• Increase font size
  • Default font size
  • Decrease font size
Home Building Software Apache and PHP Building Apache & PHP on HP-UX 11.00

Building Apache & PHP on HP-UX 11.00

E-mail Print
Read : 9,641 times
(2 votes, average 4.50 out of 5)



1. Introduction
     1.1. Intended audience
     1.2. Getting the source packages
     1.3. Modules & extensions
     1.4. Software dependencies
     1.5. Notational conventions
     1.6. Context
          1.6.1. Software
          1.6.2. Patch level
               1.6.2.1. Linker patch
2. Building
     2.1. Environment
     2.2. Creating the target structure
     2.3. External dependencies
          2.3.1. Oracle
          2.3.2. Java
     2.4. Embedding a private libgcc_s library
     2.5. Compiling zlib (1.2.3)
     2.6. Compiling the OpenSSL library (0.9.8j)
     2.7. Compiling the OpenLDAP library (2.4.11 - 20080813)
     2.8. Compiling the expat library (2.0.1)
     2.9. Compiling the iconv library (1.12)
     2.10. Compiling the Berkeley DB library (4.7.25)
     2.11. Compiling Apache (2.0.63)
     2.12. Compiling the bzip2 library (1.0.1)
     2.13. Compiling managelogs (1.0.1)
     2.14. Compiling mod_jk (tomcat-connectors 1.2.27)
     2.15. Compiling the xml2 library (2.7.2)
     2.16. Compiling the pcre library (7.8)
     2.17. Compiling mod_evasive (1.10.1)
     2.18. Compiling mod_auth_cas (1.0.8)
     2.19. Compiling the xslt library (1.1.24)
     2.20. Compiling the png library (1.2.33)
     2.21. Compiling the jpeg library (v6b)
     2.22. Compiling the freetype library (2.3.7)
     2.23. Compiling the SSH2 library (1.0)
     2.24. Compiling the Curl library (7.19.2)
     2.25. Compiling modsecurity (2.5.7)
     2.26. Compiling the ncurses library (5.7)
     2.27. Compiling gettext (0.17)
     2.28. Compiling the Subversion modules (1.5.4)
     2.29. Compiling the readline library (6.0)
     2.30. Compiling libgpg-error (1.6)
     2.31. Compiling the libgcrypt library (1.4.4)
     2.32. Compiling the GnuTLS library (2.6.4)
     2.33. Compiling the GnuTLS Apache module (0.4.3)
     2.34. Compiling the IMAP library (2007d)
     2.35. Compiling the MySQL client library (5.0.67)
     2.36. Compiling the PostgreSQL client library (8.3.5)
     2.37. Compiling mm (1.4.2)
     2.38. Compiling m4 (1.4.12)
     2.39. Compiling GNU awk (3.1.6)
     2.40. Compiling bison (2.4.1)
     2.41. Compiling the mcrypt library (2.5.8)
     2.42. Compiling PHP 4 (4.4.9)
     2.43. Compiling PHP 5 (5.2.6)
     2.44. Compiling autoconf (2.63)
     2.45. Compiling the ming library and PHP extension (0.4.2)
     2.46. Compiling the SSH2 PHP extension (0.11.0)
     2.47. Compiling the APC PHP extension (3.0.19)
3. Cleanup
4. Configuring
     4.1. System
     4.2. Apache
     4.3. Oracle client
     4.4. PHP
5. Checking
     5.1. Starting Apache/PHP
     5.2. Checking the PHP modules
6. Packaging
     6.1. RPM
          6.1.1. Creating the package
          6.1.2. Installing the package
     6.2. Tar/gzip
          6.2.1. Creating the package
          6.2.2. Installing the package
     6.3. Configuring the package
7. The end

 

Document history
v 1.0-1 JUN 2006
  • Creation
v 1.1-1 JUL 2006
  • Add mod_jk Apache module
  • Add imap PHP extension
  • Add RPM creation on Linux
  • Suppress AdoDB
v 1.2-1 SEP 2006
  • Component upgrade to the latest stable versions.
v 1.4-4 SEP 2006
  • Add PHP 4
v 1.4-5 OCT 2006
  • Add Apache modules : isapi dumpio logio proxy proxy_connect proxy_ftp proxy_http.
  • Add the mm library (allows to store PHP session information in shmem).
v 1.4-9 NOV 2006
  • Minor bug corrections and optimizations
v 1.5-0 FEB 2008
  • Component upgrade to the latest stable versions.
  • Add gettext support to PHP
  • Apache now uses the gdbm library (solving an issue with ndbm on AIX)
  • Add the mod_security, auth_digest, and mod_evasive Apache modules
v 1.5-1 DEC 2008
  • Component upgrade to the latest stable versions.
  • Add zip extension to PHP 5
  • Add the Subversion Apache modules. Because of these modules, replace gdbm with Berkeley DB in apr-util.
  • Add managelogs
  • Add mbstring extension to PHP 4 & 5
v 1.6-1 JAN 2009
  • Add the following extensions to PHP 4 & 5 : dba, ssh2, APC
  • Add the tools needed to compile PECL extensions (autoconf and m4)
  • Add Berkeley DB4 support to PHP 4 & 5
v 1.6-2 MAR 2009
  • Enhanced documentation
  • Suppress the embedded libgcc library on Linux
  • Suppress the embedded stdc++ library
  • Add the mod_auth_cas Apache module (CAS authentication)
  • Workaround on HP-UX to use the random() function in libapr (suppresses the dependency to KRNG11i on HP-UX 11.11)
  • Upgrade managelogs to version 1.0.1
  • Workaround in OpenSSL on HP-UX 11.00 : SSL connection could not be established due to a problem of random number generation.
  • Add xml/xslt support to postgresql.
v 1.7-0 APR 2009
  • Add the following PHP extensions (and related libraries): ming, xmlrpc, ncurses, mcrypt.
  • Add the GnuTLS Apache module.
  • Add readline support to the PHP CLI interpreters.
  • Add support for CDB (Constant DataBase) files in PHP 4 & 5
  • Add support for microsoft style .ini files in PHP 5
  • Add SSH support to curl
  • Add RPM packaging on non-Linux OS

 

1 - Introduction

This document details how to compile a full-featured Apache/PHP distribution.

The main difference with other tutorials you may find on the web is that this document not only explains how to compile Apache and PHP, but also every library they depend on.

This is a 'black-box' approach, where the software comes with everything it needs to run. It is longer and more complex to build such a package but, once it is done, it brings a lot of benefits, such as an independance between your software package and the libraries that may be already installed on the target host. Such a 'self-contained' approach makes it easier to build and deploy functionaly-identical packages on several different platforms/OS. Of course, the software still uses the low-level system libraries, but the dependencies are limited to the bare minimum, minimizing the risk of inconsistent behaviors between different hosts/platforms.

To complement this 'black-box' approach, we install the software in a private directory. This makes the package much simpler to manage, deploy , upgrade, or remove (compared to the traditional method of installing everything under /usr/local/[bin|lib|...]).

Actually, we don't include everything needed by the package, as we only include everything we can compile. The exceptions are the Oracle client library and the JAVA JRE, which are considered as 'external dependencies' and accessed through symbolic links (so that they can be physically located anywhere on the target host).

1.1 - Intended audience

This document can be used in two different ways :

  • In order to apply the procedure and build the software exactly as it is described here, you don't need to be an expert : it just requires some basic Unix and shell knowledge, such as being able to download the source packages, uncompress/untar them, and create files with a text editor.
    At this level, the procedure given below can be splitted in two main steps :
    • you first set a limited number of environment variables (essentially the installation directory)
    • and the rest is just a suite of copy/paste operations from the document to your shell environment.
  • Now, if you want to understand everything that is explained below, or if you want to adapt it to your specific needs, it requires of course more knowledge on different domains, mostly :
    • build mechanisms in general,
    • compile and link operations (with a strong focus on shared libraries),
    • makefiles,
    • the Gnu autoconf-based configure/make process,
    • and even, when it is really needed, the ability to understand and adapt some C source code.

So, to resume, most people will just apply the procedure described below, which is relatively easy and just requires a basic working knowledge of the Unix shell environment.

:note Don't hesitate to post comments on issues you may have with this document. Each time you do it, you help me and the community in general to make the procedure more robust and reliable. I promise to reply to every question asked in comments. Please prefer comments to direct mail as they may benefit others.

1.2 - Getting the source packages

Some readers sometimes ask why I don't provide copies of the source packages I list below. Sure, it would be easier for you, but I won't do it as you MUST get your source packages from a repository you can trust ! You don't know me, you CANNOT trust source code downloaded from my site (except for my own projects).

So, once  again, always get your software from a trusted source and, when a package signature is provided, check it to make sure you get the official code.

I insist on this because compiling some modified source code or installing some corrupted precompiled binaries would give hackers everything they need to take control on your site (remember that most software we compile here runs as root).

In every chapter below, you will find a link to the best place to get the source package from.

So, remain a good, slightly paranoid, system administrator, and everything will go well.

1.3 - Modules & extensions

We are building Apache 2.0, PHP 4, and PHP 5 with the following modules and extensions :

  • Apache modules :
access actions alias asis auth auth_anon
auth_cas auth_dbm auth_digest auth_ldap authz_svn autoindex
cache case_filter case_filter_in cern_meta cgi cgid
charset_lite dav dav_fs dav_svn deflate dir
disk_cache dumpio echo env expires ext_filter
file_cache gnu_tls headers imap include info
isapi jk ldap log_config log_forensic logio
mem_cache mime mime_magic negotiation proxy proxy_connect
proxy_ftp proxy_http rewrite security2 setenvif speling
ssl status suexec unique_id userdir usertrack
version vhost_alias PHP 4 PHP 5    

:note These Apache modules are all compiled as shared objects (DSOs).

  • PHP 4 extensions :
APC bcmath bz2 calendar ctype curl
dba domxml ftp (with ssl) gd (png, jpeg, freetype) gettext iconv
imap ldap mbstring mcrypt ming mysql
ncurses oci8 openssl overload pcre pgsql
posix readline session sockets ssh2 standard
sysvmsg sysvsem sysvshm tokenizer xml xmlrpc
zlib          
  • PHP 5 extensions :
APC bcmath bz2 calendar ctype curl
date dba dom filter ftp (with ssl) gd (png, jpeg, freetype)
gettext hash iconv imap json ldap
libxml mbstring mcrypt ming mysql mysqli
ncurses oci8 openssl pcre pdo pdo_mysql
pdo_oci pdo_pgsql pdo_sqlite pgsql posix readline
Reflection session shmop simplexml soap sockets
spl sqlite ssh2 standard sysvmsg sysvsem
sysvshm tokenizer xml xmlreader xmlrpc xmlwriter
xsl zip zlib      

We also include the mm session handler support in PHP 4 & 5 (to be activated via the 'session_handler=mm' directive in php.ini)

1.4 - Software dependencies

The following diagrams display the dependencies between the software packages and libraries we are integrating together (split as two diagrams for clarity) :

Apache dependencies

 

PHP dependencies

:note Note that we use the GD bundled library provided in the PHP source packages (4 & 5).

:note The package also includes the tools you need to build additional PHP extensions from the PECL library (http://pecl.php.net). Although these tools (autoconf & m4) are available in every Linux distribution, it is not the case on older/traditional/proprietary Unix. In order to remain consistent for every OS we support in this set of documents, the package includes an embedded version of m4 and autoconf. The phpize scripts are also modified to use this version.

1.5 - Notational conventions

Everything written in black on grey can be copy/pasted without any modification.

Everything written in red and between '<' and '>' symbols must be replaced by a value corresponding to your environment.

Example : when you read this :

dir=<$BASE>

you must replace <$BASE> with your base directory path in the line you will actually type.

but, when you read this :

dir=$BASE

you copy and paste it asis into your environment.

Everything related to Oracle is printed in green and can be safely ignored if you don't need Oracle connectivity.

1.6 - Context

Host model : L3000
OS : HP-UX 11.00 (32-bit)
Hardware platform : HP PA Risc
Shell : /bin/sh
Oracle client : 8.1.7

1.6.1 - Software

Product Version Source
gcc (C & C++) 4.1.1 http://hpux.connect.org.uk/
Gettext 0.12
Libiconv 1.9
Perl 5.6.1
Flex 2.5.4a
GNU make 3.80

1.6.2 - Patch level

1.6.2.1 - Linker patch

The dynamic linker (dld.sl) is severely broken on this version of HP-UX. You will need a patch to fix it.

This document was validated with the PHSS_35378 linker patch installed. Thus, we consider it to be the minimum required patch level. The HP-UX patches are available from HP through the HP ITRC site.

Q: How do I check if my system meets this patch level ?

A: Run the following command on your system :

swlist -l product | grep 'linker tools'

If a linker patch is present, the command should display one or more lines like this one :

PHSS_<number>    1.0    ld(1) and linker tools cumulative patch

  • As these patches are cumulative, if one of the displayed numbers is equal or higher than the minimum patch level, your system is already OK.
  • If every numbers are lower, you must install the patch (the minimum version or a more recent one).
  • If the command does not display anything, you don't have any linker patch installed and you should also install the patch.

Please note that this patch level is mandatory on the host where you will compile the package and on every target host where you will run it.

2 - Building

2.1 - Environment

First, we define the install (target) base directory :

export BASE=<your install directory>

We ensure that the LIBPATH, LD_LIBRARY_PATH, and SHLIB_PATH variables are unset. Only one of them applies to this system but it is simpler to unset them all on every OS :

unset LIBPATH LD_LIBRARY_PATH SHLIB_PATH  || :

If the shell environment contains aliases for cp, rm, or mv, it is time to unalias them :

unalias cp rm mv 2>/dev/null || :

Then, we set the variables we use for every software and on every OS. Among others, we ensure that /usr/local/bin is in the PATH :

export BLIB=$BASE/libs
export PKG_CONFIG_PATH="$BLIB/common/pkgconfig"

export CC=gcc
export CPPFLAGS="-I$BLIB/common/include"
export CF_OPTS="--enable-shared --disable-static"
export PATH="$BLIB/common/bin:$PATH:/usr/local/bin:/usr/ccs/bin"

:note C compilers can have such different behaviors that I strongly recommend using gcc. If you are using another compiler, please don't ask for support.

Now, we set the 'make' commands we'll use in the rest of the document. The difference between $MK and $SMK is that, in $MK, you can add options for a 'parallel make' ('-j', '-l', ...). $SMK stands for 'serial make' and is used where parallel builds are known to fail.

Mileage varies concerning parallel make. Depending on your host characteristics and the options you set, the build can be faster or slower. Personnally, after trying several options, I did not observe a noticeable gain in performance and reverted to the default 'serial' make.

:note Please note that parallel make can cause compilation failures. So, if you get unexpected results while parallel make options are active, the first thing to do is to retry the same without the parallel options. For more info about parallel make, see the GNU make manual.

:note GNU make is mandatory as several packages absolutely require it. On Linux, GNU make is native but, on non-Linux systems, you are strongly advised not to use the native make.

export MAKE='gmake'
export SMK="$MAKE"
export MK="$MAKE"

We also un-localize the shell environment :

unset LANG LC_MONETARY LC_TIME LC_MESSAGES LC_CTYPE \
    LC_COLLATE LC_NUMERIC || :

We now set the variables specific to this operating system :

export LDFLAGS="-L$BLIB/common/lib -Wl,+b -Wl,$BLIB/common/lib"

We ensure that we'll use perl V 5 (the perl distribution installed in /usr/contrib on HP-UX 11.00 is a V 4) :

export PATH="/opt/perl5/bin:$PATH"

We define the Oracle installation directory :

export ORACLE_HOME=<your Oracle home>

We define where the JDK is installed :

export JAVA_HOME=<your Java home>

We now set the environment specific to this software :

export BAP=$BASE/apache

2.2 - Creating the target structure

Every libraries and  auxiliary software are installed under '$BASE/libs'. There, each software/library is assigned a subdirectory, and we populate a 'common' subdirectory with symbolic links to the actual file locations. Using a common directory populated with symbolic links brings several benefits :

  • it allows to set a single path in the dynamic lib search path (LDFLAGS).
  • it also allows to set a single path in the include file search path (CPPFLAGS)
  • Putting a common 'bin' subdirectory as first element of the PATH ensures that anything we put in this directory will be found first when searching for an executable command.
  • Last, it allows to set a single path in the PKG_CONFIG_PATH variable.

Thanks to this directory structure, we don't have to modify the environment variables each time we add a library to the package. It becomes also easier to ensure that the compilation will reference our embedded library/include files, and not the ones that can be installed elsewhere in the system.

First, we create the base common directory.

mkdir -p $BLIB/common

Then, we create the script to populate the common directories. Every time we build and install a library we need to reference in a subsequent build, we call this script to register the files in the common structure. This is done through the $LINKDIR environment variable.

:note Note that the link creation script is not in the common PATH. This way, it cannot conflict with another file.

#-- Declare the variable we use to call the script

export LINKDIR=$BLIB/common/linkdir

#-- Create the script

echo 'cd $BLIB/$1

#-- If second argument is unset, default to the last element of target dir (usual case)

cdir=$2
[ -z "$2" ] && cdir=`basename "$1"`

#-- Directory to contain links. Create common subdirectory when needed

tdir=$BLIB/common/$cdir
[ -d $tdir ] || mkdir -p $tdir

for i in *
    do
    [ "X$i" = "X*" ] && break    #-- Empty directory
    [ "X$i" = Xpkgconfig ] && continue    #-- pkgconfig is a special case
    [ -h $tdir/$i ] && continue    # No override
    echo "Linking $i"
    ln -s ../../$1/$i $tdir/$i
done

#-- If a pkgconfig subdir exists, link it, but in the pkgconfig common subdir

[ -d pkgconfig ] && $LINKDIR $1/pkgconfig
exit 0
' >$LINKDIR
chmod +x $LINKDIR

2.3 - External dependencies

We use symbolic links for the external dependencies (Oracle & Java). This way, the package can easily run on a target host where Oracle and/or Java are installed in different locations. On the target host, we just need to create two symbolic links at the same locations and the Oracle and Java dependencies will be resolved through them.

:note I clearly prefer this solution to the ones based on the LD_LIBRARY_PATH/SHLIB_PATH/LIBPATH environment variables. This is consistent with the 'black-box' philosophy described above, as I consider that I cannot really control the environment my software will run in.

2.3.1 - Oracle

As explained above, we create a symbolic link from $BLIB/oracle_home to the Oracle install directory.

We also create a second indirection level because the Oracle library hardware path is recorded with the version suffix (libclntsh.so.9.0, libclntsh.so.10.1,...). So, at runtime, the software expects the same library version it was compiled with. As we want to be able to run with any Oracle library, even if it is not the one we used at compile time, we need to create a redirection from this 'versioned' library file to the actual 'not-versioned' file.

ln -s $ORACLE_HOME $BLIB/oracle_home

#-- Redirect from versioned lib to non-versioned one

_pwd=`pwd`
cd $BLIB/oracle_home

for _f in `echo lib*/libclntsh.sl.*`
    do
    _d=`dirname $_f`
    mkdir -p $BLIB/oracle/$_d
    rm -f $BLIB/oracle/$_d/libclntsh.sl
    ln -s ./`basename $_f` $BLIB/oracle/$_d/libclntsh.sl
    ln -s ../../oracle_home/$_d/libclntsh.sl $BLIB/oracle/$_f
done

#-- we also need the header files, but just for compiling

for _d in precomp rdbms
    do
    ln -s ../oracle_home/$_d $BLIB/oracle/$_d
done

cd $_pwd

#-- Modify ORACLE_HOME for compile time

export ORACLE_HOME=$BLIB/oracle

:note Note that the package is never guaranteed to run with an Oracle client of a version different than the one it was compiled with. For instance, if you compile with an Oracle 10 library, it won't run with an Oracle 9 version (because of a symbol added in version 10). When it is possible, the best solution is always to compile and run a software with the same library versions.

2.3.2 - Java

The external Java SDK will be accessed through a symbolic link.

ln -s $JAVA_HOME $BLIB/java_home

:note At runtime, we just need a Java Runtime Environment, not the whole JDK.

