ../development/php-packages/oci8 { };
2017-07-11 13:56:52 +00:00
opentelemetry = callPackage ../development/php-packages/opentelemetry { };
openswoole = callPackage ../development/php-packages/openswoole { };
2020-12-28 23:38:50 +00:00
pdlib = callPackage ../development/php-packages/pdlib { };
pcov = callPackage ../development/php-packages/pcov { };
2017-07-11 13:56:52 +00:00
pdo_oci = buildPecl rec {
inherit (php.unwrapped) src version;
pname = "pdo_oci";
sourceRoot = "php-${version}/ext/pdo_oci";
buildInputs = [ pkgs.oracle-instantclient ];
configureFlags = [ "--with-pdo-oci=instantclient,${pkgs.oracle-instantclient.lib}/lib" ];
internalDeps = [ php.extensions.pdo ];
postPatch = ''
sed -i -e 's|OCISDKMANINC=`.*$|OCISDKMANINC="${pkgs.oracle-instantclient.dev}/include"|' config.m4
'';
meta.maintainers = lib.teams.php.members;
};
pdo_sqlsrv = callPackage ../development/php-packages/pdo_sqlsrv { };
2019-05-13 19:55:49 +00:00
2023-09-08 12:36:40 +00:00
phalcon = callPackage ../development/php-packages/phalcon { };
pinba = callPackage ../development/php-packages/pinba { };
protobuf = callPackage ../development/php-packages/protobuf { };
rdkafka = callPackage ../development/php-packages/rdkafka { };
2020-05-01 19:32:25 +00:00
redis = callPackage ../development/php-packages/redis { };
relay = callPackage ../development/php-packages/relay { };
2023-04-23 08:40:51 +00:00
rrd = callPackage ../development/php-packages/rrd { };
smbclient = callPackage ../development/php-packages/smbclient { };
snuffleupagus = callPackage ../development/php-packages/snuffleupagus {
inherit (pkgs) darwin;
};
spx = callPackage ../development/php-packages/spx { };
sqlsrv = callPackage ../development/php-packages/sqlsrv { };
2023-03-12 10:51:11 +00:00
ssh2 = callPackage ../development/php-packages/ssh2 { };
2021-03-11 17:01:45 +00:00
swoole = callPackage ../development/php-packages/swoole { };
uv = callPackage ../development/php-packages/uv { };
2023-08-16 10:36:42 +00:00
vld = callPackage ../development/php-packages/vld { };
xdebug = callPackage ../development/php-packages/xdebug { };
yaml = callPackage ../development/php-packages/yaml { };
2024-02-04 18:37:31 +00:00
zstd = callPackage ../development/php-packages/zstd { };
} // lib.optionalAttrs config.allowAliases {
php-spx = throw "php-spx is deprecated, use spx instead";
} // (
# Core extensions
let
# This list contains build instructions for different modules that one may
# want to build.
#
# These will be passed as arguments to mkExtension above.
extensionData = [
{ name = "bcmath"; }
{ name = "bz2"; buildInputs = [ bzip2 ]; configureFlags = [ "--with-bz2=${bzip2.dev}" ]; }
{ name = "calendar"; }
{ name = "ctype"; }
{
name = "curl";
buildInputs = [ curl ];
configureFlags = [ "--with-curl=${curl.dev}" ];
doCheck = false;
}
{ name = "dba"; }
{
name = "dom";
buildInputs = [ libxml2 ];
configureFlags = [
"--enable-dom"
];
