|
| Document history |
| v 1.0-1 |
JUN 2006 |
|
| v 1.1-1 |
JUL 2006 |
- Add mod_jk Apache module
- Add imap PHP extension
- Add RPM creation on Linux
- Suppress AdoDB
|
| v 1.2-1 |
SEP 2006 |
- Component upgrade to the latest stable versions.
|
| v 1.4-4 |
SEP 2006 |
|
| v 1.4-5 |
OCT 2006 |
- Add Apache modules : isapi dumpio logio proxy proxy_connect proxy_ftp proxy_http.
- Add the mm library (allows to store PHP session information in shmem).
|
| v 1.4-9 |
NOV 2006 |
- Minor bug corrections and optimizations
|
| v 1.5-0 |
FEB 2008 |
- Component upgrade to the latest stable versions.
- Add gettext support to PHP
- Apache now uses the gdbm library (solving an issue with ndbm on AIX)
- Add the mod_security, auth_digest, and mod_evasive Apache modules
|
| v 1.5-1 |
DEC 2008 |
- Component upgrade to the latest stable versions.
- Add zip extension to PHP 5
- Add the Subversion Apache modules. Because of these modules,
replace gdbm with Berkeley DB in apr-util.
- Add managelogs
- Add mbstring extension to PHP 4 & 5
|
| v 1.6-1 |
JAN 2009 |
- Add the following extensions to PHP 4 & 5 : dba, ssh2, APC
- Add the tools needed to compile PECL extensions (autoconf and m4)
- Add Berkeley DB4 support to PHP 4 & 5
|
| v 1.6-2 |
MAR 2009 |
- Enhanced documentation
- Suppress the embedded libgcc library on Linux
- Suppress the embedded stdc++ library
- Add the mod_auth_cas Apache module (CAS authentication)
- Workaround on HP-UX to use the random() function in libapr (suppresses
the dependency to KRNG11i on HP-UX 11.11)
- Upgrade managelogs to version 1.0.1
- Workaround in OpenSSL on HP-UX 11.00 : SSL connection could not be
established due to a problem of random number generation.
- Add xml/xslt support to postgresql.
|
| v 1.7-0 |
APR 2009 |
- Add the following PHP extensions (and related libraries): ming,
xmlrpc, ncurses, mcrypt.
- Add the GnuTLS Apache module.
- Add readline support to the PHP CLI interpreters.
- Add support for CDB (Constant DataBase) files in PHP 4 & 5
- Add support for microsoft style .ini files in PHP 5
- Add SSH support to curl
- Add RPM packaging on non-Linux OS
|
1 - Introduction
This document details how to compile a full-featured Apache/PHP distribution.
The main difference with other tutorials you may find on the web is that
this document not only explains how to compile Apache and PHP, but also every
library they depend on. This is a 'black-box' approach, where the software
comes with everything it needs to run. It is longer and more complex to build such
a package but, once it is done, it brings a lot of benefits, such as an independance
between your software package and the libraries
that may be already installed on the target host. Such a 'self-contained'
approach makes it easier to build and deploy functionaly-identical packages on several
different platforms/OS. Of course, the software still uses the low-level system
libraries, but the dependencies are
limited to the bare minimum, minimizing the risk of inconsistent behaviors
between different hosts/platforms.
To complement this 'black-box' approach, we install the software in a
private directory. This makes the package much simpler to manage, deploy ,
upgrade, or remove (compared to the traditional method
of installing everything under /usr/local/[bin|lib|...]). Actually, we don't
include everything needed by the package, as we only include everything we can compile. The exceptions are the Oracle client
library and the JAVA JRE, which are considered as 'external dependencies'
and accessed through symbolic links (so that they can be physically
located anywhere on the target host).
1.1 - Intended audience
This document can be used in two different ways :
- In order to apply the procedure and build the software exactly as it is
described here, you don't need to be an expert : it just requires some basic
Unix and shell knowledge, such as being able to download the source
packages, uncompress/untar them, and create files with a text editor.
At this level, the procedure given below can be splitted in two main steps :
- you first set a limited number of environment variables (essentially
the installation directory)
- and the rest is just a suite of copy/paste operations from the
document to your shell environment.
- Now, if you want to understand everything that is explained below, or if
you want to adapt it to your specific needs, it requires of course more
knowledge on different domains, mostly :
- build mechanisms in general,
- compile and link operations (with a strong focus on shared libraries),
- makefiles,
- the Gnu
autoconf-based configure/make process,
- and even, when it is really needed, the ability to understand and
adapt some C source code.
So, to resume, most people will just apply the procedure described below, which is
relatively easy and just requires a basic working knowledge of the Unix shell
environment.
 Don't hesitate to post comments on issues you may have with this
document. Each time you do it, you help me and the community in general to make
the procedure more robust and reliable. I promise to reply to every question
asked in comments. Please prefer comments to direct mail as they may benefit
others.
1.2 - Getting the source packages
Some readers sometimes ask why I don't provide copies of the source
packages I list below. Sure, it would be easier for you, but I won't do it as you
MUST get your source packages from a repository you can
trust ! You don't know me, you CANNOT trust source code downloaded from my
site (except
for my own projects).
So, once again, always get your
software from a trusted source and, when a package signature is provided, check it to make sure you get the official
code.
I insist on this because compiling some modified source code or installing
some corrupted precompiled binaries would give hackers everything they need to take
control on your site (remember that most software we compile here runs as root).
In every chapter below, you will find a link to the best place to get the
source package from.
So, remain a good, slightly paranoid, system administrator, and everything
will go well.
1.3 -
Modules & extensions
We are building Apache 2.0, PHP 4, and PHP 5 with the following modules and extensions :
These Apache modules are all compiled as
shared
objects (DSOs).
We also include the mm
session handler support in PHP 4 & 5 (to be activated via the
'session_handler=mm' directive in php.ini)
1.4 -
Software dependencies
The following diagrams display the dependencies between the software packages
and libraries we are integrating together (split as two diagrams for clarity) :
Note that we use the GD bundled library provided in the PHP source packages (4 &
5).
The package also includes the tools you need to build
additional PHP extensions from the PECL library (http://pecl.php.net).
Although these tools (autoconf & m4) are available in every Linux
distribution, it is not the case
on older/traditional/proprietary Unix. In order to remain consistent for every OS we support
in this set of documents, the package includes an embedded version of m4 and autoconf.
The phpize scripts are also modified to use this version.
1.5 -
Notational conventions
Everything written in black on grey can be copy/pasted without any
modification.
Everything written in red and between '<' and '>'
symbols must be replaced by a value corresponding to your environment.
Example : when
you read this :
you must replace <$BASE> with your base directory
path in the line you will actually type. but, when you read this : you
copy and paste it asis into your environment.
Everything related to
Oracle is printed in green and can be safely ignored if you don't need Oracle connectivity.
1.6 - Context
| Host model : |
VMWare virtual host (on a Dell R900) |
| OS : |
Linux 2.4.21-37.ELsmp |
| Hardware platform : |
i386 (32 bits) |
| RedHat release : |
Red Hat Enterprise Linux ES release 3 (Taroon Update 6) |
| Shell : |
/bin/bash |
1.7 - Pre-requisite
These products are mandatory but the versions are not. They are just the versions I
used, so they are known to work.
| Product |
Version |
| gcc (C & C++) |
4.1.1 |
| glibc, glibc-devel, glibc-headers |
2.3.2-95.37 |
| Gettext |
0.11.4-7 |
| Flex |
2.5.4a-29 |
| GNU make |
3.79.1-17.1 |
| pam-devel |
0.75-72 |
| JDK |
1.6.0_03-fcs |
| rpm-build |
4.2.3 |
| Oracle client |
9.2.0 |
2 - Building
2.1 -
Environment
First, we define the install (target) base directory : export BASE=<your install directory> |
We ensure that the LIBPATH, LD_LIBRARY_PATH, and SHLIB_PATH variables are unset.
Only one of them applies to this system but it is simpler to unset them all on every OS :
unset LIBPATH LD_LIBRARY_PATH SHLIB_PATH || : |
If the shell
environment contains aliases for cp, rm, or mv, it is time
to unalias them :
unalias cp rm mv 2>/dev/null || : |
Then, we set the variables we use for every software and on every OS. Among
others, we ensure that /usr/local/bin is in the PATH :
export BLIB=$BASE/libs
export PKG_CONFIG_PATH="$BLIB/common/pkgconfig"
export CC=gcc
export CPPFLAGS="-I$BLIB/common/include"
export CF_OPTS="--enable-shared --disable-static"
export PATH="$BLIB/common/bin:$PATH:/usr/local/bin:/usr/ccs/bin" |
C compilers can have such different behaviors that I strongly recommend
using gcc. If you are using another compiler, please don't ask for support.
Now, we set the 'make' commands we'll use in the rest of the document. The
difference between $MK
and $SMK is that, in $MK, you can add options for a 'parallel make' ('-j', '-l',
...). $SMK stands for 'serial make' and is used where parallel builds are known
to fail.
Mileage varies concerning parallel make. Depending on your host
characteristics and the options you set, the build can be faster or slower.
Personnally, after trying several options, I did not observe a noticeable gain
in performance and reverted to the default 'serial' make.
Please note that parallel make can
cause compilation failures. So, if you get unexpected results
while parallel make options are active, the first thing to do is to retry the same
without the parallel options. For more info about parallel make, see the
GNU make manual.
GNU make is mandatory as several packages absolutely require it. On
Linux, GNU make is native but, on non-Linux systems, you are strongly advised
not to use the native make.
export MAKE='gmake'
export SMK="$MAKE"
export MK="$MAKE" |
We also un-localize the shell environment :
unset LANG LC_MONETARY LC_TIME LC_MESSAGES LC_CTYPE \
LC_COLLATE LC_NUMERIC || : |
We now set the variables specific to this operating system :
export LDFLAGS="-L$BLIB/common/lib -Wl,-rpath -Wl,$BLIB/common/lib" |
We define the Oracle installation directory : export ORACLE_HOME=<your
Oracle home> |
We define where the JDK is installed : export JAVA_HOME=<your Java home> |
We
now set the environment specific to this software :
2.2 - Creating the target structure
Every libraries and auxiliary software are installed under
'$BASE/libs'. There, each software/library is assigned a subdirectory, and we populate a 'common'
subdirectory with symbolic links to the actual file locations. Using a common directory
populated with symbolic links brings several benefits :
- it allows to set a single path in the dynamic lib search
path (LDFLAGS).
- it also allows to set a single path in the include file search path
(CPPFLAGS)
- Putting a common 'bin' subdirectory as first element of the PATH ensures
that anything we put in this directory will be found first when searching
for an executable command.
- Last, it allows to set a single path in the PKG_CONFIG_PATH variable.
Thanks to this directory structure, we don't have to modify the environment
variables each time we add a library to the package. It becomes also easier to
ensure that the compilation will reference our embedded library/include files,
and not the ones that can be installed elsewhere in the system.
First, we create the base common directory. Then, we create the script to
populate the common directories. Every
time we build and install a library we need to reference in a subsequent build, we
call this
script to register the files in the common structure. This is done through the
$LINKDIR environment variable. Note that the
link creation script is not in the common PATH. This way, it cannot conflict
with another file. #-- Declare the variable we use to
call the script
export LINKDIR=$BLIB/common/linkdir |
#-- Create the script
echo 'cd $BLIB/$1
#-- If second argument is unset, default to the last element of target dir (usual
case)
cdir=$2
[ -z "$2" ] && cdir=`basename "$1"`
#-- Directory to contain links. Create common subdirectory when needed
tdir=$BLIB/common/$cdir
[ -d $tdir ] || mkdir -p $tdir
for i in *
do
[ "X$i" = "X*" ] && break
#-- Empty directory
[ "X$i" = Xpkgconfig ] && continue
#-- pkgconfig is a special case
[ -h $tdir/$i ] && continue # No override
echo "Linking $i"
ln -s ../../$1/$i $tdir/$i
done
#-- If a pkgconfig subdir exists, link it, but in the pkgconfig common subdir
[ -d pkgconfig ] && $LINKDIR $1/pkgconfig
exit 0
' >$LINKDIR
chmod +x $LINKDIR |
2.3 - External dependencies
We use symbolic links for the external dependencies (Oracle & Java). This
way, the package can easily run on a target host where Oracle and/or Java are
installed in different locations. On the target host, we just need to create
two symbolic links at the same locations and the Oracle and Java dependencies will be
resolved through them.
I clearly prefer this solution to the ones based on the LD_LIBRARY_PATH/SHLIB_PATH/LIBPATH
environment variables.
This is consistent with the 'black-box' philosophy described above, as I
consider that I cannot
really control the environment my software will run in.
2.3.1 - Oracle
As explained above, we create a symbolic link from
$BLIB/oracle_home to the Oracle install directory. We also create a second indirection
level because the Oracle library hardware path is recorded with the version
suffix (libclntsh.so.9.0, libclntsh.so.10.1,...). So, at runtime, the software
expects the same library version it was compiled with. As we want to be able to
run with any Oracle library, even if it is not the one we used at compile time,
we need to create a redirection from this 'versioned' library file to the actual
'not-versioned' file. ln -s
$ORACLE_HOME $BLIB/oracle_home
#-- Redirect from versioned lib to non-versioned one
_pwd=`pwd`
cd $BLIB/oracle_home
for _f in `echo lib*/libclntsh.so.*`
do
_d=`dirname $_f`
mkdir -p $BLIB/oracle/$_d
rm -f $BLIB/oracle/$_d/libclntsh.so
ln -s ./`basename $_f`
$BLIB/oracle/$_d/libclntsh.so
ln -s ../../oracle_home/$_d/libclntsh.so $BLIB/oracle/$_f
done
#-- we also need the header files, but just for compiling
for _d in precomp rdbms
do
ln -s ../oracle_home/$_d $BLIB/oracle/$_d
done
cd $_pwd
#-- Modify ORACLE_HOME for compile time
export ORACLE_HOME=$BLIB/oracle |
Note that the package is
never guaranteed to run with an Oracle client of a version different than the
one it was compiled with. For instance, if you compile with an Oracle 10
library, it won't run with an Oracle 9 version (because of a symbol added in
version 10). When it is possible, the best solution is always to compile and run
a software with the same library versions.
2.3.2 - Java
The external Java SDK will be accessed through a symbolic link. ln -s $JAVA_HOME $BLIB/java_home |
At
runtime, we just need a Java Runtime Environment, not the whole JDK.
2.4 - Compiling zlib (1.2.3)
Source : http://www.zlib.net/
The zlib library provides the gzip (GNU zip) compression/decompression features.
./configure --shared --prefix=$BLIB/z
$MK "LDSHARED = gcc -shared $LDFLAGS" test install
#-- Cleanup
rm -rf $BLIB/z/share $BLIB/z/lib/*.a
$LINKDIR z/lib
$LINKDIR z/include |
2.5 - Compiling the OpenSSL library (0.9.8j)
Source :
http://www.openssl.org/source/
Web site : http://www.openssl.org/
The OpenSSL library provides the mechanisms to establish SSL-secured connections. It is
used by Apache to handle HTTPS connections, by PHP to provide SSL features, and
also by OpenLDAP, curl, MySql and
PostgreSql.
As the configuration process ignores the LDFLAGS environment
variable, we modify several variables related to the way
the libraries will be linked.
