On 09/18/2017 07:03 AM, Remi Collet wrote:
> A php-libsodium 2.x library is available (maintained), only
available
> for PHP >= 7.0 that also uses the sodium_ convention.
This extension is only for PHP 7.0 / 7.1.
Yeah I know, so it seems not really important to make this available,
assuming there are no (security) issues in php-pecl-libsodium 1.x... it
is not longer maintained, so it is a risk... but it is worse in EPEL,
and there it is more important to be secure :)
The package is already ready in my repository
https://git.remirepo.net/cgit/rpms/php/pecl/php-pecl-libsodium2.git/tree/
If you think it can help, I can submit it for Fedora (25-27),
BTW, I will have to retire it in F28 with PHP 7.2 (which have the
php-sodium package, bug from main php-src)
Indeed not really... it would only help for EPEL, but there it is not
possible...
Reminder, PHP 7.2 packages are already available (so testable) in my
repository [1]
Yeah I tested with it, and it works perfectly fine! I'm now using this
in spec files:
%if 0%{?fedora} >= 28
Requires: php-sodium
%else
Requires: php-libsodium
%endif
This is not ideal, as you'd want to depend on the PHP version, not the
OS as it is very well possible to install PHP 7.2 on EL7, e.g. using SCL
or your Remi repo. Is there a way to check for this in spec? I guess
that is a bad idea and becomes ugly fast to do this. The only nice way
is to do conditional builds which would require multiple "builds".
I'm using a small SodiumCompat class that works in all situations [1].
I think packaging paragonie/sodium_compat may also work, but I am not
sure supporting the user space sodium is the way to go, so a very simple
wrapper would make more sense that depends on php-sodium or
php-libsodium depending on the version of Fedora/EPEL, or better the PHP
version.
Thanks!
Cheers,
François
[1]
https://github.com/fkooman/php-oauth2-server/blob/585410072f3921ac2122098...