Task #12004
Remove PHP mcrypt installation dependency
Status: | Verified | Start date: | 02/27/2018 | |
---|---|---|---|---|
Priority: | Medium | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Installation | |||
Target version: | Release 2.5.0 | |||
Google Code Legacy ID: | Tested version: | |||
Sponsored: | No | Requires documentation: | No |
Description
Mcrypt has been deprecated in PHP 7.1. Update AtoM to remove dependency on mcrypt.
PHP's openssl_encrypt: http://php.net/manual/en/function.openssl-encrypt.php
Related issues
History
#1 Updated by Steve Breker about 4 years ago
Look into contributing fix back to:
#2 Updated by David Juhasz about 4 years ago
Steve Breker said on 9 April 2017 at 11:20AM (PST):
It appears that mcrypt is used in ‘random_compat’ and ‘password_compat’ which are git packages that are being used in AtoM for other purposes.
Random_compat: grep indicates used to generate DO hashed filenames.
Password_compat: Used in ldapuser.
#3 Updated by David Juhasz about 4 years ago
- Related to Feature #12136: Upgrade password hash function to a secure algorithm added
#4 Updated by Steve Breker over 3 years ago
Solution seems to be to remove the random_compat and password_compat libraries that were making calls to the mcrypt library. Both of these libraries were used to provide access to 'random', 'password_hash' and 'password_verify' to versions of PHP earlier than 7. These functions are now available starting in PHP 7.0.0 so we no longer need to include these.
AtoM 2.5 requirements will be PHP 7 or greater from prior discussion.
Testing
- the master image copyright notice functionality still works when using the PHP 7.0 versions of 'random'.
- the calls to the PHP 7 versions of password_hash and password_verify will work with the ldap user authentication.
random_compat
---------------
https://github.com/paragonie/random_compat
password_compat
---------------
Url: https://github.com/ircmaxell/password_compat
Copyright: Anthony Ferrara 2012
License: MIT
#5 Updated by Steve Breker over 3 years ago
- Status changed from New to Code Review
- Assignee changed from Steve Breker to Nick Wilkinson
#6 Updated by Nick Wilkinson over 3 years ago
- Assignee changed from Nick Wilkinson to José Raddaoui Marín
Hi Radda, can you please take a look for CR?
#7 Updated by Steve Breker over 3 years ago
#8 Updated by José Raddaoui Marín over 3 years ago
- Status changed from Code Review to Feedback
- Assignee changed from José Raddaoui Marín to Steve Breker
Nice!
#9 Updated by Steve Breker over 3 years ago
- Status changed from Feedback to Code Review
- Assignee changed from Steve Breker to José Raddaoui Marín
An additional change I thought of after merging the previous one.
https://github.com/artefactual/atom/pull/797
I will look into whether the ansible script will need updating too.
#10 Updated by José Raddaoui Marín over 3 years ago
- Status changed from Code Review to Feedback
- Assignee changed from José Raddaoui Marín to Steve Breker
#11 Updated by Steve Breker over 3 years ago
- Status changed from Feedback to QA/Review
- Assignee changed from Steve Breker to Dan Gillean
Ready for QA.
This change affects the copyright message popup when viewing master images, and the LDAP authentication functionality.
The mcrypt library is no longer available in PHP 7.1 and up. Mcrypt was used in the backwards compat libs used for the copyright message popup when viewing master images, and the LDAP authentication functionality.
The functions that were made available in password_compat and random_compat are included in PHP 7.x (7.0 and up).
Solution was to remove password_compat and random_compat completely and rely on the versions included in PHP 7.x. This means that AtoM 2.5.x requires PHP 7.x (PHP 7.0 and up).
These commits:
- remove the backwards compat libs that were present in AtoM's vendor dir for PHP versions less than 7.0. This means that AtoM 2.5.x will only work with PHP 7.0 or greater now.
- ensure that the random and password PHP functions will now use the PHP versions included in PHP 7.0 and up instead of the backwards compat versions that used to be included in the vendor dir.
- unlock the PHP version when running Docker - it will now use the latest version 7.x of PHP included with Alpine Linux. PHP no longer needs to be locked to 7.0 since mcrypt is no longer included.
#12 Updated by Steve Breker over 3 years ago
- Related to Bug #12821: AtoM docker container triggers errors when building on non Linux hosts added
#13 Updated by Dan Gillean about 3 years ago
- Assignee deleted (
Dan Gillean)
#14 Updated by Dan Gillean about 3 years ago
- Status changed from QA/Review to Verified
- Requires documentation set to No
Confirmed that copyright pop up is working in 18.04 w PHP 7.2 - tested in 18.04 vagrant box.