./config --openssldir=$BLIB/ssl shared zlib no-krb5
$MK "SHARED_LDFLAGS = -shared $LDFLAGS" \
"EX_LIBS = $LDFLAGS -ldl -lz"
$MK install_sw
#-- Cleanup
rm -rf $BLIB/ssl/man $BLIB/ssl/lib/*.a $BLIB/ssl/misc
$BLIB/ssl/private \
$BLIB/ssl/certs
$LINKDIR ssl/lib
$LINKDIR ssl/include
$LINKDIR ssl/bin
# Skip the tests if the 'NO_TEST' variable is defined
[ -z "$NO_TEST" ] &&
$MK test "EX_LIBS = $LDFLAGS -ldl -lz" |
2.6 - Compiling the OpenLDAP library (2.4.11 - 20080813)
Source :
http://www.openldap.org/software/download/ Web site : http://www.openldap.org/
We only compile the LDAP client, excluding the server and the replication
daemon. Then, we keep the library and include
files only. ./configure --prefix=$BLIB/ldap --without-cyrus-sasl \
--disable-slapd --disable-slurpd --with-tls=openssl $CF_OPTS
$MK install
#-- Cleanup
rm -rf $BLIB/ldap/bin $BLIB/ldap/man
$LINKDIR ldap/include
$LINKDIR ldap/lib |
2.7 - Compiling the expat library (2.0.1)
Source :
http://sourceforge.net/project/showfiles.php?group_id=10127 Web site
: http://expat.sourceforge.net/
./configure --prefix=$BLIB/expat $CF_OPTS
$MK
$MK install
#-- Cleanup
rm -rf $BLIB/expat/bin $BLIB/expat/man
$LINKDIR expat/lib
$LINKDIR expat/include |
2.8 - Compiling the iconv library (1.12)
Source :
ftp://ftp.gnu.org/gnu/libiconv Web site : http://www.gnu.org/software/libiconv/
./configure --prefix=$BLIB/iconv
\
--disable-nls \
$CF_OPTS
gmake
gmake install
rm -rf $BLIB/iconv/bin $BLIB/iconv/share
$LINKDIR iconv/lib
$LINKDIR iconv/include |
2.9 - Compiling the Berkeley DB library (4.7.25)
Source :
http://www.oracle.com/technology/software/products/berkeley-db/index.html The TCL stuff is useless here. So, we don't compile it. cd build_unix
../dist/configure \
--prefix=$BLIB/berkeley_db $CF_OPTS \
--without-tcl
$MK
$MK install
/bin/rm -rf $BLIB/berkeley_db/docs
$LINKDIR berkeley_db/lib
$LINKDIR berkeley_db/include
$LINKDIR berkeley_db/bin
cd .. |
2.10 - Compiling Apache (2.0.63)
Source : http://httpd.apache.org/
As our LDAP library is not in the
standard location, we need to build and install the apr and apr-util libraries
first, splitting the compile process in 3 steps.
We also modifiy the
apr-config script because we want apxs to link with the hardcoded library search
path.
Fix : if the host contains an older version of the zlib headers in
/usr/include, it may contain a file named zutil.h. In this case, the Apache
configure phase wrongly states that it can include this file. But, this header
file is incompatible with the version of zlib embedded in the package, and the
compilation fails. In order to force this header file not to
be used, we un-define the corresponding symbol in the auto-generated Apache header file.
#-- Build apr
cd srclib/apr
./configure --prefix=$BAP --enable-threads $CF_OPTS
$MK
$MK install
#-- Insert the hardcoded library search path and the common include directory in apr-config
cp -p $BAP/bin/apr-config $BAP/bin/apr-config.orig
sed -e "s!^\(LDFLAGS=\"\)\(.*\"\)\$!\1$LDFLAGS\2!" \
-e "s!^\(EXTRA_INCLUDES=\"\)!\1-I$BLIB/common/include !" \
<$BAP/bin/apr-config.orig
>$BAP/bin/apr-config
#-- Build apr-util
cd ../apr-util
./configure --prefix=$BAP $CF_OPTS\
--with-ldap \
--with-ldap-lib=$BLIB/ldap/lib \
--with-ldap-include=$BLIB/ldap/include \
--with-iconv=$BLIB/iconv \
--with-expat=$BLIB/expat \
--with-apr=$BAP \
--with-berkeley-db=$BLIB/berkeley_db
$MK
$MK install
$LINKDIR ../apache/lib
$LINKDIR ../apache/include
#-- Build Apache
cd ../..
./configure --prefix=$BAP \
--enable-mods-shared="all cache case-filter case-filter-in cgid \
charset-lite deflate disk-cache echo file-cache \
mem-cache suexec ldap auth-ldap ssl isapi auth_digest \
dumpio logio proxy proxy_connect proxy_ftp proxy_http" \
--with-perl=/usr/bin/perl \
--with-z=$BLIB/z \
--with-ssl=$BLIB/ssl \
--with-iconv=$BLIB/iconv \
--with-expat=$BLIB/expat \
--with-apr=$BAP \
--with-apr-util=$BAP \
2>&1 | tee configure.log
#-- Force HAVE_ZUTIL_H unset
( echo '#ifdef HAVE_ZUTIL_H'
echo '#undef HAVE_ZUTIL_H'
echo '#endif' ) >>./include/ap_config_auto.h
#-- Compile Apache
$MK
#-- Install
$MK install
chown -Rh root:sys $BAP
|
2.11 - Compiling the bzip2 library (1.0.1)
Source : http://www.digistar.com/bzip2/
As the current makefile ignores our LDFLAGS
settings, we link the shared library with our own command.
We also must install the files ourselves as the Makefile is unable to
do it.
$MK -f Makefile-libbz2_so
gcc -shared -o libbz2.so.1.0.1 $LDFLAGS *.o
#-- Install the shared library and the include file
mkdir -p $BLIB/bz2/include $BLIB/bz2/lib
cp bzlib.h $BLIB/bz2/include
cp libbz2.so.1.0.1 $BLIB/bz2/lib/libbz2.so.1.0.1
ln -s libbz2.so.1.0.1 $BLIB/bz2/lib/libbz2.so.1.0
ln -s libbz2.so.1.0 $BLIB/bz2/lib/libbz2.so.1
ln -s libbz2.so.1 $BLIB/bz2/lib/libbz2.so
$LINKDIR bz2/lib
$LINKDIR bz2/include |
2.12 - Compiling managelogs (1.0.1)
Source : http://managelogs.tekwire.net
managelogs is a log processing program to be used in conjunction with Apache's
piped logfile feature. It automatically rotates and purges log files based on a
set of user-defined options. This is a software I wrote as an alternative to
rotatelogs, as rotatelogs is not able to purge the log files and, typically,
must be complemented with cron jobs to avoid filling up the file system. $MK "APACHE=$BAP"
"ZLIB=$BLIB/z" "BZ2LIB=$BLIB/bz2" install install-man
$LINKDIR ../apache/lib
$LINKDIR ../apache/include |
2.13 - Compiling mod_jk (tomcat-connectors 1.2.27)
Source :
http://tomcat.apache.org/download-connectors.cgi
Web site :
http://tomcat.apache.org/connectors-doc/ The configure script prepends a '-Wl,' prefix to every elements of '$LDFLAGS'
that don't already start with this string. This is correct except for the '-L'
option, as it prevents the libgcc_s library to be located in $BLIB/common/lib. To fix this problem, after the configure phase, we reset the '-L'
option where it has been modified.
cd native
./configure --with-apxs=$BAP/bin/apxs \
--with-java-home=$BLIB/java_home \
--disable-jni $CF_OPTS
#-- Fix '-L' options
grep -l -- '-Wl,-L' `find . -type f` >tmp1
if [ -s tmp1 ] ; then
for i in `cat tmp1` ; do
sed 's/-Wl,-L/-L/g' <$i >tmp2
cp tmp2 $i
done
fi
#-- Compile & install mod_jk.so in $BAP/modules
$MK
$MK install
cd .. |
2.14 - Compiling the xml2 library (2.7.2)
Source :
http://xmlsoft.org/
./configure --prefix=$BLIB/xml2 \
--with-iconv=$BLIB/iconv \
--with-zlib=$BLIB/z \
--without-python \
$CF_OPTS
$MK
$SMK install
#-- Cleanup
rm -rf $BLIB/xml2/man $BLIB/xml2/share $BLIB/xml2/bin/xmlcatalog \
$BLIB/xml2/bin/xmllint
$LINKDIR xml2/lib
$LINKDIR xml2/bin
$LINKDIR xml2/include/libxml2 include
|
2.15 - Compiling the pcre library (7.8)
Source : http://www.pcre.org/
./configure --prefix=$BLIB/pcre --disable-cpp $CF_OPTS
$MK install
#-- Cleanup
rm -rf $BLIB/pcre/bin/pcregrep $BLIB/pcre/bin/pcretest $BLIB/pcre/share
$LINKDIR pcre/lib |
2.16 - Compiling mod_evasive (1.10.1)
Source :
http://www.zdziarski.com/projects/mod_evasive/
$BAP/bin/apxs -c -i -A mod_evasive20.c |
In this configuration, mod_evasive is inactive. To activate it,
uncomment the corresponding LoadModule line in httpd.conf.