# Add a PHP lower version bound constraint to avoid applying the patch on older PHP versions.
patches = lib.optionals ((lib.versions.majorMinor php.version == "8.2" && lib.versionOlder php.version "8.2.14" && lib.versionAtLeast php.version "8.2.7") || (lib.versions.majorMinor php.version == "8.1" && lib.versionAtLeast php.version "8.1.27")) [
# Fix tests with libxml 2.12
# Part of 8.3.1RC1+, 8.2.14RC1+
(fetchpatch {
url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch";
hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU=";
excludes = [
"NEWS"
];
})
];
}
{
name = "enchant";
buildInputs = [ enchant2 ];
configureFlags = [ "--with-enchant" ];
doCheck = false;
}
{ name = "exif"; doCheck = false; }
{ name = "ffi"; buildInputs = [ libffi ]; }
{
name = "fileinfo";
buildInputs = [ pcre2 ];
}
{ name = "filter"; buildInputs = [ pcre2 ]; }
{ name = "ftp"; buildInputs = [ openssl ]; }
{
name = "gd";
buildInputs = [ zlib gd ];
configureFlags = [
"--enable-gd"
"--with-external-gd=${gd.dev}"
"--enable-gd-jis-conv"
];
doCheck = false;
}
{
name = "gettext";
buildInputs = [ gettext ];
2024-03-14 07:55:17 +00:00
postPhpize = ''substituteInPlace configure --replace-fail 'as_fn_error $? "Cannot locate header file libintl.h" "$LINENO" 5' ':' '';
configureFlags = [ "--with-gettext=${gettext}" ];
}
{
name = "gmp";
buildInputs = [ gmp ];
configureFlags = [ "--with-gmp=${gmp.dev}" ];
}
{
name = "iconv";
configureFlags = [
"--with-iconv${lib.optionalString stdenv.isDarwin "=${libiconv}"}"
];
doCheck = false;
}
{
name = "imap";
buildInputs = [ uwimap openssl pam pcre2 libkrb5 ];
configureFlags = [ "--with-imap=${uwimap}" "--with-imap-ssl" "--with-kerberos" ];
}
{
name = "intl";
buildInputs = [ icu64 ];
}
{
name = "ldap";
buildInputs = [ openldap cyrus_sasl ];
configureFlags = [
"--with-ldap"
"LDAP_DIR=${openldap.dev}"
"LDAP_INCDIR=${openldap.dev}/include"
"LDAP_LIBDIR=${openldap.out}/lib"
] ++ lib.optionals stdenv.isLinux [
"--with-ldap-sasl=${cyrus_sasl.dev}"
];
doCheck = false;
}
{
name = "mbstring";
buildInputs = [ oniguruma pcre2 ];
doCheck = false;
}
{
name = "mysqli";
internalDeps = [ php.extensions.mysqlnd ];
configureFlags = [ "--with-mysqli=mysqlnd" "--with-mysql-sock=/run/mysqld/mysqld.sock" ];
doCheck = false;
}
{
name = "mysqlnd";
buildInputs = [ zlib openssl ];
# The configure script doesn't correctly add library link
# flags, so we add them to the variable used by the Makefile
# when linking.
MYSQLND_SHARED_LIBADD = "-lssl -lcrypto";
# The configure script builds a config.h which is never
# included. Let's include it in the main header file
# included by all .c-files.
patches = [
(pkgs.writeText "mysqlnd_config.patch" ''
--- a/ext/mysqlnd/mysqlnd.h
+++ b/ext/mysqlnd/mysqlnd.h
@@ -1,3 +1,6 @@
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
/*
+----------------------------------------------------------------------+
| Copyright (c) The PHP Group |
'')
];
}
{
name = "opcache";
buildInputs = [ pcre2 ] ++
lib.optional
(!stdenv.isDarwin && lib.meta.availableOn stdenv.hostPlatform valgrind)
valgrind.dev;
configureFlags = lib.optional php.ztsSupport "--disable-opcache-jit";
zendExtension = true;
postPatch = lib.optionalString stdenv.isDarwin ''
# Tests are flaky on darwin
rm ext/opcache/tests/blacklist.phpt
rm ext/opcache/tests/bug66338.phpt
rm ext/opcache/tests/bug78106.phpt
rm ext/opcache/tests/issue0115.phpt
rm ext/opcache/tests/issue0149.phpt
rm ext/opcache/tests/revalidate_path_01.phpt
'';