2.4 - Embedding a private libgcc_s library

Some files we generate have a runtime dependency on the libgcc_s shared library. It means that this library must be present on the target host. In accordance with our 'black box' approach, we embed a libgcc_s library in the package and we force everyone to reference this copy.

mkdir -p $BLIB/gcc/lib
cp -p /usr/local/lib/libgcc_s.sl* $BLIB/gcc/lib
$LINKDIR gcc/lib

:note If you don't have a libgcc_s shared library on your system, the best solution is to rebuild gcc (gmake bootstrap builds the shared gcc lib we need).

2.5 - Compiling zlib (1.2.3)

Source : http://www.zlib.net/

The zlib library provides the gzip (GNU zip) compression/decompression features.

./configure --shared --prefix=$BLIB/z

$MK "LDSHARED = gcc -shared $LDFLAGS" test install

 #-- Cleanup

rm -rf $BLIB/z/share $BLIB/z/lib/*.a

$LINKDIR z/lib
$LINKDIR z/include

2.6 - Compiling the OpenSSL library (0.9.8j)

Source : http://www.openssl.org/source/

Web site : http://www.openssl.org/

The OpenSSL library provides the mechanisms to establish SSL-secured connections. It is used by Apache to handle HTTPS connections, by PHP to provide SSL features, and also by OpenLDAP, curl, MySql and PostgreSql.

On HP-UX 11.00, the assembler fails when compiling the crypto library. Workaround : disable the optimized assembly code.

We also need to work around a problem specific to HP-UX 11.00 : probably due to the lack of reliable random number generator on this system, the ssleay_rand_bytes() function always fails, causing SSL_connect() to fail. This problem has been reported to the openssl development team and I'll post their reply as soon as I get it. Until we have a cleaner solution, here is a quick and dirty hack :

cd crypto/rand
mv md_rand.c md_rand.c.orig
sed 's/entropy = 0;/entropy = 0; ok=1;/' <md_rand.c.orig >md_rand.c
cd ../..

Disclaimer : Please note that you apply the source code modification given above to your own risk. Before applying it, you must also understand that it can harm the security and reliability of the resulting openssl library and, as a consequence, of the resulting Apache/PHP software. Last, note that this change was not reviewed nor approved by the openssl development team. In no event shall I be liable ... blah blah blah :-)

:note As the configuration process ignores the LDFLAGS environment variable, we modify several variables related to the way the libraries will be linked.

./config --openssldir=$BLIB/ssl shared zlib no-asm

$MK "SHARED_LDFLAGS = -shared $LDFLAGS" \
    "EX_LIBS = $LDFLAGS -ldld -lz"

$MK install_sw

#-- Cleanup

rm -rf  $BLIB/ssl/man $BLIB/ssl/lib/*.a  $BLIB/ssl/misc $BLIB/ssl/private \
     $BLIB/ssl/certs

$LINKDIR ssl/lib
$LINKDIR ssl/include
$LINKDIR ssl/bin

# Skip the tests if the 'NO_TEST' variable is defined

[ -z "$NO_TEST" ] && $MK test "EX_LIBS = $LDFLAGS -ldld -lz"

2.7 - Compiling the OpenLDAP library (2.4.11 - 20080813)

Source : http://www.openldap.org/software/download/

Web site : http://www.openldap.org/

We only compile the LDAP client, excluding the server and the replication daemon. Then, we keep the library and include files only.

./configure --prefix=$BLIB/ldap --without-cyrus-sasl \
    --disable-slapd --disable-slurpd --with-tls=openssl $CF_OPTS

$MK install

#-- Cleanup

rm -rf $BLIB/ldap/bin $BLIB/ldap/man

$LINKDIR ldap/include
$LINKDIR ldap/lib

2.8 - Compiling the expat library (2.0.1)

Source : http://sourceforge.net/project/showfiles.php?group_id=10127

Web site : http://expat.sourceforge.net/

./configure --prefix=$BLIB/expat $CF_OPTS

$MK
$MK install

#-- Cleanup

rm -rf $BLIB/expat/bin $BLIB/expat/man

$LINKDIR expat/lib
$LINKDIR expat/include

2.9 - Compiling the iconv library (1.12)

Source : ftp://ftp.gnu.org/gnu/libiconv

Web site : http://www.gnu.org/software/libiconv/

./configure --prefix=$BLIB/iconv \
    --disable-nls \
    $CF_OPTS

gmake
gmake install

rm -rf $BLIB/iconv/bin $BLIB/iconv/share

$LINKDIR iconv/lib
$LINKDIR iconv/include

2.10 - Compiling the Berkeley DB library (4.7.25)

Source : http://www.oracle.com/technology/software/products/berkeley-db/index.html

The TCL stuff is useless here. So, we don't compile it.

cd build_unix

../dist/configure \
    --prefix=$BLIB/berkeley_db $CF_OPTS \
    --without-tcl

$MK
$MK install

/bin/rm -rf $BLIB/berkeley_db/docs

$LINKDIR berkeley_db/lib
$LINKDIR berkeley_db/include
$LINKDIR berkeley_db/bin

cd ..

2.11 - Compiling Apache (2.0.63)

Source : http://httpd.apache.org/

The HP-UX system does not provide a reliable random number generator as expected by Apache. An optional software (KRNG11i) is available, but only for HP-UX 11.11. So, we modify the code to use the stdlib random() function. It is probably less secure than KRNG11i but it does not add an external dependency in the runtime environment.

If you are running HP-UX 11.11 and want a better random number generation, download the KRNG11i package and ignore the modifications we do below on apr.h and rand.c. But the drawback is that you will need to install the KRNG11i software in your runtime environment before activating the modules using this feature (mod_auth_digest and mod_auth_cas).

As our LDAP library is not in the standard location, we need to build and install the apr and apr-util libraries first, splitting the compile process in 3 steps.

We also modifiy the apr-config script because we want apxs to link with the hardcoded library search path.

Fix : if the host contains an older version of the zlib headers in /usr/include, it may contain a file named zutil.h. In this case, the Apache configure phase wrongly states that it can include this file. But, this header file is incompatible with the version of zlib embedded in the package, and the compilation fails. In order to force this header file not to be used, we un-define the corresponding symbol in the auto-generated Apache header file.

:note Please refer to the 'compiling PHP' chapters below for an explanation of the LDFLAGS setting.

:note The configure stage does not detect OpenSSL, as it does not detect the '.sl' suffix for shared libraries. Bug reported to the Apache Dev as #40917. Workaround : we temporarily create a fake 'libssl.so' file in the OpenSSL lib directory.

REF_LDFLAGS="$LDFLAGS"
export LDFLAGS="$LDFLAGS -lcl"

ln -s libssl.sl $BLIB/ssl/lib/libssl.so

#-- Build apr

cd srclib/apr
./configure --prefix=$BAP --enable-threads $CF_OPTS

#-- Modifies source files to use random()

echo '#define APR_HAS_RANDOM 1' >>include/apr.h

cd misc/unix
mv rand.c rand.c.orig
echo '#include <stdlib.h>' >rand.c
echo '#define HAVE_TRUERAND'
sed 's!randbyte()!random()!' <rand.c.orig >>rand.c
cd ../..

$MK
$MK install

#-- Insert the hardcoded library search path and the common include directory in apr-config

cp -p $BAP/bin/apr-config $BAP/bin/apr-config.orig
sed -e "s!^\(LDFLAGS=\"\)\(.*\"\)\$!\1$LDFLAGS\2!" \
    -e "s!^\(EXTRA_INCLUDES=\"\)!\1-I$BLIB/common/include !" \
        <$BAP/bin/apr-config.orig >$BAP/bin/apr-config

#-- Build apr-util

cd ../apr-util
./configure --prefix=$BAP $CF_OPTS\
    --with-ldap \
    --with-ldap-lib=$BLIB/ldap/lib \
    --with-ldap-include=$BLIB/ldap/include \
    --with-iconv=$BLIB/iconv \
    --with-expat=$BLIB/expat \
    --with-apr=$BAP \
    --with-berkeley-db=$BLIB/berkeley_db

$MK
$MK install

$LINKDIR ../apache/lib
$LINKDIR ../apache/include

#-- Build Apache

cd ../..
./configure --prefix=$BAP \
    --enable-mods-shared="all cache case-filter case-filter-in cgid \
       charset-lite deflate disk-cache echo file-cache \
       mem-cache suexec ldap auth-ldap ssl isapi auth_digest \
       dumpio logio proxy proxy_connect proxy_ftp proxy_http" \
    --with-perl=/usr/bin/perl \
    --with-z=$BLIB/z \
    --with-ssl=$BLIB/ssl \
    --with-iconv=$BLIB/iconv \
    --with-expat=$BLIB/expat \
    --with-apr=$BAP \
    --with-apr-util=$BAP \
         2>&1 | tee configure.log

#-- Force HAVE_ZUTIL_H unset

( echo '#ifdef HAVE_ZUTIL_H'
echo '#undef HAVE_ZUTIL_H'
echo '#endif' ) >>./include/ap_config_auto.h

#-- Compile Apache

$MK

#-- Install

$MK install
chown -Rh root:sys $BAP
export LDFLAGS="$REF_LDFLAGS"
rm $BLIB/ssl/lib/libssl.so

2.12 - Compiling the bzip2 library (1.0.1)

Source : http://www.digistar.com/bzip2/

Before starting the compile phase, we need to remove some linux-specific options from the makefile :

cp Makefile-libbz2_so Makefile-libbz2_so.orig
sed 's/-Wl,-soname -Wl,libbz2.so.1.0//' <Makefile-libbz2_so.orig >Makefile-libbz2_so

As the current makefile ignores our LDFLAGS settings, we link the shared library with our own command.

We also must install the files ourselves as the Makefile is unable to do it.

$MK -f Makefile-libbz2_so
gcc -shared -o libbz2.so.1.0.1 $LDFLAGS *.o

#-- Install the shared library and the include file

mkdir -p $BLIB/bz2/include $BLIB/bz2/lib
cp bzlib.h $BLIB/bz2/include
cp libbz2.so.1.0.1 $BLIB/bz2/lib/libbz2.sl.1.0.1
ln -s libbz2.sl.1.0.1 $BLIB/bz2/lib/libbz2.sl.1.0
ln -s  libbz2.sl.1.0 $BLIB/bz2/lib/libbz2.sl.1
ln -s libbz2.sl.1 $BLIB/bz2/lib/libbz2.sl

$LINKDIR bz2/lib
$LINKDIR bz2/include

2.13 - Compiling managelogs (1.0.1)

Source : http://managelogs.tekwire.net

managelogs is a log processing program to be used in conjunction with Apache's piped logfile feature. It automatically rotates and purges log files based on a set of user-defined options.

