tricky · thecaliskan · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 6, 2025
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -66,17 +66,9 @@ jobs:
       - name: Build and test in docker
         run: bash ci/test_dockerized.sh ${{ matrix.PHP_VERSION }} ${{ matrix.PHP_VERSION_FULL }} ${{ matrix.DOCKER_ARCHITECTURE }}
 
-      # We reuse the php base image because
-      # 1. It has any necessary dependencies installed for php 7.0-8.2
-      # 2. It is already downloaded
-      #
-      # We need to install valgrind then rebuild php from source with the configure option '--with-valgrind' to avoid valgrind false positives
-      # because php-src has inline assembly that causes false positives in valgrind when that option isn't used.
-      # The OS release in the PHP 7.0 image is too old to install valgrind without workarounds: https://stackoverflow.com/questions/76094428/debian-stretch-repositories-404-not-found
       - name: Build and test in docker again with valgrind
-        run: if [[ ${{ matrix.PHP_VERSION }} != '7.0' ]]; then bash ci/test_dockerized_valgrind.sh ${{ matrix.PHP_VERSION }} ${{ matrix.PHP_VERSION_FULL }} ${{ matrix.DOCKER_ARCHITECTURE }}; fi
-      # NOTE: tests report false positives for zend_string_equals in php 7.3+
-      # due to the use of inline assembly in php-src. (not related to igbinary)
+        run: bash ci/test_dockerized_valgrind.sh ${{ matrix.PHP_VERSION }} ${{ matrix.PHP_VERSION_FULL }} ${{ matrix.DOCKER_ARCHITECTURE }}
+
   windows:
     defaults:
       run:

diff --git a/ci/Dockerfile.valgrind b/ci/Dockerfile.valgrind
@@ -5,8 +5,8 @@ WORKDIR /code
 
 ADD ci/adjust-debian-apt-sources.sh ci/
 RUN ci/adjust-debian-apt-sources.sh
-RUN apt-get update && apt-get install -y valgrind && apt-get clean
-RUN apt-get install -y libcurl4-openssl-dev
+RUN set -eux; . /etc/os-release; apt-get update && apt-get install -y $( [ "x${ID:-linux}" = "xdebian" ] && [ "x${VERSION_ID:-0}" = "x9" ] && echo "--allow-unauthenticated" ) valgrind && apt-get clean
+RUN set -eux; . /etc/os-release; apt-get install -y $( [ "x${ID:-linux}" = "xdebian" ] && [ "x${VERSION_ID:-0}" = "x9" ] && echo "--allow-unauthenticated" ) libcurl4-openssl-dev
 
 ADD ci/install_php_custom.sh ci/generate_php_install_dir.sh ci/
 ARG PHP_VERSION_FULL
@@ -26,7 +26,7 @@ RUN ln -nsf $(ci/generate_php_install_dir.sh) /php-valgrind-install
 ENV PATH=/php-valgrind-install/bin:$PATH
 
 # Used for running tests in Docker
-# RUN apt-get update && apt-get install -y valgrind && apt-get clean
+# RUN set -eux; . /etc/os-release; apt-get update && apt-get install -y $( [ "x${ID:-linux}" = "xdebian" ] && [ "x${VERSION_ID:-0}" = "x9" ] && echo "--allow-unauthenticated" ) valgrind && apt-get clean
 # NOTE: In order to avoid valgrind false positives, this would need to compile php from source and configure php --with-valgrind (php-src's zend_string_equals uses inline assembly that causes false positives)
 # - ci/install_php_custom.sh and ci/generate_php_install_dir.sh may be a useful reference for that.
 ADD *.sh *.c *.h *.php *.md config.m4 config.w32 package.xml COPYING CREDITS NEWS igbinary.spec igbinary.php.ini ./

diff --git a/ci/adjust-debian-apt-sources.sh b/ci/adjust-debian-apt-sources.sh
@@ -5,9 +5,19 @@
 
 . /etc/os-release
 
-if [ "x${ID:-linux}" = "xdebian" -a "x${VERSION_CODENAME:-unknown}" = "xbuster" ] ; then
+if [ "x${ID:-linux}" = "xdebian" ] && [ "x${VERSION_ID:-0}" = "x10" ]; then
     echo "Adjusting APT sources for Debian Buster"
     sed -i 's|http://deb.debian.org/debian|http://archive.debian.org/debian|g' /etc/apt/sources.list
     sed -i 's|http://security.debian.org/debian-security|http://archive.debian.org/debian-security|g' /etc/apt/sources.list
-    echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/99no-check-valid-until
+fi
+
+if [ "x${ID:-linux}" = "xdebian" ] && [ "x${VERSION_ID:-0}" = "x9" ]; then
+    echo "Adjusting APT sources for Debian Stretch"
+    sed -i 's|http://deb.debian.org/debian|http://archive.debian.org/debian|g' /etc/apt/sources.list
+    sed -i 's|http://security.debian.org/debian-security|http://archive.debian.org/debian-security|g' /etc/apt/sources.list
+    echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf.d/99no-check-valid-until
+    echo 'Acquire::AllowInsecureRepositories "true";' >> /etc/apt/apt.conf.d/99no-check-valid-until
+	echo "Disabled stretch-updates and stretch-security in sources.list to prevent 404 errors"
+	sed -i 's|^deb .*stretch-updates|# &|g' /etc/apt/sources.list
+	sed -i 's|^deb .*stretch/updates|# &|g' /etc/apt/sources.list
 fi