I apologise if this is a duplicate, but none of the already posted question's answers helped me.
Recently, the Dockerfile for our php5.6-apache doesn't want to build anymore. The line where it fails is when imagick is trying to be installed via pecl.
# Enable imagick
RUN apt-get update && apt-get install -y libmagickwand-dev --no-install-recommends && rm -rf /var/lib/apt/lists/*
RUN yes '' | pecl install -vvv imagick-beta
Running this line fails due to the following error:
> [12/25] RUN yes '' | pecl -vvv install imagick-beta:
#0 1.354
#0 1.354 Warning: fsockopen(): SSL operation failed with code 1. OpenSSL Error messages:
#0 1.354 error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in PEAR/Proxy.php on line 183
#0 1.355
#0 1.355 Warning: fsockopen(): Failed to enable crypto in PEAR/Proxy.php on line 183
#0 1.357
#0 1.357 Warning: fsockopen(): unable to connect to ssl://pecl.php.net:443 (Unknown error) in PEAR/Proxy.php on line 183
#0 1.359 No releases available for package "pecl.php.net/imagick"
#0 1.360 Cannot initialize 'channel://pecl.php.net/imagick-beta', invalid or missing package file
#0 1.362 Package "channel://pecl.php.net/imagick-beta" is not valid
#0 1.366 install failed
------
failed to solve: process "/bin/sh -c yes '' | pecl -vvv install imagick-beta" did not complete successfully: exit code: 1
The only recent post I found about someone having the same issue is this bug report but I'm not sure about the channel where I'd see any updates on fixing this bug. In the bug report the last person states the following:
Certificate expiry is set to yesterday. I'm thinking about all docker build pipelines currently failing all over the world <3
Does he mean about php.net's SSL certificate? Because when I checked it it looks valid so I don't understand why it can not connect.
line 183 of PEAR/proxy.php is the following:
$fp = @fsockopen($host, $port, $errno, $errstr);
So if I understand correctly, the docker container can not establish a proper connection via pecl.php.net:443? Has anyone encountered the same issue?
Thanks in advance for any (constructive) answers!
This is the fix that finally got everything working:
FROM php:alpine AS cacert
FROM php:7.0-fpm-alpine # Image that the container is actually using
COPY --from=cacert /etc/ssl /root/ssl
RUN mv /etc/ssl/openssl.cnf* /root/ssl && rm -rf /etc/ssl && mv /root/ssl /etc/ssl \
&& pear update-channels \
&& pear upgrade
From what I understand the CA cert is expired in older versions of PHP images and need to be replaced with a newer one. This might be a bit of hack but it will get you through until the older images' CA certs will be updated.