Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#54223 closed defect (bug) (fixed)

Change the version of PHP 5.6 used for unit tests

Reported by: desrosj's profile desrosj Owned by: desrosj's profile desrosj
Milestone: 5.9 Priority: normal
Severity: normal Version: 5.7
Component: Build/Test Tools Keywords: commit fixed-major
Focuses: Cc:

Description

Since September 30, 2021, the PHPUnit tests for Core have failed to run on PHP 5.6. This coincides with the expiration of the DST Root CA X3 certificate, which results in some scenarios where certificates generated by the Let's Encrypt CA as having an expired trust chain.

For testing PHP 5.6, the 5.6.20 patch version is currently used, even though the last version of PHP 5.6 released was 5.6.40. This was an intentional decision in #50401 because 5.6.20 is the oldest version of PHP 5.6 that is currently supported by WordPress (see #46594).

For outdated branches of PHP still supported, it has been common practice to test the latest patch version of each, so the same can be done for PHP 5.6 to fix the SSL certificate issue.

Change History (13)

#1 @desrosj
3 years ago

  • Owner set to desrosj
  • Status changed from new to assigned

#2 @desrosj
3 years ago

The first instance of the failure for reference.

Loading composer repositories with package information

                                                                                                                                             
  [Composer\Downloader\TransportException]                                                                                                   
  curl error 60 while downloading https://repo.packagist.org/packages.json: SSL certificate problem: unable to get local issuer certificate  
                                                                                                                                             

update [--with WITH] [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--dry-run] [--dev] [--no-dev] [--lock] [--no-install] [--no-autoloader] [--no-scripts] [--no-suggest] [--no-progress] [-w|--with-dependencies] [-W|--with-all-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs] [--] [<packages>]...

#3 @desrosj
3 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 51889:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Fixes #54223.

#4 follow-up: @desrosj
3 years ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Accidentally committed [51889] to 5.8 and not trunk. Going to merge that change into trunk now.

Also, I think it's fine to leave this as is going forward. A few points from @dd32 on #46594:2:

  • Basically, 54% use the latest 5.6.40, 95% are 5.6.30 and above, and 99% are 5.6.20 and above
  • Most of the PHP 5.6 fixes after 5.6.25 seem to be security-related, and that's the point I stopped looking into it.

This was almost 3 full years ago now, so I'm sure that many of the remaining 5% on PHP < 5.6.30 have been updated, and there is very little to no benefit to testing on 5.6.20 instead of 5.6.40.

#5 @desrosj
3 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 51890:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Merges [51889] to trunk.
Fixes #54223.

#6 in reply to: ↑ 4 @dd32
3 years ago

Replying to desrosj:

Also, I think it's fine to leave this as is going forward. A few points from dd32 on #46594:2:

  • Basically, 54% use the latest 5.6.40, 95% are 5.6.30 and above, and 99% are 5.6.20 and above

As of today, of the PHP 5.6 users; 80% are 5.6.40 now, 5.6.31+ is 90%, 5.6.30+ is 95%, 5.6.21+ is 99%.

there is very little to no benefit to testing on 5.6.20 instead of 5.6.40.

Zero benefit, agreed.

This ticket was mentioned in Slack in #core by sergey. View the logs.


3 years ago

#8 @desrosj
3 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening this to backport through 5.6. While the tests are not breaking currently for those branches, changing it now will prevent this issue from potentially happening in the future and prevent confusion using different versions of PHP 5.6.

#9 @desrosj
3 years ago

In 51932:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Merges [51890] to the 5.7 branch.
See #54223.

#10 @desrosj
3 years ago

In 51933:

Build/Test Tools: Change the patch version used for testing the 5.6 branch of PHP.

This unpins the version of PHP 5.6.20 used when testing the 5.6 branch of PHP.

Using 5.6.20 was an intentional decision in [49162], as that patch version is the oldest version of PHP 5.6 still supported by WordPress. However, as of September 30, 2021, the 5.6.20 image contains a version of OpenSSL with an expired certificate, sometimes resulting in an expired trust chain.

Props Clorith, hellofromTonya, SergeyBiryukov, desrosj.
Merges [51890] to the 5.6 branch.
See #54223.

#11 @desrosj
3 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

#12 @desrosj
3 years ago

In 51935:

Build/Test Tools: Fix issue with Composer setup caused by [51932].

See #54223.

#13 @desrosj
3 years ago

In 51936:

Build/Test Tools: Fix issue with Composer setup caused by [51933].

See #54223.

Note: See TracTickets for help on using tickets.