Opened 6 months ago

Last modified 71 minutes ago

#69930 accepted enhancement

php82-mysql, php83-mysql: Add mysql8 variant

Reported by: clouseau (John VanDyk) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version: 2.9.3
Keywords: Cc: radarhere (Andrew Murray)
Port: php82-mysql, php83-mysql

Description

The php81-mysql port has a variety of variants that include mutually exclusive libraries for mariadb, mysql57, mysql8, etc. These are are listed in the "Loaded plugins" row under the mysqlnd section of phpinfo().

The php82-mysql port has only debug and universal variants. The default variant does not install the auth_plugin_caching_sha2_password,auth_plugin_sha256_password mysqlnd plugins that are installed, for example, with port install php81-mysql +mysql8.

Thus, php82 with php82-mysql on MacPorts is currently not usable with MySQL 8 default password authentication (caching_sha2_password) resulting in "The server requested authentication method unknown to the client [caching_sha2_password]".

We would be grateful if a mysql8 variant of php82-mysql could be created.

Change History (13)

comment:1 Changed 6 months ago by ryandesign (Ryan Carsten Schmidt)

Port: php83-mysql added
Status: assignedaccepted
Summary: Add mysql8 variantphp82-mysql, php83-mysql: Add mysql8 variant

The MacPorts php82-mysql port installs both the mysqli and pdo_mysql extensions. Which one does your PHP code use?

As of PHP 8.2.0alpha3, trying to configure the mysqli extension to use an external MySQL client library produced this error:

configure: error: Linking mysqli against external library is no longer supported

I assumed that this also applied to pdo_mysql which was why I removed the MySQL variants for php82-mysql and later and forced the port to use mysqlnd—the built-in MySQL Native Driver—only.

However, I now see that for pdo_mysql the ability to use an external MySQL client library still exists, so I should reinstate the variants for that part. That won't help, of course, if your PHP code uses mysqli.

comment:2 Changed 6 months ago by clouseau (John VanDyk)

I'm using Drupal which uses PDO.

comment:3 Changed 6 months ago by ryandesign (Ryan Carsten Schmidt)

In 29abb72a2c72b26e3a27711eb0aab0e635df3a01/macports-ports (master):

php82-mysql, php83-mysql: Reinstate mysql variants

I had removed the mysql variants as of 8.2.0alpha3 because I thought
using an external MySQL client library was no longer possible, but in
fact it was only no longer possible for mysqli; it is still possible
for pdo_mysql.

See: #69930

comment:4 Changed 6 months ago by clouseau (John VanDyk)

Thank you. However, with this change we are still at the point where installation results in missing plugins, so that PHP >8.1 on MacPorts does not support the default caching_sha2_password authentication method of MySQL 8.

Macports (port install php82-mysql +mysql8):

/opt/local/bin/php82 -i | grep 'Loaded plugins'
Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password

Homebrew (brew install shivammathur/php/php@8.2):

/opt/homebrew/bin/php -i | grep 'Loaded plugins'
Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password

RHEL 9.4 with PHP 8.2.13:

/usr/bin/php -i | grep 'Loaded plugins'
Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password

comment:5 Changed 6 months ago by radarhere (Andrew Murray)

Cc: radarhere added

comment:6 Changed 6 months ago by ryandesign (Ryan Carsten Schmidt)

Right now mysql8 is broken due to #70001. Further investigation of this php issue will have to wait until that is resolved.

comment:7 Changed 5 months ago by radarhere (Andrew Murray)

#70001 has now been resolved.

Last edited 5 months ago by radarhere (Andrew Murray) (previous) (diff)

comment:8 Changed 5 months ago by ryandesign (Ryan Carsten Schmidt)

My understanding now, after reading an extended FreeBSD discussion on this topic, is that php itself must be compiled with the openssl extension integrated in order for this to work. MacPorts currently offers the openssl php extension as a separately installable port, and this apparently is not sufficient for this to work. FreeBSD has removed their separately-installable openssl php extension package and integrated it into php for versions 8.0 and later. We could do that too; we already integrate some other essential extensions like xml. I would have to investigate what the situation is for earlier php versions. It may be that they cannot support this at all, in which case we might keep the separate openssl ports for those php versions.

comment:9 Changed 4 weeks ago by jmpalacios (Juan Manuel Palacios)

Hey @ryandesign! Has there been any progress on this? I'd be interested in getting it working, so let me know if I can help any.