2.17 - Compiling mod_auth_cas (1.0.8)
Web site :
http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas Source :
https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/tags/mod_auth_cas-1.0.8/src/
mod_auth_cas allows to authenticate against a
CAS (Central
Authentication Service) server. This module is not the only way for an
application to authenticate users against a CAS server, but it is probably one
of the easiest to use, as it transparently redirects the requests, silently
validates tickets, and automatically provides an authenticated '$REMOTE_USER' to
the application. From the source directory given above, download the
mod_auth_cas.c and mod_auth_cas.h files. Then, compile it through apxs :
$BAP/bin/apxs -c -i -A mod_auth_cas.c |
In this configuration, mod_auth_cas is inactive. To activate it,
uncomment the corresponding LoadModule line in httpd.conf.
2.18 - Compiling the xslt library (1.1.24)
Source : http://xmlsoft.org/XSLT/
./configure --prefix=$BLIB/xslt \
--with-libxml-prefix=$BLIB/xml2 \
--without-python \
$CF_OPTS
$MK
$MK install
/bin/rm -rf $BLIB/xslt/man $BLIB/xslt/share $BLIB/xslt/bin/xsltproc
$LINKDIR xslt/lib
$LINKDIR xslt/bin
$LINKDIR xslt/include
$LINKDIR xslt/include/libexslt include
$LINKDIR xslt/include/libxslt include |
2.19 - Compiling the png library (1.2.33)
Source :
http://sourceforge.net/project/showfiles.php?group_id=5624 Web site
: http://www.libpng.org/pub/png/ ./configure --prefix=$BLIB/png $CF_OPTS
gmake
gmake install
rm -rf $BLIB/png/share
$LINKDIR png/lib
$LINKDIR png/include |
2.20 - Compiling the jpeg library (v6b)
Source : http://www.ijg.org/files/jpegsrc.v6b.tar.gz
Web site : http://www.ijg.org
The 'make install' process is unable to create the
directories where the files must be installed. So, we create them by ourselves
before installing.
./configure --prefix=$BLIB/jpeg $CF_OPTS
$MK
mkdir -p $BLIB/jpeg/include $BLIB/jpeg/lib $BLIB/jpeg/bin \
$BLIB/jpeg/man/man1
$MK install
sed -e "s/\(dlname=\)''/\1'libjpeg.so.62'/" \
<libjpeg.la
>$BLIB/jpeg/lib/libjpeg.la
/bin/rm -rf $BLIB/jpeg/bin $BLIB/jpeg/man
$LINKDIR jpeg/lib |
2.21 - Compiling the freetype library (2.3.7)
Source : http://www.freetype.org/index2.html
The '$(value <var>)' syntax used in one of the Makefiles is not
supported by GNU make V 3.79, and RedHat does not provide make V 3.80 for
RHEL 3. Workaround : we modify the Makefile to use a compatible syntax :
sed -e 's/\$(value /$(/g' <builds/unix/detect.mk >tmp1
mv tmp1 builds/unix/detect.mk |
The freetype compile process wrongly states that gcc needs a '-ansi' option
to compile in ansi mode. This option is not needed, and it even causes the
compilation to fail in several environments (at least HP-UX 11.00 and AIX). So,
we remove this option from the compile string. #-- Build process
needs GNU make (and a GNUMAKE variable)
GNUMAKE="$SMK" ./configure --prefix=$BLIB/freetype $CF_OPTS
#-- Clear the '-ansi' option
$MK 'ANSIFLAGS='
$MK install
$LINKDIR freetype/lib
$LINKDIR freetype/bin |
2.22 - Compiling the SSH2 library (1.0)
Source :
http://sourceforge.net/projects/libssh2/ ./configure --prefix=$BLIB/ssh2 \
--with-openssl=$BLIB/ssl \
--with-zlib=$BLIB/z \
$CF_OPTS
$MK
$SMK install
#-- Cleanup
rm -rf $BLIB/ssh2/share
$LINKDIR ssh2/include
$LINKDIR ssh2/lib |
2.23 - Compiling the Curl library (7.19.2)
Source :
http://curl.haxx.se/download.html Web site : http://curl.haxx.se/
Our CURL client will support the following protocols and options : http, https,
tftp, ftp, ftps, telnet, dict, ldap, ldaps, file, and gzip compression. It is
also able to connect through a proxy. CPPFLAGS="$CPPFLAGS -I
$BLIB/ldap/include" \
./configure --prefix=$BLIB/curl \
--disable-manual \
--enable-tftp \
--enable-telnet \
--enable-ftp \
--enable-ldap \
--enable-ldaps \
--with-zlib=$BLIB/z \
--with-ssl=$BLIB/ssl \
--with-libssh2=$BLIB/ssh2 \
--with-ca-bundle=$BLIB/curl/share/ca-bundle.crt \
$CF_OPTS
$MK install
rm -rf $BLIB/curl/share/man
$LINKDIR curl/lib
$LINKDIR curl/bin |
When curl needs to validate a certificate, it will use
the content of the $BLIB/curl/share/ca-bundle.crt file. By default, the file does not
exist, and the certificate chain is considered as empty. This file can be
created and filled with the CA certificates you want curl to consider as trusted
(in PEM format). #-- Fait pointer le CA bundle de curl vers les
certificats RATP
ln -s ../../../comp/data/cacerts.pem $BLIB/curl/share/ca-bundle.crt |
2.24 - Compiling modsecurity (2.5.7)
Source :
https://bsn.breach.com/downloads/ Web site : http://www.modsecurity.org/
You need to register (free) to access the download area of the Breach
security labs site. Once you get there, the source package you need is
named modsecurity-apache_x.x.x.tar.gz. You don't need to dowload the
'modsecurity-core-rules' file, as the rules are already included in the
source package.
cd apache2
./configure --with-apxs=$BAP/bin/apxs \
--with-pcre=$BLIB/pcre \
--with-apr=$BAP \
--with-apu=$BAP \
--with-libxml=$BLIB/xml2 \
--with-curl=$BLIB/curl
gmake install
cd .. |
Now, we install the default rules and update the apache configuration :
#-- Install default configuration
cp -rp rules $BAP/conf/modsecurity
#-- Configure Apache
echo >>$BAP/conf/httpd.conf <<EOF
#LoadModule security2_module modules/mod_security2.so
#-- modsecurity configuration
<IfModule mod_security2.c>
Include $BAP/conf/modsecurity/*.conf
</IfModule>
EOF |
In this configuration, modsecurity is inactive. To activate it, uncomment the
'LoadModule security2...' line.
2.25 - Compiling the ncurses library (5.7)
Source : http://www.gnu.org/software/ncurses/
We force the Makefiles to link through gcc, instead of calling
ld directly, because we want our LDFLAGS to be used and it may
contain options which are not supported by ld (as the options starting with
-Wl). ./configure
--prefix=$BLIB/ncurses\
--without-ada \
--without-debug \
--without-cxx \
--without-cxx-binding \
--with-shared \
--without-normal
$SMK 'MK_SHARED_LIB = gcc -shared -o $@ $(LDFLAGS)' all install.libs
$LINKDIR ncurses/lib
$LINKDIR ncurses/include
$LINKDIR ncurses/include/ncurses include |
2.26 - Compiling gettext (0.17)
Source :
ftp://ftp.gnu.org/gnu/gettext/
Web site :
http://www.gnu.org/software/gettext/gettext.html
The '-with-included-gettext' configure option forces to build and use the
included libintl library, even if one is present in the system libraries. This
removes a dependency to the system libraries and ensures that we use the same
libintl code across all platforms.
Note that, even if we try to disable NLS localization everywhere it is
possible, some software don't allow it to be disabled. That's why we still need
to embed a libintl library. ./configure
--prefix=$BLIB/gettext $CF_OPTS \
--with-libiconv-prefix=$BLIB/iconv
\
--with-libexpat-prefix=$BLIB/expat \
--with-libncurses-prefix=$BLIB/ncurses \
--with-libxml2-prefix=$BLIB/xml2 \
--with-included-glib \
--with-included-libcroco \
--disable-libasprintf \
--with-included-gettext
$MK
$MK install
#-- Cleanup
rm -rf $BLIB/gettext/info $BLIB/gettext/share/info \
$BLIB/gettext/share/man $BLIB/gettext/share/doc
$LINKDIR gettext/lib
$LINKDIR gettext/include
$LINKDIR gettext/bin |
2.27 - Compiling the Subversion modules (1.5.4)
Source :
http://subversion.tigris.org/downloads/subversion-1.5.4.tar.gz Web site
: http://subversion.tigris.org/ The Apache modules we build here allow to use Apache as a gateway to access a
Subversion repository. You will find more information about configuring Apache
as a Subversion gateway in
this document.
