Document zlib install #113
Conversation
| # We compile a newer version because Lambda uses an old version (1.2.7) that | ||
| # has a security vulnerability (CVE-2022-37434). | ||
| # See https://github.com/brefphp/aws-lambda-layers/pull/110 | ||
| # Can be removed once Lambda updates their version. |
There was a problem hiding this comment.
I don't think they ever will, for BC reasons. We'll likely have to wait till Lambda gets AL 2023, if that ever happens. ;)
There was a problem hiding this comment.
@GrahamCampbell yep these are my notes for AL2023 😄
There was a problem hiding this comment.
Was there a reason you used the HTTP URL and not HTTPS?
I'm trying to debug why the build is failing now… The HTTPS Url worked fine for me, I assumed it was all the same
There was a problem hiding this comment.
I just copied this from bref v1. I didn't notice the http/s.
php-80/Dockerfile
Outdated
| @@ -80,7 +80,7 @@ ENV VERSION_ZLIB=1.3 | |||
| ENV ZLIB_BUILD_DIR=${BUILD_DIR}/zlib | |||
| RUN set -xe; \ | |||
| mkdir -p ${ZLIB_BUILD_DIR}; \ | |||
| curl -Ls https://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | |||
| curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | |||
There was a problem hiding this comment.
We could try https://github.com/madler/zlib/releases/download/v${VERSION_ZLIB}/zlib-${VERSION_ZLIB}.tar.gz instead?
| RUN set -xe; \ | ||
| mkdir -p ${ZLIB_BUILD_DIR}; \ | ||
| # Download and upack the source code | ||
| curl -Ls http://zlib.net/zlib-${VERSION_ZLIB}.tar.xz \ | ||
| curl -Ls https://github.com/madler/zlib/releases/download/v${VERSION_ZLIB}/zlib-${VERSION_ZLIB}.tar.gz \ |
There was a problem hiding this comment.
oh, whoops. that is .gz, but the extract command expends .xz
| RUN set -xe; \ | ||
| make distclean \ | ||
| && CFLAGS="" \ | ||
| CPPFLAGS="-I${INSTALL_DIR}/include -I/usr/include" \ | ||
| LDFLAGS="-L${INSTALL_DIR}/lib64 -L${INSTALL_DIR}/lib" \ | ||
| ./configure \ | ||
| --prefix=${INSTALL_DIR} \ | ||
| --64 |
There was a problem hiding this comment.
@GrahamCampbell I removed this line (after reading madler/zlib#143) at it seemed to do the trick. Do you see any reason to be worried?
If not I'll merge and release.
There was a problem hiding this comment.
Ah yeh, I think i did something similar when making vapor work with arm. This is fine. 👍
| | tar xJC ${ZLIB_BUILD_DIR} --strip-components=1 | ||
|
|
||
| # Move into the unpackaged code directory | ||
| curl -Ls https://github.com/madler/zlib/releases/download/v${VERSION_ZLIB}/zlib-${VERSION_ZLIB}.tar.gz \ |
There was a problem hiding this comment.
We could also just use the .tar.xz version of this URL, to keep the extract command the same.
Follow-up for #110