Task #12004

Remove PHP mcrypt installation dependency

Added by Steve Breker about 4 years ago. Updated about 3 years ago.

Status:VerifiedStart date:02/27/2018
Priority:MediumDue date:
Assignee:-% Done:

0%

Category:Installation
Target version:Release 2.5.0
Google Code Legacy ID: Tested version:
Sponsored:No Requires documentation:No

Description

Mcrypt has been deprecated in PHP 7.1. Update AtoM to remove dependency on mcrypt.

PHP's openssl_encrypt: http://php.net/manual/en/function.openssl-encrypt.php

Related issues

Related to Access to Memory (AtoM) - Feature #12136: Upgrade password hash function to a secure algorithm Verified 04/11/2018
Related to Access to Memory (AtoM) - Bug #12821: AtoM docker container triggers errors when building on no... Verified 02/16/2019

History

#1 Updated by Steve Breker about 4 years ago

Look into contributing fix back to:

https://github.com/LExpress/symfony1

#2 Updated by David Juhasz about 4 years ago

Steve Breker said on 9 April 2017 at 11:20AM (PST):

It appears that mcrypt is used in ‘random_compat’ and ‘password_compat’ which are git packages that are being used in AtoM for other purposes.

Random_compat: grep indicates used to generate DO hashed filenames.
Password_compat: Used in ldapuser.

#3 Updated by David Juhasz about 4 years ago

  • Related to Feature #12136: Upgrade password hash function to a secure algorithm added

#4 Updated by Steve Breker over 3 years ago

Solution seems to be to remove the random_compat and password_compat libraries that were making calls to the mcrypt library. Both of these libraries were used to provide access to 'random', 'password_hash' and 'password_verify' to versions of PHP earlier than 7. These functions are now available starting in PHP 7.0.0 so we no longer need to include these.

AtoM 2.5 requirements will be PHP 7 or greater from prior discussion.

Testing
- the master image copyright notice functionality still works when using the PHP 7.0 versions of 'random'.
- the calls to the PHP 7 versions of password_hash and password_verify will work with the ldap user authentication.

random_compat
---------------
https://github.com/paragonie/random_compat

password_compat
---------------
Url: https://github.com/ircmaxell/password_compat
Copyright: Anthony Ferrara 2012
License: MIT

#5 Updated by Steve Breker over 3 years ago

  • Status changed from New to Code Review
  • Assignee changed from Steve Breker to Nick Wilkinson

#6 Updated by Nick Wilkinson over 3 years ago

  • Assignee changed from Nick Wilkinson to José Raddaoui Marín

Hi Radda, can you please take a look for CR?

#8 Updated by José Raddaoui Marín over 3 years ago

  • Status changed from Code Review to Feedback
  • Assignee changed from José Raddaoui Marín to Steve Breker

Nice!

#9 Updated by Steve Breker over 3 years ago

  • Status changed from Feedback to Code Review
  • Assignee changed from Steve Breker to José Raddaoui Marín

An additional change I thought of after merging the previous one.

https://github.com/artefactual/atom/pull/797

I will look into whether the ansible script will need updating too.

#10 Updated by José Raddaoui Marín over 3 years ago

  • Status changed from Code Review to Feedback
  • Assignee changed from José Raddaoui Marín to Steve Breker

#11 Updated by Steve Breker over 3 years ago

  • Status changed from Feedback to QA/Review
  • Assignee changed from Steve Breker to Dan Gillean

Ready for QA.

This change affects the copyright message popup when viewing master images, and the LDAP authentication functionality.

The mcrypt library is no longer available in PHP 7.1 and up. Mcrypt was used in the backwards compat libs used for the copyright message popup when viewing master images, and the LDAP authentication functionality.

The functions that were made available in password_compat and random_compat are included in PHP 7.x (7.0 and up).

Solution was to remove password_compat and random_compat completely and rely on the versions included in PHP 7.x. This means that AtoM 2.5.x requires PHP 7.x (PHP 7.0 and up).

These commits:
- remove the backwards compat libs that were present in AtoM's vendor dir for PHP versions less than 7.0. This means that AtoM 2.5.x will only work with PHP 7.0 or greater now.
- ensure that the random and password PHP functions will now use the PHP versions included in PHP 7.0 and up instead of the backwards compat versions that used to be included in the vendor dir.
- unlock the PHP version when running Docker - it will now use the latest version 7.x of PHP included with Alpine Linux. PHP no longer needs to be locked to 7.0 since mcrypt is no longer included.

#12 Updated by Steve Breker over 3 years ago

  • Related to Bug #12821: AtoM docker container triggers errors when building on non Linux hosts added

#13 Updated by Dan Gillean about 3 years ago

  • Assignee deleted (Dan Gillean)

#14 Updated by Dan Gillean about 3 years ago

  • Status changed from QA/Review to Verified
  • Requires documentation set to No

Confirmed that copyright pop up is working in 18.04 w PHP 7.2 - tested in 18.04 vagrant box.

Also available in: Atom PDF