This is a software I wrote as an alternative to rotatelogs, as rotatelogs is not able to purge the log files and, typically, must be complemented with cron jobs to avoid filling up the file system.

$MK "APACHE=$BAP" "ZLIB=$BLIB/z" "BZ2LIB=$BLIB/bz2" install install-man

$LINKDIR ../apache/lib
$LINKDIR ../apache/include

2.14 - Compiling mod_jk (tomcat-connectors 1.2.27)

Source : http://tomcat.apache.org/download-connectors.cgi

Web site : http://tomcat.apache.org/connectors-doc/

:note Gcc version 4 is more restrictive than version 3. As such, some of the HP-UX system include files fail when compiled with it. This is the case for /usr/include/sys/socketvar.h, which, unfortunately, is included by the mod_jk source files. In order to work around this issue without modifying the include file in /usr/include/sys, we create a modified version especially for gcc (adapt the path to your GCC version) :

cp /usr/include/sys/socketvar.h \
       /usr/local/lib/gcc/hppa2.0w-hp-hpux11.11/4.1.1/include/sys
cd $_
vi socketvar.h
cd ~-

Go to line 407 and change :

extern struct sotimeq sotimeqhash[];
extern lock_t *sotimeq_lock;

struct sotimeq {
        struct sotimeq *sotimeq_next;
        struct sotimeq *sotimeq_prev;
        int sotimeq_dtime;
        caddr_t sotimeq_wchan;
};

to :

extern lock_t *sotimeq_lock;

struct sotimeq {
        struct sotimeq *sotimeq_next;
        struct sotimeq *sotimeq_prev;
        int sotimeq_dtime;
        caddr_t sotimeq_wchan;
};
extern struct sotimeq sotimeqhash[];

We also have to modify the 'rpath' option given to the libtool 'link' command, as it conflicts with the one we set through the LDFLAGS variable (the HP-UX linker considers only the first '+b' option on the command line) :

sed "s! -rpath [^ ]* ! -rpath $BLIB/common/lib !" <native/apache-2.0/Makefile.in >tmp1
cp tmp1 native/apache-2.0/Makefile.in

The configure script prepends a '-Wl,' prefix to every elements of '$LDFLAGS' that don't already start with this string. This is correct except for the '-L' option, as it prevents the libgcc_s library to be located in $BLIB/common/lib. To fix this problem, after the configure phase, we reset the '-L' option where it has been modified.

cd native

CFLAGS="$CPPFLAGS -DHPUX11GCC -DHPUX11" \
    ./configure --with-apxs=$BAP/bin/apxs \
    --with-java-home=$BLIB/java_home \
    --disable-jni $CF_OPTS

#-- Fix '-L' options

grep -l -- '-Wl,-L' `find . -type f` >tmp1
if [ -s tmp1 ] ; then
    for i in `cat tmp1` ; do
        sed 's/-Wl,-L/-L/g' <$i >tmp2
        cp tmp2 $i
    done
fi

#-- Compile & install mod_jk.so in $BAP/modules

$MK
$MK install

cd ..

2.15 - Compiling the xml2 library (2.7.2)

Source : http://xmlsoft.org/

./configure --prefix=$BLIB/xml2 \
    --with-iconv=$BLIB/iconv \
    --with-zlib=$BLIB/z \
    --without-python \
    $CF_OPTS

$MK
$SMK install

#-- Cleanup

rm -rf $BLIB/xml2/man $BLIB/xml2/share $BLIB/xml2/bin/xmlcatalog \
    $BLIB/xml2/bin/xmllint

$LINKDIR xml2/lib
$LINKDIR xml2/bin
$LINKDIR xml2/include/libxml2 include

2.16 - Compiling the pcre library (7.8)

Source : http://www.pcre.org/

 

./configure --prefix=$BLIB/pcre --disable-cpp $CF_OPTS

$MK install

#-- Cleanup

rm -rf $BLIB/pcre/bin/pcregrep $BLIB/pcre/bin/pcretest $BLIB/pcre/share

$LINKDIR pcre/lib

2.17 - Compiling mod_evasive (1.10.1)

Source : http://www.zdziarski.com/projects/mod_evasive/

$BAP/bin/apxs -c -i -A mod_evasive20.c

:note In this configuration, mod_evasive is inactive. To activate it, uncomment the corresponding LoadModule line in httpd.conf.

2.18 - Compiling mod_auth_cas (1.0.8)

Web site : http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas

Source : https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/tags/mod_auth_cas-1.0.8/src/

mod_auth_cas allows to authenticate against a CAS (Central Authentication Service) server. This module is not the only way for an application to authenticate users against a CAS server, but it is probably one of the easiest to use, as it transparently redirects the requests, silently validates tickets, and automatically provides an authenticated '$REMOTE_USER' to the application.

From the source directory given above, download the mod_auth_cas.c and mod_auth_cas.h files.

Then, compile it through apxs :

$BAP/bin/apxs -c -i -A mod_auth_cas.c

:note In this configuration, mod_auth_cas is inactive. To activate it, uncomment the corresponding LoadModule line in httpd.conf.

2.19 - Compiling the xslt library (1.1.24)

Source : http://xmlsoft.org/XSLT/

./configure --prefix=$BLIB/xslt \
    --with-libxml-prefix=$BLIB/xml2 \
    --without-python \
    $CF_OPTS

$MK
$MK install

/bin/rm -rf $BLIB/xslt/man $BLIB/xslt/share $BLIB/xslt/bin/xsltproc

$LINKDIR xslt/lib
$LINKDIR xslt/bin
$LINKDIR xslt/include
$LINKDIR xslt/include/libexslt include
$LINKDIR xslt/include/libxslt include

2.20 - Compiling the png library (1.2.33)

Source : http://sourceforge.net/project/showfiles.php?group_id=5624

Web site : http://www.libpng.org/pub/png/

./configure --prefix=$BLIB/png $CF_OPTS

gmake
gmake install

rm -rf $BLIB/png/share

$LINKDIR png/lib
$LINKDIR png/include

Then, we must modify the files libpng-config and libpng12-config in $BLIB/png/bin. In these 2 files, we replace the '-rpath' linker option with '+b' (the corresponding option for this system) :

for i in libpng-config libpng12-config
    do
    sed -e 's/-Wl,-rpath/-Wl,+b/' <$BLIB/png/bin/$i >tmp1
    cp tmp1 $BLIB/png/bin/$i
    chmod +x $BLIB/png/bin/$i
done

2.21 - Compiling the jpeg library (v6b)

Source : http://www.ijg.org/files/jpegsrc.v6b.tar.gz

Web site : http://www.ijg.org

:note As the libtool we get with this package is unable to build a shared library on HP-UX, we have to do it another way :

CPPFLAGS="$CPPFLAGS -fPIC" \
    ./configure --prefix=$BLIB/jpeg $CF_OPTS

#-- Build the static library and install include files

$MK clean libjpeg.la install-headers

#-- Build the dynamic lib and install it

gcc -shared -o libjpeg.sl *.o $LDFLAGS
./install-sh -c -m 755 libjpeg.sl $BLIB/jpeg/lib/libjpeg.sl
sed -e "s/\(dlname=\)''/\1'libjpeg.sl'/" \
    -e "s/\(library_names=\)''/\1'libjpeg.sl'/" \
    -e "s/\(old_library=\)'.*\$/\1''/" <libjpeg.la >$BLIB/jpeg/lib/libjpeg.la

$LINKDIR jpeg/lib

2.22 - Compiling the freetype library (2.3.7)

Source : http://www.freetype.org/index2.html

The freetype compile process wrongly states that gcc needs a '-ansi' option to compile in ansi mode. This option is not needed, and it even causes the compilation to fail in several environments (at least HP-UX 11.00 and AIX). So, we remove this option from the compile string.

#-- Build process needs GNU make (and a GNUMAKE variable)

GNUMAKE="$SMK" ./configure --prefix=$BLIB/freetype $CF_OPTS

#-- Clear the '-ansi' option

$MK 'ANSIFLAGS='
$MK install

$LINKDIR freetype/lib
$LINKDIR freetype/bin

2.23 - Compiling the SSH2 library (1.0)

Source : http://sourceforge.net/projects/libssh2/

./configure --prefix=$BLIB/ssh2 \
    --with-openssl=$BLIB/ssl \
    --with-zlib=$BLIB/z \
    $CF_OPTS

$MK
$SMK install

#-- Cleanup

rm -rf $BLIB/ssh2/share

$LINKDIR ssh2/include
$LINKDIR ssh2/lib

2.24 - Compiling the Curl library (7.19.2)

Source : http://curl.haxx.se/download.html

Web site : http://curl.haxx.se/

Our CURL client will support the following protocols and options : http, https, tftp, ftp, ftps, telnet, dict, ldap, ldaps, file, and gzip compression. It is also able to connect through a proxy.

CPPFLAGS="$CPPFLAGS -I $BLIB/ldap/include" \
    ./configure --prefix=$BLIB/curl \
        --disable-manual \
        --enable-tftp \
        --enable-telnet \
        --enable-ftp \
        --enable-ldap \
        --enable-ldaps \
        --with-zlib=$BLIB/z \
        --with-ssl=$BLIB/ssl \
        --with-libssh2=$BLIB/ssh2 \
        --with-ca-bundle=$BLIB/curl/share/ca-bundle.crt \
        $CF_OPTS

$MK install

rm -rf $BLIB/curl/share/man

$LINKDIR curl/lib
$LINKDIR curl/bin

When curl needs to validate a certificate, it will use the content of the $BLIB/curl/share/ca-bundle.crt file. By default, the file does not exist, and the certificate chain is considered as empty. This file can be created and filled with the CA certificates you want curl to consider as trusted (in PEM format).

