sclorg · phracek · Aug 28, 2023 · Apr 18, 2023 · Aug 2, 2023 · Aug 25, 2023
diff --git a/8.0/Dockerfile.rhel9 b/8.0/Dockerfile.rhel9
@@ -60,6 +60,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \
  PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \
  PHP_FPM_CONF_FILE=www.conf \
  PHP_FPM_RUN_DIR=/run/php-fpm \
+ PHP_CLEAR_ENV=ON \
  PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \
  PHP_FPM_LOG_PATH=/var/log/php-fpm \
  HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \

diff --git a/8.0/README.md b/8.0/README.md
@@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p
 * **PHP_MEMORY_LIMIT**
  * Memory Limit
  * Default: 128M
+* **PHP_CLEAR_ENV**
+ * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php).
+ * Default: ON
 * **SESSION_NAME**
  * Name of the session
  * Default: PHPSESSID

diff --git a/8.0/root/usr/libexec/container-setup b/8.0/root/usr/libexec/container-setup
@@ -63,6 +63,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
 fi
 
 mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init

diff --git a/8.0/root/usr/share/container-scripts/php/common.sh b/8.0/root/usr/share/container-scripts/php/common.sh
@@ -44,7 +44,10 @@ config_general() {
  if [ -d "/run/php-fpm" ]; then
  sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
  sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
- sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in config_general"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
  else
  sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE}
  fi

diff --git a/8.0/s2i/bin/assemble b/8.0/s2i/bin/assemble
@@ -65,6 +65,11 @@ if [ -f composer.json ]; then
  fi
 fi
 
+if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+fi
+
 # post-assemble files
 process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/
 

diff --git a/8.0/s2i/bin/run b/8.0/s2i/bin/run
@@ -66,6 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in run script."
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
 
 fi
 

diff --git a/8.1/Dockerfile.rhel9 b/8.1/Dockerfile.rhel9
@@ -61,6 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \
  PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \
  PHP_FPM_CONF_FILE=www.conf \
  PHP_FPM_RUN_DIR=/run/php-fpm \
+ PHP_CLEAR_ENV=ON \
  PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \
  PHP_FPM_LOG_PATH=/var/log/php-fpm \
  HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \

diff --git a/8.1/README.md b/8.1/README.md
@@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p
 * **PHP_MEMORY_LIMIT**
  * Memory Limit
  * Default: 128M
+* **PHP_CLEAR_ENV**
+ * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php).
+ * Default: ON
 * **SESSION_NAME**
  * Name of the session
  * Default: PHPSESSID
@@ -221,7 +224,7 @@ You can also override the entire directory used to load the PHP configuration by
  * Sets the path to the php.ini file
 * **PHP_INI_SCAN_DIR**
  * Path to scan for additional ini configuration files
-
+ 
 You can override the Apache [MPM prefork](https://httpd.apache.org/docs/2.4/mod/mpm_common.html)
 settings to increase the performance for of the PHP application. In case you set
 some Cgroup limits, the image will attempt to automatically set the

diff --git a/8.1/root/usr/libexec/container-setup b/8.1/root/usr/libexec/container-setup
@@ -63,6 +63,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
+
 fi
 
 mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init

diff --git a/8.1/root/usr/share/container-scripts/php/common.sh b/8.1/root/usr/share/container-scripts/php/common.sh
@@ -44,7 +44,9 @@ config_general() {
  if [ -d "/run/php-fpm" ]; then
  sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
  sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
- sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
  else
  sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE}
  fi

diff --git a/8.1/s2i/bin/assemble b/8.1/s2i/bin/assemble
@@ -65,6 +65,11 @@ if [ -f composer.json ]; then
  fi
 fi
 
+if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+fi
+
 # post-assemble files
 process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/
 

diff --git a/8.1/s2i/bin/run b/8.1/s2i/bin/run
@@ -66,7 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
-
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
 fi
 
 # pre-start files

diff --git a/8.2/Dockerfile.rhel9 b/8.2/Dockerfile.rhel9
@@ -61,6 +61,7 @@ ENV PHP_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/php/ \
  PHP_FPM_CONF_D_PATH=/etc/php-fpm.d \
  PHP_FPM_CONF_FILE=www.conf \
  PHP_FPM_RUN_DIR=/run/php-fpm \
+ PHP_CLEAR_ENV=ON \
  PHP_MAIN_FPM_CONF_FILE=/etc/php-fpm.conf \
  PHP_FPM_LOG_PATH=/var/log/php-fpm \
  HTTPD_CONFIGURATION_PATH=${APP_ROOT}/etc/conf.d \

diff --git a/8.2/README.md b/8.2/README.md
@@ -180,6 +180,9 @@ The following environment variables set their equivalent property value in the p
 * **PHP_MEMORY_LIMIT**
  * Memory Limit
  * Default: 128M
+* **PHP_CLEAR_ENV**
+ * Sets to clear environment in FPM workers. See [FPM_CONFIGURATION](https://www.php.net/manual/en/install.fpm.configuration.php).
+ * Default: ON
 * **SESSION_NAME**
  * Name of the session
  * Default: PHPSESSID

