Buildpack does not detect that openssl is a required extension

[dmikusa]

What happened?

Create and run the sample app as described in this issue. When deployed, it will not have the openssl extension enabled.

paketo-buildpacks/php#366 (comment)

Based on this, it seems like the auto detection is run but it's missing OpenSSL. It should have been though as when I run composer check-platform-reqs locally, it shows openssl as required.

The php.ini snippet generated by the buildpack only has:

extension = fileinfo.so
extension = mbstring.so

My theory is that because openssl is a required extension to run Composer, we enable it in the php.ini that's used to execute composer. Thus when composer check-platform-reqs executes, it sees openssl as already available. This isn't correct though because it's only available in the limited environment where we execute Composer.

I think there's a couple ways that we could fix this:

1. Always enable the openssl extension. It is quite widely used at this point. I think the risk here is that if we enable it, and there's a security vulnerability then an app that doesn't use it could potentially be vulnerable when it otherwise wouldn't be.
2. When we check for extensions with composer check-platform-reqs, we normally filter by extensions listed missing. We need to look for both missing or the name openssl. If openssl is listed, it'll never be missing, so we just need to add it to the list of extensions to enable.

• What were you attempting to do?

Run an app where openssl is a extension required through Composer.

• What did you expect to happen?

The composer extension to be available.

• What was the actual behavior? Please provide log output, if possible.

Other extensions were detected correctly, but not openssl.

Build Configuration

• What platform (pack, kpack, tekton buildpacks plugin, etc.) are you
  using? Please include a version.

Pack.

• What buildpacks are you using? Please include versions.

• What builder are you using? If custom, can you provide the output from pack inspect-builder <builder>?

full

• Can you provide a sample app or relevant configuration (buildpack.yml,
  nginx.conf, etc.)?

paketo-buildpacks/php#366 (comment)

Checklist

• I have included log output.
• The log output includes an error message.
• I have included steps for reproduction.

[arjun024]

When we check for extensions with composer check-platform-reqs, we normally filter by extensions listed missing. We need to look for both missing or the name openssl. If openssl is listed, it'll never be missing, so we just need to add it to the list of extensions to enable.

This sounds reasonable to me.
In the meantime as a workaround for anyone running into this issue, you should be able to follow the steps here to manually enable the openssl extension https://paketo.io/docs/buildpacks/language-family-buildpacks/php/#configuring-custom-ini-files.

Create a .php.ini.d directory at the root of the app and create an .ini file inside it declaring the openssl extension.

So it should looks look something like this:

$ cat .php.ini.d/extension.ini
extension=openssl.so

[TisVictress]

@arjun024 Is there an update on how we should prioritize this issue? Is the current workaround still sufficient?