We are currently looking at starting more consistent updates on our servers and want to be running the most current packages that are considered stable as possible. We run mainly Centos 6 servers with a few Centos 5 servers that need to be rebuilt/replaced in the near future. One of the servers in particular we are looking to update needs MySQL 5.5 and PHP 5.5 for the application running on it. It currently has the base yum repo on a Centos 6 machine and we are looking at using remi and epel as additional repos for more current packages.
When evaluating the processes and procedures we want to start using for these updates, we are looking at doing REMI Repository installations or getting the source code or RPMs from the vendors to do the updates. A couple of the questions that were asked by our superiors were:
Are the RPMs signed?
Is any testing or validity of the installations packages done prior to the release?
We were able to answer the first one from the remi website documentation with a yes.
We are mainly in need of documentation answering the second question posed to us. We have searched for a while now and have not found anything answering this question to date, and from a search of the stackoverflow posts I have not seen anything along these lines either.
Any assistance in finding documentation with an answer would be greatly appreciated.
Software Collections repository (maintained by Red Hat) is probably what you want:
https://www.softwarecollections.org/en/scls/
It have all of PHP 5.5, MySQL and MariaDB 5.5. E.g. for php55 it says "Ready for production deployments.".
Related
According to the PHP documentation on unsupported branches
using [unsupported branches of PHP] may expose you to security vulnerabilities and bugs that have been fixed in more recent versions of PHP.
Debian 11, the current stable release, comes with PHP 7.4. which according to the PHP documentation on supported versions ceased being actively supported 6 months ago and will only be supported for security for another 5 months. I assume this means that in 5 months time, which seems like a short time in the life of a production web server, PHP 7.4 will be considered as unsupported by the official PHP organization.
What should I do in order to set up a Debian server for a secure production PHP website?
My current best idea is to set up Apache on Debian 11 and import an 'unofficial' repository from Ondřej Surý who seems to have a good reputation for producing reliable PHP packages. Then I should be able to install PHP 8 from his repository.
Another idea would be to use PHP 7.4 with Debian 11 now and upgrade to Debian 12 assuming it ships with PHP 8. That would presumably be the safest approach theoretically but in practice sounds like a lot of admin with scope for a lot of problems.
I have seen quite a lot of advice which strongly urges users not to install software from repositories that do not ship with the distro. This wiki from Debian is an example.
Are there more sensible alternatives? If so what are they? If not which of my ideas should I pursue?
We are running on php 5.4.44 with CentOS 6.7
I was reading some comments found here:
https://www.reddit.com/r/PHP/comments/2w7xok/does_anyone_know_where_i_can_find_a_chef_cookbook/
How could I go about installing php 5.6 on CentOS 6.7 using chef? I have not gotten into chef that much so I'm a bit lost, but I know php 5.4 will be reaching its end of life Or would it be recommended that we change to CentOS 7? I've been trying to research but I really can't find something.
I also read this:
Upgrading PHP on CentOS 6.5 (Final)
Is there any more information I have to post? Or am I asking the wrong question please let me know.
You need to do a few things:
Find a repo containing the PHP version you want, such as the IUS repos
Using Chef, add that repo to your server
Using Chef, set node['php']['packages'] to be the package names that are appropriate for that repo
Then call the chef php cookbook like usual
For example, when I do the steps above, to get to php55 from the default, I do:
default['php']['packages'] = %w(
php55u
php55u-devel
php55u-mcrypt
php55u-mbstring
php55u-gd
php55u-pear
php55u-pecl-memcache
php55u-gmp
php55u-mysqlnd
php55u-xml )
And then including the upstream/community php recipe. Your biggest challenge will be finding a package repo for PHP 5.6, I'd imagine. It looks like IUS only goes up to php 5.6, but webtatic has it.
