PECL 安装无可用版本

Question

RUN pecl install mongodb-1.4.2

产生以下输出：

RUN pecl install mongodb-1.4.2 &&   docker-php-ext-enable mongodb:
No releases available for package "pecl.php.net/mongodb"
install failed

这可能是证书问题吗？因为如果我尝试 wget 我会得到以下结果：

Connecting to pecl.php.net (104.236.228.160:443)
ssl_client: pecl.php.net: certificate verification failed: certificate has expired

PHP版本 php:7.0

有办法解决这个问题还是我需要等待他们更新证书？

Answer 1

您的基础映像太旧，并且没有适当的证书信息，并且

apk update && apk upgrade

无法帮助您实现目标。我没有看到任何方法告诉 pecl 忽略证书，但你可以这样做：

wget --no-check-certificate https://pecl.php.net/get/mongodb-1.4.2.tgz
pecl install --offline ./mongodb-1.4.2.tgz

当然，我建议不要使用这么旧的版本，那就不会有问题了。

Answer 2

我可以通过从 docker 镜像中删除有问题的证书来解决这个问题。我还面临无法升级 PHP 版本并且需要 timezonedb 始终从 PECL 保持最新的情况。删除后 PECL 可以正常工作。

阅读https://github.com/libressl/portable/issues/692#issuecomment-937800309导致https://github.com/openbsd/src/commit/3c95f6f12797ebbbdedb8d5f712eb65bd04fe233a

然后我做了一个 grep 来查看证书在我的 docker 映像（php5.6-alpine）上的位置并将其删除。两个文件需要补丁，两个文件是整个证书。

#12 [web base 4/7] RUN grep -r Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ /etc
#12 0.445 /etc/ssl/cert.pem:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/2e5ac55d.0:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/ca-certificates.crt:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ

补丁

/etc/ssl/certs/ca-certificates.crt

--- /etc/ssl/certs/ca-certificates.crt.ori
+++ /etc/ssl/certs/ca-certificates.crt
@@ -956,27 +956,6 @@
 -----END CERTIFICATE-----
 
 -----BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
 MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv

补丁

/etc/ssl/cert.pem

--- cert.pem.ori
+++ cert.pem
@@ -2182,49 +2182,6 @@
 gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
 -----END CERTIFICATE-----
 
-### Digital Signature Trust Co.
-
-=== /O=Digital Signature Trust Co./CN=DST Root CA X3
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
-    Signature Algorithm: sha1WithRSAEncryption
-        Validity
-            Not Before: Sep 30 21:12:19 2000 GMT
-            Not After : Sep 30 14:01:15 2021 GMT
-        Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
-        X509v3 extensions:
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Subject Key Identifier: 
-                C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
-SHA1 Fingerprint=DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
-SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
-
 ### Disig a.s.
 
 === /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2

然后删除另外两个文件，即整个证书

/etc/ssl/certs/2e5ac55d.0

和

/etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem

这些是最终的 dockerfile 行，如果某些文件被重命名，我故意留下 grep 行来调试它

COPY docker/ca-certificates.patch /tmp
COPY docker/cert.pem.patch /tmp
RUN grep -r Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ /etc
RUN apk update && apk upgrade
RUN patch /etc/ssl/certs/ca-certificates.crt /tmp/ca-certificates.patch && \
    patch /etc/ssl/cert.pem /tmp/cert.pem.patch && \
    rm /etc/ssl/certs/2e5ac55d.0 && \
    rm /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem

PS：最初来自https://github.com/php/php-src/issues/11486#issuecomment-1626075999在这里回答以防万一。

Answer 3

我今天也遇到了同样的问题（使用

apcu

包，但当发生类似情况时，包并不重要）。我决定不依赖间歇性的

pecl

工作。我的解决方案基于@alex-howansky 的回答：

RUN apt-get update -y && apt-get upgrade -y \
&& apt-get install -y ca-certificates \
&& update-ca-certificates \
&& apt install -y --no-install-recommends \
    git \
    ...
    wget \
&& apt-get autoremove -y \
&& docker-php-ext-install \
    intl \
    ...
### SOLUTION IS BELOW. ###
&& pecl channel-update pecl.php.net \
&& { \
    pecl install apcu || ( \
        wget --no-check-certificate https://pecl.php.net/get/APCu -O ./apcu_latest.tgz \
        && pecl install --offline ./apcu_latest.tgz \
        && rm ./apcu_latest.tgz \
    ); \
} \
...

如果

pecl install apcu

成功，则使用此命令。这是首选命令，因为不建议在生产环境中通过绕过 SSL 检查来处理过期证书，因为它会带来安全风险。

但是我们不能允许证书中断破坏应用程序。因此，如果

pecl install apcu

失败，则使用

||

之后的命令（下载软件包，安装它并删除下载的

./apcu_latest.tgz

）。

PECL 安装无可用版本

问题描述投票：0回答：3

3个回答

最新问题

PECL 安装无可用版本

问题描述 投票：0回答：3

3个回答

最新问题

问题描述投票：0回答：3