#-- Fait pointer le CA bundle de curl vers les certificats RATP

ln -s ../../../comp/data/cacerts.pem $BLIB/curl/share/ca-bundle.crt

2.25 - Compiling modsecurity (2.5.7)

Source : https://bsn.breach.com/downloads/

Web site : http://www.modsecurity.org/

:note You need to register (free) to access the download area of the Breach security labs site. Once you get there, the source package you need is named modsecurity-apache_x.x.x.tar.gz. You don't need to dowload the 'modsecurity-core-rules' file, as the rules are already included in the source package.

cd apache2

./configure --with-apxs=$BAP/bin/apxs \
    --with-pcre=$BLIB/pcre \
    --with-apr=$BAP \
    --with-apu=$BAP \
    --with-libxml=$BLIB/xml2 \
    --with-curl=$BLIB/curl

gmake install
cd ..

Now, we install the default rules and update the apache configuration :

#-- Install default configuration

cp -rp  rules $BAP/conf/modsecurity

#-- Configure Apache

echo >>$BAP/conf/httpd.conf <<EOF

#LoadModule security2_module modules/mod_security2.so

#-- modsecurity configuration

<IfModule mod_security2.c>
    Include $BAP/conf/modsecurity/*.conf
</IfModule>
EOF

:note In this configuration, modsecurity is inactive. To activate it, uncomment the 'LoadModule security2...' line.

2.26 - Compiling the ncurses library (5.7)

Source : http://www.gnu.org/software/ncurses/

:note We force the Makefiles to link through gcc, instead of calling ld directly, because we want our LDFLAGS to be used and it may contain options which are not supported by ld (as the options starting with -Wl).

./configure --prefix=$BLIB/ncurses\
    --without-ada \
    --without-debug \
    --without-cxx \
    --without-cxx-binding \
    --with-shared \
    --without-normal

$SMK 'MK_SHARED_LIB = gcc -shared -o $@ $(LDFLAGS)' all install.libs

$LINKDIR ncurses/lib
$LINKDIR ncurses/include
$LINKDIR ncurses/include/ncurses include

2.27 - Compiling gettext (0.17)

Source : ftp://ftp.gnu.org/gnu/gettext/

Web site : http://www.gnu.org/software/gettext/gettext.html

The '-with-included-gettext' configure option forces to build and use the included libintl library, even if one is present in the system libraries. This removes a dependency to the system libraries and ensures that we use the same libintl code across all platforms.

:note Note that, even if we try to disable NLS localization everywhere it is possible, some software don't allow it to be disabled. That's why we still need to embed a libintl library.

./configure --prefix=$BLIB/gettext $CF_OPTS \
    --with-libiconv-prefix=$BLIB/iconv \
    --with-libexpat-prefix=$BLIB/expat \
    --with-libncurses-prefix=$BLIB/ncurses \
    --with-libxml2-prefix=$BLIB/xml2 \
    --with-included-glib \
    --with-included-libcroco \
    --disable-libasprintf \
    --with-included-gettext

$MK
$MK install

#-- Cleanup

rm -rf  $BLIB/gettext/info $BLIB/gettext/share/info \
    $BLIB/gettext/share/man $BLIB/gettext/share/doc

$LINKDIR gettext/lib
$LINKDIR gettext/include
$LINKDIR gettext/bin

2.28 - Compiling the Subversion modules (1.5.4)

Source : http://subversion.tigris.org/downloads/subversion-1.5.4.tar.gz

Web site : http://subversion.tigris.org/

The Apache modules we build here allow to use Apache as a gateway to access a Subversion repository. You will find more information about configuring Apache as a Subversion gateway in this document.

:note Subversion requires the apr-util Apache library to be compiled with the Berkeley DB.

We need to tell configure how to find the required libraries at link time (by initializing the LIBS variable). If we don't, the configure phase fails when the libintl (gettext) library is not installed in /usr/lib. This is probably a bug in the configure script. Because of this problem, we also need to add '-lintl' to the list of libraries we link with.

LIBS="$LDFLAGS" \
    ./configure \
        --prefix=$BLIB/svn $CF_OPTS\
        --with-apxs=$BAP/bin/apxs \
        --with-apr=$BAP/bin/apr-config \
        --with-apr-util=$BAP/bin/apu-config \
        --with-zlib=$BLIB/z \
        --without-swig

#-- Add intl library to link flags

sed 's/^\(LIBS = .*\)$/\1 -lintl/' <Makefile >tmp1
cp tmp1 Makefile

#-- Compile & install

$MK
$MK install

#-- Keep only the libraries needed by the modules

/bin/rm -rf $BLIB/svn/bin  $BLIB/svn/share
for i in client diff ra wc
    do
    /bin/rm -rf $BLIB/svn/lib/libsvn_$i*
done

$LINKDIR svn/lib
$LINKDIR svn/include

2.29 - Compiling the readline library (6.0)

Web site : http://tiswww.case.edu/php/chet/readline/rltop.html

The default Makefile renames the object files with a '.so' suffix instead of the usual '.o'. Some OS (like AIX) cannot link files ending with '.so'. So, we modify the Makefile in shlib to keep the '.o' suffix.

We also need to force the commands used to link the shared libraries, as the Makefile uses ld by default, and we can have some gcc-specific options in CPPFLAGS/LDFLAGS. So, we force it to link using 'gcc -shared'.

cd shlib
cp Makefile.in Makefile.in.orig
sed -e 's/\.so$/.o/g' \
    -e 's/\.so /.o /g' \
    -e 's/\.so:/.o:/g' <Makefile.in.orig >Makefile.in
cd ..

./configure --prefix=$BLIB/readline $CF_OPTS

$MK 'SHOBJ_LD=gcc' \
    'SHOBJ_LDFLAGS=-shared' \
    "SHLIB_XLDFLAGS=$LDFLAGS" \
    'MV=touch' \
    all install

rm -rf $BLIB/readline/share

$LINKDIR readline/lib
$LINKDIR readline/include
$LINKDIR readline/include/readline

2.30 - Compiling libgpg-error (1.6)

Source : http://gnupg.org/download/index.en.html

./configure --prefix=$BLIB/gpg-error \
    --with-libiconv-prefix=$BLIB/iconv \
    --disable-nls \
    --disable-languages \
    $CF_OPTS

$MK
$MK install

$LINKDIR gpg-error/lib
$LINKDIR gpg-error/include

2.31 - Compiling the libgcrypt library (1.4.4)

Web site : http://www.gnu.org/software/libgcrypt/

./configure --prefix=$BLIB/gcrypt \
    --with-gpg-error-prefix=$BLIB/gpg-error \
    $CF_OPTS

$MK
$MK install

rm -rf $BLIB/gcrypt/share/info

$LINKDIR gcrypt/lib
$LINKDIR gcrypt/include

2.32 - Compiling the GnuTLS library (2.6.4)

Web site : http://www.gnu.org/software/gnutls/

HP-UX 11.00 does not support IP V6. So, we need to redefine the IP V6 symbols used in the source code. This is done through the CPPFLAGS environment variable.

We need to fix a bug, which only appears on systems, like HP-UX 11.00, which don't define the getaddrinfo() function nor the addrinfo structure (bug reported to the dev team, should be fixed in next version). A replacement getaddrinfo() function is provided in the library but the corresponding header file must be explicitely included to reference it. In the current version of the library, two source files use the addrinfo stuff without explicitely including the corresponding header file and fail compiling when getaddrinfo() is not defined in the system includes. So, we prefix theses files with the missing include directive :

for i in src/cli.c src/tls_test.c
    do
    cp $i $i.orig
    echo '#include "getaddrinfo.h"' >$i
    cat $i.orig >>$i
done

:note We don't compile the C++ library as we don't need it and it creates an unnecessary dependency on the libstdc++ library.

The installation fails (on AIX) with an 'Arg list too long' message when trying to install in the 'doc' subdirectory. As we don't need to build nor install the documentation, the easiest solution is to remove the 'doc' subdirectory from the list of subdirectories in the Makefile :

cp Makefile.in Makefile.in.orig
sed -e 's/ doc / /' <Makefile.in.orig >Makefile.in

CPPFLAGS="$CPPFLAGS \
    -Dss_family=sa_family \
    -DAF_INET6='AF_MAX+1' \
    -Dsockaddr_storage=sockaddr \
    -Dsockaddr_in6=sockaddr_in \
    -Dsin6_port=sin_port" \
./configure --prefix=$BLIB/gnutls \
    --with-libiconv-prefix=$BLIB/iconv \
    --disable-nls \
    --with-libgcrypt-prefix=$BLIB/gcrypt \
    --with-libz-prefix=$BLIB/z \
    --with-libreadline-prefix=$BLIB/readline \
    --with-included-libtasn1 \
    --disable-cxx \
    $CF_OPTS

$MK
$MK install

rm -rf $BLIB/gnutls/share/info $BLIB/gnutls/share/man

$LINKDIR gnutls/bin
$LINKDIR gnutls/lib
$LINKDIR gnutls/include

Once the library is built and installed, we can run the tests :

[ -z "$NO_TEST" ] && $SMK check

2.33 - Compiling the GnuTLS Apache module (0.4.3)

Web site : http://www.outoforder.cc/projects/apache/mod_gnutls/

The GnuTLS module is an alternative to mod_ssl. In addition to the features provided by mod_ssl, it provides several interesting additions like :

  • Support for SSL 3.0, TLS 1.0 and TLS 1.1
  • Support for RFC 5081 (OpenPGP certificate authentication)
  • Support for RFC 5054 (SRP authentication)
  • Support for Server Name Indication (allows several HTTPS virtual hosts on the same IP, which is impossible with mod_ssl)
  • Distributed SSL Session Cache via Memcached

:note Note that mod_gnutls and mod_ssl can both be loaded on an Apache server together but cannot be activated in the same virtual host.

On HP-UX, the shared library file suffix is '.sl', instead of the usual '.so' found on other systems. Here, libtool is used to compile the module, producing a '.sl' file, and apxs is used to install it, expecting a '.so' file ! So, in order for the install phase to work, we rename the file once it is built.