# Tests launch the builtin webserver.
__darwinAllowLocalNetworking = true;
}
{
name = "openssl";
buildInputs = [ openssl ];
configureFlags = [ "--with-openssl" ];
doCheck = false;
}
# This provides a legacy OpenSSL PHP extension
# For situations where OpenSSL 3 do not support a set of features
# without a specific openssl.cnf file
{
name = "openssl-legacy";
nixos/nextcloud: fixup openssl compat change Upon testing the change itself I realized that it doesn't build properly because * the `pname` of a php extension is `php-<name>`, not `<name>`. * calling the extension `openssl-legacy` resulted in PHP trying to compile `ext/openssl-legacy` which broke since it doesn't exist: source root is php-8.1.12 setting SOURCE_DATE_EPOCH to timestamp 1666719000 of file php-8.1.12/win32/wsyslog.c patching sources cdToExtensionRootPhase /nix/store/48mnkga4kh84xyiqwzx8v7iv090i7z66-stdenv-linux/setup: line 1399: cd: ext/openssl-legacy: No such file or directory I didn't encounter that one before because I was mostly interested in having a sane behavior for everyone not using this "feature" and the documentation around this. My findings about the behavior with turning openssl1.1 on/off are still valid because I tested this on `master` with manually replacing `openssl` by `openssl_1_1` in `php-packages.nix`. To work around the issue I had to slightly modify the extension build-system for PHP: * The attribute `extensionName` is now relevant to determine the output paths (e.g. `lib/openssl.so`). This is not a behavioral change for existing extensions because then `extensionName==name`. However when specifying `extName` in `php-packages.nix` this value is overridden and it is made sure that the extension called `extName` NOT `name` (i.e. `openssl` vs `openssl-legacy`) is built and installed. The `name` still has to be kept to keep the legacy openssl available as `php.extensions.openssl-legacy`. Additionally I implemented a small VM test to check the behavior with server-side encryption: * For `stateVersion` below 22.11, OpenSSL 1.1 is used (in `basic.nix` it's checked that OpenSSL 3 is used). With that the "default" behavior of the module is checked. * It is ensured that the PHP interpreter for Nextcloud's php-fpm actually loads the correct openssl extension. * It is tested that (encrypted) files remain usable when (temporarily) installing OpenSSL3 (of course then they're not decryptable, but on a rollback that should still be possible). Finally, a few more documentation changes: * I also mentioned the issue in `nextcloud.xml` to make sure the issue is at least mentioned in the manual section about Nextcloud. Not too much detail here, but the relevant option `enableBrokenCiphersForSSE` is referenced. * I fixed a few minor wording issues to also give the full context (we're talking about Nextcloud; we're talking about the PHP extension **only**; please check if you really need this even though it's enabled by default). This is because I felt that sometimes it might be hard to understand what's going on when e.g. an eval-warning appears without telling where exactly it comes from.
2022-11-10 11:05:24 +00:00
extName = "openssl";
buildInputs = [ openssl_1_1 ];
configureFlags = [ "--with-openssl" ];
doCheck = false;
}
{ name = "pcntl"; }
{ name = "pdo"; doCheck = false; }
{
name = "pdo_dblib";
internalDeps = [ php.extensions.pdo ];
configureFlags = [ "--with-pdo-dblib=${freetds}" ];
# Doesn't seem to work on darwin.
enable = (!stdenv.isDarwin);
doCheck = false;
}
{
name = "pdo_mysql";
internalDeps = with php.extensions; [ pdo mysqlnd ];
configureFlags = [ "--with-pdo-mysql=mysqlnd" "PHP_MYSQL_SOCK=/run/mysqld/mysqld.sock" ];
doCheck = false;
}
{
name = "pdo_odbc";
internalDeps = [ php.extensions.pdo ];
configureFlags = [ "--with-pdo-odbc=unixODBC,${unixODBC}" ];
doCheck = false;
}
{
name = "pdo_pgsql";
internalDeps = [ php.extensions.pdo ];
configureFlags = [ "--with-pdo-pgsql=${postgresql}" ];
doCheck = false;
}
{
name = "pdo_sqlite";
internalDeps = [ php.extensions.pdo ];
buildInputs = [ sqlite ];
configureFlags = [ "--with-pdo-sqlite=${sqlite.dev}" ];
doCheck = false;
}
{
name = "pgsql";
buildInputs = [ pcre2 ];
configureFlags = [ "--with-pgsql=${postgresql}" ];
doCheck = false;
}
{ name = "posix"; doCheck = false; }
{ name = "pspell"; configureFlags = [ "--with-pspell=${aspell}" ]; }
{
name = "readline";
php.extensions.readline: Actually use readline Building readline extension would say: checking for libedit readline replacement... yes, shared even when configuring `--without-libedit`. This is because `PHP_ARG_WITH(libedit, …)`, internally calls `PHP_ALWAYS_SHARED`, which in `phpize`-generated `configure.ac` is defined as always forcing the value to shared. This will prevent `PHP_ARG_WITH(readline, …)` from being invoked so `READLINE_DIR` variable will never be defined. This was not an issue before we split the extension out of php.unwrapped in https://github.com/NixOS/nixpkgs/commit/282337799b08844c145c295110f20025541f829a, as `PHP_ALWAYS_SHARED` is empty there. ----- Additionally, because the build script passed `-L$READLINE_DIR/lib` as a flag to the compiler on PHP < 7.4 (built by the nix-phps repository), this ended up with a FHS-like path being passed to the linker. And once we bumped GCC to 11 in https://github.com/NixOS/nixpkgs/commit/52f8cf58a4504e5e219faebffa51033e400e3aec, the linker would fail: gcc -shared .libs/readline.o .libs/readline_cli.o -Wl,--rpath -Wl,/lib -L/lib -ledit -lncurses -Wl,-soname -Wl,readline.so -o .libs/readline.so impure path `/lib' used in link collect2: error: ld returned 1 exit status This no longer happens with PHP ≥ 7.4, since they switched to getting the linker flags from pkg-config in https://github.com/php/php-src/commit/b537203d20d7c1c425aee44d00f1d53758ac8747. ---- As a compromise, let’s make the `PHP_ALWAYS_SHARED` function force `shared` status but only for flags that are not disabled. That will allow us to remove the libedit dependency and also the nasty patch for configure script due to `--with-libedit` not being passed (which would be required for PHP < 7.4 to be able to find readline.h from libedit). Thanks to Pol Dellaiera for both bisections.
