A Proposal to the Community: RE: PHP Engines upstream deprecation
Upstream has this neat library of apps called SCLo which is a Software Collection (https://wiki.centos.org/SpecialInterestGroup/SCLo). We use these in ClearOS to provide libraries for PHP Engines rather than having a single, outdated version. This allows us to provide different versions. The issue is that this SCLo is a bit of a moving target and does not have highly maintained versions throughout the lifecycle of ClearOS/CentOS/RHEL.
As such, they have dropped PHP version rh-php56* from the SCLo. The php54 engine is still maintained by RHEL because it is the supported upstream version throughout the lifecycle of RHEL 7. The php70 and php71 are still available. While we could pull in this old package, there are a number of reasons why this could further break things. Generally, this update creates some issues for us:
- The app-php-engines will need to be updated to deprecate php56.
- If php56 is installed already, then and only then should it show in app-php-engines.
- The remote configuration restore process must refuse php56 recovery directives
- The php72 should be added to app-php-engines as it is now available.
- The app-nextcloud app requires engines (https://gitlab.com/clearos/app-nextcloud/blob/master/packaging/app-nextcloud.spec)
- The app-nextcloud-business app requires engines (https://gitlab.com/clearos/app-nextcloud-business/blob/master/packaging/app-nextcloud-business.spec)
- The app-wordpress app requires engines (https://gitlab.com/clearos/clearfoundation/app-wordpress/blob/master/packaging/app-wordpress.spec)
For those that already have the php56 installed, it should still work, but it may present issues in the future. You can add the old repo manually but proceed at your own risk. The recommended course of action is this:
- Update your underlying apps to support newer versions. The reason why this is important is that the php56 has not had any bug or security fixes since 2014...eep!
Upstream has this neat library of apps called SCLo which is a Software Collection (https://wiki.centos.org/SpecialInterestGroup/SCLo). We use these in ClearOS to provide libraries for PHP Engines rather than having a single, outdated version. This allows us to provide different versions. The issue is that this SCLo is a bit of a moving target and does not have highly maintained versions throughout the lifecycle of ClearOS/CentOS/RHEL.
As such, they have dropped PHP version rh-php56* from the SCLo. The php54 engine is still maintained by RHEL because it is the supported upstream version throughout the lifecycle of RHEL 7. The php70 and php71 are still available. While we could pull in this old package, there are a number of reasons why this could further break things. Generally, this update creates some issues for us:
- The app-php-engines will need to be updated to deprecate php56.
- If php56 is installed already, then and only then should it show in app-php-engines.
- The remote configuration restore process must refuse php56 recovery directives
- The php72 should be added to app-php-engines as it is now available.
- The app-nextcloud app requires engines (https://gitlab.com/clearos/app-nextcloud/blob/master/packaging/app-nextcloud.spec)
- The app-nextcloud-business app requires engines (https://gitlab.com/clearos/app-nextcloud-business/blob/master/packaging/app-nextcloud-business.spec)
- The app-wordpress app requires engines (https://gitlab.com/clearos/clearfoundation/app-wordpress/blob/master/packaging/app-wordpress.spec)
For those that already have the php56 installed, it should still work, but it may present issues in the future. You can add the old repo manually but proceed at your own risk. The recommended course of action is this:
- Update your underlying apps to support newer versions. The reason why this is important is that the php56 has not had any bug or security fixes since 2014...eep!
In Water Cooler
Share this post:
Responses (5)
-
Accepted Answer
-
Accepted Answer
We can do whatever is wanted here. The following have been suggested:
1) Support 5.6 for extended periods of time by:
Grab the relevant 5.6 RPMs from the CentOS 7.5.1804 repo and drop them into the 7.6.1810 ClearOS-CentOS repo.
Follow Remi's best effort 5.6 packaging @ https://blog.remirepo.net/post/2019/02/07/PHP-5.6-is-dead
Announce that 5.6 is going away soon
Deprecate 5.6 and maybe force the issue with an auto-upgrade? Or just leave 5.6 as-is and put a dire warning in the GUI?
Express in the UI that it is unsuppported
2) Soft deprecate 5.6 by
Modify the UI for PHP engines to exclude 5.6 from being listed unless it is already installed.
Announce the 5.6 is dead and give instructions on how to install if if you really want it. (which will make it show up in the UI.)
Place any community versions of php56 (ie. Remi's methods) in the contribs area.
Express in the UI that it is and unsupported
3) Immediately deprecate 5.6 by
Modify the UI for PHP engines to exclude 5.6 from being listed unless it is already installed.
Announce the 5.6 is dead and give instructions on how to install if if you really want it. (which will make it show up in the UI.)
Express in the UI that it is deprecated and unsupported
4) Hard Deprecate 5.6 and soft discourage 7.0 early
Modify the UI for PHP engines to exclude 5.6 from being listed.
Announce the 5.6 is dead and give instructions on how to install if if you really want it. Don't show it in the UI
Express in the UI that 7.0 is unsupported and is scheduled for deprecation
5) Or some other proposal
This is preferential voting so list the order you want here or propose something else. Presently, I'm going to propose a patch that will make php56 not required and also deal with the configuration recovery since we will need the ability to ignore other things like this in the future.
My vote is to toss 5.6 out on its ear. It isn't safe to run it or recommend it. Certainly we should provide knowledge on how to get around this but having the knowledge to manually support this is almost a pre-requisite (in my mind) for anyone that wishes to still run with it. In all cases, I would recommend that we onboard 7.2. -
Accepted Answer
Marc Laporte wrote:
But at least the PHP7.0 files are still in the upstream repos for 7.6.
Dear Dave,
Thank you for this analysis.
PHP 7.0 is also unsupported:
https://www.php.net/supported-versions.php
https://www.php.net/eol.php
The question is how do we manage the deprecation? Do we keep publishing the insecure 5.6> When 7.0 finishes do we keep publishing that as well? Or do we update the app at each point, putting a dire warning against the deprecated version and remove the ability to install it on a fresh install (at the moment it hangs the install because 5.6 is required but not available). None of these would catch an upgrader as the old version would remain on their system, but what happens to the re-installer (like me). Perhaps they had an app in 5.6, so on re-installation they can no longer use their app. Or do we make the deprecated versions command line install only? -
Accepted Answer
Dear Dave,
Thank you for this analysis.
PHP 7.0 is also unsupported:
https://www.php.net/supported-versions.php
https://www.php.net/eol.php -
Accepted Answer
As a workaround for the moment, you can create a new file /etc/yum.repos.d/clearos-centos-sclo-scl-rh75.repo to:
[code]clearos-centos-sclo-rh75]
name=CentOS-7 - x86_64 - CentOS Software Collections
baseurl=http://download1.clearsdn.com/centos/7.5.1804/sclo/$basearch/rh/
http://download2.clearsdn.com/centos/7.5.1804/sclo/$basearch/rh/
http://download3.clearsdn.com/centos/7.5.1804/sclo/$basearch/rh/
http://download4.clearsdn.com/centos/7.5.1804/sclo/$basearch/rh/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo
enabling the repo when needed. It should be safe to leave it enabled as ClearOS will always install the latest packages, but please note the security concern.
At the moment, enabling the older repo is the only way to get the app installed which is not ideal, especially if you only want php7.1.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »