Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8.1-fpm-alpine3.18 can no longer connect to pecl #1469

Closed
afilina opened this issue Nov 30, 2023 · 9 comments
Closed

8.1-fpm-alpine3.18 can no longer connect to pecl #1469

afilina opened this issue Nov 30, 2023 · 9 comments

Comments

@afilina
Copy link

afilina commented Nov 30, 2023

Hi,

I am no longer able to ping pecl.php.net from the container. This started 2 days ago. Npthing changed in our environment, except that I see a new push to 8.1-fpm-alpine3.18 3 days ago. What changed that could have led to this problem, and how can we fix it?

Thanks.

@tianon
Copy link
Member

tianon commented Nov 30, 2023

I wonder if this is somehow related to #1134?

However, I can't reproduce a failure:

$ docker run -it --rm --pull=always php:8.1-fpm-alpine3.18 sh
8.1-fpm-alpine3.18: Pulling from library/php
Digest: sha256:beaee547c2d1abcccffc2abf5cf4d27de90d7d816345ff9c64ca13ff0d119c8d
Status: Image is up to date for php:8.1-fpm-alpine3.18
/var/www/html # pecl remote-info bz2
Package details:
================
Latest          1.0
Installed       - no -
Package         bz2
License         PHP License
Category        File Formats
Summary         A Bzip2 management extension
Description     Bz2 is an extension to create and parse bzip2
                compressed data.
Deprecated! use channel://http://php.net/bzip2/ext/bz2

@afilina
Copy link
Author

afilina commented Dec 1, 2023

Yes, it looks like a similar issue, except that it's a more recent PHP version and the issue started happening overnight, while it was working for many years until then.

@LaurentGoderre
Copy link
Member

@afilina I wonder if it's more a change in Alpine rather than anything to do with a specific PHP version.

@tianon
Copy link
Member

tianon commented Dec 13, 2023

Can you provide a specific command that replicates the error you're seeing? (as noted above, I wasn't able to reproduce a failure)

@afilina
Copy link
Author

afilina commented Dec 15, 2023

@LaurentGoderre Yes, this is very likely. However, I would expect a pinned Docker image to remain unaffected, but it was updated a few days before the error started showing up. This means that there's no reasonable way for me to have a reproducible local env. At least if I understand the underlying issue correctly.

@afilina
Copy link
Author

afilina commented Dec 15, 2023

Can you provide a specific command that replicates the error you're seeing? (as noted above, I wasn't able to reproduce a failure)

Just ping pecl.php.net as I said in the original post. It was working and then it stopped, coinciding with an upstream update that was pushed to this legacy image (based on what I see on Docker Hub).

@LaurentGoderre
Copy link
Member

@afilina pinning to a tag doesn't guarantee immutability because we are constantly updating the base OS to address vulnerabilties. If you want immutability you pin to a specific SHA but then you wouldn't be getting the vulnerability updates.

@LaurentGoderre
Copy link
Member

LaurentGoderre commented Dec 18, 2023

@afilina here is what I get locally

docker run --rm --entrypoint ping php:8.1-fpm-alpine3.18 pecl.php.net
PING pecl.php.net (104.236.228.160): 56 data bytes
64 bytes from 104.236.228.160: seq=0 ttl=63 time=33.530 ms
64 bytes from 104.236.228.160: seq=1 ttl=63 time=54.114 ms
64 bytes from 104.236.228.160: seq=2 ttl=63 time=56.521 ms

^C
--- pecl.php.net ping statistics ---
37 packets transmitted, 37 packets received, 0% packet loss
round-trip min/avg/max = 30.407/51.567/164.128 ms

@afilina
Copy link
Author

afilina commented Dec 22, 2023

@LaurentGoderre Ok, so maybe something else changed in my environment that's causing this. I will investigate on our end with a specific SHA to better isolate the cause. I don't think I'll pin it to a SHA, since the vulnerability patches are definitely important.

Since it clearly works for multiple people, I will close this issue.

@afilina afilina closed this as completed Dec 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants