Opened 4 weeks ago

Closed 2 weeks ago

#14235 closed Feature/Enhancement Request (fixed)

make php 7.1 and 7.2 available on moshes

Reported by: https://id.mayfirst.org/jamie Owned by: https://id.mayfirst.org/jamie
Priority: Medium Component: Tech
Keywords: php7.1 php7.2 Cc:
Sensitive: no

Description

Debian is not packaging 7.1 at all and 7.2 is only available in testing. I can't find any documentation on plans in debian for packaging these versions. So, I think our best option is to pull in packages from https://deb.sury.org/.

I think we'll need to formalize the selection of the PHP version in the control panel (instead of using the # mfplphpmversion: 5 tag).

We can set all existing sites to php7.0 and then make the default for new sites: most recent version available. Then we can start moving people to php7.2 without disrupting existing sites.

Change History (9)

comment:1 Changed 4 weeks ago by https://id.mayfirst.org/jamie

  • Owner set to https://id.mayfirst.org/jamie
  • Status changed from new to assigned

comment:2 Changed 4 weeks ago by https://id.mayfirst.org/jamie

First phase is done. Now, selection of php via the control panel is moved into a field so our members can select it themselves.

comment:3 Changed 3 weeks ago by https://id.mayfirst.org/jamie

Second phase is down. I've added sury repos and php7.1 and 7.2 to puppet and pushed to octavia and chavez and dorothy. Unfortunately I can't seem to get my puppet dependency to make this happen on one go, so freepuppet-run has to run twice. The first time it sets the new repos, the second time it installs the new packages.

I also tested with outreach.mayfirst.org on octavia and it seems to be working.

Assuming we get no problem reports on chavez or dorothy today or tomorrow I will plan to push this out to all server tuesday evening and update the control panel to expose the choice of 7.1 and 7.2 for all sites.

comment:4 Changed 3 weeks ago by https://id.mayfirst.org/dkg

why do we want 7.1 and 7.2? this issue report doesn't point to a reason for the change.

PHP's supported versions lists the upcoming end of security support for version 7.0, but debian's security team typically offers support for packages in stable even when upstream has dropped the package. (i don't know whether that will be the case for PHP 7.0).

In any case, if we decide that 7.0 is unacceptable, why add both 7.1 and 7.2? why not just add 7.2 ?

Last edited 3 weeks ago by https://id.mayfirst.org/dkg (previous) (diff)

comment:5 Changed 3 weeks ago by https://id.mayfirst.org/jamie

I forgot to add the user requested tickets - #14233 and #14232. The main reason for going beyond 7.0 is to avoid difficult application upgrade problems. Since php7.0 is coming to an end, many php applications are targeting newer versions and users are trying to keep up with those requirements.

php7.2 made a big change by dropping mcrypt support which causes problems for CiviCRM (see also this civicrm issue). This is certainly a CiviCRM specific issue but we have a lot of members using CiviCRM.

An alternative to installing php 7.1 would be to follow these instructions to compile mcrypt ourselves, but I would rather support php7.1 than maintain that step.

comment:6 Changed 3 weeks ago by https://id.mayfirst.org/dkg

thanks for the background pointers, jamie :) what a mess with mcrypt and civicrm :(

comment:7 Changed 3 weeks ago by https://id.mayfirst.org/jamie

Yes, what a mess.

After reading your comment, I realized one option would be to keep CiviCRM users on 7.0, which is fully supported by CiviCRM. I'm not sure what advantage CiviCRM users have to move from 7.0 to 7.1 (the member who made the request simply says they don't want to be a officially un-supported php package, but I agree that debian has typically been pretty good about backporting all security fixes).

As I'm looking at it now in light of this conversation...the main problem with php 7.1 is that come December 1st, it will neither be supported by the Debian security team or the upstream PHP developers. Not a great situation for us. I'll follow up on #14232 to gain clarity on that request.

Last edited 3 weeks ago by https://id.mayfirst.org/jamie (previous) (diff)

comment:8 Changed 2 weeks ago by https://id.mayfirst.org/jamie

Oh - tadpole pointed out that I mis-read the end of life for php7.1 - there is another year of upstream security patches. So, I'm going to make it available, but will keep php7.0 as the default. I suspect most members will stay on 7.0 and we will keep the debian stable version the default to minimize transitions.

For people who choose a non-default version, I will include in the control panel and clear note indicating that they will be automatically transitioned to newer versions as their version falls out of upstream maintenance.

comment:9 Changed 2 weeks ago by https://id.mayfirst.org/jamie

  • Resolution set to fixed
  • Status changed from assigned to closed

Completed. php7.1 and php7.2 are now available on all moshes. In the control panel, the choice is available when you edit your web config, it's the 2nd to last option in the advanced settings.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.