diff --git a/8.2/root/usr/libexec/container-setup b/8.2/root/usr/libexec/container-setup
@@ -63,6 +63,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
 fi
 
 mkdir -p ${PHP_CONTAINER_SCRIPTS_PATH}/pre-init

diff --git a/8.2/root/usr/share/container-scripts/php/common.sh b/8.2/root/usr/share/container-scripts/php/common.sh
@@ -44,7 +44,10 @@ config_general() {
  if [ -d "/run/php-fpm" ]; then
  sed -i -E "/php_value\[session.save_path\]/d" ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
  sed -e '/catch_workers_output/d' -e '/error_log/d' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
- sed -e 's/^(clear_env)\s+.*/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
  else
  sed -i '/php_value session.save_/d' ${HTTPD_MAIN_CONF_D_PATH}/${PHP_HTTPD_CONF_FILE}
  fi

diff --git a/8.2/s2i/bin/assemble b/8.2/s2i/bin/assemble
@@ -65,6 +65,11 @@ if [ -f composer.json ]; then
  fi
 fi
 
+if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+fi
+
 # post-assemble files
 process_extending_files ./php-post-assemble/ ${PHP_CONTAINER_SCRIPTS_PATH}/post-assemble/
 

diff --git a/8.2/s2i/bin/run b/8.2/s2i/bin/run
@@ -66,7 +66,10 @@ if [ "x$PLATFORM" == "xel9" ] || [ "x$PLATFORM" == "xfedora" ]; then
  chmod -R a+rwx ${PHP_FPM_LOG_PATH}
  chown -R 1001:0 ${PHP_FPM_LOG_PATH}
  fi
-
+ if [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ echo "Setting clear_env to no in assemble script"
+ sed -e 's/^[;]*\s*clear_env\s*=.*$/clear_env = no/' -i ${PHP_FPM_CONF_D_PATH}/${PHP_FPM_CONF_FILE}
+ fi
 fi
 
 # pre-start files

diff --git a/test/run b/test/run
@@ -9,6 +9,7 @@
 test -n "${IMAGE_NAME-}" || false 'make sure $IMAGE_NAME is defined'
 test -n "${VERSION-}" || false 'make sure $VERSION is defined'
 
+
 TEST_LIST="\
 test_s2i_usage
 test_docker_run_usage
@@ -20,6 +21,10 @@ ct_npm_works
 test_build_from_dockerfile
 "
 
+TEST_CLEAR_ENV="\
+clear_env_set
+"
+
 # TODO: Make command compatible for Mac users
 test_dir="$(readlink -f $(dirname "${BASH_SOURCE[0]}"))"
 image_dir=$(readlink -f ${test_dir}/..)
@@ -46,7 +51,7 @@ container_ip() {
 }
 
 run_s2i_build() {
- ct_s2i_build_as_df file://${test_dir}/test-app ${IMAGE_NAME} ${IMAGE_NAME}-testapp ${s2i_args} $(ct_build_s2i_npm_variables)
+ ct_s2i_build_as_df file://${test_dir}/test-app ${IMAGE_NAME} ${IMAGE_NAME}-testapp ${s2i_args} $(ct_build_s2i_npm_variables) $1
 }
 
 prepare() {
@@ -157,8 +162,19 @@ test_config_writeable() {
  docker run --rm "${IMAGE_NAME}" /bin/bash -c "${run_cmd}"
 }
 
+test_clear_env_setup() {
+ local run_cmd="[ -f /etc/php-fpm.d/www.conf ] && grep \"^clear_env = no\" /etc/php-fpm.d/www.conf"
+
+ info "Checking if clear_env = no is set in /etc/php-fpm.d/www.conf file."
+ docker run --rm "${IMAGE_NAME}-testapp" /bin/bash -c "${run_cmd}"
+}
+
+clear_env_set() {
+ PHP_CLEAR_ENV=OFF test_application
+}
+
+
 test_application() {
- set -x
  cid_file=$CID_FILE_DIR/$(mktemp -u -p . --suffix .cid)
  # Verify that the HTTP connection can be established to test application container
  run_test_application &
@@ -181,6 +197,11 @@ test_application() {
 
  test_config_writeable
  ct_check_testcase_result $?
+
+ if [ "${OS}" == "rhel9" ] && [ "${PHP_CLEAR_ENV:-ON}" == "OFF" ]; then
+ test_clear_env_setup
+ ct_check_testcase_result $?
+ fi
 }
 
 test_application_user() {
@@ -229,9 +250,14 @@ ct_init
 # Since we built the candidate image locally, we don't want S2I attempt to pull
 # it from Docker hub
 s2i_args="--pull-policy=never"
-
+#
 prepare
 run_s2i_build
 ct_check_testcase_result $?
 
 TEST_SET=${TESTS:-$TEST_LIST} ct_run_tests_from_testset "php_tests"
+
+run_s2i_build "-e PHP_CLEAR_ENV=OFF"
+ct_check_testcase_result $?
+
+TEST_SET=${TESTS:-$TEST_CLEAR_ENV} ct_run_tests_from_testset "clear_env_set"