Bill Daniels's picture

Hello All,

Could someone point me in the right direction of how to upgrade the PHP version on my magento 2 AWS image installation? I am currenlty on 7.0.33 and need to upgrade to 7.3 so I can upgrade my magento installation.

Thank you

 

Forum: 
Jeremy Davis's picture

To update PHP to a newer version, please install from deb.sury.org. As a general rule, we don't encourage users to install from random 3rd party repositories. However, in this case we make an exception as Ondrej Sury is a well known and respected Debian (and Ubuntu) developer who is a lead member of the PHP packaging team. So he's trustworthy and knows what he's doing...

Another kind TurnKey community member has posted a tutorial on how to update PHP. It's specifically for the vanilla LAMP appliance and talks a little about WordPress, but all PHP applications on TurnKey (including WordPress and Magento) run on a LAMP base. So those instructions should work for you too.

If you have any troubles, I suggest replying to that thread.

Bill Daniels's picture

I have upgrade php version(7.0.33 to 7.2.25).

Now my magento is not working as i am getting an error that is "Warning: Use of undefined constant MCRYPT_BLOWFISH - assumed 'MCRYPT_BLOWFISH' (this will throw an Error in a future version of PHP) in /var/www/magento/lib/intern
  al/Magento/Framework/Encryption/Encryptor.php on line 397" 

Therefore i tried to install MCRYPT library using PECL. I followed below step to install mcrypt

 sudo apt-get -y install gcc make autoconf libc-dev pkg-config
 sudo apt-get -y install libmcrypt-dev
 sudo pecl install mcrypt-1.0.1
sudo bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/cli/conf.d/mcrypt.ini"
sudo bash -c "echo extension=/usr/lib/php/20170718/mcrypt.so > /etc/php/7.2/apache2/conf.d/mcrypt.ini"

Now i am getting some differe issue. That is "PHP Warning:  PHP Startup: Unable to load dynamic library 'mcrypt.so' (tried: /usr/lib/php/20170718/mcrypt.so (/usr/lib/php/20170718/mcrypt.so: cannot open shared object file: No such file or directory), /usr/lib/php/20170718/mcrypt.so.so (/usr/lib/php/20170718/mcrypt.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0"

Jeremy Davis's picture

So there is no longer an officially sanctioned php-mcrypt package for newer versions of PHP. Which is why you can't find a package for it. It's also perhaps worth noting, that my research suggests that Magento 2.2, prior to 2.2.10 is NOT completely compatible with PHP 7.2. Although TBH, I'm not sure what issues other than mcrypt you might hit running Magento 2.2.x (prior to 2.2.10) on PHP 7.2.

So of the top of my head, I can see 3 possible paths forward:

  1. Install php-mycrypt via pecl (as you're attempting - and I could assist you with if you choose to go that path).
  2. Ensure you have Magento 2.2.10; or upgrade to Magento 2.3.
  3. Downgrade PHP to 7.1. Note: please see my post below on why this is NOT advised.

Re #1 (your question/issue), my guess is that something went wrong with the pecl install. Or perhaps the shared object file (i.e. '.so') is just not where you've told PHP to look for it? You could try to find the actual location of that file (assuming that it did build successfully) like this:

find /usr -type f -name mcrypt.so

If it exists, that should find it (and display the path). If you get any permissions errors, retry prefixing 'sudo' (you shouldn't need to, but perhaps?).

Although, unless you have updated to at least Magento 2.2.10, my guess is that you'll likely encounter more Magento issues if you persist with PHP 7.2.

So IMO the first step would be to either ensure that you at least have Magento 2.2.10 (or newer). Or install PHP 7.1 instead. If you go with PHP 7.1, you can install the PHP mcrypt module like this:

apt install php7.1-mcrypt

Note though that you will still get deprecation warnings about use of mcrypt, but they should not affect functionality (although will possibly spam your logs). (Also please see my post below on why use of PHP 7.1 is NOT advised.)

There is also another possibility (which I admit, I'm not 100% sure on) and that's to use the php mcrypt_compat shim. Unfortunately, I'm not completely sure if that would work with Magento though?

Finally, please also note that my research suggests that the reason for the php-mcrypt deprecation and removal from the "standard" php modules was because it has some cryptographic/security flaws. So whilst it is currently available via pecl, it will most likely be removed from there too at some point in the not too distant future. So whatever you do now (other than upgrading to a newer Magento version that doesn't require mycrypt), you'll likely need to revisit this in the not too distant future.

I hope my research is of value. Good luck and please post back if you need more of a hand. Regardless of what you do, I'd love to hear what path you take and what the result is, so please post back when you get a chance.

Jeremy Davis's picture

As soon as I posted, I just noticed part of the new error message you are getting which suggests a misconfiguration, namely this bit:

[...] /usr/lib/php/20170718/mcrypt.so.so (/usr/lib/php/20170718/mcrypt.so.so: cannot open shared object file: No such file or directory)

That bit suggests that at some point you may have inadvertently tried to enable /usr/lib/php/20170718/mcrypt.so.so (notice the double '.so.so' at the end of the path). To find exactly which file has that incorrect bit, try this:

grep -rn mcrypt.so.so /etc/php

That should return a colon separate result, structured like this (spaces added to try to make it more obvious):

/path/to/file : line_number : line_from_file_that_matches_search_term

So assuming the file is /etc/php/7.2/apache2/conf.d/mcrypt.ini and line 30 is "extension=/usr/lib/php/20170718/mcrypt.so.so", then your result should look something like this:

/etc/php/7.2/apache2/conf.d/mcrypt.ini:30:extension=/usr/lib/php/20170718/mcrypt.so.so
Jeremy Davis's picture

It just occurred to me that I overlooked an important point WRT PHP 7.1 in my previous posts. I'll edit my previous posts to include this info, but wanted to ensure that this point wasn't overlooked so have posted as a separate comment as well.

Whilst it should be possible to downgrade PHP to 7.1 and that would likely be a viable workaround to your current issue, there is good reason NOT to do that!

Considering that PHP 7.1 is EOL (end of life) upstream (i.e. PHP no longer maintain it) and it doesn't come from the Debian repos (so no Debian Security/LTS team maintenance and/or updates) there is no guarantee of timely updates. Ondej Sury is a reputable third party source of PHP packages for Debian. However, he has noted that whilst he plans to continue supporting older versions of PHP as long as possible, he's made no promise to do that indefinitely. So it's possible that support may just stop at any time and unless you are using one of the supported versions (e.g. currently 7.3+) really there is no way to be sure whether the current packages are secure or not! AFAIK at the time of writing they are; but seeing as it's EOL, any future security updates would need to be backported which requires much more energy than simply rebuilding a package of the latest version. As such, downgrading PHP to v7.1 is NOT an advisable path to take.

Add new comment