mirror of
https://github.com/danog/docker-php-extension-installer.git
synced 2024-11-30 04:29:15 +01:00
Add an option to fix Let's Encrypt CA certificates for old distros (#450)
This commit is contained in:
parent
f5a8f0fb94
commit
73545ba3e5
@ -298,8 +298,9 @@ Here's the list of all the supported environment variables:
|
||||
|
||||
| Extension | Environment variable | Description |
|
||||
|---|---|---|
|
||||
| | `IPE_FIX_CACERTS=1` | Old Alpine Linux (3.7 and 3.8) and Debian (Jessie and Stretch) versions don't work anymore with websites whose HTTPS certificate has been signed by Let's Encrypt ([more details here](https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/).<br /> By setting this environment variable, `install-php-extensions` will fix this issue |
|
||||
| | `IPE_KEEP_SYSPKG_CACHE=1` | By default the script will clear the apt/apk/pear cache in order to save disk space. You can disable it by setting this environment variable |
|
||||
| lzf | `IPE_LZF_BETTERCOMPRESSION=1` | By default `install-php-extensions` compiles the `lzf` extension to prefer speed over size; you can use this environment variable to compile it preferring size over speed |
|
||||
| lzf | `IPE_LZF_BETTERCOMPRESSION=1` | By default `install-php-extensions` compiles the `lzf` extension to prefer speed over size; you can use this environment variable to compile it preferring size over speed |
|
||||
| event | `IPE_EVENT_NAMESPACE=`... | By default the `event` classes are defined in the root namespace. You can use this environment variable to specify a custom namespace |
|
||||
| gd | IPE_GD_WITHOUTAVIF=1 | Since PHP 8.1, gd supports the AVIF format. Enabling it requires compiling libaom/libdav1d/libyuv/libavif, which is time-consuming. You can disable AVIF support by setting this environment variable |
|
||||
|
||||
|
@ -2991,6 +2991,48 @@ removeStringFromList() {
|
||||
printf '%s' "$removeStringFromList_result"
|
||||
}
|
||||
|
||||
# Replace the list of trusted CA with toe ones provided by cURL.
|
||||
# (controlled by IPE_FIX_CACERTS is set)
|
||||
fixCACerts() {
|
||||
case "${IPE_FIX_CACERTS:-}" in
|
||||
1 | y* | Y*) ;;
|
||||
*)
|
||||
return
|
||||
;;
|
||||
esac
|
||||
case "$DISTRO_VERSION" in
|
||||
alpine@3.7 | alpine@3.8) ;;
|
||||
debian@8 | debian@9)
|
||||
if ! grep -q 'mozilla/ISRG_Root_X1.crt' /etc/ca-certificates.conf && grep -q 'mozilla/DST_Root_CA_X3.crt' /etc/ca-certificates.conf; then
|
||||
fixCACerts_mustUpdate=1
|
||||
if test -d /var/lib/apt/lists; then
|
||||
for fixCACerts_item in $(ls -1 /var/lib/apt/lists); do
|
||||
case "$fixCACerts_item" in
|
||||
partial | lock) ;;
|
||||
*)
|
||||
fixCACerts_mustUpdate=0
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
fi
|
||||
if test $fixCACerts_mustUpdate -eq 1; then
|
||||
DEBIAN_FRONTEND=noninteractive apt-get update -q
|
||||
fi
|
||||
apt-get install -qqy --no-install-recommends ca-certificates
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
# No needs to update the CA list
|
||||
return
|
||||
;;
|
||||
esac
|
||||
if grep -Eq '^mozilla/ISRG_Root_X1\.crt$' /etc/ca-certificates.conf && grep -Eq '^mozilla/DST_Root_CA_X3\.crt$' /etc/ca-certificates.conf; then
|
||||
sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
|
||||
update-ca-certificates -f
|
||||
fi
|
||||
}
|
||||
|
||||
# Cleanup everything at the end of the execution
|
||||
cleanup() {
|
||||
if test -n "$UNNEEDED_PACKAGE_LINKS"; then
|
||||
@ -3068,6 +3110,8 @@ if test -z "$PHP_MODULES_TO_INSTALL"; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
fixCACerts
|
||||
|
||||
sortModulesToInstall
|
||||
|
||||
docker-php-source extract
|
||||
|
@ -317,7 +317,7 @@ testExtensionFor() {
|
||||
printf ' - Docker image: %s\n' "$testExtensionFor_Image"
|
||||
testExtensionFor_out="$(mktemp)"
|
||||
testExtensionFor_start=$(date +%s)
|
||||
if $(docker run --rm --volume "$CI_BUILD_DIR:/app" --env CI=true --workdir /app "$testExtensionFor_Image" sh -c "./install-php-extensions $1 && php ./scripts/check-installed-extension.php $1" >"$testExtensionFor_out" 2>&1); then
|
||||
if $(docker run --rm --volume "$CI_BUILD_DIR:/app" --env CI=true --env IPE_FIX_CACERTS=1 --workdir /app "$testExtensionFor_Image" sh -c "./install-php-extensions $1 && php ./scripts/check-installed-extension.php $1" >"$testExtensionFor_out" 2>&1); then
|
||||
testExtensionFor_end=$(date +%s)
|
||||
testExtensionFor_delta=$(expr $testExtensionFor_end - $testExtensionFor_start)
|
||||
rm -rf "$testExtensionFor_out"
|
||||
|
Loading…
Reference in New Issue
Block a user