Subversion requires the apr-util Apache library to be compiled with
the Berkeley DB.
We need to tell configure how to find the required libraries at link time (by
initializing the LIBS variable). If we don't, the configure phase fails when the
libintl (gettext) library is not installed in /usr/lib. This is probably a bug
in the configure script. Because of this problem, we also need to add '-lintl'
to the list of libraries we link with.
LIBS="$LDFLAGS" \
./configure \
--prefix=$BLIB/svn $CF_OPTS\
--with-apxs=$BAP/bin/apxs \
--with-apr=$BAP/bin/apr-config \
--with-apr-util=$BAP/bin/apu-config \
--with-zlib=$BLIB/z \
--without-swig
#-- Add intl library to link flags
sed 's/^\(LIBS = .*\)$/\1 -lintl/' <Makefile >tmp1
cp tmp1 Makefile
#-- Compile & install
$MK
$MK install
#-- Keep only the libraries needed by the modules
/bin/rm -rf $BLIB/svn/bin $BLIB/svn/share
for i in client diff ra wc
do
/bin/rm -rf $BLIB/svn/lib/libsvn_$i*
done
$LINKDIR svn/lib
$LINKDIR svn/include |
2.28 - Compiling the readline library (6.0)
Web site :
http://tiswww.case.edu/php/chet/readline/rltop.html The default Makefile renames the object files with a '.so' suffix instead of the
usual '.o'. Some OS (like AIX) cannot link files ending with '.so'. So, we
modify the Makefile in shlib to keep the '.o' suffix.
We also need to force the commands used to link the shared libraries, as the
Makefile uses ld by default, and we can have some gcc-specific options in
CPPFLAGS/LDFLAGS. So, we force it to link using 'gcc -shared'. cd
shlib
cp Makefile.in Makefile.in.orig
sed -e 's/\.so$/.o/g' \
-e 's/\.so /.o /g' \
-e 's/\.so:/.o:/g' <Makefile.in.orig >Makefile.in
cd ..
./configure --prefix=$BLIB/readline $CF_OPTS
$MK 'SHOBJ_LD=gcc' \
'SHOBJ_LDFLAGS=-shared' \
"SHLIB_XLDFLAGS=$LDFLAGS" \
'MV=touch' \
all install
rm -rf $BLIB/readline/share
$LINKDIR readline/lib
$LINKDIR readline/include
$LINKDIR readline/include/readline |
2.29 - Compiling libgpg-error (1.6)
Source :
http://gnupg.org/download/index.en.html
./configure --prefix=$BLIB/gpg-error \
--with-libiconv-prefix=$BLIB/iconv \
--disable-nls \
--disable-languages \
$CF_OPTS
$MK
$MK install
$LINKDIR gpg-error/lib
$LINKDIR gpg-error/include |
2.30 - Compiling the libgcrypt library (1.4.4)
Web site :
http://www.gnu.org/software/libgcrypt/ ./configure --prefix=$BLIB/gcrypt \
--with-gpg-error-prefix=$BLIB/gpg-error \
$CF_OPTS
$MK
$MK install
rm -rf $BLIB/gcrypt/share/info
$LINKDIR gcrypt/lib
$LINKDIR gcrypt/include |
2.31 - Compiling the GnuTLS library (2.6.4)
Web site :
http://www.gnu.org/software/gnutls/ We don't compile the C++ library as we don't need it and it
creates an unnecessary dependency on the libstdc++ library. The installation
fails (on AIX) with an 'Arg list too long' message when trying to install in the
'doc' subdirectory. As we don't need to build nor install the documentation, the
easiest solution is to remove the 'doc' subdirectory from the list of
subdirectories in the Makefile : cp Makefile.in Makefile.in.orig
sed -e 's/ doc / /' <Makefile.in.orig >Makefile.in |
./configure --prefix=$BLIB/gnutls \
--with-libiconv-prefix=$BLIB/iconv \
--disable-nls \
--with-libgcrypt-prefix=$BLIB/gcrypt \
--with-libz-prefix=$BLIB/z \
--with-libreadline-prefix=$BLIB/readline \
--with-included-libtasn1 \
--disable-cxx \
$CF_OPTS
$MK
$MK install
rm -rf $BLIB/gnutls/share/info $BLIB/gnutls/share/man
$LINKDIR gnutls/bin
$LINKDIR gnutls/lib
$LINKDIR gnutls/include |
Once the library is built and installed, we can run
the tests : [ -z "$NO_TEST" ] && $SMK check |
2.32 - Compiling the GnuTLS Apache module (0.4.3)
Web site :
http://www.outoforder.cc/projects/apache/mod_gnutls/
The GnuTLS module is an alternative to mod_ssl. In addition to the features
provided by mod_ssl, it provides several interesting additions like :
- Support for SSL 3.0, TLS 1.0 and TLS 1.1
- Support for RFC 5081 (OpenPGP certificate authentication)
- Support for RFC 5054 (SRP authentication)
- Support for Server Name Indication (allows several HTTPS virtual hosts on
the same IP, which is impossible with mod_ssl)
- Distributed SSL Session Cache via Memcached
Note that mod_gnutls and mod_ssl can both be loaded on an Apache server
together but cannot be activated in the same virtual host.
./configure \
--with-apxs=$BAP/bin/apxs \
--with-libgnutls-prefix=$BLIB/gnutls
$MK
$MK install |
At this point, the gnutls module is inactive. To activate it,
add the following line to $BASE/apache/conf/httpd.conf :
LoadModule gnutls_module modules/mod_gnutls.so |
For more information on GnuTLS :
2.33 - Compiling the IMAP library (2007d)
Source :
ftp://ftp.cac.washington.edu/imap/imap.tar.gz
Web site : http://www.imap.org
The IMAP distribution does not provide a way to build a shared client library.
So, we do it our way : we build the static library first, with the '-fPIC'
compile flag to generate relocatable objects, and, then, we build the shared
library from these objects.
We need a libc-client.a file in
$BLIB/imap/lib because the PHP configure process specifically tests for the
presence of this file. But we don't really need the static library as we'll only use
the dynamic one. So, we create $BLIB/imap/lib/libc-client.a as a symbolic link
to the dynamic library.
#-- Modify the Makefiles for SSL location
sed "s!/usr/local/ssl!$BLIB/ssl!g" <src/osdep/unix/Makefile >tmp1
cp tmp1 src/osdep/unix/Makefile
sed -e "s,/usr/include/openssl,$BLIB/ssl/include,g" \
-e "s,/usr/share/ssl,$BLIB/ssl,g" \
-e "s,SSLLIB=/usr/lib,SSLLIB=$BLIB/ssl/lib,g" <Makefile >tmp1
cp tmp1 Makefile
#-- Build a static library
$MK lrh "MAKE = $SMK" "EXTRACFLAGS = -fPIC"
\
"EXTRASPECIALS = CC=gcc" "IP6=4"
#-- Build the dynamic library
cd c-client
gcc -shared -o libc-client.so *.o $LDFLAGS -lssl -lcrypto -ldl -lz
#-- Install the headers and the library
#-- PHP configure needs a '.a' file
mkdir -p $BLIB/imap/lib $BLIB/imap/include
cp libc-client.so $BLIB/imap/lib
ln -s libc-client.so $BLIB/imap/lib/libc-client.a
cp *.h $BLIB/imap/include
cd ..
