Magento2: 2.3.2 installed and bin/magento setup:upgrade not working

Hi @pmsteil. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• [ ] Summary of the issue
• [ ] Information on your environment
• [ ] Steps to reproduce
• [ ] Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento give me 2.3-develop instance - upcoming 2.3.x release

For more details, please, review the Magento Contributor Assistant documentation.

@pmsteil do you confirm that you were able to reproduce the issue on vanilla Magento instance following steps to reproduce?

• [ ] yes
• [ ] no

• Join Magento Community Engineering Slack and ask your questions in #github channel.

@pmsteil: you'll probably need to install the sodium php extension

It's a bit annoying they haven't added it to the dependencies in the composer.json file.

This is also mentioned in the release notes:

Issue: The security enhancements that are part of Magento 2.3.2 require the installation of libsodium version 1.0.13 or higher. You will not be able to successfully install Magento Commerce 2.3.2 without first ensuring that your server runs version 1.0.13 or higher. See Libsodium releases for a description of the available releases and installation instructions.

But apparently it is possible to install Magento 2.3.2 without libsodium? 😛

@hostep thanks! Any clues as to how to install these two from the command line on macos/linux? Thanks!

I'm afraid you'll have to figure this out yourself as it depends on which package manager you are using.

I personally am using Macports on macOS as package manager, and over there that extension is available with the name php72-sodium or php73-sodium.

Ok. I am actually using docker if anyone can provide some help, it would be appreciated, thanks.

Probably something like:

FROM debian:stretch-slim

RUN apt-get update && \
    apt-get install --yes \
    apt-transport-https \
    lsb-release \
    ca-certificates \
    wget && \
    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \
    echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list && \
    apt-get update && \
    apt-get dist-upgrade --yes && \
    apt-get install --yes \
        php7.1-fpm \
        php-sodium

Demo:

$ docker run -it f928ee598772 /bin/bash
root@15bbb6fcd806:/# php -i | grep sodium
/etc/php/7.1/cli/conf.d/20-sodium.ini,
sodium
sodium support => enabled
sodium compiled version => 2.0.10
libsodium headers version => 1.0.16
libsodium library version => 1.0.17
root@15bbb6fcd806:/# php -a
Interactive mode enabled

php > echo SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13;
2

Takeaways:

• Its the underlying system library that's old
• Debian (Stretch nor afaik backports) doesn't package good versions
• Sury does (https://deb.sury.org/)

(Worked out in conjunction with MageMojo Fam ♥ your mileage may vary)

Hi @engcom-Charlie. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: :point_down:

• [ ] 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).
  Details

  If the issue has a valid description, the label Issue: Format is valid will be added to the issue automatically. Please, edit issue description if needed, until label Issue: Format is valid appears.

• [ ] 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add Issue: Clear Description label to the issue by yourself.

• [ ] 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• [ ] 4. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!
  

• [ ] 5. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• [ ] 6. Add label Issue: Confirmed once verification is complete.

• [ ] 7. Make sure that automatic system confirms that report has been added to the backlog.

Apparently if you disable the libsodium php extension, it will fallback on SHA-256 and won't break Magento.
In the Docker php-fpm image you can comment it out in _/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini_:
;extension=sodium.so

Hi guys

same issue but sodium is installed. Any ideas?

root@95c980598c59:/var/www/live# php -i | grep sodium
Configure Command => './configure' '--build=x86_64-linux-gnu' '--with-config-file-path=/usr/local/etc/php' '--with-config-file-scan-dir=/usr/local/etc/php/conf.d' '--enable-option-checking=fatal' '--with-mhash' '--enable-ftp' '--enable-mbstring' '--enable-mysqlnd' '--with-password-argon2' '--with-sodium=shared' '--with-curl' '--with-libedit' '--with-openssl' '--with-zlib' '--with-libdir=lib/x86_64-linux-gnu' '--enable-fpm' '--with-fpm-user=www-data' '--with-fpm-group=www-data' '--disable-cgi' 'build_alias=x86_64-linux-gnu'
/usr/local/etc/php/conf.d/docker-php-ext-sodium.ini,
sodium
sodium support => enabled
libsodium headers version => 1.0.11
libsodium library version => 1.0.11
root@95c980598c59:/var/www/live# php -a
Interactive shell

php > echo SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13;

Warning: Use of undefined constant SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 - assumed 'SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13' (this will throw an Error in a future version of PHP) in php shell code on line 1
SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13

@cows-magento: according to the release notes I quoted above, you need at least version 1.0.13 of libsodium. So that might be the problem here.

