Skip to content

build(php-fpm): disable chroot to avoid build path issues#220

Closed
circleci-app[bot] wants to merge 3 commits intofix/composefrom
chunk/build-php-fpm-disable-chroot-avoid-issues-1771283485096
Closed

build(php-fpm): disable chroot to avoid build path issues#220
circleci-app[bot] wants to merge 3 commits intofix/composefrom
chunk/build-php-fpm-disable-chroot-avoid-issues-1771283485096

Conversation

@circleci-app
Copy link

@circleci-app circleci-app bot commented Feb 16, 2026

Prompt Given

Fix build-x86_64 (6697), with failed step Build and push x86_64

Summary

Comments out the chroot setting in PHP-FPM to prevent path resolution problems encountered during build steps.

Changes

  • Commented chroot = $prefix in etc/php-fpm.d/www.conf with an explanatory note.

Why

  • chroot caused relative paths to resolve inside the jail, leading to missing/incorrect paths during image/package builds.

Impact

  • PHP-FPM will no longer run in a chrooted environment; paths resolve against the standard filesystem during builds.
  • If production hardens via chroot, revisit this change or gate it by environment.

Give feedback on this PR

### Summary
Comments out the `chroot` setting in PHP-FPM to prevent path resolution problems encountered during build steps.

### Changes
- Commented `chroot = $prefix` in `etc/php-fpm.d/www.conf` with an explanatory note.

### Why
- `chroot` caused relative paths to resolve inside the jail, leading to missing/incorrect paths during image/package builds.

### Impact
- PHP-FPM will no longer run in a chrooted environment; paths resolve against the standard filesystem during builds.
- If production hardens via `chroot`, revisit this change or gate it by environment.
This change adds a CSRF whitelist for the `Pages.acceptCookies` action.

- Update `Config/routes.php` to pass a `whitelistCallback` to `CsrfProtectionMiddleware`.
- The callback returns `true` only when `controller === 'Pages'` and `action === 'acceptCookies'`.

Why:
- Requests to the cookie acceptance endpoint may not include a CSRF token, causing 403 errors.
- Whitelisting this specific action preserves CSRF protection elsewhere while allowing the consent flow to succeed.

Notes:
- Scope is tightly limited to a single controller/action pair.
- Verify that the route naming matches the intended endpoint.
@b23prodtm b23prodtm closed this Feb 17, 2026
@b23prodtm b23prodtm deleted the chunk/build-php-fpm-disable-chroot-avoid-issues-1771283485096 branch February 17, 2026 00:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments