$ apt-cache show php-luasandbox Package: php-luasandbox Version: 2.0.14~stretch1 Architecture: amd64 Maintainer: Tim Starling <tstarling@wikimedia.org> Installed-Size: 105 Depends: php5 | php5-cli, libc6 (>= 2.14), liblua5.1-0, phpapi- Homepage: https://www.mediawiki.org/wiki/Extension:Scribunto Priority: optional Section: web Filename: pool/main/p/php-luasandbox/php-luasandbox_2.0.14~stretch1_amd64.deb Size: 31130 SHA256: 3ad539fb71e2fb815d5cc658b1ab3a1ecdfa485e68312996d26f18b623fdbd63 SHA1: a34c33b197cd9d1dd5d0d295a2c81b9e3d060a53 MD5sum: 647c8e460583f2c651076805e6b70a7a Description: Lua extension for PHP A PHP extension providing a sandboxed Lua environment which can be used to run untrusted code. Description-md5: 79a1e52ec140a8c622026655cfd16712
Stretch does not include php5 packages, so this is uninstallable. It looks like the package was built for Stretch to provide hhvm-luasandbox and was not updated to correctly build the Zend package.
For MediaWiki-Vagrant, a workaround is to use the php-luasandbox package from stretch-backports via pinning. This probably isn't the best long term solution though as the proper package will eventually be needed for Wikimedia production. Unless of course we are going to drop our local package in favor of the upstream package maintained by @Legoktm.