howto - php composer - File(/etc/pki/tls/certs) is not within the allowed path(s) - on arch linux
Since a few days (or weeks?), I discovered the following issue on one of my Arch Linux system.
Whenever I try to use PHP's composer, I got the following issue:
[ErrorException]
is_dir(): open_basedir restriction in effect. File(/etc/pki/tls/certs) is not within the allowed path(s): (/srv/http/ [...]
Well, it didn't hurt that much since I am using (like every cool webkiddy is doing) docker or vagrant for my development. But this time, I needed to solve it since it is a customer edge case - so I solved it.
The how to I will show you is not the perfect way. I had two things in mind, try to minimize the place I have to adapt the php.ini. And try to keep the system as normal as possible. Until now, I can not estimate the security holes I opened with this setting. I will let you know if this how to turns out to be a "don't try this at home" thing.
So, what have I done?
First of all, I asked curl to tell me where it is looking for certificates by executing:
curl-config --ca
#output: /etc/ssl/certs/ca-certificates.crt
After that I had a look what this path is:
ls -halt /etc/ssl/certs/ca-certificates.crt
#output: [...] /etc/ssl/certs/ca-certificates.crt -> ../../ca-certificates/extracted/tls-ca-bundle.pem
So, with that knowledge it turned out that the following steps are reflecting my requirements mention above.
sudo mkdir -p /etc/pki/tls/certs
sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-certificates.crt
sudo vi /etc/php/php.ini
#add following lines to "open_basedir" configuration section
# :/etc/pki/tls/certs:/etc/ssl/certs
And that is it, composer should now be back in business.