boxen · sambauers · Nov 4, 2015 · Nov 4, 2015 · Nov 4, 2015 · Nov 4, 2015
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,23 @@
+## 2.1.0 ##
+
+This release may contain breaking changes.
+
+* Specify cache directory for Image Magick extension (@jenslind)
+* php.ini adjustments (@jenslind, @typhonius)
+* Use Homebrew OpenSSL and curl (@jenslind, @alexmace, @olofjohansson)
+* Remove SNMP from compile flags (@jenslind)
+* Fix usage of libssh2 for ssh2 extension (@rolfvandekrol)
+* Composer updated to 1.2.1 (@alexmace)
+* Add MongoDB extension (@alexmace)
+* Use `ensure_resource` when adding resources (@alexmace)
+* Update brews to use sha256 (@convenient)
+* PHP7/MySQL compatibility (@typhonius)
+* ZLib fixes (@nei, @typhonius)
+* Deprecating ruby 1.8.7 per boxen/boxen#204 (@typhonius)
+* Improve secure version selection (@sambauers)
+* Update PHP secure versions (@sambauers)
+* When no PHP version is specified, default to latest (@sambauers)
+
 ## 2.0.1 ##
 
 * Composer updated to 1.0.0-alpha10 (@alexmace)

diff --git a/README.md b/README.md
@@ -1,4 +1,5 @@
-# PHP Puppet Module for Boxen
+PHP Puppet Module for Boxen
+===========================
 
 [![Build Status](https://travis-ci.org/boxen/puppet-php.png?branch=master)](https://travis-ci.org/boxen/puppet-php)
 
@@ -24,7 +25,8 @@ The following boxen modules are required if optional PHP extensions are used:
 * `openssl` - Mongodb extension `php::extension::mongodb`
 * `redis` - Redis extension `php::extension::redis`
 
-## Usage
+Usage
+-----
 
 ```puppet
 # Install php 5.4
@@ -49,6 +51,7 @@ php::local { '/path/to/my/awesome/project':
 
 # Ensure an extension is installed for a certain php version
 # note, you can't have duplicate resource names so you have to name like so
+$version = '5.4.10'
 php::extension::apc { "apc for ${version}":
   php     => $version,
   version => '3.1.13', # Optionally specify the extension version
@@ -66,8 +69,8 @@ php::fpm { '5.3.23': }
 #  * the version of PHP is installed
 #  * a PHP-FPM service is configured for this PHP version
 #  * a FPM pool is listening on a per project nginx socket
-$name = "project-name"
-$version = "5.4.10"
+$name = 'project-name'
+$version = '5.4.10'
 php::fpm::pool { "${name}-${version}":
   version     => $version,
   socket_path => "${boxen::config::socketdir}/${name}",
@@ -76,7 +79,8 @@ php::fpm::pool { "${name}-${version}":
 
 ```
 
-## PHP Project Usage ##
+PHP Project Usage
+-----------------
 
 A sample PHP project manifest is provided in `manifests/project.pp` which will run a PHP project using PHP-FPM under Nginx. This can be used directly, but may require tweaking for your own purposes.
 
@@ -86,7 +90,6 @@ A simple project manifest example:
 # your-boxen/modules/projects/manifests/trollin.pp
 
 class projects::trollin {
-
   php::project { 'trollin':
     source        => 'boxen/trollin',
     elasticsearch => true,
@@ -104,7 +107,8 @@ In the background this is installing PHP 5.3.23, creating a PHP-FPM service for
 
 The example nginx host template at `templates/nginx/nginx.conf.erb` is also a sample configuration which can be copied to your main boxen module and the nginx template path above altered to match this. This is set up with a basic PHP structure, and Fastcgi params to pass the expected variables from Nginx to PHP-FPM.
 
-## Upgrading to version 2.X.X from version 1.X.X
+Upgrading to version 2.X.X from version 1.X.X
+---------------------------------------------
 
 The old PHP version classes are removed completely in version 2.
 

diff --git a/data/common.yaml b/data/common.yaml
@@ -13,7 +13,8 @@ php::config::composer:
 php::config::phpenv:
   revision: '6499bb6c7b645af3f4e67f7e17708d5ee208453f'
 php::config::secure_versions:
-  '5.6': '5.6.9'
-  '5.5': '5.5.25'
-  '5.4': '5.4.41'
+  '7.1': '7.1.3'
+  '7.0': '7.0.17'
+  '5.6': '5.6.30'
+  '5.5': '5.5.38'
 php::config::secure_warning:    true
diff --git a/lib/puppet/parser/functions/php_get_patch_version.rb b/lib/puppet/parser/functions/php_get_patch_version.rb
@@ -0,0 +1,53 @@
+module Puppet::Parser::Functions
+  newfunction(:php_get_patch_version, :type => :rvalue) do |args|
+    version = args[0]
+
+    # Get secure version data
+    Puppet::Parser::Functions.function('hiera')
+    secure_versions = function_hiera( [ 'php::config::secure_versions' ] )
+
+    # Specify secure version if no minor point specified
+    patch_version = case version.to_s
+                    when '', '7', '7.1'
+                      secure_versions['7.1']
+                    when '7.0'
+                      secure_versions['7.0']
+                    when '5', '5.6'
+                      secure_versions['5.6']
+                    when '5.5'
+                      secure_versions['5.5']
+                    else
+                      version.to_s
+                    end
+
+    # Warn on insecure versions
+    display_secure_warning_local = args[1]
+    display_secure_warning_hiera = function_hiera( [ 'php::config::secure_warning' ] )
+    if display_secure_warning_local && display_secure_warning_hiera
+      Puppet::Parser::Functions.function('versioncmp')
+      warning = nil
+
+      # Version is greater than or equal to 7.1.0 and less than the 7.1 secure version
+      if function_versioncmp( [ patch_version, '7.1' ] ) >= 0 && function_versioncmp( [ patch_version, secure_versions['7.1'] ] ) < 0
+        warning = ['7.1.X', secure_versions['7.1']]
+      # Version is greater than or equal to 7.0.0 and less than the 7.0 secure version
+      elsif function_versioncmp( [ patch_version, '7.0' ] ) >= 0 && function_versioncmp( [ patch_version, secure_versions['7.0'] ] ) < 0
+        warning = ['7.0.X', secure_versions['7.0']]
+      # Version is greater than or equal to 5.6.0 and less than the 5.6 secure version
+      elsif function_versioncmp( [ patch_version, '5.6' ] ) >= 0 && function_versioncmp( [ patch_version, secure_versions['5.6'] ] ) < 0
+        warning = ['5.6.X', secure_versions['5.6']]
+      # Version is less than the minimum secure version
+      elsif function_versioncmp( [ patch_version, secure_versions['5.5'] ] ) < 0
+        warning = ['5.5.X', secure_versions['5.5']]
+      end
+
+      unless warning.nil?
+        Puppet::Parser::Functions.function('warning')
+        statement = 'You are installing PHP %s which is known to be insecure. The current secure %s version is %s'
+        function_warning( [ sprintf( statement, patch_version, warning[0], warning[1] ) ] )
+      end
+    end
+
+    return patch_version
+  end
+end
diff --git a/manifests/extension/apc.pp b/manifests/extension/apc.pp
@@ -12,16 +12,20 @@
   $version = '3.1.13'
 ) {
   require php::config
+
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
   $extension = 'apc'
   $package_name = "APC-${version}"
   $url = "http://pecl.php.net/get/APC-${version}.tgz"
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   php_extension { $name:
     extension      => $extension,
@@ -30,13 +34,13 @@
     package_url    => $url,
     homebrew_path  => $boxen::config::homebrewdir,
     phpenv_root    => $php::config::root,
-    php_version    => $php,
+    php_version    => $patch_php_version,
     cache_dir      => $php::config::extensioncachedir,
   }
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template("php/extensions/${extension}.ini.erb"),
     require => Php_extension[$name],
   }

diff --git a/manifests/extension/couchbase.pp b/manifests/extension/couchbase.pp
@@ -14,14 +14,18 @@
   require couchbase::lib
 
   require php::config
+
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
   $extension = 'couchbase'
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   # Clone the source repository
   # Use ensure_resource, because if you directly use the repository type, it
@@ -47,7 +51,7 @@
 
     homebrew_path    => $boxen::config::homebrewdir,
     phpenv_root      => $php::config::root,
-    php_version      => $php,
+    php_version      => $patch_php_version,
 
     cache_dir        => $php::config::extensioncachedir,
     require          => Repository["${php::config::extensioncachedir}/couchbase"],
@@ -57,7 +61,7 @@
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template('php/extensions/generic.ini.erb'),
     require => Php_extension[$name],
   }

diff --git a/manifests/extension/imagick.pp b/manifests/extension/imagick.pp
@@ -14,16 +14,19 @@
   require php::config
   require imagemagick
 
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
   $extension = 'imagick'
   $package_name = "imagick-${version}"
   $url = "http://pecl.php.net/get/imagick-${version}.tgz"
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   # Additional options
   $configure_params = "--with-imagick=${boxen::config::homebrewdir}/opt/imagemagick"
@@ -35,14 +38,14 @@
     package_url      => $url,
     homebrew_path    => $boxen::config::homebrewdir,
     phpenv_root      => $php::config::root,
-    php_version      => $php,
+    php_version      => $patch_php_version,
     configure_params => $configure_params,
     cache_dir        => $php::config::extensioncachedir,
   }
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template('php/extensions/generic.ini.erb'),
     require => Php_extension[$name],
   }

diff --git a/manifests/extension/intl.pp b/manifests/extension/intl.pp
@@ -13,16 +13,19 @@
 ) {
   require php::config
 
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
   $extension = 'intl'
   $package_name = "intl-${version}"
   $url = "http://pecl.php.net/get/intl-${version}.tgz"
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   # Additional options
   $configure_params = "--with-icu-dir=${boxen::config::homebrewdir}/opt/icu4c"
@@ -34,14 +37,14 @@
     package_url      => $url,
     homebrew_path    => $boxen::config::homebrewdir,
     phpenv_root      => $php::config::root,
-    php_version      => $php,
+    php_version      => $patch_php_version,
     cache_dir        => $php::config::extensioncachedir,
     configure_params => $configure_params,
   }
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template('php/extensions/generic.ini.erb'),
     require => Php_extension[$name],
   }

diff --git a/manifests/extension/mcrypt.pp b/manifests/extension/mcrypt.pp
@@ -11,14 +11,17 @@
 ) {
   require php::config
 
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
   $extension = 'mcrypt'
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   # Additional options
   $configure_params = "--with-mcrypt=${boxen::config::homebrewdir}/opt/mcrypt"
@@ -30,14 +33,14 @@
 
     homebrew_path    => $boxen::config::homebrewdir,
     phpenv_root      => $php::config::root,
-    php_version      => $php,
+    php_version      => $patch_php_version,
 
     configure_params => $configure_params,
   }
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template('php/extensions/generic.ini.erb'),
     require => Php_extension[$name],
   }

diff --git a/manifests/extension/memcache.pp b/manifests/extension/memcache.pp
@@ -14,17 +14,21 @@
   include boxen::config
 
   require php::config
+
+  # Get full patch version of PHP
+  $patch_php_version = php_get_patch_version($php)
+
   # Require php version eg. php::5_4_10
   # This will compile, install and set up config dirs if not present
-  php_require($php)
+  php_require($patch_php_version)
 
 
   $extension = 'memcache'
   $package_name = "memcache-${version}"
   $url = "http://pecl.php.net/get/memcache-${version}.tgz"
 
   # Final module install path
-  $module_path = "${php::config::root}/versions/${php}/modules/${extension}.so"
+  $module_path = "${php::config::root}/versions/${patch_php_version}/modules/${extension}.so"
 
   php_extension { $name:
     extension        => $extension,
@@ -33,13 +37,13 @@
     package_url      => $url,
     homebrew_path    => $boxen::config::homebrewdir,
     phpenv_root      => $php::config::root,
-    php_version      => $php,
+    php_version      => $patch_php_version,
     cache_dir        => $php::config::extensioncachedir,
   }
 
   # Add config file once extension is installed
 
-  file { "${php::config::configdir}/${php}/conf.d/${extension}.ini":
+  file { "${php::config::configdir}/${patch_php_version}/conf.d/${extension}.ini":
     content => template('php/extensions/generic.ini.erb'),
     require => Php_extension[$name],
   }