You may encounter other issues if PHP 5.6 is extremely different in architecture, but that'll get you pretty far. It looks like upstream's php cookbook can also build from source, but I'd avoid that unless you absolutely need it.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'd like to install the 'pthreads' PHP extension on Ubuntu. I'm using Ubuntu 12.04.1 LTS. And I can upgrade if needed. I really don't want to compile anything from source. For example recompile PHP from source sounds like a horrible idea to me.
In my view, the best option is to install this extension with aptitude command. For example like aptitude install php5-mysql. Another good idea is to use pecl pecl install pthreads. But is does not work for me because of the following error:
checking checking for ZTS... configure: error: pthreads requires ZTS, please re-compile PHP with ZTS enabled
Let me explain why I don't like the idea to recompile PHP from source:
I guess I should uninstall original PHP package then and all the dependencies. Because if I compile it over standard PHP then any packages update would overwrite my changes. And yes, another option is to keep PHP from updating. Anyway this introduces some extra work and makes the setup more complicated. We work in the distributed team. And I don't want other people to deal with this complicated setup on production servers.
I want to install updates on servers. And I don't want to recompile PHP because of security fixes etc.
I don't want to compile anything on production servers and do this many times. Then I should build my own packages and update them with new versions etc. Sorry but I'm not smart enough to do this. May be in 2-3 years but not now. Because there are a lot of things to keep in mind here. For example how, to replace standard PHP package with custom package while still satisfying all dependencies.
Some references:
Dynamically Configure PHP for Thread Safety --enable-maintainer-zts, or use YUM to install pThreads?
How to use Pthreads PHP extension (in Ubuntu) - Some talks about what I'm going to do here.
Building pthreads
This article seems to be old and not actual. I'll keep it for reference only. And I guess it should be read as 'PHP was not thread safe 3 years ago'.
Don’t Believe The Lies: PHP Isn’t Thread-Safe Yet
ZTS: [Z]end [T]hread [S]afety.
ZTS is a compile time option that cannot be enabled at runtime. It allows the PHP interpreter, which usually executes in a single thread, to be executed in many, each with their own isolated instance of the interpreter.
The only option for you appears to be a fresh build, and then using package building tools for your distribution.
I'm not able to advise on the creation of a deb directly, however, creating an rpm is quite trivial, https://github.com/krakjoe/spex there's a starting place for that, you can then use alien to turn an RPM into a deb if you are not able to find out how to create deb packages directly.
Building from source is going to be inescapable, unless you can find some repository with a thread safe build of PHP, with a complete build environment. To that end, the information http://pthreads.org/building may be of use to you. It really isn't that hard to build PHP, nor does it take many hours, on modern hardware you can have a build in less than a minute. You can and should take the opportunity to trim the fat from your installation.
On a side note, the article you reference about PHP not being thread safe is from 2008, it's very wrong. The core is thread safe, there are a few extensions that are inherently unsafe ( not abstracted badly, but fundamentally unsuitable ).
It seems, Ubuntu doesn't have a package for the thread-safe PHP in the official repositories.
Pthreads extension requires ZTS. Thus, you have two options:
compile it yourself:
find a .deb package somewhere, e.g. repositories of the other Debian-like systems.
I'd compile and package it myself using "checkintsall" utility. Thus, Apt will have ability to keep track of PHP version. I would also request Canonical for a package for ZTS PHP.
I have freshly installed Ubuntu 12.04 and I have installed PHP as well. By default, it is installed with version 5.3.10 but my PHP project doesn't support PHP v5.3.10.
I want to downgrade PHP version to 5.2. How can I do it?
You would have to uninstall PHP and then reinstall an older version. However if your working on a project that your going to sell, or give to clients, or whatever the case my suggestion would be take out any functionality thats actually breaking between 5.2x and 5.3x and replace it with its new counter parts, as most people will not want to revert to older versions of PHP for any needs, and generally speaking php versions only goin in one direction, if you block yourself into 5.2 and your making software in one shape or another for people, what are you going to do next year when all the servers come stock with PHP 6? Not to mention a lot of hosted solutions try to provide the latest and greatest on there new machines, and will not revert for a single client especially on a shared hosting environment.