$LINKDIR imap/lib |
2.34 - Compiling the MySQL client library (5.0.67)
Source : http://www.mysql.com/ CXX=gcc \
./configure --prefix=$BLIB/mysql $CF_OPTS \
--enable-thread-safe-client \
--with-zlib-dir=$BLIB/z \
--with-openssl=$BLIB/ssl \
--without-debug \
--without-server \
--without-extra-tools \
--without-docs \
--without-man \
--without-bench 2>&1 | tee configure.log
$MK
$MK install
#-- Cleanup
rm -rf $BLIB/mysql/bin/* $BLIB/mysql/libexec $BLIB/mysql/mysql-test
cp scripts/mysql_config $BLIB/mysql/bin
#-- Remove server libraries
for i in dbug heap myisam myisammrg mystrings mysys vio
do rm -f $BLIB/mysql/lib/mysql/lib$i.*
done
$LINKDIR mysql/lib/mysql lib |
2.35 - Compiling the PostgreSQL client library (8.3.5)
Source :
http://www.postgresql.org/ftp/source/ Web site : http://www.postgresql.org/ The configure process does not use CPPFLAGS and LDFLAGS correctly (the problem
only appears when the libraries are not installed in the usual locations). As a
workaround, we feed it with modified values for some other environment
variables. LDFLAGS_SL="$LDFLAGS" \
CFLAGS="$CPPFLAGS" \
CPP="gcc -E $CPPFLAGS" \
./configure --prefix=$BLIB/pgsql $CF_OPTS \
--without-docdir \
--without-tcl \
--with-openssl \
--without-readline \
--with-libxml \
--with-libxslt \
--with-zlib \
--without-krb5
$MK
$MK install
#-- Cleanup
rm -rf $BLIB/pgsql/bin/* $BLIB/pgsql/man $BLIB/pgsql/include/server $BLIB/pgsql/lib/*.a
cp src/bin/pg_config/pg_config $BLIB/pgsql/bin
$LINKDIR pgsql/lib |
2.36 - Compiling mm (1.4.2)
Source :
http://www.ossp.org/pkg/lib/mm/
mm's Makefile does not use the LDFLAGS variable, but we need this flag
to be set in the link command, to specify an hardware library search path. Bug
reported as Feature
request #122, supposed to be fixed in version 1.4.2 but the fix doesn't work
as it assumes that libtool automatically includes the content of the $LDFLAGS
variable, which is not the case. So, we still need to patch the Makefile.in file
manually before compiling.
#-- Insert '$(LDFLAGS)' in the link command
cp Makefile.in tmp1
sed 's/\(-rpath \$(libdir)\)/$(LDFLAGS) \1/' <Makefile.in >tmp1
cp tmp1 Makefile.in
#-- Configure, compile, install
./configure --prefix=$BLIB/mm $CF_OPTS
$MK
$MK install
#-- Cleanup
rm -rf $BLIB/mm/share
$LINKDIR mm/lib |
2.37 - Compiling m4 (1.4.12)
Source :
http://ftp.gnu.org/gnu/m4/ ./configure --prefix=$BLIB/m4 $CF_OPTS
$MK
$SMK install
#-- Cleanup
rm -rf $BLIB/m4/share
$LINKDIR m4/bin |
2.38 - Compiling GNU awk (3.1.6)
Web site :
http://www.gnu.org/software/gawk/ GNU awk is needed on HP-UX because, on this system, the default
awk command
does not support more than 3,000 bytes per line. It may seem much but, during its compile phase,
bison needs more ! So, we need to replace awk with gawk which has no limitation on the line
length.
This is really needed on HP-UX only but, in order to remain consistent on the different
OS we are building on, we use gawk on every OS. ./configure --prefix=$BLIB/gawk $CF_OPTS \
--with-libiconv-prefix=$BLIB/iconv \
--with-libintl-prefix=$BLIB/gettext
$MK
$MK install
/bin/rm -rf $BLIB/gawk/share/info $BLIB/gawk/share/man
$LINKDIR gawk/bin |
2.39 - Compiling bison (2.4.1)
Web site :
http://www.gnu.org/software/bison/ ./configure --prefix=$BLIB/bison \
--disable-yacc
$MK
$MK install
/bin/rm -rf $BLIB/bison/share/info $BLIB/bison/share/man
$LINKDIR bison/bin |
2.40 - Compiling the mcrypt library (2.5.8)
Web site :
http://mcrypt.sourceforge.net/ Source :
http://sourceforge.net/project/showfiles.php?group_id=87941 Download the
Libmcrypt package, not Mcrypt, as we just need the library. We also need to define two replacement malloc()/realloc() functions. If we
don't define them, the resulting libraries cannot be loaded on environments
(like AIX) which don't provide 'GNU compatible' allocation functions. Actually,
the configure tests for these functions to be 'GNU compatible'. When they are
determined not to be compatible, every call to malloc()/realloc() is replaced by
a call to rpl_malloc()/rpl_realloc() and the package is supposed to define these
two functions. Unfortunately, mcrypt does not provide these functions. So, on
systems lacking 'GNU compatible' allocation routines, when you try to load the
mcrypt shared library, the load fails with an 'unresolved symbol' error. To
work around this issue, we define both 'GNU compatible' functions at the end of
one of the mcrypt source files, so that they are compiled and included in the
library. The 'GNU compatibility' of allocation functions is defined by
the fact that they return a valid pointer, even when given null input arguments.
So, we wrap these features around the usual allocation routines : cat >>lib/xmemory.c <<EOF
#ifdef malloc
#undef malloc
extern void *malloc(size_t);
void * rpl_malloc(size_t size)
{
if (!size) size++;
return malloc(size);
}
#undef realloc
extern void *realloc(void *, size_t);
void *rpl_realloc(void *p, size_t size)
{
if (!size) size++;
return (p ? realloc(p,size) : malloc(size));
}
#endif
EOF |
Then, we build the usual way. We disable dynamic loading of
mcrypt modules because, every time I tried to enable it, the configure command
failed. ./configure
--prefix=$BLIB/mcrypt --disable-dynamic-loading $CF_OPTS
$MK all install
/bin/rm -rf $BLIB/mcrypt/man
$LINKDIR mcrypt/bin
$LINKDIR mcrypt/include
$LINKDIR mcrypt/lib |
2.41 - Compiling PHP 4 (4.4.9)
Source : www.php.net
During installation, PHP inserts a 'LoadModule' line in httpd.conf. As
we cannot have both PHP modules loaded at the same time, we decide that the
default PHP module will be PHP 5. So, we comment out the PHP 4 LoadModule
directive in the httpd.conf configuration file. We modify the 'phpize'
script so that it uses the embedded autoconf and m4. We also force the shell to
be a korn-compatible shell (on some OS, /bin/sh is a Bourne-only shell, which
does not work with phpize).
