New PostgreSQL and PHP (late)

As the title says, I'm late with this blog post, but better late than never!
The new dev-db/libpq and dev-db/postgresql ebuilds reached Portage on Thursday, they seem to work well (we've received positive feedback until now) and already solved a number of bugs! Thanks to dev-zero for all the work spent on them, we make a good team!
Btw, it seems dbs are made to be maintained by two people... Me and dev-zero for PgSQL, me and vivo for MySQL, and it works very well! WEEEE TEAMWORK RULEZ! Thansk guys, it's great to work with you all!

On the PHP front, 5.2.0 reached the overlay, I still have to update the eclasses a little and fix some stuff, as well as update the 4.4.X and 5.1.X releases with some patches, which will probably happen tomorrow, and they'll probably be put into Portage on Sunday or Monday, sorry for the little delay, but at least the stuff's well tested and working then.

Posted by Luca Longinotti on 10 Nov 2006 at 22:45
Categories: PgSQL, PHP, Gentoo Comments



News, news, news!

Hi all, /me is back, since a few days now, and I've been working on updating stuff...

Today, together with vivo, MySQL 5.0.X stabilization was agreed on, and bug 144999 updated accordingly. x86 already responded and stabled dev-db/mysql-5.0.26-r1, the other arches will soon follow. The upgrade from 4.1.X should be painless, just remember to read the MySQL upgrading guide for instructions on how to backup your data before the upgrade, and be sure to run revdep-rebuild from gentoolkit after the upgrade, as all things linking to MySQL will need to be recompiled.

New PostgreSQL ebuilds are also coming up, those are the first of the new generation of PostgreSQL ebuilds, done together with dev-zero, that will fix up a lot of issues and ease maintainance of PostgreSQL a lot, as well as permitting some exciting new things in the future. ETA for those new ebuilds to enter Portage is this evening (UTC timezone).

PHP 5.2.0 is also finally out, congrats to the PHP Team, expect an ebuild for the final version in the PHP Overlay by Wednesday and in Portage by Saturday at most.

Samhain will also be updated soon to the newest versions, so if you use that, stay tuned.

Posted by Luca Longinotti on 06 Nov 2006 at 01:00
Categories: PgSQL, PHP, Gentoo, MySQL Comments



#gentoo-db

#gentoo-db has just opened its (virtual) doors (or windows or terminals, depends on what IRC client you use).

The new channel is intented to provide a platform for discussions, concerning both support and development, centering on Gentoo and databases.
At the moment Gentoo MySQL and PostgreSQL people hang out there, but it's my hope to see other developers and/or teams that maintain database-related packages for Gentoo (Firebird, Oracle, SQLite, BerkeleyDB, ...) join too, as well as users with experience in SQL and database administration, or just people interested in databases and their uses.

Posted by Luca Longinotti on 30 Jul 2006 at 16:40
Categories: PgSQL, Gentoo, MySQL Comments



New PHP revisions in the tree

For all those who wondered, PHP in Gentoo is definitely not dead. ;)

Just put new revisions in the tree (dev-lang/php-4.4.2-r6 and dev-lang/php-5.1.4-r4), that fix various bugs and security issues. On that note, a big thanks to Stefan Esser from Hardened-PHP.net for all his patches and work on securing PHP (and of course the Hardened-PHP patch itself)!
The new PHP revisions also introduce a better separation between eclasses and ebuilds, making their management and the addition of new features easier.

One of these new additions for now is the "concurrentmodphp" USE flag.
It enables building mod_php4 and mod_php5 in a way that both can be loaded at the same time into the same Apache2 instance, each mod_php then has its own mime-types (application/x-httpd-php4{-source} for PHP4 and application/x-httpd-php5{-source} for PHP5) and configuration modifiers (php4_admin_value/php4_admin_flag for PHP4 and php5_admin_value/php5_admin_flag for PHP5 and so on). This feature is highly experimental, I could confirm it working on my x86 system and partially on an x86_64 system, but I'd very much like for users to try it out on systems where breakage is allowed (developement systems or test systems) and report back the results to me, thanks!
To try it, do the following:

emerge --sync
echo dev-lang/php >> /etc/portage/package.keywords
USE="apache2 concurrentmodphp" emerge =php-4* =php-5*

then don't forget to "etc-update" and re-emerge all of your installed PHP modules/extensions (such as dev-php4/pecl-zip). Also all this does not work with the "java-internal" (PHP4) and "sharedext" (PHP4/5) USE flags enabled, so be sure to disable them when you emerge php.

Posted by Luca Longinotti on 14 Jul 2006 at 20:11
Categories: PHP, Gentoo Comments



Speeding up MPM-itk

A few days ago I added support for MPM-itk ("mpm-itk" USE flag) to our Apache 2.0 packages. MPM-itk is a user-switching MPM, that is, it switches to an assigned user when processing the requests, instead of processing everything as user apache (MPM-perchild, metux-MPM and MPM-peruser are other examples of this).
In its original form it accomplishes this by doing the following:

  • apache process as root, interpret the request
  • fork() new process and switch (setuid(unprivuid) / setgid(unprivgid)) to unprivileged user for it, process the request
  • kill of the setuid/setgid process, with the next request it will redo the process

Now, this is foolproof, but provokes an immense performance hit, especially on static pages. Benchmarks done with ab2 showed that a normal Apache2 (MPM-prefork) can process about 240 PHP req/sec and 4000 HTML req/seq, while the MPM-itk patched Apache 2.0 managed about 110 PHP req/sec and 240 HTML req/sec, so you see, the peformance hit is enormous, and it's obiously due to the overhead of always having to fork() a new Apache process and then kill it off, for every request!
I managed to successfully change the way the MPM works, and thus managed to bring its speed to normal Apache levels, by changing the "worfklow" like this:

  • apache process as root, interpret the request
  • switch (setresuid(unprivuid, unprivuid, 0) / setresgid(unprivgid, unprivgid, 0)) to unprivileged user, process the request
  • switch back to root (setresuid(0, 0, 0) / setresgid(0, 0, 0)), with the next request it will redo the process

Now this solves the performance problems, as it doesn't anymore do the extra fork(), and fully reuses the process with the next request, but it introduces a new problem: a gaping security hole. :(
Since the processed request cannot be trusted, everything in there can simply setuid/setgid to root and do operations as root! A simple call to, for example, the posix_setuid/posix_setgid functions of the PHP POSIX extensio are enough to switch the user back to root and let the rest of the PHP script just work as root... This is totally unacceptable for security. So, now my call for help: has anyone got any idea how it's possible to realize this in a secure manner??? I can't think of any way to securely switch the process from root to unpriv user and back to root, without giving the untrusted code executed in the request processing phase the same ability (that is, to switch back to root).
Ideas and comments are very appreciated. ;)

Posted by Luca Longinotti on 11 Jul 2006 at 13:00
Categories: Apache, Gentoo Comments



Old-style PHP, bye bye!

Adieu old-style PHP (dev-php/php et all)...

One of many ways to say that, as I'm posting this, I'm cvs up'ing the affected directories to start the removal of the already masked old-style PHP packages, as announced one month ago.
For all the ones that didn't yet migrate... Well, migrate NOW! :)
And generally, enjoy the fact that "emerge php" will now install dev-lang/php, and you won't have to specify the category anymore.

Posted by Luca Longinotti on 21 May 2006 at 01:41
Categories: PHP, Gentoo Comments



Old-style PHP finally masked

The title says it all, the old PHP packages were finally masked!
Sorry for the three days delay (22 Apr instead of 19 Apr), but in the end, it's all done.
Again, thanks a lot to all the people involved in this, without their work this would have never been possible.

Posted by Luca Longinotti on 22 Apr 2006 at 15:35
Categories: PHP, Gentoo Comments



dev-lang/php minor updates

I've just committed some updates to dev-lang/php, two of which may interest you:

1) the "nls" USE flag, which previously enabled the gettext extension, the mbstring extension and the sqlite-utf8 support, now only enables the gettext extension.
The mbstring extension and sqlite-utf8 support were moved to the "unicode" USE flag. Affected ebuilds are already up to date.

2) the EXTRA_ECONF variable was added to dev-lang/php, that way you can easily pass your own configure parameters to the ebuild if you want to try out some crazy stuff, just do:

EXTRA_ECONF="--with-whatever-I-want" emerge dev-lang/php

Two little notes: the variable doesn't get saved between emerges, so you have to add it to the command line every time, and anything you do that way is totally unsupported, so don't ever file bugs about it, thanks.

UPDATE: it was now changed to EXTRA_ECONF instead of MY_CONF, to follow what a lot of other ebuilds already do.

Posted by Luca Longinotti on 18 Apr 2006 at 15:03
Categories: PHP, Gentoo Comments



Old-style PHP packages vanishing

Your friendly service announcement:

The PHP Herd announces that the old-style PHP packages, which were unsupported and deprecated for months, are finally going away.
After months of work, the team considers the new dev-lang/php package and the related dev-php[4,5]/ categories fully ready for production use, and encourage all users to upgrade.
Helpful informations can be found at the PHP project's pages, along with a HOWTO regarding the migration to dev-lang/php.
The old-style PHP packages (dev-php/php, dev-php/php-cgi, dev-php/mod_php, dev-php/PECL-*, and older dev-php/PEAR-* packages) will be package.masked on Wednesday, 19 April 2006, and removed from the Portage tree about a month later.

Posted by Luca Longinotti on 17 Apr 2006 at 03:57
Categories: PHP, Gentoo Comments



PHP 4.4.2 and PHP 5.1.2 in Portage

As the title says, PHP 4.4.2 and PHP 5.1.2 were just added to Portage, enjoy!
During the last week dev-php/PEAR-PEAR was also updated to 1.4.8 which should hopefully fix all the problems you may have been experiencing with access violations etc. when installing some PEAR packages.
You can also find PHP 5.1.3RC1 in the PHP Overlay now for testing, enjoy that too.

Posted by Luca Longinotti on 12 Mar 2006 at 15:36
Categories: PHP, Gentoo Comments




<< Previous Page -- Next Page >> (Page 2 of 4)