2022-05-02 02:05:57 +00:00
buildInputs = [
readline
];
configureFlags = [
"--with-readline=${readline.dev}"
];
postPatch = ''
# Fix `--with-readline` option not being available.
# `PHP_ALWAYS_SHARED` generated by phpize enables all options
# without the possibility to override them. But when `--with-libedit`
# is enabled, `--with-readline` is not registered.
echo '
AC_DEFUN([PHP_ALWAYS_SHARED],[
test "[$]$1" != "no" && ext_shared=yes
])dnl
' | cat - ext/readline/config.m4 > ext/readline/config.m4.tmp
mv ext/readline/config.m4{.tmp,}
'';
doCheck = false;
}
{ name = "session";
doCheck = false;
}
{ name = "shmop"; }
{
name = "simplexml";
buildInputs = [ libxml2 pcre2 ];
configureFlags = [
"--enable-simplexml"
];
}
{
name = "snmp";
buildInputs = [ net-snmp openssl ];
configureFlags = [ "--with-snmp" ];
# net-snmp doesn't build on darwin.
enable = (!stdenv.isDarwin);
doCheck = false;
}
{
name = "soap";
buildInputs = [ libxml2 ];
configureFlags = [
"--enable-soap"
];
doCheck = false;
}
2022-01-22 17:12:21 +00:00
{
name = "sockets";
doCheck = false;
}
{ name = "sodium"; buildInputs = [ libsodium ]; }
{
name = "sqlite3";
buildInputs = [ sqlite ];
# The `sqlite3_bind_bug68849.phpt` test is currently broken for i686 Linux systems since sqlite 3.43, cf.:
# - https://github.com/php/php-src/issues/12076
# - https://www.sqlite.org/forum/forumpost/abbb95376ec6cd5f
patches = lib.optionals (stdenv.isi686 && stdenv.isLinux) [
../development/interpreters/php/skip-sqlite3_bind_bug68849.phpt.patch
];
}
{ name = "sysvmsg"; }
{ name = "sysvsem"; }
{ name = "sysvshm"; }
{ name = "tidy"; configureFlags = [ "--with-tidy=${html-tidy}" ]; doCheck = false; }
{
name = "tokenizer";
patches = [ ../development/interpreters/php/fix-tokenizer-php81.patch ];
}
{
name = "xml";
buildInputs = [ libxml2 ];
configureFlags = [
"--enable-xml"
];
doCheck = false;
}
{
name = "xmlreader";
buildInputs = [ libxml2 ];
internalDeps = [ php.extensions.dom ];
env.NIX_CFLAGS_COMPILE = toString [ "-I../.." "-DHAVE_DOM" ];
2021-11-25 17:18:21 +00:00
doCheck = false;
configureFlags = [
"--enable-xmlreader"
];
}
{
name = "xmlwriter";
buildInputs = [ libxml2 ];
configureFlags = [
"--enable-xmlwriter"
];
}
{
name = "xsl";
buildInputs = [ libxslt libxml2 ];
internalDeps = [ php.extensions.dom ];
doCheck = false;
env.NIX_CFLAGS_COMPILE = toString [ "-I../.." "-DHAVE_DOM" ];
configureFlags = [ "--with-xsl=${libxslt.dev}" ];
}
{ name = "zend_test"; }
{
name = "zip";
buildInputs = [ libzip pcre2 ];
configureFlags = [
"--with-zip"
];
doCheck = false;
}
{
name = "zlib";
buildInputs = [ zlib ];
configureFlags = [
"--with-zlib"
];
}
];
# Convert the list of attrs:
# [ { name = <name>; ... } ... ]
# to a list of
# [ { name = <name>; value = <extension drv>; } ... ]
#
# which we later use listToAttrs to make all attrs available by name.
#
# Also filter out extensions based on the enable property.
namedExtensions = builtins.map
(drv: {
name = drv.name;
value = mkExtension drv;
})
(builtins.filter (i: i.enable or true) extensionData);
# Produce the final attribute set of all extensions defined.
in
builtins.listToAttrs namedExtensions
);
})