Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Magento 2.3.2 (or higher) requires libsodium 1.0.13 #193

Closed
shochdoerfer opened this issue Nov 23, 2019 · 6 comments
Closed

Magento 2.3.2 (or higher) requires libsodium 1.0.13 #193

shochdoerfer opened this issue Nov 23, 2019 · 6 comments
Assignees
@markshust
Labels
task

Comments

@shochdoerfer
Copy link
Contributor

Magento 2.3.2 (or higher) requires a newer version of libsodium as it is shipped with Debian Stretch. Version 1.0.11 which is shipped with Debian Stretch is lacking the constant SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 which Magento is looking for. Upgrading to Debian Buster should fix this as Buster ships with libsodium 1.0.17.
@markshust
Copy link
Owner

Thanks for this. I'm going to look into Buster again, I had a few issues with it in the past but we eventually need to upgrade it.

@markshust
Copy link
Owner

I don't believe Magento 2.3.2+ requires the SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 constant:

    /**
     * Gets latest hash algorithm version.
     *
     * @return int
     */
    public function getLatestHashVersion(): int
    {
        if (extension_loaded('sodium') && defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
            return self::HASH_VERSION_ARGON2ID13;
        }

        return self::HASH_VERSION_SHA256;
    }

You can see that it does fallback to HASH_VERSION_SHA256. This isn't ideal though, so I'm going to leave this ticket open until it is resolved.

I started working on some new images a while back which contain a lot of updates, but my focus was on the training material. I'll try to loop back to these updated images very soon as I definitely want this and many other updates released soon :)

@markshust markshust self-assigned this Dec 24, 2019
@shochdoerfer
Copy link
Contributor Author

Correct, it's not a strict requirement. I think my issue was that the database dump I used was done on a 7.3 installation with the sodium extension. That seems to lead to a side effect when changing a users password e.g. via magerun.

Need help getting the updated images out? Awesome training material btw :)

@markshust
Copy link
Owner

Yep, that will definitely do it. I'm adding a task label to this ticket. Thank you :)

I'm hoping to work on this in the next release. I'll try to keep this a minor update, remember having some issues with Buster before though.

@markshust markshust added the task label Dec 30, 2019
markshust added a commit that referenced this issue Jan 1, 2020
@markshust
Switch PHP base from stretch to buster, support for libsodium 1.0.17 #…
ef2a2af 
…193
@markshust
Copy link
Owner

All fixed with the new 27.0.0 docker compose setup https://github.com/markshust/docker-magento/blob/master/CHANGELOG.md#2700---2020-01-01

@shochdoerfer
Copy link
Contributor Author

@markshust awsome! Thanks for taking care of this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@markshust markshust

Labels
task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markshust @shochdoerfer