Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make composer aware of the requirement for 64bits PHP #177

Merged
merged 1 commit into from
Apr 24, 2024
Merged

Make composer aware of the requirement for 64bits PHP #177

merged 1 commit into from
Apr 24, 2024

Conversation

stof
Copy link
Contributor

@stof stof commented Apr 24, 2024

this way, when running on a 32bits version of PHP, Composer will know it cannot use those releases (too bad this was not done in the 2.0.0 release)

@paragonie-security paragonie-security merged commit f65c829 into paragonie:master Apr 24, 2024
1 check failed
@paragonie-security
Copy link
Contributor

Not sure why appveyor is trying to run in the master branch.

Thanks, we were unaware of php-64bit. That will come in handy!

@paragonie-security
Copy link
Contributor

We're going to pull the 2.0,0 release from Packagist so nobody accidentally installs v2 on a 32-bit OS.

@stof stof deleted the patch-1 branch April 24, 2024 12:56
@stof
Copy link
Contributor Author

stof commented Apr 24, 2024

Note that the version for this php-64bit package is the same than for the php package (but only if your PHP is a 64 bits build). So there is 3 ways to use this requirement:

  1. keep the php requirement and use * as the php-64bit constraint (same than the recommended * constraint for ext-* packages for core PHP extensions)
  2. duplicate the php requirement in the php-64bit constraint
  3. keep only the php-64bit requirement (with the appropriate constraint)

I prefer option 1 (which is what I implemented here):

  • option 2 duplicates the requirement, making it easy to create a weird state when updating the PHP requirement (the actual PHP requirement ending up being a AND between both constraints)
  • option 3 is equivalent to option 1 as far as composer 2.5+ is concerned. However, other tooling (including the version guessing in composer require for Composer 2.4 and older) might rely on a php requirement without checking whether a php-64bit restricts the PHP version range as well (especially because requirements on php-64bit are not common and often unknown). So option 1 is safer than option 3 regarding support in various tools.

@stof
Copy link
Contributor Author

stof commented Apr 24, 2024

Maybe https://paragonie.com/blog/2024/04/release-sodium-compat-v2-and-future-our-polyfill-libraries should be updated to mention that composer also performs the check for the 64 bits requirement now.

@stof
Copy link
Contributor Author

stof commented Apr 24, 2024

@paragonie-security as you removed the 2.0.0 release, you should probably update the release notes of 2.0.1 to include all the informations from 2.0.0. Otherwise, there is no info anymore about the 2.0 changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stof @paragonie-security