export PBASE=$BASE/php4
REF_LDFLAGS="$LDFLAGS"
ORA_CF=''
if
[ "$ORACLE_HOME" != 'none' ] ; then \
if [ -d "$ORACLE_HOME/sdk" ] ; then #--
InstantClient
ORA_CF="--with-oci8-instant-client=shared,$ORACLE_HOME"
else #-- Standard client
ORA_CF="--with-oci8=shared,$ORACLE_HOME"
fi
fi
./configure --prefix=$PBASE \
--with-config-file-path=$PBASE \
--with-apxs2=$BAP/bin/apxs \
--with-zlib=shared,$BLIB/z \
--with-zlib-dir=$BLIB/z \
--with-bz2=shared,$BLIB/bz2 \
--enable-ftp=shared \
--enable-dom \
--with-iconv=shared,$BLIB/iconv \
--with-iconv-dir=$BLIB/iconv \
--enable-calendar=shared \
--enable-sockets=shared \
--enable-bcmath=shared \
--enable-sysvsem \
--enable-sysvshm \
--enable-sysvmsg \
--with-openssl=shared,$BLIB/ssl \
--with-openssl-dir=$BLIB/ssl \
--with-curl=shared,$BLIB/curl \
--with-ldap=shared,$BLIB/ldap \
--with-gd=shared \
--with-png-dir=$BLIB/png \
--with-jpeg-dir=$BLIB/jpeg \
--enable-gd-native-ttf \
--with-freetype-dir=$BLIB/freetype \
--with-mysql=shared,$BLIB/mysql \
--with-pgsql=shared,$BLIB/pgsql \
--with-imap=shared,$BLIB/imap \
--with-imap-ssl=$BLIB/ssl \
--with-dom-xslt=$BLIB/xslt \
--with-dom-exslt=$BLIB/xslt \
--with-dom=$BLIB/xml2 \
--with-expat-dir=$BLIB/expat \
--with-mm=$BLIB/mm \
--with-gettext=shared,$BLIB/gettext \
--enable-mbstring=shared \
--enable-dba=shared \
--with-db4=$BLIB/berkeley_db \
--with-cdb \
--with-xmlrpc=shared \
--with-mcrypt=shared,$BLIB/mcrypt \
--with-ncurses=shared,$BLIB/ncurses \
--with-readline=shared,$BLIB/readline \
$ORA_CF \
2>&1 | tee configure.log
#-- Build & install
$MK
$MK install
#-- Comment out the LoadModule directive
sed 's/^LoadModule php4/#LoadModule php4/' <$BAP/conf/httpd.conf >tmp1
cp tmp1 $BAP/conf/httpd.conf
#-- Move extensions (personal, I don't like this 'no-debug...' dir)
mv $PBASE/lib/php/extensions/no-debug*/* $PBASE/lib/php/extensions
for i in $PBASE/lib/php/extensions/no-debug* ; do
rmdir $i
ln -s . $i
done
#-- Install default configuration file
cp php.ini-recommended $PBASE/php.ini
#-- Modify phpize
mv $PBASE/bin/phpize $PBASE/bin/phpize.orig
echo '#!/bin/bash' >$PBASE/bin/phpize
echo "PATH=\"$BLIB/common/bin:\$PATH\" ; export PATH" >>$PBASE/bin/phpize
cat $PBASE/bin/phpize.orig >>$PBASE/bin/phpize
chmod +x $PBASE/bin/phpize
#-- Restore LDFLAGS
export LDFLAGS="$REF_LDFLAGS" |
2.42 - Compiling PHP 5 (5.2.6)
Source : www.php.net
As with PHP 4, we modify the 'phpize' script so that it uses the
embedded autoconf and m4. We also force the shell to be a korn-compatible shell
(on some OS, /bin/sh is a Bourne-only shell, which does not work with phpize).
First, we set the Oracle-related configure options :
- PHP 5 does not support Oracle below version 9. So,
if the Oracle library we have in $ORACLE_HOME is version 8, we cannot compile
the Oracle-related extensions. Note that, on HP-UX 11.00, Oracle does not
provide a version greater than 8i.
- we detect if the Oracle client library is an
instantclient and set the the configure options accordingly.
#-- Set Oracle configure options
if [ -f $ORACLE_HOME/lib/libclntsh.so.8.0 ] ; then
ORA_CF='' # Cannot build Oracle extensions
else
ic=''
[ -d "$ORACLE_HOME/sdk" ] && ic=',instantclient'
ORA_CF="--with-oci8=shared$ic,$ORACLE_HOME
--with-pdo-oci=shared$ic,$ORACLE_HOME"
fi |
Then, we configure and build :
export PBASE=$BASE/php5
REF_LDFLAGS="$LDFLAGS"
./configure --prefix=$PBASE \
--with-config-file-path=$PBASE \
--with-apxs2=$BAP/bin/apxs \
--with-zlib=shared,$BLIB/z \
--with-zlib-dir=$BLIB/z \
--with-bz2=shared,$BLIB/bz2 \
--enable-ftp=shared \
--with-libxml-dir=$BLIB/xml2 \
--with-xsl=shared,$BLIB/xslt \
--enable-dom \
--enable-simplexml \
--with-iconv=shared,$BLIB/iconv \
--with-iconv-dir=$BLIB/iconv \
--enable-calendar=shared \
--enable-sockets=shared \
--enable-soap=shared \
--enable-bcmath=shared \
--enable-sysvsem \
--enable-sysvshm \
--enable-shmop \
--enable-sysvmsg \
--enable-pdo=shared \
--with-pdo-sqlite=shared \
--with-sqlite=shared \
--enable-sqlite-utf8 \
--with-openssl=shared,$BLIB/ssl \
--with-openssl-dir=$BLIB/ssl \
--with-curl=shared,$BLIB/curl \
--with-ldap=shared,$BLIB/ldap \
--with-gd=shared \
--with-png-dir=$BLIB/png \
--with-jpeg-dir=$BLIB/jpeg \
--enable-gd-native-ttf \
--with-freetype-dir=$BLIB/freetype \
--with-mysql=shared,$BLIB/mysql \
--with-mysqli=shared,$BLIB/mysql/bin/mysql_config \
--with-pdo-mysql=shared,$BLIB/mysql \
--with-pgsql=shared,$BLIB/pgsql \
--with-pdo-pgsql=shared,$BLIB/pgsql \
--with-imap=shared,$BLIB/imap \
--with-imap-ssl=$BLIB/ssl \
--with-mm=$BLIB/mm \
--with-gettext=shared,$BLIB/gettext \
--enable-zip=shared \
--enable-mbstring=shared \
--enable-dba=shared \
--with-db4=$BLIB/berkeley_db \
--with-cdb \
--with-inifile \
--with-xmlrpc=shared \
--with-mcrypt=shared,$BLIB/mcrypt \
--with-ncurses=shared,$BLIB/ncurses \
--with-readline=shared,$BLIB/readline \
$ORA_CF \
2>&1 | tee configure.log
#-- Build
$MK
$MK install
#-- Move extensions (personal, I don't like this 'no-debug...' dir)
mv $PBASE/lib/php/extensions/no-debug*/* $PBASE/lib/php/extensions
for i in $PBASE/lib/php/extensions/no-debug* ; do
rmdir $i
ln -s . $i
done
#-- Install default configuration file
cp php.ini-recommended $PBASE/php.ini
#-- Modify phpize
mv $PBASE/bin/phpize $PBASE/bin/phpize.orig
echo '#!/bin/bash' >$PBASE/bin/phpize
echo "PATH=\"$BLIB/common/bin:\$PATH\" ; export PATH" >>$PBASE/bin/phpize
cat $PBASE/bin/phpize.orig >>$PBASE/bin/phpize
chmod +x $PBASE/bin/phpize
#-- Restore LDFLAGS
export LDFLAGS="$REF_LDFLAGS" |
2.43 - Compiling autoconf (2.63)
Source :
http://ftp.gnu.org/gnu/autoconf/
As $BLIB/common/bin is first in path, configure always uses our embedded
version of m4. ./configure --prefix=$BLIB/autoconf $CF_OPTS
$MK
$SMK install
#-- Cleanup
rm -rf $BLIB/autoconf/share/info $BLIB/autoconf/share/man
$LINKDIR autoconf/bin |
2.44 - Compiling the ming library and PHP extension (0.4.2)
Web site : http://www.libming.org/ Source :
http://sourceforge.net/project/showfiles.php?group_id=18365
Ming is a library for generating
Adobe/Macromedia
Flash files (.swf). It allows PHP to generate Flash animations and interactions
dynamically.
First, we compile and install the library : ./configure --prefix=$BLIB/ming
$CF_OPTS \
--disable-cpp
$MK
$MK install
/bin/rm -rf $BLIB/ming/share
$LINKDIR ming/bin
$LINKDIR ming/include
$LINKDIR ming/lib |
The ming extensions contained in the PHP
4 and 5 source distributions don't work with libming version 0.4.x. So, we build
the PHP extensions provided in the ming distribution.
But, first, we need to fix a small problem in config.m4 (wrong lib subdirectory name) :
cd php_ext
cp config.m4 config.m4.orig
sed 's/^PHP_LIBDIR=.*$/PHP_LIBDIR=lib/' <config.m4.orig >config.m4 |
Then we
compile and install the PHP 4 & 5 extensions : for _v in 4 5
#-- PHP 4 first, then 5
do
_pbase=$BASE/php$_v # PHP install location
#-- Build configure script
$_pbase/bin/phpize
#-- Configure
./configure \
--with-ming=$BLIB/ming \
--with-php-config=$_pbase/bin/php-config \
$CF_OPTS
#-- Compile
$MK
$MK install
#-- Clean build tree
$MK distclean
$_pbase/bin/phpize --clean
done |
2.45 - Compiling the SSH2 PHP extension (0.11.0)
Source :
http://pecl.php.net/package/ssh2 We compile the extension for PHP 4 and 5. for _v in 4 5
#-- PHP 4 first, then 5
do
_pbase=$BASE/php$_v # PHP install location
#-- Build configure script
$_pbase/bin/phpize
#-- Configure
./configure \
--with-ssh2=$BLIB/ssh2 \
--with-php-config=$_pbase/bin/php-config \
$CF_OPTS
#-- Compile
$MK install
#-- Clean build tree
$MK distclean
$_pbase/bin/phpize --clean
done |
2.46 - Compiling the APC PHP extension (3.0.19)
Source :
http://pecl.php.net/package/APC APC stands for 'Alternative PHP Cache'. It is a free, open, and robust
framework for caching and optimizing PHP intermediate code. Depending on the
application, it can provide really dramatic improvements in terms of response
time and CPU/memory usage. APC provides a basic administration
interface. Here, we install it in the 'lib/php' subdirectory of both PHP trees.
