From 364a7d29200602a7ea564cc6e20d96154a03005f Mon Sep 17 00:00:00 2001 From: Pol Dellaiera Date: Mon, 3 Oct 2022 08:25:17 +0200 Subject: [PATCH] php: switch to `nts` by default --- .../doc/manual/from_md/release-notes/rl-2211.section.xml | 9 +++++++++ nixos/doc/manual/release-notes/rl-2211.section.md | 4 ++++ .../services/web-servers/apache-httpd/default.nix | 9 ++++++++- pkgs/development/interpreters/php/generic.nix | 2 +- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 2542f5762fccd..d5cc14a3bdfdd 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -130,6 +130,15 @@ PHP now defaults to PHP 8.1, updated from 8.0. + + + PHP is now built NTS (Non-Thread Safe) + style by default, for Apache and mod_php + usage we still enable ZTS (Zend Thread + Safe). This has been a common practice for a long time in + other distributions. + + protonup has been aliased to and replaced diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index c4bc7e7db09b3..d61cf29675536 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -53,6 +53,10 @@ In addition to numerous new and upgraded packages, this release has the followin - PHP now defaults to PHP 8.1, updated from 8.0. +- PHP is now built `NTS` (Non-Thread Safe) style by default, for Apache and + `mod_php` usage we still enable `ZTS` (Zend Thread Safe). This has been a + common practice for a long time in other distributions. + - `protonup` has been aliased to and replaced by `protonup-ng` due to upstream not maintaining it. - Perl has been updated to 5.36, and its core module `HTTP::Tiny` was patched to verify SSL/TLS certificates by default. diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 3ccff8aa5008d..588f5ee4d003a 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -18,7 +18,7 @@ let sed -i $out/bin/apachectl -e 's|$HTTPD -t|$HTTPD -t -f /etc/httpd/httpd.conf|' ''; - php = cfg.phpPackage.override { apacheHttpd = pkg; }; + php = cfg.phpPackage.override { apxs2Support = true; apacheHttpd = pkg; }; phpModuleName = let majorVersion = lib.versions.major (lib.getVersion php); @@ -660,6 +660,13 @@ in `services.httpd.virtualHosts..useACMEHost` are mutually exclusive. ''; } + { + assertion = cfg.enablePHP -> php.ztsSupport; + message = '' + The php package provided by `services.httpd.phpPackage` is not built with zts support. Please + ensure the php has zts support by settings `services.httpd.phpPackage = php.override { ztsSupport = true; }` + ''; + } ] ++ map (name: mkCertOwnershipAssertion { inherit (cfg) group user; cert = config.security.acme.certs.${name}; diff --git a/pkgs/development/interpreters/php/generic.nix b/pkgs/development/interpreters/php/generic.nix index d1b7c68295578..e252e011105e1 100644 --- a/pkgs/development/interpreters/php/generic.nix +++ b/pkgs/development/interpreters/php/generic.nix @@ -43,7 +43,7 @@ let , phpdbgSupport ? true # Misc flags - , apxs2Support ? !stdenv.isDarwin + , apxs2Support ? false , argon2Support ? true , cgotoSupport ? false , embedSupport ? false