docker-php-ext-install fails for Debian Trixie image (php:8.4-fpm) #1627
Description
docker-php-ext-install has been failing ever since the default 8.4-fpm image (ie, no -bookworm suffix) transitioned to debian-Trixie. Example within the container:
root@650e0f7d9350:/var/www/html# docker-php-ext-install gd
xz: Failed to enable the sandbox
tar: Child returned status 1
tar: Error is not recoverable: exiting now
So, the problem is with either xz or how the image has been built. I can drop back and use php:8.4-fpm-bookworm but obviously that is going to keep my images out of date, so that's not sustainable long term.
Invoking directly xz against an .xz file confirms that’s where the problem is. I have not found a way that can disable the sandbox for the xz command. Allegedly setting the environment variable as XZ_DEFAULTS="--no-auto-sandbox should disable it, but no luck with this. example:
root@88b5e7a01b30:~# env XZ_DEFAULTS="--no-auto-sandbox" xz --no-auto-sandbox /usr/src/php.tar.xz
xz: Failed to enable the sandbox
So, with all that said, I’m unsure how to disable the sandbox for xz or if there’s a way to tell docker-php-ext-install to pull from a location that has the extensions built using a different compression mechanism.
(yes, i’ve tried this against multiple PHP extensions with no change: gd, exit, zip, bcmath, etc – all are compressed with xz, and therefore fail)
I've also tried running the container with (elsewhere suggested):
docker run --rm --name foo \
--security-opt seccomp=unconfined \
--security-opt apparmor=unconfined \
-e XZ_DEFAULTS="--no-exec-check" \
-it debian:trixie \
sh -c "apt update && apt install -y xz-utils && xz"
with no luck there, either.
Is anyone using the PHP image based on Trixie with PHP extensions? I can't be the only one attempting to needing to add PHP extensions to the base image. Thank you