From 079823caa1dbef01eebc9e75985cb26f91e2a58a Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Tue, 18 Apr 2023 11:34:16 +0200 Subject: [PATCH 1/4] Add variable PHP_CLEAR_ENV for allowing cleaning ENV. Closes #403 Setting variable PHP_CLEAR_ENV clears environment in FPM workers. Prevents arbitrary environment variables from reaching FPM worker processes by clearing the environment in workers before env vars specified in this pool configuration are added. Default value: no. Signed-off-by: Petr "Stone" Hracek --- 8.0/Dockerfile.rhel9 | 1 + 8.0/README.md | 3 ++ 8.0/root/usr/libexec/container-setup | 5 +++ .../usr/share/container-scripts/php/common.sh | 5 ++- 8.0/s2i/bin/assemble | 5 +++ 8.0/s2i/bin/run | 4 +++ 8.1/Dockerfile.rhel9 | 1 + 8.1/README.md | 5 ++- 8.1/root/usr/libexec/container-setup | 6 ++++ .../usr/share/container-scripts/php/common.sh | 6 +++- 8.1/s2i/bin/assemble | 5 +++ 8.1/s2i/bin/run | 5 ++- test/run | 32 +++++++++++++++++-- 13 files changed, 76 insertions(+), 7 deletions(-) diff --git a/8.0/Dockerfile.rhel9 b/8.0/Dockerfile.rhel9 index 74a3e1260..c438674d5 100644 --- a/8.0/Dockerfile.rhel9 +++ b/8.0/Dockerfile.rhel9 @@ -60,6 +60,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \ PHP_FPM_CONF_FILE=www.conf \ PHP_FPM_RUN_DIR=/run/php-fpm \ + PHP_CLEAR_ENV=true \ PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \ PHP_FPM_LOG_PATH=/var/log/php-fpm \ HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ diff --git a/8.0/README.md b/8.0/README.md index d933482a6..7460c419e 100644 --- a/8.0/README.md +++ b/8.0/README.md @@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p * **PHP_MEMORY_LIMIT** * Memory Limit * Default: 128M +* **PHP_CLEAR_ENV** + * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php). + * Default: ON * **SESSION_NAME** * Name of the session * Default: PHPSESSID diff --git a/8.0/root/usr/libexec/container-setup b/8.0/root/usr/libexec/container-setup index 4cc645f39..decbf8a83 100755 --- a/8.0/root/usr/libexec/container-setup +++ b/8.0/root/usr/libexec/container-setup @@ -59,10 +59,15 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then mkdir -p ${PHP_FPM_RUN_DIR} chmod -R a+rwx ${PHP_FPM_RUN_DIR} chown -R 1001:0 ${PHP_FPM_RUN_DIR} + chmod a+rwx ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + chmod -R a+rwx ${PHP_FPM_CONF_D_PATH} mkdir -p ${PHP_FPM_LOG_PATH} chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi fi mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init diff --git a/8.0/root/usr/share/container-scripts/php/common.sh b/8.0/root/usr/share/container-scripts/php/common.sh index 2145dfcca..1d5878705 100644 --- a/8.0/root/usr/share/container-scripts/php/common.sh +++ b/8.0/root/usr/share/container-scripts/php/common.sh @@ -44,7 +44,10 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "Setting clear_env to no in config_general" + sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} fi diff --git a/8.0/s2i/bin/assemble b/8.0/s2i/bin/assemble index 26c41b382..4f6542bd1 100755 --- a/8.0/s2i/bin/assemble +++ b/8.0/s2i/bin/assemble @@ -65,6 +65,11 @@ if [ -f composer.json ]; then fi fi +if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "Setting clear_env to no in assemble script" + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} +fi + # post-assemble files process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ diff --git a/8.0/s2i/bin/run b/8.0/s2i/bin/run index b4d973831..c955f2843 100755 --- a/8.0/s2i/bin/run +++ b/8.0/s2i/bin/run @@ -66,6 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "Setting clear_env to no in run script." + sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi fi diff --git a/8.1/Dockerfile.rhel9 b/8.1/Dockerfile.rhel9 index 6d64d6886..4a4188a59 100644 --- a/8.1/Dockerfile.rhel9 +++ b/8.1/Dockerfile.rhel9 @@ -61,6 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \ PHP_FPM_CONF_FILE=www.conf \ PHP_FPM_RUN_DIR=/run/php-fpm \ + PHP_CLEAR_ENV=true \ PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \ PHP_FPM_LOG_PATH=/var/log/php-fpm \ HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ diff --git a/8.1/README.md b/8.1/README.md index 6b4a6345a..74d3f63c4 100644 --- a/8.1/README.md +++ b/8.1/README.md @@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p * **PHP_MEMORY_LIMIT** * Memory Limit * Default: 128M +* **PHP_CLEAR_ENV** + * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php). + * Default: ON * **SESSION_NAME** * Name of the session * Default: PHPSESSID @@ -221,7 +224,7 @@ You can also override the entire directory used to load the PHP configuration by * Sets the path to the php.ini file * **PHP_INI_SCAN_DIR** * Path to scan for additional ini configuration files - + You can override the Apache [MPM prefork](https://httpd.apache.org/docs/2.4/mod/mpm_common.html) settings to increase the performance for of the PHP application. In case you set some Cgroup limits, the image will attempt to automatically set the diff --git a/8.1/root/usr/libexec/container-setup b/8.1/root/usr/libexec/container-setup index 4cc645f39..5d3954ae2 100755 --- a/8.1/root/usr/libexec/container-setup +++ b/8.1/root/usr/libexec/container-setup @@ -59,10 +59,16 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then mkdir -p ${PHP_FPM_RUN_DIR} chmod -R a+rwx ${PHP_FPM_RUN_DIR} chown -R 1001:0 ${PHP_FPM_RUN_DIR} + chmod a+rwx ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + chmod -R a+rwx ${PHP_FPM_CONF_D_PATH} mkdir -p ${PHP_FPM_LOG_PATH} chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi + fi mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init diff --git a/8.1/root/usr/share/container-scripts/php/common.sh b/8.1/root/usr/share/container-scripts/php/common.sh index 2145dfcca..ee191ca4c 100644 --- a/8.1/root/usr/share/container-scripts/php/common.sh +++ b/8.1/root/usr/share/container-scripts/php/common.sh @@ -44,7 +44,11 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-false}" == "true" ]; then + sed -e 's/^(clear_env)\s+.*/clear_env = yes/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + else + sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} fi diff --git a/8.1/s2i/bin/assemble b/8.1/s2i/bin/assemble index 26c41b382..4f6542bd1 100755 --- a/8.1/s2i/bin/assemble +++ b/8.1/s2i/bin/assemble @@ -65,6 +65,11 @@ if [ -f composer.json ]; then fi fi +if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "Setting clear_env to no in assemble script" + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} +fi + # post-assemble files process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ diff --git a/8.1/s2i/bin/run b/8.1/s2i/bin/run index b4d973831..4224f6e26 100755 --- a/8.1/s2i/bin/run +++ b/8.1/s2i/bin/run @@ -66,7 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "Setting clear_env to no in run script." + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi fi # pre-start files diff --git a/test/run b/test/run index 9a8bda67a..e50c49e50 100755 --- a/test/run +++ b/test/run @@ -9,6 +9,7 @@ test -n "${IMAGE_NAME-}" || false 'make sure $IMAGE_NAME is defined' test -n "${VERSION-}" || false 'make sure $VERSION is defined' + TEST_LIST="\ test_s2i_usage test_docker_run_usage @@ -20,6 +21,10 @@ ct_npm_works test_build_from_dockerfile " +TEST_CLEAR_ENV="\ +clear_env_set +" + # TODO: Make command compatible for Mac users test_dir="$(readlink -f $(dirname "${BASH_SOURCE[0]}"))" image_dir=$(readlink -f ${test_dir}/..) @@ -46,7 +51,7 @@ container_ip() { } run_s2i_build() { - ct_s2i_build_as_df file://${test_dir}/test-app ${IMAGE_NAME} ${IMAGE_NAME}-testapp ${s2i_args} $(ct_build_s2i_npm_variables) + ct_s2i_build_as_df file://${test_dir}/test-app ${IMAGE_NAME} ${IMAGE_NAME}-testapp ${s2i_args} $(ct_build_s2i_npm_variables) $1 } prepare() { @@ -157,8 +162,19 @@ test_config_writeable() { docker run --rm "${IMAGE_NAME}" /bin/bash -c "${run_cmd}" } +test_clear_env_setup() { + local run_cmd="[ -f /etc/php-fpm.d/www.conf ] && grep \"^clear_env = no\" /etc/php-fpm.d/www.conf" + + info "Checking if clear_env = no is set in /etc/php-fpm.d/www.conf file." + docker run --rm "${IMAGE_NAME}-testapp" /bin/bash -c "${run_cmd}" +} + +clear_env_set() { + PHP_CLEAR_ENV=false test_application +} + + test_application() { - set -x cid_file=$CID_FILE_DIR/$(mktemp -u -p . --suffix .cid) # Verify that the HTTP connection can be established to test application container run_test_application & @@ -181,6 +197,11 @@ test_application() { test_config_writeable ct_check_testcase_result $? + + if [ "${OS}" == "rhel9" ] && [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + test_clear_env_setup + ct_check_testcase_result $? + fi } test_application_user() { @@ -229,9 +250,14 @@ ct_init # Since we built the candidate image locally, we don't want S2I attempt to pull # it from Docker hub s2i_args="--pull-policy=never" - +# prepare run_s2i_build ct_check_testcase_result $? TEST_SET=${TESTS:-$TEST_LIST} ct_run_tests_from_testset "php_tests" + +run_s2i_build "-e PHP_CLEAR_ENV=false" +ct_check_testcase_result $? + +TEST_SET=${TESTS:-$TEST_CLEAR_ENV} ct_run_tests_from_testset "clear_env_set" From 1a37831f6fbc841bd6af429940778dedb1212be7 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Wed, 2 Aug 2023 12:50:37 +0200 Subject: [PATCH 2/4] Fixed issues caught by review Signed-off-by: Petr "Stone" Hracek --- 8.0/root/usr/share/container-scripts/php/common.sh | 2 +- 8.0/s2i/bin/run | 2 +- 8.1/root/usr/share/container-scripts/php/common.sh | 6 ++---- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/8.0/root/usr/share/container-scripts/php/common.sh b/8.0/root/usr/share/container-scripts/php/common.sh index 1d5878705..a90257622 100644 --- a/8.0/root/usr/share/container-scripts/php/common.sh +++ b/8.0/root/usr/share/container-scripts/php/common.sh @@ -46,7 +46,7 @@ config_general() { sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then echo "Setting clear_env to no in config_general" - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} diff --git a/8.0/s2i/bin/run b/8.0/s2i/bin/run index c955f2843..a5ec75b4b 100755 --- a/8.0/s2i/bin/run +++ b/8.0/s2i/bin/run @@ -68,7 +68,7 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then fi if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then echo "Setting clear_env to no in run script." - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi fi diff --git a/8.1/root/usr/share/container-scripts/php/common.sh b/8.1/root/usr/share/container-scripts/php/common.sh index ee191ca4c..2356b0efe 100644 --- a/8.1/root/usr/share/container-scripts/php/common.sh +++ b/8.1/root/usr/share/container-scripts/php/common.sh @@ -44,10 +44,8 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - if [ "${PHP_CLEAR_ENV:-false}" == "true" ]; then - sed -e 's/^(clear_env)\s+.*/clear_env = yes/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - else - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} From 0369b9d06f7460c98ed6f42e9a16a02537daf194 Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Fri, 25 Aug 2023 13:56:41 +0200 Subject: [PATCH 3/4] Rename default value from false/true to ON/OFF Add sed command instead of echo. Thanks to @remicollet Signed-off-by: Petr "Stone" Hracek --- 8.0/Dockerfile.rhel9 | 2 +- 8.0/root/usr/libexec/container-setup | 7 +++---- 8.0/root/usr/share/container-scripts/php/common.sh | 4 ++-- 8.0/s2i/bin/assemble | 4 ++-- 8.0/s2i/bin/run | 4 ++-- 8.1/Dockerfile.rhel9 | 2 +- 8.1/root/usr/libexec/container-setup | 6 ++---- 8.1/root/usr/share/container-scripts/php/common.sh | 4 ++-- 8.1/s2i/bin/assemble | 4 ++-- 8.1/s2i/bin/run | 6 +++--- 8.2/Dockerfile.rhel9 | 1 + 8.2/README.md | 3 +++ 8.2/root/usr/libexec/container-setup | 4 ++++ 8.2/root/usr/share/container-scripts/php/common.sh | 5 ++++- 8.2/s2i/bin/assemble | 5 +++++ 8.2/s2i/bin/run | 5 ++++- test/run | 4 ++-- 17 files changed, 43 insertions(+), 27 deletions(-) diff --git a/8.0/Dockerfile.rhel9 b/8.0/Dockerfile.rhel9 index c438674d5..376238939 100644 --- a/8.0/Dockerfile.rhel9 +++ b/8.0/Dockerfile.rhel9 @@ -60,7 +60,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \ PHP_FPM_CONF_FILE=www.conf \ PHP_FPM_RUN_DIR=/run/php-fpm \ - PHP_CLEAR_ENV=true \ + PHP_CLEAR_ENV=ON \ PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \ PHP_FPM_LOG_PATH=/var/log/php-fpm \ HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ diff --git a/8.0/root/usr/libexec/container-setup b/8.0/root/usr/libexec/container-setup index decbf8a83..46364daba 100755 --- a/8.0/root/usr/libexec/container-setup +++ b/8.0/root/usr/libexec/container-setup @@ -59,14 +59,13 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then mkdir -p ${PHP_FPM_RUN_DIR} chmod -R a+rwx ${PHP_FPM_RUN_DIR} chown -R 1001:0 ${PHP_FPM_RUN_DIR} - chmod a+rwx ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - chmod -R a+rwx ${PHP_FPM_CONF_D_PATH} mkdir -p ${PHP_FPM_LOG_PATH} chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi fi diff --git a/8.0/root/usr/share/container-scripts/php/common.sh b/8.0/root/usr/share/container-scripts/php/common.sh index a90257622..6c19f1d30 100644 --- a/8.0/root/usr/share/container-scripts/php/common.sh +++ b/8.0/root/usr/share/container-scripts/php/common.sh @@ -44,9 +44,9 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then echo "Setting clear_env to no in config_general" - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} diff --git a/8.0/s2i/bin/assemble b/8.0/s2i/bin/assemble index 4f6542bd1..663f7c5f1 100755 --- a/8.0/s2i/bin/assemble +++ b/8.0/s2i/bin/assemble @@ -65,9 +65,9 @@ if [ -f composer.json ]; then fi fi -if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then +if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then echo "Setting clear_env to no in assemble script" - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi # post-assemble files diff --git a/8.0/s2i/bin/run b/8.0/s2i/bin/run index a5ec75b4b..eb590ed7c 100755 --- a/8.0/s2i/bin/run +++ b/8.0/s2i/bin/run @@ -66,9 +66,9 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then echo "Setting clear_env to no in run script." - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi fi diff --git a/8.1/Dockerfile.rhel9 b/8.1/Dockerfile.rhel9 index 4a4188a59..bdd798875 100644 --- a/8.1/Dockerfile.rhel9 +++ b/8.1/Dockerfile.rhel9 @@ -61,7 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \ PHP_FPM_CONF_FILE=www.conf \ PHP_FPM_RUN_DIR=/run/php-fpm \ - PHP_CLEAR_ENV=true \ + PHP_CLEAR_ENV=ON \ PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \ PHP_FPM_LOG_PATH=/var/log/php-fpm \ HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ diff --git a/8.1/root/usr/libexec/container-setup b/8.1/root/usr/libexec/container-setup index 5d3954ae2..2e546ed1b 100755 --- a/8.1/root/usr/libexec/container-setup +++ b/8.1/root/usr/libexec/container-setup @@ -59,14 +59,12 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then mkdir -p ${PHP_FPM_RUN_DIR} chmod -R a+rwx ${PHP_FPM_RUN_DIR} chown -R 1001:0 ${PHP_FPM_RUN_DIR} - chmod a+rwx ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - chmod -R a+rwx ${PHP_FPM_CONF_D_PATH} mkdir -p ${PHP_FPM_LOG_PATH} chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi fi diff --git a/8.1/root/usr/share/container-scripts/php/common.sh b/8.1/root/usr/share/container-scripts/php/common.sh index 2356b0efe..dbf5f4df9 100644 --- a/8.1/root/usr/share/container-scripts/php/common.sh +++ b/8.1/root/usr/share/container-scripts/php/common.sh @@ -44,8 +44,8 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} diff --git a/8.1/s2i/bin/assemble b/8.1/s2i/bin/assemble index 4f6542bd1..663f7c5f1 100755 --- a/8.1/s2i/bin/assemble +++ b/8.1/s2i/bin/assemble @@ -65,9 +65,9 @@ if [ -f composer.json ]; then fi fi -if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then +if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then echo "Setting clear_env to no in assemble script" - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi # post-assemble files diff --git a/8.1/s2i/bin/run b/8.1/s2i/bin/run index 4224f6e26..c701f523d 100755 --- a/8.1/s2i/bin/run +++ b/8.1/s2i/bin/run @@ -66,9 +66,9 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - if [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then - echo "Setting clear_env to no in run script." - echo "clear_env = no" >> ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} fi fi diff --git a/8.2/Dockerfile.rhel9 b/8.2/Dockerfile.rhel9 index 7d8df973e..86e93c301 100644 --- a/8.2/Dockerfile.rhel9 +++ b/8.2/Dockerfile.rhel9 @@ -61,6 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \ PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \ PHP_FPM_CONF_FILE=www.conf \ PHP_FPM_RUN_DIR=/run/php-fpm \ + PHP_CLEAR_ENV=ON \ PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \ PHP_FPM_LOG_PATH=/var/log/php-fpm \ HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \ diff --git a/8.2/README.md b/8.2/README.md index f581b5fc3..98ba293dc 100644 --- a/8.2/README.md +++ b/8.2/README.md @@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p * **PHP_MEMORY_LIMIT** * Memory Limit * Default: 128M +* **PHP_CLEAR_ENV** + * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php). + * Default: ON * **SESSION_NAME** * Name of the session * Default: PHPSESSID diff --git a/8.2/root/usr/libexec/container-setup b/8.2/root/usr/libexec/container-setup index 4cc645f39..46364daba 100755 --- a/8.2/root/usr/libexec/container-setup +++ b/8.2/root/usr/libexec/container-setup @@ -63,6 +63,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi fi mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init diff --git a/8.2/root/usr/share/container-scripts/php/common.sh b/8.2/root/usr/share/container-scripts/php/common.sh index 2145dfcca..12af226f4 100644 --- a/8.2/root/usr/share/container-scripts/php/common.sh +++ b/8.2/root/usr/share/container-scripts/php/common.sh @@ -44,7 +44,10 @@ config_general() { if [ -d "/run/php-fpm" ]; then sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} - sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi else sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE} fi diff --git a/8.2/s2i/bin/assemble b/8.2/s2i/bin/assemble index 26c41b382..663f7c5f1 100755 --- a/8.2/s2i/bin/assemble +++ b/8.2/s2i/bin/assemble @@ -65,6 +65,11 @@ if [ -f composer.json ]; then fi fi +if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} +fi + # post-assemble files process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/ diff --git a/8.2/s2i/bin/run b/8.2/s2i/bin/run index b4d973831..c701f523d 100755 --- a/8.2/s2i/bin/run +++ b/8.2/s2i/bin/run @@ -66,7 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then chmod -R a+rwx ${PHP_FPM_LOG_PATH} chown -R 1001:0 ${PHP_FPM_LOG_PATH} fi - + if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then + echo "Setting clear_env to no in assemble script" + sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE} + fi fi # pre-start files diff --git a/test/run b/test/run index e50c49e50..aa4c79e20 100755 --- a/test/run +++ b/test/run @@ -170,7 +170,7 @@ test_clear_env_setup() { } clear_env_set() { - PHP_CLEAR_ENV=false test_application + PHP_CLEAR_ENV=OFF test_application } @@ -257,7 +257,7 @@ ct_check_testcase_result $? TEST_SET=${TESTS:-$TEST_LIST} ct_run_tests_from_testset "php_tests" -run_s2i_build "-e PHP_CLEAR_ENV=false" +run_s2i_build "-e PHP_CLEAR_ENV=OFF" ct_check_testcase_result $? TEST_SET=${TESTS:-$TEST_CLEAR_ENV} ct_run_tests_from_testset "clear_env_set" From 5eabbed6c96b43acff2eb8173b55eb723f9ec3fe Mon Sep 17 00:00:00 2001 From: "Petr \"Stone\" Hracek" Date: Mon, 28 Aug 2023 10:44:57 +0200 Subject: [PATCH 4/4] Check if PHP_CLEAR_ENV is set in tests as well. Signed-off-by: Petr "Stone" Hracek --- test/run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/run b/test/run index aa4c79e20..cc9000429 100755 --- a/test/run +++ b/test/run @@ -198,7 +198,7 @@ test_application() { test_config_writeable ct_check_testcase_result $? - if [ "${OS}" == "rhel9" ] && [ "${PHP_CLEAR_ENV:-true}" == "false" ]; then + if [ "${OS}" == "rhel9" ] && [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then test_clear_env_setup ct_check_testcase_result $? fi