@matei: indeed, good point, didn't notice that before!

But the check they implemented in https://github.com/magento/magento2/blob/2.3.2/lib/internal/Magento/Framework/Encryption/Encryptor.php#L165-L167 should probably be changed so it also checks the libsodium version, or check if that constant SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 exists or not.

@cows-magento: according to the release notes I quoted above, you need at least version 1.0.13 of libsodium. So that might be the problem here.

@hostep I am running docker on latest php7.2.19 and it installs version 1.0.11 by default
https://github.com/docker-library/php/blob/a9f19e9df5f7a5b74d72a97439ca5b77b87faa35/7.2/stretch/fpm/Dockerfile

do you have any idea how to force an update by default?

The following docker snippet has worked for me:

USER root
RUN curl https://packages.sury.org/php/apt.gpg -o /etc/apt/trusted.gpg.d/php.gpg
RUN echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
RUN rm -rf /var/lib/apt/lists/* && apt-get update
RUN apt-get install --yes libsodium-dev
RUN docker-php-ext-install sodium

Hello @pmsteil ! Thank you for your report !
I've successfully upgraded my Vanilla Magento 2.3.1 to Magento 2.3.2 without errors.

Re-opening because @engcom-Charlie doesn't seem to be reading all the comments :)

@engcom-Charlie: try to run Magento 2.3.2 where php-sodium extension is installed but libsodium's version is < 1.0.13

Manual testing scenarios

• Have a docker-compose.yml with a DB container with a 2.3.1 database and a FPM container based on php:7.2.4-fpm
• On the FPM container , create a composer.json depending on Magento 2.3.2 (tested with magento/product-enterprise-edition but probably community has the same issue)
• Ensure you have an env.php file with appropriate configuration for connectivity to the DB container
• Run composer install
• Run bin/magento setup:upgrade

Expected result: Magento DB should upgrade correctly
Actual result: bin/magento fails with

 An abstract factory could not create an instance of magentosetupconsolecommandbackupcommand(alias: Magento\Setup\Console\Command\Back
  upCommand).


In ServiceManager.php line 941:

  An exception was raised while creating "Magento\Setup\Console\Command\BackupCommand"; no instance returned


In Di.php line 865:

  Missing instance/object for parameter maintenanceMode for Magento\Setup\Console\Command\BackupCommand::__construct


In ServiceManager.php line 1130:

  An abstract factory could not create an instance of magentoframeworkappmaintenancemode(alias: Magento\Framework\App\MaintenanceMode).


In ServiceManager.php line 941:

  An exception was raised while creating "Magento\Framework\App\MaintenanceMode"; no instance returned


In ErrorHandler.php line 61:

  Warning: Use of undefined constant SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13 - assumed 'SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13' (this will thr
  ow an Error in a future version of PHP) in /var/www/html/vendor/magento/framework/Encryption/Encryptor.php on line 153

I've prepared a PR, once 2.3-develop is updated with 2.3.2 I will submit it

:white_check_mark: Confirmed by @engcom-Charlie
Thank you for verifying the issue. Based on the provided information internal tickets MC-17799 were created

Issue Available: @engcom-Charlie, _You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself._

Note that there is a more "official" way to get the updated libsodium-dev package on debian.

Docker steps:

• Add the backports repo to source.list:

RUN echo "deb http://deb.debian.org/debian stretch-backports main" >> /etc/apt/sources.list

• Update the repo sources and install that package from the backports repo:

RUN apt-get update && apt-get -t stretch-backports install -y libsodium-dev

• Then install the sodium PHP extension:

RUN docker-php-ext-install sodium

UPDATE: I noticed there is an issue with the PHP 7.1 docker image not working with the above. In this case, you can also use PECL to install the PHP extension and enable it manually with:

RUN pecl install -f libsodium-1.0.17 \
  && echo "extension=sodium.so" > /usr/local/etc/php/conf.d/sodium.ini

Hello. I just extract Magento 2.3.2 to my web, expected could upgrade to 2.3.2 from 2.3.1
But when I hit php bin/magento setup:upgrade, it's not working.
Any ideas how to solve this issue?

Thanks

For CentOS 7 and PHP 7.1, make sure to also install distribution packages 'libsodium' and 'libsodium-devel' before running the PECL command.

hi @evs-xsarus thanks for help.
Yesterday I talk with my hosting support, and then they gave me a new command line for running script. I don't know if Magento script command was change for running setup upgrade and all command. And then, it works.
This is the reply from my hosting, May be it will work for anyone who search and face a problem like I did.

Hi there,
Instead of typing :

php scriptname

type:

/home/xxxxxxx/public_html/php scriptname

Please let us know if there is anything further we can do for you.

Best Regards

Note: xxxxxx is username your hosting. Example:
command: php bin/magento setup:upgrade
You have to type command: /home/myusername/public_html/php bin/magento setup:upgrade

It work for me. If still confuse, ask your hosting.

I had the following problem in a gitlab ci runner during deployment:

bin/magento setup:di:compile

  There are no commands defined in the "setup:di" namespace.  

These 3 lines solved my problem (thank you @markshust):

RUN echo "deb http://deb.debian.org/debian stretch-backports main" >> /etc/apt/sources.list 

RUN apt-get update && apt-get -t stretch-backports install -y \
  libsodium-dev

RUN pecl install -f libsodium-1.0.17

see also https://github.com/markshust/docker-magento/blob/master/images/php/7.2/Dockerfile#L33-L38

Cloud Users - You can use this patch on 2.3.2 to fix this issue without waiting on a support ticket.

diff --git a/vendor/magento/framework/Encryption/Encryptor.php b/vendor/magento/framework/Encryption/Encryptor.php
index 4bc1b2589362..4bb4bba9d11f 100644
--- a/vendor/magento/framework/Encryption/Encryptor.php
+++ b/vendor/magento/framework/Encryption/Encryptor.php
@@ -162,7 +162,7 @@ public function __construct(
      */
     public function getLatestHashVersion(): int
     {
-        if (extension_loaded('sodium')) {
+        if (extension_loaded('sodium') && defined('SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13')) {
             return self::HASH_VERSION_ARGON2ID13;
         }

Hi @pmsteil. Thank you for your report.
The issue has been fixed in magento/magento2#23866 by @matei in 2.3-develop branch
Related commit(s):

• 856d3e903ae807a005bbc3a82cae42d740eeccaf
• eea95a070aba7dc81c1b6d9d03933a4c4e352077

The fix will be available with the upcoming 2.3.3 release.

For those interested: none of the above solutions worked for me in my Docker setup. What eventually did work, was compiling libsodium manually:

RUN wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz
RUN tar xvzf LATEST.tar.gz
RUN cd libsodium-stable && \
    ./configure && \
    make && make check && \
    make install

RUN docker-php-ext-install sodium

Didn't try kanduvisla solution but this works for me with php 7.2

RUN curl -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz \
    && tar xfvz libsodium-1.0.18.tar.gz \
    && cd libsodium-1.0.18 \
    && ./configure \
    && make && make install \
    && pecl install -f libsodium

The multiple "already defined constant" warnings are related to paragonie/sodium_compat lib. It was reported and fixed as described there on #107.

It was fixed on paragonie's project on Nov 8, and published on the release 1.12.1.

Basically if you installed Magento 2 recently you may not have this problem regardless your libsodium version.

Going deeper

The paragonie includes those constants based on the existence of SODIUM_LIBRARY_VERSION_MAJOR constant, which was removed in earlier versions of libsodium (#misfortune). In newer versions, they've updated the constant to another one under vendor/paragonie/sodium_compat/autoload.php:50.

Quick fix

Update your paragonie/sodium_compat with composer update --ignore-platform-reqs paragonie/sodium_compat.