Add install requirement that open_basedir = Off since 8.x currently doesn't support it

Please keep support and resolve the bug. Many hosting providers and IT departments insist on open_basedir being on, regardless of whether it provides any real security. It is not deprecated in current php versions.

Hosting providers may be able to be persuaded to turn it off, or we can choose a different provider. But in the case of in-house IT departments, we will have to tell the client project lead that we cannot use Drupal 8, because according to their IT department it requires an "insecure" php configuration. There is generally no arguing with IT. Ouch.

resolving "the bug" is not a straightforward task. repeating from #1959062-18: Check safe_mode = Off requirement early:

testing that glob() has not returned FALSE in InstallStorage->getComponentNames() prevents that exception. that looks like a PHP bug - https://bugs.php.net/bug.php?id=47358

instead, the installation fails in "Verify requirements" (core/install.php?langcode=en&profile=standard) with the message

The service definition "request" does not exist.

additionally, a number of contributed libraries are at least potentially vulnerable to that PHP bug, and we can't fix their code directly if that turns out to be a problem.

Closed #2032907: OPEN_BASEDIR set causes drupal 8 install fail as duplicate of this. And since this stops install of D8, I think we should raise priority to get some attention.

Been referred here from https://drupal.org/node/2030407. Getting the following error:

Warning: Invalid argument supplied for foreach() in Drupal\Core\Config\InstallStorage->getComponentNames() (line 138 of core/lib/Drupal/Core/Config/InstallStorage.php

Would it be better to merge the above thread into this one or vice versa to keep it to just one thread?

So is there a quick fix for this bug? How could I install the current dev version of drupal 8 while facing this critical bug?

Thanks!

Set "open_basedir" to off in your php.ini file.

Surely the solution of having to changes a system's default php setup to allow drupal 8 installation isn't a fix.

Is this is not a case of it just not being fixed yet or come first official release are we all going to be confronted with this issue?

I'm somewhat confused as to whether this is a bug or a general way of working with 8.

Tried for a few months now to install 8 dev and it just fails.

Many thanks for any replies.

@patrickd - thank you for taking the time to clarify what's happening.

So who is deciding if this is to be supported? Is it the community or a specific set of individuals? I'd really like to test 8 out along with some of the pre existing modules to report bugs etc.

Thanks again

This might not be getting much attention because it may be filed under the wrong component. It seems obvious that it is a 'base system' problem but it could be interpreted in other ways. An extreme would be to file it as a security issue, ie, supporting 'open_basedir' could raise security issues. But since it prevents install we might get more attention by filing it there. The only other thing would be to assign it to one of the maintainers, but I'm not sure of what the etiquette is for that.

Thank you for the advice, I have 8 running nicely now, so can help testing new modules out.

Come to the forefront mr decision maker and give this a little attention :)

Please, take a look at "Warning: Invalid argument supplied for foreach() in Drupal\Core\Config\InstallStorage->getComponentNames()".

Don't touch versions

I just wanted to add that I don't think the stated exception (see comment #15) is actually realated to an open_basedir setting at all.

I'm getting that exact same error (see below) and my open_basedir is currently set to no value.

Additional uncaught exception thrown while handling exception.

Original
Drupal\Core\Config\StorageException: Missing configuration file: system.theme.global in Drupal\Core\Config\InstallStorage->getFilePath() (line 54 of /Users/jlampton/Sites/_drupal/drupal-8.x-dev/core/lib/Drupal/Core/Config/InstallStorage.php).

Additional
Drupal\Core\Config\StorageException: Missing configuration file: system.site in Drupal\Core\Config\InstallStorage->getFilePath() (line 54 of /Users/jlampton/Sites/_drupal/drupal-8.x-dev/core/lib/Drupal/Core/Config/InstallStorage.php).

I am still looking for a solution to my problem, but I don't think it's this.

The patch provided in comment #19 in the other issue did not prevent these errors.

If yours isn't an open_basedir problem, shouldn't it be a separate issue? Though the relevant discussion in #1959062: Check safe_mode = Off requirement early(comments 12-28) certainly would add to this issue.

