PHP 7.1 (currently in RC3) deprecates mcrypt_* functions, possibly for removal as early as 7.2:
https://wiki.php.net/rfc/mcrypt-viking-funeral
Nut and server logs get very noisy as a result:
PHP Deprecated: Function mcrypt_module_close() is deprecated in [snip]/vendor/ircmaxell/random-lib/lib/RandomLib/AbstractMcryptMixer.php on line 86
PHP Stack trace:
PHP 1. {main}() [snip]/vendor/bolt/bolt/app/nut:0
PHP 2. Symfony\Component\Console\Application->run() [snip]/vendor/bolt/bolt/app/nut:18
PHP 3. Symfony\Component\Console\Application->doRun() [snip]/vendor/symfony/console/Application.php:124
PHP 4. Symfony\Component\Console\Application->doRunCommand() [snip]/vendor/symfony/console/Application.php:193
PHP 5. Symfony\Component\Console\Command\Command->run() [snip]/vendor/symfony/console/Application.php:849
PHP 6. Bolt\Nut\BaseCommand->initialize() [snip]/vendor/symfony/console/Command/Command.php:231
PHP 7. Silex\Application->boot() [snip]/vendor/bolt/bolt/src/Nut/BaseCommand.php:34
PHP 8. Bolt\Provider\SessionServiceProvider->boot() [snip]/vendor/silex/silex/src/Silex/Application.php:197
PHP 9. Pimple->offsetGet() [snip]/vendor/bolt/bolt/src/Provider/SessionServiceProvider.php:99
PHP 10. Pimple::{closure:[snip]/vendor/pimple/pimple/lib/Pimple.php:122-130}() [snip]/vendor/pimple/pimple/lib/Pimple.php:83
PHP 11. Bolt\Provider\SessionServiceProvider->Bolt\Provider\{closure}() [snip]/vendor/pimple/pimple/lib/Pimple.php:126
PHP 12. Pimple->offsetGet() [snip]/vendor/bolt/bolt/src/Provider/SessionServiceProvider.php:61
PHP 13. Pimple::{closure:[snip]/vendor/pimple/pimple/lib/Pimple.php:122-130}() [snip]/vendor/pimple/pimple/lib/Pimple.php:83
PHP 14. Bolt\Provider\SessionServiceProvider->Bolt\Provider\{closure}() [snip]/vendor/pimple/pimple/lib/Pimple.php:126
PHP 15. Pimple->offsetGet() [snip]/vendor/bolt/bolt/src/Provider/SessionServiceProvider.php:37
PHP 16. Pimple::{closure:[snip]/vendor/pimple/pimple/lib/Pimple.php:122-130}() [snip]/vendor/pimple/pimple/lib/Pimple.php:83
PHP 17. Bolt\Provider\SessionServiceProvider->Bolt\Provider\{closure}() [snip]/vendor/pimple/pimple/lib/Pimple.php:126
PHP 18. Pimple->offsetGet() [snip]/vendor/bolt/bolt/src/Provider/SessionServiceProvider.php:53
PHP 19. Pimple::{closure:[snip]/vendor/pimple/pimple/lib/Pimple.php:122-130}() [snip]/vendor/pimple/pimple/lib/Pimple.php:83
PHP 20. Bolt\Provider\SessionServiceProvider->Bolt\Provider\{closure}() [snip]/vendor/pimple/pimple/lib/Pimple.php:126
PHP 21. Pimple->offsetGet() [snip]/vendor/bolt/bolt/src/Provider/SessionServiceProvider.php:71
PHP 22. Pimple::{closure:[snip]/vendor/pimple/pimple/lib/Pimple.php:122-130}() [snip]/vendor/pimple/pimple/lib/Pimple.php:83
PHP 23. Bolt\Provider\RandomGeneratorServiceProvider->Bolt\Provider\{closure}() [snip]/vendor/pimple/pimple/lib/Pimple.php:126
PHP 24. RandomLib\Factory->getGenerator() [snip]/vendor/bolt/bolt/src/Provider/RandomGeneratorServiceProvider.php:18
PHP 25. RandomLib\Factory->findMixer() [snip]/vendor/ircmaxell/random-lib/lib/RandomLib/Factory.php:78
PHP 26. RandomLib\AbstractMcryptMixer->__destruct() [snip]/vendor/ircmaxell/random-lib/lib/RandomLib/Factory.php:243
Do we see any blockers in switching to random_bytes() (we already include the polyfill for PHP 5)?
Whatever works is fine with me. 👍
For all I care we have an underpaid intern roll a dice, every time we need a random number.
Additionally, if we switch to random_bytes(), will we also get rid of this issue that people (mainly on shared hosts) keep bumping into?
ContextErrorException in URandom.php line 57:
Warning: file_exists(): open_basedir restriction in effect. File(/dev/urandom) is not within the allowed path(s): (/home/sites/site85/)
Depends: http://php.net/manual/en/function.random-bytes.php
The sources of randomness used for this function are as follows:
On Windows, » CryptGenRandom() will always be used.
On Linux, the » getrandom(2) syscall will be used if available.
On other platforms, /dev/urandom will be used.
If none of the aforementioned sources are available, then an Exception will be thrown.
This is resolved by #6083, right?
Actually by #6021 … #6083 just removes the require. So yes, closing :smile:
Most helpful comment
Whatever works is fine with me. 👍
For all I care we have an underpaid intern roll a dice, every time we need a random number.