WordPress.org

Make WordPress Core

Opened 2 weeks ago

Closed 2 weeks ago

Last modified 2 weeks ago

#54223 closed defect (bug) (fixed)

Change the version of PHP 5.6 used for unit tests

Reported by: desrosj Owned by: desrosj
Milestone: 5.9 Priority: normal
Severity: normal Version: 5.7
Component: Build/Test Tools Keywords: commit fixed-major
Focuses: Cc:

Description

Since September 30, 2021, the PHPUnit tests for Core have failed to run on PHP 5.6. This coincides with the expiration of the DST Root CA X3 certificate, which results in some scenarios where certificates generated by the Let's Encrypt CA as having an expired trust chain.

For testing PHP 5.6, the 5.6.20 patch version is currently used, even though the last version of PHP 5.6 released was 5.6.40. This was an intentional decision in #50401 because 5.6.20 is the oldest version of PHP 5.6 that is currently supported by WordPress (see #46594).

For outdated branches of PHP still supported, it has been common practice to test the latest patch version of each, so the same can be done for PHP 5.6 to fix the SSL certificate issue.

Change History (7)

#1 @desrosj
2 weeks ago

  • Owner set to desrosj
  • Status changed from new to assigned

#2 @desrosj
2 weeks ago

The first instance of the failure for reference.

Loading composer repositories with package information

                                                                                                                                             
  [Composer\Downloader\TransportException]                                                                                                   
  curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate  
                                                                                                                                             

update [--with WITH] [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--dev] [--no-dev] [--lock] [--no-install] [--no-autoloader] [--no-scripts] [--no-suggest] [--no-progress] [-w|--with-dependencies] [-W|--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] [<packages>]...

#3 @desrosj
2 weeks ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 51889:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Fixes #54223.

#4 follow-up: @desrosj
2 weeks ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Accidentally committed [51889] to 5.8 and not trunk. Going to merge that change into trunk now.

Also, I think it's fine to leave this as is going forward. A few points from @dd32 on #46594:2:

  • Basically, 54% use the latest 5.6.40, 95% are 5.6.30 and above, and 99% are 5.6.20 and above
  • Most of the PHP 5.6 fixes after 5.6.25 seem to be security-related, and that's the point I stopped looking into it.

This was almost 3 full years ago now, so I'm sure that many of the remaining 5% on PHP < 5.6.30 have been updated, and there is very little to no benefit to testing on 5.6.20 instead of 5.6.40.

#5 @desrosj
2 weeks ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 51890:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Merges [51889] to trunk.
Fixes #54223.

#6 in reply to: ↑ 4 @dd32
2 weeks ago

Replying to desrosj:

Also, I think it's fine to leave this as is going forward. A few points from dd32 on #46594:2:

  • Basically, 54% use the latest 5.6.40, 95% are 5.6.30 and above, and 99% are 5.6.20 and above

As of today, of the PHP 5.6 users; 80% are 5.6.40 now, 5.6.31+ is 90%, 5.6.30+ is 95%, 5.6.21+ is 99%.

there is very little to no benefit to testing on 5.6.20 instead of 5.6.40.

Zero benefit, agreed.

This ticket was mentioned in Slack in #core by sergey. View the logs.


2 weeks ago

Note: See TracTickets for help on using tickets.