Anyway yea, back to your question again in your terminal under Ubuntu, you can try the following. sudo apt-get purge php5 which will then prompt you for a password, then proceed with removing PHP assuming you have the PHP package standalone and not bundled in with some preconfigured LAMP stack, but then again it should still work generally speaking so long as the version is right.
As for reinstalling it, remove purge from the command and use install. However you will need to look up the means of getting an archived version installed of PHP as apt-get will get you the latest
I'm trying to figure something out:
I am using Ubuntu server 11.10 virtualized on Win7 (I don't think that matters but more info is better than less) to work on a Drupal 6 website I inherited and need to make significant changes to.
I want to set up a development copy of this Drupal website on my Ubuntu server so I can work without worrying about torching the production website.
I successfully got the production files downloaded and onto my machine, I got the production MySQL database exported and imported into the dev MySQL server, and I set up a symbolic link from the directory /home/myname/thewebsite.com to /var/www/thewebsite.com so I can easily access it.
When I got the website they didn't know the admin password so I dug around online and reset it in the dev db using phpmyadmin and finally log in.
When logging in and poking around the site there are lots of errors, which when googled lead me to believe that PHP 5.3 is causing them and that there are some modules in use that only work with PHP 5.2
After looking around a lot online and on stackoverflow there seems to be no easy way to install PHP 5.2 on Ubuntu Server 11.10. With no packages for 5.2 available through apt-get or aptitude what should/can I do?
1) Install 5.2 from source - how do I get it to interface with MySQL and Apache2? Also, I've never installed anything significant from source. Is there a walkthrough?
2) Replace the repositories with old ones? Will this work on 11.10? The newest instructions I found were for 10.04
3) Use already built PHP 5.2 packages for Ubuntu? Couldn't find these
4) Pay someone who knows more to do it for me? (Just kidding, this isn't really an option...)
Cheers and thanks for your help!
PHP dropped support for 5.2 in August 2011; operating system providers such as Ubuntu will not supply a version that is out of support, so you absolutely won't get an official copy of PHP 5.2 on the current version of Ubuntu (or any other OS).
If you're running an older version of Ubuntu (eg 10.04), you might be able to do it; it would still be a downgrade, because PHP 5.3 has been the default version for quite a long time now.
If you're on a newer version of Ubuntu, ie 11.10 as you state, it is going to be a problem for you.
The Drupal developers dropped the ball badly on this one. I guess it was because Drupal 7 tool so long to finish; they were expecting D7 to be out much sooner, and so they never bothered fixing up D6 to work with PHP5.3. As it turned out, this was a big mistake, because in fact D7 still wasn't officially released when PHP dropped support for 5.2.
But even so, they should have fixed it, because they're still officially supporting Drupal 6, so they need it to work with the current version of PHP. This is definitely Drupal's problem, not PHP's, Ubuntu's or yours.
But you still need to deal with it.
I found this question over on AskUbuntu.com, which gives an answer applicable to 11.04. It isn't quite 11.10 you were asking for, but it it a lot more recent than the best you'd found, so it might be helpful.
Alternatively, you could research exactly what it is about Drupal6 and your specific modules that doesn't work in PHP5.3. The language differences between 5.2 and 5.3 that can break things are not big, so I would expect any code changes required to be fairly small. You might find you can fix the code yourself. And maybe even submit the changes to the community -- Drupal is open source, after all.
Another tack you could take is to consider whether this saga represents an opportunity for you to move the site to Drupal 7?
This may or may not be feasible, depending on the modules you're using, etc, but if it is possible, it will solve the problem, because D7 is of course fully compatible with PHP5.3.
And just to cheer you up, I'll close by mentioning that PHP are on the verge of releasing PHP 5.4. Hopefully the Drupal devs will be more on the ball this time.