Thanks!

comment:10 Changed 4 weeks ago by ryandesign (Ryan Carsten Schmidt)

I forgot about this ticket and didn't do anything about it, other than come to the conclusion that having openssl be a separate extension for some php versions and integrated for others would be confusing, so it should always be integrated, if that works for all php versions and if that solves this problem.

comment:11 Changed 3 weeks ago by ryandesign (Ryan Carsten Schmidt)

Note to self: I encountered an unanticipated problem when trying to integrate OpenSSL support into the PHP SAPI subports directly. Old versions of PHP need old versions of OpenSSL. This need ought to be easy to satisfy by using the openssl portgroup since it puts the correct -I and -L flags for the requested version of OpenSSL before the -I and -L flags for the standard MacPorts include and library directories in the relevant environment variables. But building PHP fails at the link phase because the -L flags are in the wrong order. It turns out this is because PHP versions earlier than 8.3 don't honor user- (or MacPorts-)specified LDFLAGS. See https://github.com/php/php-src/pull/10678 and https://github.com/php/php-src/issues/11603 and https://github.com/php/php-src/pull/11605. I need to try backporting this fix.

comment:12 Changed 3 weeks ago by jmpalacios (Juan Manuel Palacios)

You mean commits 9a45e4525371287ecb6faea3bf9f223dfe0c7ad4 & c6100a75ea2700489c21b8a070134de6b60308f4 to the PHP configure.ac script? That shouldn't much of a problem with a local patch file, right?

With that in place, the aim would be to build PHP < 8.3 with per-PHP-release bundled OpenSSL libraries? Which you argue is necessary to enable the caching_sha2_password plugin?

Let me know if you'd like me to help any!

PS: I just came by your latest comment by chance, not because I got any Trac notification. You have my email, so feel free to ping me thereif you'd like to discuss.

Version 0, edited 3 weeks ago by jmpalacios (Juan Manuel Palacios) (next)

comment:13 in reply to:  12 Changed 73 minutes ago by ryandesign (Ryan Carsten Schmidt)

Replying to jmpalacios:

You mean commits 9a45e4525371287ecb6faea3bf9f223dfe0c7ad4 & c6100a75ea2700489c21b8a070134de6b60308f4 to the PHP configure.ac script?

Yes. They both make the same change because there was some back and forth with the change being made, then reverted without explanation, then remade.

That shouldn't much of a problem with a local patch file, right?

Even simple changes are complicated due to the complexity of the php port. For example, one complexity is that for php80 and later I use buildconf (PHP's script that runs autoreconf) but for earlier PHP versions I don't. That means the patch for earlier PHP versions needs to patch configure, not configure.ac. I would like to rewrite the port so that all versions use buildconf but that will involve changing a lot of the patchfiles.

With that in place, the aim would be to build PHP < 8.3 with per-PHP-release bundled OpenSSL libraries? Which you argue is necessary to enable the caching_sha2_password plugin?

No. For all PHP versions, they will continue to use whatever MacPorts openssl port is appropriate for that version of PHP. But I will get rid of the separate phpXX-openssl module ports and include their functionality in the PHP SAPI ports (phpXX, phpXX-apache2handler, phpXX-cgi, phpXX-fpm). I can confirm that doing this fixes the output of php84 -i | grep 'Loaded plugins' to be what was desired per comment:4.

Another complexity is arranging for the separate phpXX-openssl module ports to no longer be active on user systems following this change, probably by using replaced_by in the phpXX-openssl subports and the deactivate hack in the SAPI subports.

Finally, building PHP takes time. The php port contains many versions of PHP. Building them all to verify the fix takes even more time. And there are various not-yet-resolved tickets about problems that make certain older PHP versions not build on newer macOS versions which makes testing this fix more complicated. There is the complexity of me finding enough uninterrupted time to make the changes and satisfy myself that they have been done correctly before publishing them.

Last edited 71 minutes ago by ryandesign (Ryan Carsten Schmidt) (previous) (diff)
Note: See TracTickets for help on using tickets.