提问人:reinisal 提问时间:6/19/2023 最后编辑:reinisal 更新时间:9/12/2023 访问量:3234
PECL 安装没有可用的版本
PECL install no releases available
问:
RUN pecl install mongodb-1.4.2
结果如下:
RUN pecl install mongodb-1.4.2 && docker-php-ext-enable mongodb:
No releases available for package "pecl.php.net/mongodb"
install failed
这可能是证书问题吗?因为如果我尝试 wget,我会得到以下结果:
Connecting to pecl.php.net (104.236.228.160:443)
ssl_client: pecl.php.net: certificate verification failed: certificate has expired
PHP版本 php:7.0
有没有办法解决这个问题,或者我只需要等待他们更新证书?
答:
5赞
Alex Howansky
6/19/2023
#1
基础映像太旧,没有相应的证书信息,无法找到该映像。我看不出有什么方法可以告诉 pecl 忽略证书,但您可以这样做:apk update && apk upgrade
wget --no-check-certificate https://pecl.php.net/get/mongodb-1.4.2.tgz
pecl install --offline ./mongodb-1.4.2.tgz
当然,我建议不要使用这样的旧版本,这样就不会有问题了。
评论
0赞
reinisal
6/19/2023
直到今天,它一直在工作。为什么它会像那样变得太老了。
0赞
Alex Howansky
6/19/2023
他们可能在服务器端安装了新的证书。
0赞
Harold
9/11/2023
这是我的解决方案,请考虑版本,在我的情况下是 1.9.1
1赞
knixeur
7/10/2023
#2
我能够通过从 docker 映像中删除有问题的证书来解决这个问题。我还处于无法升级 PHP 版本的情况,我需要 timezonedb 始终从 PECL 保持最新状态。 移除它们后,PECL 工作正常。
阅读 https://github.com/libressl/portable/issues/692#issuecomment-937800309 导致 https://github.com/openbsd/src/commit/3c95f6f12797ebbdedb8d5f712eb65bd04fe233a
然后我做了一个 grep 来查看证书在我的 docker 映像 (php5.6-alpine) 上的位置并将其删除。 两个文件需要补丁,两个文件是整个证书。
#12 [web base 4/7] RUN grep -r Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ /etc
#12 0.445 /etc/ssl/cert.pem:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/2e5ac55d.0:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
#12 0.754 /etc/ssl/certs/ca-certificates.crt:Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
补丁/etc/ssl/certs/ca-certificates.crt
--- /etc/ssl/certs/ca-certificates.crt.ori
+++ /etc/ssl/certs/ca-certificates.crt
@@ -956,27 +956,6 @@
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
补丁/etc/ssl/cert.pem
--- cert.pem.ori
+++ cert.pem
@@ -2182,49 +2182,6 @@
gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
-----END CERTIFICATE-----
-### Digital Signature Trust Co.
-
-=== /O=Digital Signature Trust Co./CN=DST Root CA X3
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
- Signature Algorithm: sha1WithRSAEncryption
- Validity
- Not Before: Sep 30 21:12:19 2000 GMT
- Not After : Sep 30 14:01:15 2021 GMT
- Subject: O=Digital Signature Trust Co., CN=DST Root CA X3
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- X509v3 Subject Key Identifier:
- C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10
-SHA1 Fingerprint=DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
-SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
-
### Disig a.s.
=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
然后删除另外两个文件,即整个证书和/etc/ssl/certs/2e5ac55d.0/etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem
这些是最后的dockerfile行,如果某些文件被重命名,我故意留下了grep行来调试它
COPY docker/ca-certificates.patch /tmp
COPY docker/cert.pem.patch /tmp
RUN grep -r Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ /etc
RUN apk update && apk upgrade
RUN patch /etc/ssl/certs/ca-certificates.crt /tmp/ca-certificates.patch && \
patch /etc/ssl/cert.pem /tmp/cert.pem.patch && \
rm /etc/ssl/certs/2e5ac55d.0 && \
rm /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem
PS:原来是 https://github.com/php/php-src/issues/11486#issuecomment-1626075999 在这里回答,以防万一。
评论
0赞
JM NZ
8/30/2023
这就是答案。在官方的 Docker PHP 5.6 镜像(Debian stretch)上更容易一些,只需添加到 Dockerfile 即可。RUN rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
1赞
PST
11/7/2023
在我的图像php:7.0.33-fpm-alpine的情况下,我必须运行命令:rm /etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem && cat /etc/ssl/certs/*.pem > /etc/ssl/certs/ca-certificates.crt && cat /etc/ssl/certs/*.pem > /etc/ssl/cert.pem
0赞
Filip Halaxa
11/19/2023
@PST 非常感谢。真是太省时了!JSON 计算机生成将再次👍运行
0赞
Boolean_Type
9/11/2023
#3
我今天遇到了同样的问题(使用包,但是当发生这样的事情时,包并不重要)。我决定不依赖间歇性工作。我的解决方案基于@alex-howansky的回答:apcupecl
RUN apt-get update -y && apt-get upgrade -y \
&& apt-get install -y ca-certificates \
&& update-ca-certificates \
&& apt install -y --no-install-recommends \
git \
...
wget \
&& apt-get autoremove -y \
&& docker-php-ext-install \
intl \
...
### SOLUTION IS BELOW. ###
&& pecl channel-update pecl.php.net \
&& { \
pecl install apcu || ( \
wget --no-check-certificate https://pecl.php.net/get/APCu -O ./apcu_latest.tgz \
&& pecl install --offline ./apcu_latest.tgz \
&& rm ./apcu_latest.tgz \
); \
} \
...
如果成功,则使用此命令。这是首选命令,因为不建议在生产环境中通过绕过 SSL 检查来处理过期的证书,因为它会带来安全风险。pecl install apcu
但是,我们不能允许证书中断来中断应用程序。因此,如果失败,则使用之后的命令(下载包 - 在我的情况下是最新版本,安装它并删除下载的)。pecl install apcu||./apcu_latest.tgz
您可以在 https://pecl.php.net/ 上看到最新软件包版本(如果需要最新版本)的链接。只需找到您的软件包并在软件包页面上查找“[ Latest Tarball ]”:
缴费灵。这是关于今天问题的报告(证书已无数次过期)。
评论
wgetpecl install