PHP 7.2 RC3 on CentOS/RHEL 7.3 via Yum

PHP 7.2.0 RC3 has been released on PHP.net on 28th September 2017, and is also available for CentOS/RHEL 7.4 at Webtatic via Yum in it’s testing repository.

Source - Issues

This is a alpha release and should not be used in production.

PEAR installer now supports PHP 7.*, however most pecl libraries will not support it as well without their maintainers adding compatibility, so only pecl libraries that do support it will be in the Webtatic repository.

  • pecl igbinary extension - waiting for a release that supports PHP 7.2
  • pecl memcache extension - no sign of PHP 7 support development in official source repository
  • pecl memcached extension - waiting for igbinary release that supports PHP 7.2
  • pecl xdebug extension - waiting for a release that supports PHP 7.2

PHP 7.2.0 comes with features such as (incomplete list):

  • Parameter Type Widening
  • Deprecate Bareword (Unquoted) Strings
  • Mcrypt extension removed and put onto pecl.php.net

To see what else has been added, check out PHP 7.2 NEWS

To install, first you must add the Webtatic EL yum repository information corresponding to your CentOS/RHEL version to yum:

CentOS/RHEL 7.x:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Now you can install PHP 7.2’s mod_php SAPI (along with an opcode cache) by doing:

yum install mod_php72w php72w-opcache --enablerepo=webtatic-testing

You can alternatively install PHP 7.2’s php-fpm SAPI (along with an opcode cache by doing:

yum install php72w-fpm php72w-opcache --enablerepo=webtatic-testing

See the package list below for additional SAPIs and PHP extensions.

This will install the mod_php SAPI for PHP, however there are other sapis such as php-fpm (via php72w-fpm package). Read on below for more information about the available SAPIs

If you would like to upgrade php to this version it is recommended that you first check that your system will support the upgrade, e.g. making sure any CPanel-like software can run after the upgrade.

Unless you know what you are doing, it is risky upgrading an existing system. It’s much safer to do this by provisioning a separate server to perform the upgrade as a fresh install instead.

If you know what you are doing, you can upgrade PHP by:

yum install yum-plugin-replace
yum replace php-common --replace-with=php72w-common --enablerepo=webtatic-testing

It will likely give you a message “WARNING: Unable to resolve all providers …“. This is normal, and you can continue by tying “y”. You will be given a chance to see what packages will be installed and removed before again being given a chance to confirm.

SAPIs

SAPIs are different runtime environments of PHP

  • mod_php NTS

(non-thread safety) Contained in the mod_php72w package, this SAPI integrates into Apache Httpd (2.4.* on RHEL/CentOS 7). It is the standard SAPI for use with httpd prefork mpm (the default mode httpd is ran under. It is not thread-safe, but doesn’t need to be due to prefork not using threads. It’s located at /usr/lib[64]/httpd/modules/libphp7.so

  • cli

Contained in the php72w-cli package, this SAPI allows running scripts from the command-line, and also has a built-in web server for development-use. Located at /usr/bin/php

  • fpm

Contained in the php72w-fpm package, fpm (FastCGI Process Manager) is a scalable FastCGI process, which acts similar to how Httpd prefork mpm works managing it’s forks. Located at /usr/sbin/php-fpm, it is controlled using the /etc/init.d/php-fpm service script

  • phpdbg

Contained in the php72w-phpdbg package, phpdbg has the ability to debug scripts using breakpoints from the command-line, and also supports remote-debugging using an external Java client for remote communication.

  • embedded

Contained in the php72w-embedded package, this SAPI allows embedding PHP in other applications. It’s library is located at /usr/lib[64]/libphp7.so

  • cgi, fastcgi

Contained in the php72w-cli package, these SAPIs are not recommended for use, but are available where needed. They both exist in the binary at /usr/bin/php-cgi.

  • mod_php TS

(thread safety) Contained in the mod_php72w package, this SAPI integrates into Apache Httpd (2.4.* on RHEL/CentOS 7). It is the standard SAPI for use with httpd worker mpm. It’s supposed to be thread-safe, but can’t guarantee to be, and certainly not under additional PHP extensions. It’s better to use FastCGI SAPIs than this one. It’s located at /usr/lib[64]/httpd/modules/libphp7-zts.so

Packages

Package Provides
mod_php72w php72w, mod_php, php72w-zts
php72w-bcmath
php72w-cli php-cgi, php-pcntl, php-readline
php72w-common php-api, php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif, php-fileinfo, php-filter, php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-json, php-libxml, php-openssl, php-pcre, php-pecl-Fileinfo, php-pecl-phar, php-pecl-zip, php-reflection, php-session, php-shmop, php-simplexml, php-sockets, php-spl, php-tokenizer, php-zend-abi, php-zip, php-zlib
php72w-dba
php72w-devel
php72w-embedded php-embedded-devel
php72w-enchant
php72w-fpm
php72w-gd
php72w-imap
php72w-interbase php_database, php-firebird
php72w-intl
php72w-ldap
php72w-mbstring
php72w-mysql php-mysqli, php_database
php72w-mysqlnd php-mysqli, php_database
php72w-odbc php-pdo_odbc, php_database
php72w-opcache php72w-pecl-zendopcache
php72w-pdo php72w-pdo_sqlite, php72w-sqlite3
php72w-pdo_dblib php72w-mssql
php72w-pear
php72w-pecl-apcu
php72w-pecl-imagick
php72w-pecl-mongodb
php72w-pgsql php-pdo_pgsql, php_database
php72w-phpdbg
php72w-process php-posix, php-sysvmsg, php-sysvsem, php-sysvshm
php72w-pspell
php72w-recode
php72w-snmp
php72w-soap
php72w-tidy
php72w-xml php-dom, php-domxml, php-wddx, php-xsl
php72w-xmlrpc

Argon2 in password_hash functions not yet supported

RHEL/CentOS 7.3 and EPEL repositories do not yet have a libargon2 package for use with the password_hash functions. Therefore this hashing algorithm is not yet available, and bcrypt will remain the default.

Mcrypt no longer provided

The Mcrypt php extension used a long abandoned libmcrypt library, which means it could have security issues. PHP.net has decided to therefore move the extension from the core release to pecl.php.net.

Currently Webtatic isn’t planning to build the pecl release of the mcrypt extension.

It is recommended instead to use an alternative openssl or libsodium implementation.

There are polyfill PHP composer libraries available that attempt to provide drop-in mcrypt function bindings for these alternative implementations:

https://packagist.org/search/?q=mcrypt

The phpseclib/mcrypt_compat implementation may be the best of these.

Opcode Caches

The PHP distribution now comes with an opcode cache. This is the Zend Optimizer+ opcode cache, now known as the Zend OPcache extension. This extension is optional, so does not preclude you from using an alternate one.

Due to it being included in the PHP source distribution, it will be well maintained and more suitable for use while other Opcode cache’s are being updated over the coming months.

yum install php70w-opcache

error_reporting E_ALL includes E_STRICT

As mentioned in the PHP 5.4 guide:

You may get a lot more errors coming out of your error logs if by default your error_reporting is set to E_ALL now without explicitly turning off E_STRICT. The default php.ini that comes with the PHP package turns this off by default, but if you are upgrading from an existing installation, your php.ini may not be updated, meaning this will likely be turned on.