Here are the steps to activate it on a target machine :
- Considering that PHP and the APC extension are active,
- Copy the apc.php file from the 'lib/php' subdirectory to a directory
accessible by a web browser.
- Edit apc.php and modify the line starting with
'defaults('ADMIN_PASSWORD',' to set a password of your choice (mandatory to
access protected features).
- Open apc.php through your browser.
We also pre-configure the php.ini file with a basic set of APC parameters.
If you are interested in PHP performance improvement, you may also have a look
at a number of other software like
XCache,
eAccelerator,
memcache,
PHK,
Automap... All these
PHP extensions can be compiled and installed in a similar way as what we show
here.
for _v in 4 5
#-- PHP 4 first, then 5
do
_pbase=$BASE/php$_v # PHP install location
#-- Build configure script
$_pbase/bin/phpize
#-- Configure
./configure \
--enable-apc \
--with-php-config=$_pbase/bin/php-config \
$CF_OPTS
#-- Compile and install
$MK install
cp apc.php $_pbase/lib/php
#-- Append config to php.ini
cat >>$_pbase/php.ini <<EOF
#extension=apc.so
apc.enabled=1
apc.shm_segment=1
apc.optimization=0
apc.shm_size=128
apc.ttl=7200
apc.user_ttl=7200
apc.num_files_hint=1024
apc.mmap_file_mask=/tmp/apc.XXXXXX
apc.enable_cli=0
EOF
#-- Clean build tree
$MK distclean
$_pbase/bin/phpize --clean
done |
3 - Cleanup
Now that the compilation phase is over, we can remove the tools we don't need
in the runtime environment :
/bin/rm -rf \
$BLIB/bison \
$BLIB/gawk |
Note that we keep autoconf and m4, to be able to compile and install
additional PECL extensions.
4 - Configuring
Here, we give only a minimal configuration, which allows to start Apache
and to run a simple test. When the package is installed on a target
machine, it must be configured in a much more serious way. This aspect is
beyond the scope of this document but you can find a lot of resources on the
Internet.
 |
Warning : Running this package with the default configuration in a
production environment can lead to serious security problems !!
You have been warned |
4.1 -
System
- Check that a www user exists in /etc/passwd. If not, create it
with passwd='*' and login shell = /bin/false.
- Add a www group in /etc/group if it does not already exist.
4.2 -
Apache
Edit $BAP/conf/httpd.conf :
- Change the line starting with 'User' to 'User www'
- Change the line containing 'Group #-1' to 'Group www'.
- Add this line anywhere in the file :
AddType application/x-httpd-php .php |
Add the following
line at the end of $BAP/bin/envvars :
unset LD_LIBRARY_PATH LIBPATH SHLIB_PATH |
4.3 - Oracle client
Edit the file '$BAP/bin/envvars' and add the environment
variables needed by the Oracle client :
ORACLE_HOME=<$BASE>/libs/oracle_home
export ORACLE_HOME
#-- TNS_ADMIN is optional, set only if you don't use the default
#-- location ($ORACLE_HOME/network/admin)
TNS_ADMIN=<directory>
export TNS_ADMIN |
4.4 -
PHP
For each PHP version, edit $BASE/php{4,5}/php.ini :
extension_dir = "<$BASE>/php<4|5>/lib/php/extensions" |
5 - Checking
5.1 - Starting Apache/PHP
Now, start Apache with
: <$BASE>/apache/bin/apachectl
start |
This should not display any message. 5.2 - Checking the PHP modules
Here, we just check that the PHP shared modules can be loaded without error.
It can be useful to run this test when you install your package to a new host, as it allows to check that every shared lib
dependencies are satisfied. The syntax we use here must be compatible with
PHP versions 4 & 5. That's why we cannot use scandir(). By default, you will
be testing PHP 5, as it is the one we chose to activate in the Apache
configuration. In order to test PHP 4, comment out the PHP5
line in $BAP/conf/httpd.conf, uncomment the PHP4 line, restart Apache, and
reload the page from your browser. Create a new file named $BAP/htdocs/test.php with the following content :
<?php
error_reporting(E_ALL);
ini_set('display_errors',true);
$libs=array();
$dir=opendir(ini_get('extension_dir'));
while ($lib=readdir($dir))
if (fnmatch('*.'.PHP_SHLIB_SUFFIX,$lib)) $libs[]=$lib;
sort($libs);
foreach($libs as $lib)
{
echo "Loading
module $lib ...<br>";
dl($lib);
}
phpinfo();
?> |
Point your browser to http://<your_server>/test.php
It should display the configuration of every PHP modules, static and dynamic. If there are some errors
when trying to load a module, it will also display them.
6 - Packaging
First, remove the Oracle and Java links, as we don't want them to be included
in the
package :
/bin/rm -f $BLIB/oracle_home $BLIB/java_home |
6.1 - RPMRPM is the native package format in RedHat's RHEL.
In order to build an RPM package, you just need to install the rpm-build package.
6.1.1 - Creating the package
Note that
we build a binary RPM, not a source RPM.
We need a specfile. Here is a sample content for this
file :
Name: http170
Summary: http170
Group: Applications/Internet
Version: 1.7
Release: 0
ExclusiveOs: Linux
License: Apache license/PHP license
Source: none
URL: <your url>
Packager: <your name>
AutoReqProv: no
provides: http170
%description
Apache/PHP by <your name> - <date>
<Add your description here...>
%pre
#======================= Pre-Install script =============
<Insert preinstall shell code here.
This code should check for a 'www' user and group, and create them if they don't
exist.
%preun
#====================== Pre-Uninstall script ==============
#-- Stop Apache
<$BASE>/apache/bin/apachectl stop
#-- Remove the log files because they are not part of the package
#-- and they won't be removed by rpm
/bin/rm -rf <$BASE>/apache/logs/*
#============================ FILES =================
%files
<$BASE>
%config <$BASE>/apache/conf
%config <$BASE>/php4/php.ini
%config <$BASE>/php5/php.ini |
What does it mean ?
- The first lines contain information about the packages's name,
requirements, packager (you), and a description.
- the pre-install script ensures that the www user & group exist. If
it is not the case, they are created.
- The pre-uninstall script stops Apache and remove the log files.
- Then, we give the list of the files, with some of them being tagged as
configuration files (see the rpm documentation for more information on the
%config tag).
Now, build your package with this command :
rpmbuild -bb <specfile-path> |
This will create a file named http170-1.7-0.i386.rpm in
the 'RPMS/i386' subdirectory of your RPM install base directory
(/usr/src/redhat on RHEL). This is your RPM package file.
6.1.2 - Installing the package
This package can be installed, as any other RPM packages, using the rpm
command (man rpm for more).
6.2 - Tar/gzip
A tar package just contains every files under $BASE.
6.2.1 - Creating the package
The commands to build a tar/gz package are :
cd $BASE
tar cf - . | gzip --best >/tmp/http170-1.7-0.i386.tgz |
This creates a '.tgz' package file in /tmp.
6.2.2 - Installing the package
To install the package :
- Download the package file on the target host
- Create the $BASE directory
- Ensure the file system containing the $BASE directory has enough free
space
- Untar/uncompress the package file in $BASE.
6.3 - Configuring the package
Once the package is installed, you can create the symbolic links to
the Oracle and Java installation directories as $BLIB/oracle_home and
$BLIB/java_home. You can also run the test above to check that the PHP modules
can be loaded correctly.
7 - The end
 Enjoy !
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
Building software 
