search

chainguard-images / images

Public Chainguard Images
https://chainguard.dev/chainguard-images
Apache License 2.0
543 stars 140 forks source link

Request to Include ext-ctype and ext-xml Extensions in PHP Chainguard Images #2056

Open IshtarStar opened 8 months ago

IshtarStar commented 8 months ago

Which image/versions are related to this issue/feature request?

php:latest-dev php:latest-fpm-dev php:latest-fpm php:latest

Issue/Feature description

Hello Chainguard Team,

I hope this message finds you well. I'm reaching out to suggest an enhancement to the PHP Chainguard images that I believe would greatly benefit the PHP developer community. Specifically, I propose adding the ext-ctype and ext-xml (not to be confused with ext-simplexml, which serves a different purpose) extensions to the PHP Chainguard images.

Here's a brief context: Running the command docker run --rm cgr.dev/chainguard/php --modules currently lists the following PHP modules:

[PHP Modules]
Core
curl
date
filter
hash
iconv
json
libxml
mbstring
mysqlnd
openssl
pcre
PDO
pdo_mysql
pdo_sqlite
Phar
random
readline
Reflection
session
sodium
SPL
sqlite3
standard
tokenizer
zlib

[Zend Modules]

As evident from this output, ext-ctype and ext-xml are not present. Here are my reasons for suggesting their inclusion:

  1. Essential for Symfony Compatibility Symfony, a popular PHP framework, relies on ext-ctype and ext-xml. Without these, developers face challenges in running Symfony-based applications, which rely on these extensions for character type checking and XML processing.

  2. Support for a Wide Range of PHP Applications Beyond Symfony, many PHP applications and libraries depend on these extensions for essential functionalities. Their inclusion would thus enhance the utility of the Chainguard images for a variety of PHP projects.

  3. Backward Compatibility Concerns The absence of these extensions in the Chainguard images complicates backward compatibility, particularly for projects transitioning to containerized environments. This inclusion would ease the transition and ensure ongoing support for these projects.

  4. Alignment with PHP Docker Standards Official PHP Docker images include these extensions. Aligning Chainguard images with these standards would ease transitions between environments and maintain consistency for PHP developers.

  5. Low Overhead, High Value Adding these extensions would incur minimal overhead in terms of image size and maintenance, while significantly enhancing functionality and developer experience.

The inclusion of ext-ctype and ext-xml would make the Chainguard images more versatile and user-friendly, particularly for developers working with legacy projects and frameworks like Symfony.

Thank you for considering this proposal. Your efforts in maintaining these images are highly valued, and this addition would be a substantial benefit for the PHP community.

Best regards, Marc

@erikaheidi @imjasonh FYI

erikaheidi commented 8 months ago

Deciding which extensions to include has been tricky, but I believe this is a legit request. Both extensions are widely used and it would be beneficial to support Symfony applications. Should I send a PR @imjasonh ?

imjasonh commented 7 months ago

Sorry I missed this message! Yeah @erikaheidi any changes you think we should make, send a PR and I'll take a look.

If there are more tests we can add to demonstrate what features we do/don't support, that would be helpful too. It'd also guard against accidental regression.

Thanks for raising this!

IshtarStar commented 7 months ago

@erikaheidi

I would like to ensure that the Chainguard PHP image aligns with the official Symfony documentation requirements, particularly in terms of the necessary PHP extensions. As per the Symfony docs (https://symfony.com/doc/current/setup.html), the following PHP extensions are essential and should be active for optimal performance and compatibility. Some Of them are already compiled eg. activated:

  1. Ctype
  2. iconv
  3. PCRE
  4. Session
  5. SimpleXML
  6. Tokenizer

These extensions are usually installed and enabled by default in most PHP 8 installations. I believe it would be beneficial for us to double-check and confirm their presence and activation in the Chainguard PHP image. This step will ensure that the image is fully compatible with the most frameworks that rely on these extensions.

Could we discuss the possibility of verifying and, if necessary, incorporating these extensions into the Chainguard PHP image?

erikaheidi commented 7 months ago

I think most of these are already available, but we'll double check! I am starting work on this issue.

erikaheidi commented 7 months ago

A quick update on this: I created a demo repository with a Docker Compose setup that runs a basic Symfony app. I wanted to do this to validate which extensions we will need. I did the same with a Laravel app.

Here are the extensions I needed to add:

These are all already available in Wolfi. I will send a PR to include them by default, but I will make some additional tests first.

IshtarStar commented 6 months ago

Hello everyone.

A month has already passed. Are there any further tasks or information available here? Is there anything I can do from my side? In the meantime, I am compiling my own CVE-free images for PHP, distroless.

Cheers

poseidonphp commented 3 weeks ago

There is another library that is needed to run things like Laravel Horizon (1st party Laravel package for queue management), which is pcntl_async_signals(). This is a PHP method that needs to exist on the image. I think this is the only remaining thing that is preventing me from using Chainguard (though I've not tested exhaustively yet).