search

docker-library / php

Docker Official Image packaging for PHP
https://php.net
MIT License
3.77k stars 2k forks source link

8.1-fpm-alpine3.18 can no longer connect to pecl #1469

Closed afilina closed 6 months ago

afilina commented 7 months ago

Hi,

I am no longer able to ping pecl.php.net from the container. This started 2 days ago. Npthing changed in our environment, except that I see a new push to 8.1-fpm-alpine3.18 3 days ago. What changed that could have led to this problem, and how can we fix it?

Thanks.

tianon commented 7 months ago

I wonder if this is somehow related to https://github.com/docker-library/php/issues/1134?

However, I can't reproduce a failure:

$ docker run -it --rm --pull=always php:8.1-fpm-alpine3.18 sh
8.1-fpm-alpine3.18: Pulling from library/php
Digest: sha256:beaee547c2d1abcccffc2abf5cf4d27de90d7d816345ff9c64ca13ff0d119c8d
Status: Image is up to date for php:8.1-fpm-alpine3.18
/var/www/html # pecl remote-info bz2
Package details:
================
Latest          1.0
Installed       - no -
Package         bz2
License         PHP License
Category        File Formats
Summary         A Bzip2 management extension
Description     Bz2 is an extension to create and parse bzip2
                compressed data.
Deprecated! use channel://http://php.net/bzip2/ext/bz2
afilina commented 7 months ago

Yes, it looks like a similar issue, except that it's a more recent PHP version and the issue started happening overnight, while it was working for many years until then.

LaurentGoderre commented 7 months ago

@afilina I wonder if it's more a change in Alpine rather than anything to do with a specific PHP version.

tianon commented 7 months ago

Can you provide a specific command that replicates the error you're seeing? (as noted above, I wasn't able to reproduce a failure)

afilina commented 6 months ago

@LaurentGoderre Yes, this is very likely. However, I would expect a pinned Docker image to remain unaffected, but it was updated a few days before the error started showing up. This means that there's no reasonable way for me to have a reproducible local env. At least if I understand the underlying issue correctly.

afilina commented 6 months ago

Can you provide a specific command that replicates the error you're seeing? (as noted above, I wasn't able to reproduce a failure)

Just ping pecl.php.net as I said in the original post. It was working and then it stopped, coinciding with an upstream update that was pushed to this legacy image (based on what I see on Docker Hub).

LaurentGoderre commented 6 months ago

@afilina pinning to a tag doesn't guarantee immutability because we are constantly updating the base OS to address vulnerabilties. If you want immutability you pin to a specific SHA but then you wouldn't be getting the vulnerability updates.

LaurentGoderre commented 6 months ago

@afilina here is what I get locally

docker run --rm --entrypoint ping php:8.1-fpm-alpine3.18 pecl.php.net
PING pecl.php.net (104.236.228.160): 56 data bytes
64 bytes from 104.236.228.160: seq=0 ttl=63 time=33.530 ms
64 bytes from 104.236.228.160: seq=1 ttl=63 time=54.114 ms
64 bytes from 104.236.228.160: seq=2 ttl=63 time=56.521 ms

^C
--- pecl.php.net ping statistics ---
37 packets transmitted, 37 packets received, 0% packet loss
round-trip min/avg/max = 30.407/51.567/164.128 ms
afilina commented 6 months ago

@LaurentGoderre Ok, so maybe something else changed in my environment that's causing this. I will investigate on our end with a specific SHA to better isolate the cause. I don't think I'll pin it to a SHA, since the vulnerability patches are definitely important.

Since it clearly works for multiple people, I will close this issue.