./configure \
    --with-apxs=$BAP/bin/apxs \
    --with-libgnutls-prefix=$BLIB/gnutls

$MK

mv src/.libs/libmod_gnutls.sl src/.libs/libmod_gnutls.so        #-- Rename shlib file (HP-UX specific)

$MK install

:note At this point, the gnutls module is inactive. To activate it, add the following line to $BASE/apache/conf/httpd.conf :

LoadModule gnutls_module modules/mod_gnutls.so

For more information on GnuTLS :

2.34 - Compiling the IMAP library (2007d)

Source : ftp://ftp.cac.washington.edu/imap/imap.tar.gz

Web site : http://www.imap.org

:note The IMAP distribution does not provide a way to build a shared client library. So, we do it our way : we build the static library first, with the '-fPIC' compile flag to generate relocatable objects, and, then, we build the shared library from these objects.

:note We have to provide the MD5ENABLE definition because it is not provided by the system includes.

:note We need a libc-client.a file in $BLIB/imap/lib because the PHP configure process specifically tests for the presence of this file. But we don't really need the static library as we'll only use the dynamic one. So, we create $BLIB/imap/lib/libc-client.a as a symbolic link to the dynamic library.

#-- Modify the Makefiles for SSL location

sed "s!/usr/local/ssl!$BLIB/ssl!g" <src/osdep/unix/Makefile >tmp1
cp tmp1 src/osdep/unix/Makefile

sed -e "s,/usr/include/openssl,$BLIB/ssl/include,g" \
    -e "s,/usr/share/ssl,$BLIB/ssl,g" \
    -e "s,SSLLIB=/usr/lib,SSLLIB=$BLIB/ssl/lib,g" <Makefile >tmp1
cp tmp1  Makefile

#-- Build a static library

$MK ghp "MAKE = $SMK" "EXTRACFLAGS = -fPIC -DMD5ENABLE=\"\"" \
    "EXTRASPECIALS = CC=gcc" "IP6=4"

#-- Build the dynamic library

cd c-client
gcc -shared -o libc-client.sl *.o $LDFLAGS -lssl -lcrypto -ldld -lz

#-- Install the headers and the library
#-- PHP configure needs a '.a' file

mkdir -p $BLIB/imap/lib $BLIB/imap/include
cp libc-client.sl $BLIB/imap/lib
ln -s libc-client.sl $BLIB/imap/lib/libc-client.a
cp *.h $BLIB/imap/include

cd ..

$LINKDIR imap/lib

2.35 - Compiling the MySQL client library (5.0.67)

Source : http://www.mysql.com/

CXX=gcc \
    ./configure --prefix=$BLIB/mysql $CF_OPTS \
    --enable-thread-safe-client \
    --with-zlib-dir=$BLIB/z \
    --with-openssl=$BLIB/ssl \
    --without-debug \
    --without-server \
    --without-extra-tools \
    --without-docs \
    --without-man \
    --without-bench 2>&1 | tee configure.log

$MK
$MK install

#-- Cleanup

rm -rf $BLIB/mysql/bin/* $BLIB/mysql/libexec $BLIB/mysql/mysql-test
cp scripts/mysql_config $BLIB/mysql/bin

#-- Remove server libraries

for i in dbug heap myisam myisammrg mystrings mysys vio
    do rm -f $BLIB/mysql/lib/mysql/lib$i.*
done

$LINKDIR mysql/lib/mysql lib

2.36 - Compiling the PostgreSQL client library (8.3.5)

Source : http://www.postgresql.org/ftp/source/

Web site : http://www.postgresql.org/

The configure process does not use CPPFLAGS and LDFLAGS correctly (the problem only appears when the libraries are not installed in the usual locations). As a workaround, we feed it with modified values for some other environment variables.

LDFLAGS_SL="-L$BLIB/common/lib" \
    CFLAGS="$CPPFLAGS" \
    CPP="gcc -E $CPPFLAGS" \
    ./configure --prefix=$BLIB/pgsql $CF_OPTS \
    --without-docdir \
    --without-tcl \
    --with-openssl \
    --without-readline \
    --with-libxml \
    --with-libxslt \
    --with-zlib

$MK
$MK install

#-- Cleanup

rm -rf $BLIB/pgsql/bin/* $BLIB/pgsql/man $BLIB/pgsql/include/server  $BLIB/pgsql/lib/*.a

cp src/bin/pg_config/pg_config $BLIB/pgsql/bin

$LINKDIR pgsql/lib

2.37 - Compiling mm (1.4.2)

Source : http://www.ossp.org/pkg/lib/mm/

:note mm's Makefile does not use the LDFLAGS variable, but we need this flag to be set in the link command, to specify an hardware library search path. Bug reported as Feature request #122, supposed to be fixed in version 1.4.2 but the fix doesn't work as it assumes that libtool automatically includes the content of the $LDFLAGS variable, which is not the case. So, we still need to patch the Makefile.in file manually before compiling.

#-- Insert '$(LDFLAGS)' in the link command

cp Makefile.in tmp1
sed 's/\(-rpath \$(libdir)\)/$(LDFLAGS) \1/' <Makefile.in >tmp1
cp tmp1 Makefile.in

#-- Configure, compile, install

./configure --prefix=$BLIB/mm $CF_OPTS

$MK
$MK install

#-- Cleanup

rm -rf $BLIB/mm/share

$LINKDIR mm/lib

2.38 - Compiling m4 (1.4.12)

Source : http://ftp.gnu.org/gnu/m4/

./configure --prefix=$BLIB/m4 $CF_OPTS

$MK
$SMK install

#-- Cleanup

rm -rf $BLIB/m4/share

$LINKDIR m4/bin

2.39 - Compiling GNU awk (3.1.6)

Web site : http://www.gnu.org/software/gawk/

GNU awk is needed on HP-UX because, on this system, the default awk command does not support more than 3,000 bytes per line. It may seem much but, during its compile phase, bison needs more ! So, we need to replace awk with gawk which has no limitation on the line length.

This is really needed on HP-UX only but, in order to remain consistent on the different OS we are building on, we use gawk on every OS.

./configure --prefix=$BLIB/gawk $CF_OPTS \
    --with-libiconv-prefix=$BLIB/iconv \
    --with-libintl-prefix=$BLIB/gettext

$MK
$MK install

/bin/rm -rf $BLIB/gawk/share/info $BLIB/gawk/share/man

$LINKDIR gawk/bin

2.40 - Compiling bison (2.4.1)

Web site : http://www.gnu.org/software/bison/

./configure --prefix=$BLIB/bison \
    --disable-yacc

$MK
$MK install

/bin/rm -rf $BLIB/bison/share/info $BLIB/bison/share/man

$LINKDIR bison/bin

2.41 - Compiling the mcrypt library (2.5.8)

Web site : http://mcrypt.sourceforge.net/

Source : http://sourceforge.net/project/showfiles.php?group_id=87941

Download the Libmcrypt package, not Mcrypt, as we just need the library.

We also need to define two replacement malloc()/realloc() functions. If we don't define them, the resulting libraries cannot be loaded on environments (like AIX) which don't provide 'GNU compatible' allocation functions. Actually, the configure tests for these functions to be 'GNU compatible'. When they are determined not to be compatible, every call to malloc()/realloc() is replaced by a call to rpl_malloc()/rpl_realloc() and the package is supposed to define these two functions. Unfortunately, mcrypt does not provide these functions. So, on systems lacking 'GNU compatible' allocation routines, when you try to load the mcrypt shared library, the load fails with an 'unresolved symbol' error.

To work around this issue, we define both 'GNU compatible' functions at the end of one of the mcrypt source files, so that they are compiled and included in the library.

:note The 'GNU compatibility' of allocation functions is defined by the fact that they return a valid pointer, even when given null input arguments. So, we wrap these features around the usual allocation routines :

cat >>lib/xmemory.c <<EOF
#ifdef malloc

#undef malloc
extern void *malloc(size_t);

void * rpl_malloc(size_t size)
{
if (!size) size++;
return malloc(size);
}

#undef realloc
extern void *realloc(void *, size_t);

void *rpl_realloc(void *p, size_t size)
{
if (!size) size++;
return (p ? realloc(p,size) : malloc(size));
}

#endif
EOF

Then, we build the usual way.

:note We disable dynamic loading of mcrypt modules because, every time I tried to enable it, the configure command failed.

./configure --prefix=$BLIB/mcrypt --disable-dynamic-loading $CF_OPTS

$MK all install

/bin/rm -rf $BLIB/mcrypt/man

$LINKDIR mcrypt/bin
$LINKDIR mcrypt/include
$LINKDIR mcrypt/lib

2.42 - Compiling PHP 4 (4.4.9)

Source : www.php.net

:note PHP 4 finds Oracle libraries in $ORACLE_HOME/lib. But we are on a 32 bit environment and the corresponding libraries are in $ORACLE_HOME/lib32. This bug has been corrected a long time ago on PHP 5 but it seems to be still present in version 4. Workaround : we modify the Makefile after the configure stage.

:note During installation, PHP inserts a 'LoadModule' line in httpd.conf. As we cannot have both PHP modules loaded at the same time, we decide that the default PHP module will be PHP 5. So, we comment out the PHP 4 LoadModule directive in the httpd.conf configuration file.

:note We modify the 'phpize' script so that it uses the embedded autoconf and m4. We also force the shell to be a korn-compatible shell (on some OS, /bin/sh is a Bourne-only shell, which does not work with phpize).

