Use PHP_INI_SCAN_DIR to more reliably inject into PHP (e.g. in Docker)

pimterry · pimterry · commit 8d3058b8c967 · 2022-07-07T19:57:27.000+02:00
With this in place, ddev works (using nginx + php-fpm) as does the
php:apache official image.
diff --git a/overrides/path/php b/overrides/path/php
@@ -6,14 +6,22 @@ PATH="${PATH//`dirname "$0"`:/}"
 real_php=`command -v php`
 PATH="`dirname "$0"`:$PATH"
 
+# Strip out our PHP_INI_SCAN_DIR - if this file has been run succesfully, then it's not necessary,
+# and it can cause problems (since it overrides any default scan directories configured)
+export PHP_INI_SCAN_DIR="${PHP_INI_SCAN_DIR//:`echo $HTTP_TOOLKIT_OVERRIDE_PATH/php`/}"
+export PHP_INI_SCAN_DIR="${PHP_INI_SCAN_DIR//`echo $HTTP_TOOLKIT_OVERRIDE_PATH/php`/}"
+if [ -z "$PHP_INI_SCAN_DIR" ]; then
+    unset PHP_INI_SCAN_DIR
+fi
+
 # Call PHP with the given arguments, and a few extra
 PHP_ARGS=(
     # Make OpenSSL trust us
     -d "openssl.cafile=$SSL_CERT_FILE" \
     # Make cURL trust us
     -d "curl.cainfo=$SSL_CERT_FILE" \
     # Prepend a script that enables the proxy
-    -d "auto_prepend_file=`dirname "$0"`/prepend.php" \
+    -d "auto_prepend_file=`dirname "$0"`/../php/prepend.php" \
     # Pass through all other provided arguments
     "$@"
 )
diff --git a/overrides/path/php.bat b/overrides/path/php.bat
@@ -16,5 +16,9 @@ FOR /F "tokens=*" %%g IN ('where php') do (SET REAL_PHP=%%g)
 REM Reset PATH, so its visible to php & subprocesses
 set PATH=%ORIGINALPATH%
 
+REM Reset PHP_INI_SCAN_DIR, removing our override path
+call set PHP_INI_SCAN_DIR=%%PHP_INI_SCAN_DIR:%HTTP_TOOLKIT_OVERRIDE_PATH%\php;=%%
+call set PHP_INI_SCAN_DIR=%%PHP_INI_SCAN_DIR:%HTTP_TOOLKIT_OVERRIDE_PATH%\php=%%
+
 REM Start PHP for real, with extra args to override certain configs
-"%REAL_PHP%" -d "openssl.cafile=%SSL_CERT_FILE%" -d "curl.cainfo=%SSL_CERT_FILE%" -d "auto_prepend_file=%WRAPPER_FOLDER%\prepend.php" %*
+"%REAL_PHP%" -d "openssl.cafile=%SSL_CERT_FILE%" -d "curl.cainfo=%SSL_CERT_FILE%" -d "auto_prepend_file=%WRAPPER_FOLDER%\..\php\prepend.php" %*
diff --git a/overrides/php/php-httptoolkit-override.ini b/overrides/php/php-httptoolkit-override.ini
@@ -0,0 +1,22 @@
+# Make OpenSSL trust us
+openssl.cafile=${SSL_CERT_FILE}
+# Make cURL trust us
+curl.cainfo=${SSL_CERT_FILE}
+# Prepend a script that enables the proxy
+auto_prepend_file=${HTTP_TOOLKIT_OVERRIDE_PATH}/php/prepend.php
+
+# Intercepting PHP using this file via PHP_INI_SCAN_DIR isn't a perfect solution. It's better
+# to use the 'php' wrapper (overrides/path/php) which sets this configuration, because when
+# PHP_INI_SCAN_DIR is left blank it defaults to a system config directory, and overriding this
+# means that is not loaded.
+# Unfortunately, it's not always possible to inject the 'php' wrapper where we need it, due to
+# how PHP is often launched (managed by another process, not launched & injectable by HTTP Toolkit).
+# This is a fallback solution for that case that seems to work well in practice.
+
+# Where this doesn't work, you may be able to replace the relevant env vars above and place this
+# file directly into your PHP_INI_SCAN_DIR directory (run php --ini to find this).
+
+# (In future, we could consider more complicated fixes: e.g. a prepend script that launches a PHP
+# subprocess which runs with the default configuration, just explicitly overridden by CLI args.
+# That would have some performance implications, but probably nothing notable in dev. Not worthwhile
+# for now unless this causes serious problems though)
diff --git a/overrides/php/prepend.php b/overrides/php/prepend.php
diff --git a/src/interceptors/terminal/terminal-env-overrides.ts b/src/interceptors/terminal/terminal-env-overrides.ts
@@ -5,6 +5,7 @@ import { getDockerPipePath } from '../docker/docker-proxy';
 
 const BIN_OVERRIDE_DIR = 'path';
 const RUBY_OVERRIDE_DIR = 'gems';
+const PHP_OVERRIDE_DIR = 'php';
 const PYTHON_OVERRIDE_DIR = 'pythonpath';
 const NODE_PREPEND_SCRIPT = ['js', 'prepend-node.js'];
 const JAVA_AGENT_JAR = 'java-agent.jar';
@@ -61,6 +62,7 @@ export function getTerminalEnvVars(
 
     const rubyGemsPath = joinPath(overridePath, RUBY_OVERRIDE_DIR);
     const pythonPath = joinPath(overridePath, PYTHON_OVERRIDE_DIR);
+    const phpPath = joinPath(overridePath, PHP_OVERRIDE_DIR);
     const nodePrependScript = joinPath(overridePath, ...NODE_PREPEND_SCRIPT);
     const nodePrependOption = `--require ${
         // Avoid quoting except when necessary, because node 8 doesn't support quotes here
@@ -107,6 +109,8 @@ export function getTerminalEnvVars(
 
         // Flag used by subprocesses to check they're running in an intercepted env
         'HTTP_TOOLKIT_ACTIVE': 'true',
+        // Useful downstream to derive the raw paths elsewhere, e.g. in php.ini override config.
+        'HTTP_TOOLKIT_OVERRIDE_PATH': overridePath,
 
         // Prepend our bin overrides into $PATH
         'PATH': `${binPath}${pathVarSeparator}${
@@ -141,6 +145,12 @@ export function getTerminalEnvVars(
                 ? `${currentEnv.JAVA_TOOL_OPTIONS} ${javaAgentOption}`
             : javaAgentOption,
 
+        'PHP_INI_SCAN_DIR': runtimeInherit
+                ? `${runtimeInherit('PHP_INI_SCAN_DIR')}${pathVarSeparator}${phpPath}`
+            : currentEnv.PHP_INI_SCAN_DIR
+                ? `${currentEnv.PHP_INI_SCAN_DIR}${pathVarSeparator}${phpPath}`
+            : phpPath,
+
         // Run all Docker operations through our Docker-hooking proxy:
         'DOCKER_HOST': dockerHost,
         // For now, we don't support intercepting BuildKit builds - disable them:
