PHP on IBM i Rebuild Announcement

On August 12, 2024, we pushed a major update to Seiden PHP+, in versions from 7.3 to 8.3, to accommodate IBM updates to OpenSSL. If you receive warnings in your PHP error log resembling: Module "PDO" is already loaded in Unknown on line 0, follow the steps in this article.

Next time you run “yum update”

Next time you run yum update, update at least all PHP and IBM packages, because they work together. See our documentation on how to update. Do not mix and match pre- and post-rebuild PHP packages, or it will crash.

As part of the update, we’ve merged some extensions into the PHP binary. The extensions merged into PHP are:

  • DOM
  • PDO
  • mysqlnd

One-line automatic fix

For the global PHP configuration, if you didn’t touch their INI files, RPM will automatically update these to remove the extension= references.

For cases with custom configurations, such as with siteadd, you will need to remove references to these extensions. This can be done with a single command, following the instructions below.

Run the following command in a PASE or QShell environment, replacing SEIDENPHP with the name of your Apache instance:

/QOpenSys/pkgs/bin/update-ini-for-nortl SEIDENPHP.

If the update-ini-for-nortl command is not found, make sure you have the latest version of siteadd (0.13).

Note that you can specify multiple site names, e.g.:

/QOpenSys/pkgs/bin/update-ini-for-nortl SEIDENPHP PHPDEV MYPORTAL

Manual fix

If you prefer to make the fixes manually, comment out (adding ; character) the extension= lines in these three .ini files:

  • 20-dom.ini
  • 20-pdo.ini
  • 20-mysqlnd.ini

These extensions are now built into the PHP binary, no longer needing external directives. To get the path where these .ini files are located, run the following command, substituting your web instance for SEIDENPHP:

/QOpenSys/pkgs/bin/dspsite SEIDENPHP | grep config

It will tell you something like:

PHP config dir (i.e. php.ini) (site-specific): /www/seidenphp/phpconf

and then look in conf.d under that directory.

Additional background

IBM is moving to rebuild their open source packages with OpenSSL 3 while maintaining compatibility with OpenSSL 1.1. However, the way that packages were built with runtime linking would have created conflicts between the OpenSSL 1.1 and 3.0 symbols.

IBM provides an article explaining the justification and impact. For those curious about what options are being used, see the AIX linker manual page.

 

Again, if you run into issues using these instructions, please contact us.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.