@jenlampton - my open_basedir was disabled / commented out in php.ini and I was getting the error. I then set it specifically to 'off' and the error went away. So it is somehow related i think.

I try to install Drupal 8.0-alpha3. I get a few error messages "Warning: Invalid argument supplied for foreach() in /var/www/web437/html/antonin-journal/core/lib/Drupal/Core/Config/InstallStorage.php on line 138".
See: http://journal.slejska.de/
PHP configuration: http://journal.slejska.de/info.php

I use a shared hosting with limited possibilities to edit php.ini. So, I can not change settings for "open_basedir". Is there some solution?

I think dropping support for open_basedir is not a solution. D8 will lose a lot of users then, because many hosting providers force open_basedir to be enabled. Furthermore, the default open_basedir value is NULL (http://php.net/manual/de/ini.core.php), that means it's not really set to 'off'. As in #17 mentioned, this setting has to be explicitly set to off in the .ini configuration file to get rid of the errors described here. Many users are gonna declare report this as a bug when they see these errors on the first installation screen on their 'fresh' environment.

Given comments about users who don't have access to php.ini to disable open_basedir not being able to install drupal 8 this is most definitely a critical error. If users can't install the system, it doesn't get anymore problematic than that.

I'd be fine with an explicit hook_requirement() for the installer so it's clear that we don't support it at the moment - that would hopefully help to stop some of the confusion about what the bug is. We could then open a separate issue to add support back and/or look at exactly how much of an issue this is with shared hosting providers.

Yes sorry installer requirement rather than hook_requirements().

#21 sounds good for me, giving users of the current d8 build the info that they need to disable it and the developers the time to discuss about / fix the open_basedir issue.

Opened #2110863: Support open_basedir.

Re-titling. This should be doable by a new contributor so adding tag.

Patch as requested; feedback welcome :)

As far as I can tell, the patch works. But does anyone know why Drupal 8 doesn't support open_basedir ? Is this a deliberate decision for some reason ?

Symfony2 (the full framework) certainly does support it and is often installed to make use of open_basedir, with a minimal web root folder, and all the source & library files in the parent folder. I have at least a dozen Symfony2 sites built that way.

@cpj, see #2110863: Support open_basedir. It's not a deliberate decision, it was just broken at some point, but this issue has resulted in several confusing bug reports when people can't get past the installer when trying Drupal 8, so better to explicitly fail then add the support back later. #2 has an explanation of the actual bug here.

+++ b/core/install.php
@@ -36,6 +36,12 @@
+  print 'Your PHP installation has open_basedir enabled. Drupal currently requires the open_basedir option to be turned off. See the <a href="http://www.php.net/manual/en/ini.core.php#ini.open-basedir">PHP manual</a> for details of how to do this. This issue is currently <a href="https://drupal.org/node/2110863">under discussion at drupal.org</a>.'; ¶

white space.

Fixed whitespace at EOL.

I think this is fine, I won't commit this - could use a second opinion on the strategy. Reminder that #2110863: Support open_basedir is open to fix the bug, this is a stop gap to prevent confusing duplicate bug reports.

Committed 1ce62e0 and pushed to 8.x. Thanks!

This approach seems reasonable stop gap.

I am trying Drupal 8 alpha 7 on a shared hosting company (where I can not request open_basedir to be turned off) and the error still persists :

"Your PHP installation has open_basedir enabled. Drupal currently requires the open_basedir option to be turned off. See the --PHP manual-- for details of how to do this. This issue is currently --under discussion at drupal.org--."

http://www.php.net/manual/en/ini.core.php#ini.open-basedir
https://drupal.org/node/2110863

That's the exact message you should get. See #2110863: Support open_basedir for removing it.

Getting an error message is not a solution, make Drupal 8 install and the result site works is a solution, so I think this bug report should be kept opened until a solution is really found or built.

@valdir.marcos this issue was about adding a meaningful error message and making open_basedir formally unsupported. The issue Catch referred to where efforts are taking place to add support for open_basedir, so this issues is correctly closed as it fixes what it was attempting too.

@marcingy, thanks for the information.