PHP on IBM i Rebuild Announcement
On August 12, 2024, we pushed a major update to Seiden PHP+, in versions from 7.3 to 8.3, to accommodate IBM updates to OpenSSL. If you receive warnings in your PHP error log resembling: Module "PDO" is already loaded in Unknown on line 0
, follow the steps in this article.
Next time you run “yum update”
Next time you run yum update
, update at least all PHP and IBM packages, because they work together. See our documentation on how to update. Do not mix and match pre- and post-rebuild PHP packages, or it will crash.
As part of the update, we’ve merged some extensions into the PHP binary. The extensions merged into PHP are:
- DOM
- PDO
- mysqlnd
One-line automatic fix
For the global PHP configuration, if you didn’t touch their INI files, RPM will automatically update these to remove the extension=
references.
For cases with custom configurations, such as with siteadd, you will need to remove references to these extensions. This can be done with a single command, following the instructions below.
Run the following command in a PASE or QShell environment, replacing SEIDENPHP with the name of your Apache instance:
/QOpenSys/pkgs/bin/update-ini-for-nortl SEIDENPHP
.
If the update-ini-for-nortl
command is not found, make sure you have the latest version of siteadd (0.13).
Note that you can specify multiple site names, e.g.:
/QOpenSys/pkgs/bin/update-ini-for-nortl SEIDENPHP PHPDEV MYPORTAL
Manual fix
If you prefer to make the fixes manually, comment out (adding ;
character) the extension=
lines in these three .ini files:
20-dom.ini
20-pdo.ini
20-mysqlnd.ini
These extensions are now built into the PHP binary, no longer needing external directives. To get the path where these .ini files are located, run the following command, substituting your web instance for SEIDENPHP:
/QOpenSys/pkgs/bin/dspsite SEIDENPHP | grep config
It will tell you something like:
PHP config dir (i.e. php.ini) (site-specific): /www/seidenphp/phpconf
and then look in conf.d
under that directory.
Additional background
IBM is moving to rebuild their open source packages with OpenSSL 3 while maintaining compatibility with OpenSSL 1.1. However, the way that packages were built with runtime linking would have created conflicts between the OpenSSL 1.1 and 3.0 symbols.
IBM provides an article explaining the justification and impact. For those curious about what options are being used, see the AIX linker manual page.
Again, if you run into issues using these instructions, please contact us.
Leave a Reply
Want to join the discussion?Feel free to contribute!