:note See the next chapter for an explanation about LDFLAGS and libcrypt.

export PBASE=$BASE/php4
REF_LDFLAGS="$LDFLAGS"

ORA_CF=''
if [ "$ORACLE_HOME" != 'none' ] ; then \
    if [ -d "$ORACLE_HOME/sdk" ] ; then    #-- InstantClient
        ORA_CF="--with-oci8-instant-client=shared,$ORACLE_HOME"
    else    #-- Standard client
        ORA_CF="--with-oci8=shared,$ORACLE_HOME"
    fi
fi

[ -f /usr/lib/libcrypt.a ] && \
    mv /usr/lib/libcrypt.a /usr/lib/libcrypt.a.save

export LDFLAGS="$LDFLAGS -lcl"

./configure --prefix=$PBASE \
    --with-config-file-path=$PBASE \
    --with-apxs2=$BAP/bin/apxs \
    --with-zlib=shared,$BLIB/z \
    --with-zlib-dir=$BLIB/z \
    --with-bz2=shared,$BLIB/bz2 \
    --enable-ftp=shared \
    --enable-dom \
    --with-iconv=shared,$BLIB/iconv \
    --with-iconv-dir=$BLIB/iconv \
    --enable-calendar=shared \
    --enable-sockets=shared \
    --enable-bcmath=shared \
    --enable-sysvsem \
    --enable-sysvshm \
    --enable-sysvmsg \
    --with-openssl=shared,$BLIB/ssl \
    --with-openssl-dir=$BLIB/ssl \
    --with-curl=shared,$BLIB/curl \
    --with-ldap=shared,$BLIB/ldap \
    --with-gd=shared \
    --with-png-dir=$BLIB/png \
    --with-jpeg-dir=$BLIB/jpeg \
    --enable-gd-native-ttf \
    --with-freetype-dir=$BLIB/freetype \
    --with-mysql=shared,$BLIB/mysql \
    --with-pgsql=shared,$BLIB/pgsql \
    --with-imap=shared,$BLIB/imap \
    --with-imap-ssl=$BLIB/ssl \
    --with-dom-xslt=$BLIB/xslt \
    --with-dom-exslt=$BLIB/xslt \
    --with-dom=$BLIB/xml2 \
    --with-expat-dir=$BLIB/expat \
    --with-mm=$BLIB/mm \
    --with-gettext=shared,$BLIB/gettext \
    --enable-mbstring=shared \
    --enable-dba=shared \
    --with-db4=$BLIB/berkeley_db \
    --with-cdb \
    --with-xmlrpc=shared \
    --with-mcrypt=shared,$BLIB/mcrypt \
    --with-ncurses=shared,$BLIB/ncurses \
    --with-readline=shared,$BLIB/readline \
    $ORA_CF \
        2>&1 | tee configure.log

#-- Modify the Oracle lib path in the Makefile

_oralibdir=lib
if [ -d $ORACLE_HOME/lib32 ] ; then
    _oralibdir=lib32
    sed 's!oracle/lib !oracle/lib32 !g' <Makefile >tmp1
    cp tmp1 Makefile
fi

#-- Build & install

$MK
$MK install

#-- Comment out the LoadModule directive

sed 's/^LoadModule php4/#LoadModule php4/' <$BAP/conf/httpd.conf >tmp1
cp tmp1 $BAP/conf/httpd.conf

mv /usr/lib/libcrypt.a.save /usr/lib/libcrypt.a    # restore this f... libcrypt.a

#-- Move extensions (personal, I don't like this 'no-debug...' dir)

mv $PBASE/lib/php/extensions/no-debug*/* $PBASE/lib/php/extensions
for i in $PBASE/lib/php/extensions/no-debug* ; do
    rmdir $i
    ln -s . $i
done

#-- Install default configuration file

cp php.ini-recommended $PBASE/php.ini

#-- Modify phpize

mv $PBASE/bin/phpize $PBASE/bin/phpize.orig
echo '#!/bin/sh' >$PBASE/bin/phpize
echo "PATH=\"$BLIB/common/bin:\$PATH\" ; export PATH" >>$PBASE/bin/phpize
cat $PBASE/bin/phpize.orig >>$PBASE/bin/phpize
chmod +x $PBASE/bin/phpize

#-- Restore LDFLAGS

export LDFLAGS="$REF_LDFLAGS"

2.43 - Compiling PHP 5 (5.2.6)

Source : www.php.net

:note As with PHP 4, we modify the 'phpize' script so that it uses the embedded autoconf and m4. We also force the shell to be a korn-compatible shell (on some OS, /bin/sh is a Bourne-only shell, which does not work with phpize).

If your compilation fails with a message starting with 'cc1: out of memory...', increase the value of your maxdsiz kernel configurable parameter (this operation requires root privilege and reboots the host). Typically, using gcc 4.1.1, a value of 100,000,000 (100 Mbytes) should be large enough, even when using the gcc '-O3' flag.

:note Issue with libcl (Can't dlopen() a library containing Thread Local Storage). Because of this problem, we cannot dlopen() the Oracle extensions (oci8 and pdo_oci) because they indirectly reference libcl, which uses some thread local storage. Reference of the document describing this problem in the HP ITRC website : AUSRCKBAN00000314. PHP bug #13151. It probably won't be fixed soon, as it is not really a problem of PHP. Workaround : The executable file which does the dlopen() call must have been linked with the library using TLS (libcl here). Here, it means that we must link the apache and php executable files with a -lcl option. That's why we set LDFLAGS='-lcl'.

:note Ignore this error message from configure : './configure[75167]: pkg-config:  not found.'. It is a configure bug reported to the PHP Dev team as #35981. This error does not seem to have any influence on the rest of the build process.

:note HP-UX contains an empty library /usr/lib/libcrypt.a. But the crypt() function is in libc. Because of the libcrypt.a file, configure decides to include '-lcrypt' in the linker flags. And, later, as there is no libcrypt.sl file, PHP refuses to build some modules in shared mode. Workaround : we temporarily rename the /usr/lib/libcrypt.a file.

First, we set the Oracle-related configure options :

  • PHP 5 does not support Oracle below version 9. So, if the Oracle library we have in $ORACLE_HOME is version 8, we cannot compile the Oracle-related extensions. Note that, on HP-UX 11.00, Oracle does not provide a version greater than 8i.
  • we detect if the Oracle client library is an instantclient and set the the configure options accordingly.

#-- Set Oracle configure options

if [ -f $ORACLE_HOME/lib/libclntsh.sl.8.0 ] ; then
    ORA_CF=''    # Cannot build Oracle extensions
else
    ic=''
    [ -d "$ORACLE_HOME/sdk" ] && ic=',instantclient'
    ORA_CF="--with-oci8=shared$ic,$ORACLE_HOME --with-pdo-oci=shared$ic,$ORACLE_HOME"
fi

Then, we configure and build :

export PBASE=$BASE/php5
REF_LDFLAGS="$LDFLAGS"


[ -f /usr/lib/libcrypt.a ] && mv /usr/lib/libcrypt.a /usr/lib/libcrypt.a.save

export LDFLAGS="$LDFLAGS -lcl"

./configure --prefix=$PBASE \
    --with-config-file-path=$PBASE \
    --with-apxs2=$BAP/bin/apxs \
    --with-zlib=shared,$BLIB/z \
    --with-zlib-dir=$BLIB/z \
    --with-bz2=shared,$BLIB/bz2 \
    --enable-ftp=shared \
    --with-libxml-dir=$BLIB/xml2 \
    --with-xsl=shared,$BLIB/xslt \
    --enable-dom \
    --enable-simplexml \
    --with-iconv=shared,$BLIB/iconv \
    --with-iconv-dir=$BLIB/iconv \
    --enable-calendar=shared \
    --enable-sockets=shared \
    --enable-soap=shared \
    --enable-bcmath=shared \
    --enable-sysvsem \
    --enable-sysvshm \
    --enable-shmop \
    --enable-sysvmsg \
    --enable-pdo=shared \
    --with-pdo-sqlite=shared \
    --with-sqlite=shared \
    --enable-sqlite-utf8 \
    --with-openssl=shared,$BLIB/ssl \
    --with-openssl-dir=$BLIB/ssl \
    --with-curl=shared,$BLIB/curl \
    --with-ldap=shared,$BLIB/ldap \
    --with-gd=shared \
    --with-png-dir=$BLIB/png \
    --with-jpeg-dir=$BLIB/jpeg \
    --enable-gd-native-ttf \
    --with-freetype-dir=$BLIB/freetype \
    --with-mysql=shared,$BLIB/mysql \
    --with-mysqli=shared,$BLIB/mysql/bin/mysql_config \
    --with-pdo-mysql=shared,$BLIB/mysql \
    --with-pgsql=shared,$BLIB/pgsql \
    --with-pdo-pgsql=shared,$BLIB/pgsql \
    --with-imap=shared,$BLIB/imap \
    --with-imap-ssl=$BLIB/ssl \
    --with-mm=$BLIB/mm \
    --with-gettext=shared,$BLIB/gettext \
    --enable-zip=shared \
    --enable-mbstring=shared \
    --enable-dba=shared \
    --with-db4=$BLIB/berkeley_db \
    --with-cdb \
    --with-inifile \
    --with-xmlrpc=shared \
    --with-mcrypt=shared,$BLIB/mcrypt \
    --with-ncurses=shared,$BLIB/ncurses \
    --with-readline=shared,$BLIB/readline \
    $ORA_CF \
        2>&1 | tee configure.log

#-- Build

$MK
$MK install

mv /usr/lib/libcrypt.a.save /usr/lib/libcrypt.a    # restore this f... libcrypt.a

#-- Move extensions (personal, I don't like this 'no-debug...' dir)

mv $PBASE/lib/php/extensions/no-debug*/* $PBASE/lib/php/extensions
for i in $PBASE/lib/php/extensions/no-debug* ; do
    rmdir $i
    ln -s . $i
done

#-- Install default configuration file

cp php.ini-recommended $PBASE/php.ini

#-- Modify phpize
 
 mv $PBASE/bin/phpize $PBASE/bin/phpize.orig
echo '#!/bin/sh' >$PBASE/bin/phpize
 echo "PATH=\"$BLIB/common/bin:\$PATH\" ; export PATH" >>$PBASE/bin/phpize
 cat $PBASE/bin/phpize.orig >>$PBASE/bin/phpize
 chmod +x $PBASE/bin/phpize

 #-- Restore LDFLAGS

export LDFLAGS="$REF_LDFLAGS"

2.44 - Compiling autoconf (2.63)

Source : http://ftp.gnu.org/gnu/autoconf/

:note As $BLIB/common/bin is first in path, configure always uses our embedded version of m4.

./configure --prefix=$BLIB/autoconf $CF_OPTS

$MK
$SMK install

#-- Cleanup

rm -rf $BLIB/autoconf/share/info $BLIB/autoconf/share/man

$LINKDIR autoconf/bin

2.45 - Compiling the ming library and PHP extension (0.4.2)

Web site : http://www.libming.org/

Source : http://sourceforge.net/project/showfiles.php?group_id=18365

Ming is a library for generating Adobe/Macromedia Flash files (.swf). It allows PHP to generate Flash animations and interactions dynamically.

First, we compile and install the library :

./configure --prefix=$BLIB/ming $CF_OPTS \
    --disable-cpp

$MK
$MK install

/bin/rm -rf $BLIB/ming/share

$LINKDIR ming/bin
$LINKDIR ming/include
$LINKDIR ming/lib

The ming extensions contained in the PHP 4 and 5 source distributions don't work with libming version 0.4.x. So, we build the PHP extensions provided in the ming distribution.

But, first, we need to fix a small problem in config.m4 (wrong lib subdirectory name) :

cd php_ext
cp config.m4 config.m4.orig
sed 's/^PHP_LIBDIR=.*$/PHP_LIBDIR=lib/' <config.m4.orig >config.m4

Then we compile and install the PHP 4 & 5 extensions :

for _v in 4 5    #-- PHP 4 first, then 5
    do
    _pbase=$BASE/php$_v    # PHP install location

    #-- Build configure script

    $_pbase/bin/phpize

    #-- Configure

    ./configure \
        --with-ming=$BLIB/ming \
        --with-php-config=$_pbase/bin/php-config \
        $CF_OPTS

    #-- Compile

    $MK
    $MK install

    #-- Clean build tree

    $MK distclean
    $_pbase/bin/phpize --clean
done

2.46 - Compiling the SSH2 PHP extension (0.11.0)

Source : http://pecl.php.net/package/ssh2

We compile the extension for PHP 4 and 5.

for _v in 4 5    #-- PHP 4 first, then 5
    do
    _pbase=$BASE/php$_v    # PHP install location

    #-- Build configure script

    $_pbase/bin/phpize

    #-- Configure

    ./configure \
        --with-ssh2=$BLIB/ssh2 \
        --with-php-config=$_pbase/bin/php-config \
        $CF_OPTS

    #-- Compile

    $MK install

    #-- Clean build tree

    $MK distclean
    $_pbase/bin/phpize --clean
done

2.47 - Compiling the APC PHP extension (3.0.19)

Source : http://pecl.php.net/package/APC

APC stands for 'Alternative PHP Cache'. It is a free, open, and robust framework for caching and optimizing PHP intermediate code. Depending on the application, it can provide really dramatic improvements in terms of response time and CPU/memory usage.

:note APC provides a basic administration interface. Here, we install it in the 'lib/php' subdirectory of both PHP trees. Here are the steps to activate it on a target machine :

  • Considering that PHP and the APC extension are active,
  • Copy the apc.php file from the 'lib/php' subdirectory to a directory accessible by a web browser.
  • Edit apc.php and modify the line starting with 'defaults('ADMIN_PASSWORD',' to set a password of your choice (mandatory to access protected features).
  • Open apc.php through your browser.

We also pre-configure the php.ini file with a basic set of APC parameters.

If you are interested in PHP performance improvement, you may also have a look at a number of other software like XCache, eAccelerator, memcache, PHK, Automap... All these PHP extensions can be compiled and installed in a similar way as what we show here.

:note On HP-UX, the system does not define the MAP_ANON symbol. This symbol is used by apc_mmap and corresponds to a value of 0 in the mmap() flag. So we force the symbol definition.

for _v in 4 5    #-- PHP 4 first, then 5
    do
    _pbase=$BASE/php$_v    # PHP install location

    #-- Build configure script

    $_pbase/bin/phpize

    #-- Configure

    CPPFLAGS="$CPPFLAGS -DMAP_ANON=0" \
        ./configure \
        --enable-apc \
        --with-php-config=$_pbase/bin/php-config \
        $CF_OPTS

    #-- Compile and install

    $MK install
    cp apc.php $_pbase/lib/php

    #-- Append config to php.ini
 
    cat >>$_pbase/php.ini <<EOF
#extension=apc.sl
apc.enabled=1
apc.shm_segment=1
apc.optimization=0
apc.shm_size=128
apc.ttl=7200
apc.user_ttl=7200
apc.num_files_hint=1024
apc.mmap_file_mask=/tmp/apc.XXXXXX
apc.enable_cli=0
EOF

    #-- Clean build tree

    $MK distclean
    $_pbase/bin/phpize --clean
done

3 - Cleanup

Now that the compilation phase is over, we can remove the tools we don't need in the runtime environment :

/bin/rm -rf \
    $BLIB/bison \
    $BLIB/gawk

:note Note that we keep autoconf and m4, to be able to compile and install additional PECL extensions.

4 - Configuring

Here, we give only a minimal configuration, which allows to start Apache and to run a simple test. When the package is installed on a target machine, it must be configured in a much more serious way. This aspect is beyond the scope of this document but you can find a lot of resources on the Internet.

:call

Warning : Running this package with the default configuration in a production environment can lead to serious security problems !!
You have been warned

4.1 - System

  • Check that a www user exists in /etc/passwd. If not, create it with passwd='*' and login shell = /bin/false.
  • Add a www group in /etc/group if it does not already exist.

4.2 - Apache

Edit $BAP/conf/httpd.conf :

  • Change the line starting with 'User' to 'User www'
  • Change the line containing 'Group #-1' to 'Group www'.
  • Add this line anywhere in the file :

AddType application/x-httpd-php .php

Add the following line at the end of $BAP/bin/envvars :

unset LD_LIBRARY_PATH LIBPATH SHLIB_PATH

In order to avoid a problem of Apache crashing on HP-UX (message 'cannot grab mutex'), HP recommends to add this line to the configuration. The only thing I can say is that it solved the problem for me.

AcceptMutex fcntl

4.3 - Oracle client

Edit the file '$BAP/bin/envvars' and add the environment variables needed by the Oracle client :

ORACLE_HOME=<$BASE>/libs/oracle_home
export ORACLE_HOME

#-- TNS_ADMIN is optional, set only if you don't use the default
#-- location ($ORACLE_HOME/network/admin)

TNS_ADMIN=<directory>
export TNS_ADMIN

4.4 - PHP

For each PHP version, edit $BASE/php{4,5}/php.ini :

extension_dir = "<$BASE>/php<4|5>/lib/php/extensions"

5 - Checking

5.1 - Starting Apache/PHP

Now, start Apache with :

<$BASE>/apache/bin/apachectl start

This should not display any message.

5.2 - Checking the PHP modules

Here, we just check that the PHP shared modules can be loaded without error.

It can be useful to run this test when you install your package to a new host, as it allows to check that every shared lib dependencies are satisfied.

:note The syntax we use here must be compatible with PHP versions 4 & 5. That's why we cannot use scandir().

By default, you will be testing PHP 5, as it is the one we chose to activate in the Apache configuration. In order to test PHP 4, comment out the PHP5 line in $BAP/conf/httpd.conf, uncomment the PHP4 line, restart Apache, and reload the page from your browser.

Create a new file named $BAP/htdocs/test.php with the following content :

<?php
error_reporting(E_ALL);
ini_set('display_errors',true);

$libs=array();
$dir=opendir(ini_get('extension_dir'));
while ($lib=readdir($dir))
    if (fnmatch('*.'.PHP_SHLIB_SUFFIX,$lib)) $libs[]=$lib;

sort($libs);
foreach($libs as $lib)
    {
    echo "Loading module $lib ...<br>";
    dl($lib);
    }

phpinfo();
?>

Point your browser to http://<your_server>/test.php

It should display the configuration of every PHP modules, static and dynamic. If there are some errors when trying to load a module, it will also display them.

6 - Packaging

First, remove the Oracle and Java links, as we don't want them to be included in the package :

/bin/rm -f $BLIB/oracle_home $BLIB/java_home

6.1 - RPM

RPM is not provided by default on HP-UX but you can build and install it.

6.1.1 - Creating the package

Note that we build a binary RPM, not a source RPM.

We need a specfile. Here is a sample content for this file :

Name: http170
Summary: http170
Group: Applications/Internet
Version: 1.7
Release: 0
ExclusiveOs: hp11.00
License: Apache license/PHP license
Source: none
URL: <your url>
Packager: <your name>
AutoReqProv: no
provides: http170
%description
Apache/PHP by <your name> - <date>
<Add your description here...>
%pre
#======================= Pre-Install script =============
<Insert preinstall shell code here.
This code should check for a 'www' user and group, and create them if they don't exist.
%preun
#====================== Pre-Uninstall script ==============
#-- Stop Apache

<$BASE>/apache/bin/apachectl stop

#-- Remove the log files because they are not part of the package
#-- and they won't be removed by rpm

/bin/rm -rf <$BASE>/apache/logs/*

#============================ FILES =================
%files
<$BASE>
%config <$BASE>/apache/conf
%config <$BASE>/php4/php.ini
%config <$BASE>/php5/php.ini

What does it mean ?

  • The first lines contain information about the packages's name, requirements, packager (you), and a description.
  • the pre-install script ensures that the www user & group exist. If it is not the case, they are created.
  • The pre-uninstall script stops Apache and remove the log files.
  • Then, we give the list of the files, with some of them being tagged as configuration files (see the rpm documentation for more information on the %config tag).

Now, build your package with this command :

rpmbuild -bb <specfile-path>

This will create a file named http170-1.7-0.hppa.rpm in the 'RPMS/hppa' subdirectory of your RPM install base directory (/usr/src/redhat on RHEL). This is your RPM package file.

6.1.2 - Installing the package

This package can be installed, as any other RPM packages, using the rpm command (man rpm for more).

6.2 - Tar/gzip

A tar package just contains every files under $BASE.

6.2.1 - Creating the package

The commands to build a tar/gz package are :

cd $BASE
tar cf - . | gzip --best >/tmp/http170-1.7-0.hppa.tgz

This creates a '.tgz' package file in /tmp.

6.2.2 - Installing the package

To install the package :

  • Download the package file on the target host
  • Create the $BASE directory
  • Ensure the file system containing the $BASE directory has enough free space
  • Untar/uncompress the package file in $BASE.

6.3 - Configuring the package

Once the package is installed, you can create the symbolic links to the Oracle and Java installation directories as $BLIB/oracle_home and $BLIB/java_home.

You can also run the test above to check that the PHP modules can be loaded correctly.

7 - The end

:love Enjoy !

 

Please login or register to add a comment