Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Larry Garfield:
Composer vs. Linux Distributions: A Mental Model Battle
Feb 25, 2016 @ 11:41:11

In his latest post Larry Garfield talks about the Composer problem that was recently brought up by the Gentoo linux project and is related to how Composer packages and system-level shared libraries differ.

This is not a new complaint; Other distributions have complained about Composer's impact before. But fundamentally I think the issue stems from having the wrong mental model of how modern PHP works when viewed from a distribution or sysadmin perspective.

In a recent heated GitHub thread, several people referred to PHP "linking" to 3rd party libraries, as if they were shared C libraries. That is simply not the case. Neither "static linking" nor "dynamic linking" really applies to PHP. From a sysadmin perspective, PHP is closer to highly complicated bash scripts than anything else.

Larry starts with a bit of history on the subject, pointing out the two methods most developers used PHP code: copy/pasted from the web or installed via PEAR. He talks about the common issues with both approaches. He then talks about how modern PHP development and Composer related and how, from a sysadmin perspective, Composer is the "compile" step of PHP and only supports static links. He also makes some suggestions to the distribution packagers around how to handle these system-level Composer dependencies (and how to treat it like a "binary" if needed).

The mistake here is trying to treat dependent packages of modern PHP applications like shared libraries. They're not. The community has spoken, and PHP simply doesn't work that way anymore. Fighting that is a losing battle. But by viewing composer as a compiler, distributions can still slot PHP into their typical workflows and get all of the security update ease that they're looking for.
tagged: composer linux distribution mental model shared library system dependency gentoo

Link: http://www.garfieldtech.com/blog/composer-distribution-mental-model

Andries Seutens' Blog:
Setting up phpUnderControl on Gentoo Linux
Nov 12, 2009 @ 09:09:50

Andries Seutens has written up a new post on getting the continuous integration software CruiseControl and phpUnderControl up and running on a Gentoo linux installation.

In this blog post I’ll try to explain how you can setup phpUnderControl and CruiseControl. This guide is mostly focused on getting phpUnderControl to work on a Gentoo Linux system, so some things are OS specific.

You'll already need to have PHP up and running on the machine before starting the process, but Andries gives you everything from there - installing the needed Sun JDK, Xdebug, adding the packages for PHP_CodeSniffer, PHPUnit and phpUnderControl and the scripts to get phpUC and CruiseControl to work together. He also includes a sample project so you can see how to fit yours in.

tagged: phpundercontrol cruisecontrol gentoo tutorial

Link:

Advisory:
Gentoo Linux PHP Package Upgrade
Oct 08, 2007 @ 08:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

tagged: gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability

Link:

Advisory:
Gentoo Linux PHP Package Upgrade
Oct 08, 2007 @ 08:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

tagged: gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability

Link:

Kore Nordmann's Blog:
Installing cairo_wrapper on Gentoo
Sep 28, 2006 @ 07:37:25

Kore Nordmann looks at his attempt to install the cairo_wrapper and includes a handy note on how he found to get it working.

I tried to install the cairo_wrapper by Hartmut on my gentoo machines, to play around with it, and probably writing an output driver for Image_3D, but I had some problems installing it, I want to share.

He was seeing failures with phpize when he tried to compile it, but had a suggestion from Hartmut on something that would help - setting an environment variable (PHP_AUTOHEADER) and then running the pear command from there.

tagged: cairo_wrapper gentoo environment variable pear install cairo_wrapper gentoo environment variable pear install

Link:

Kore Nordmann's Blog:
Installing cairo_wrapper on Gentoo
Sep 28, 2006 @ 07:37:25

Kore Nordmann looks at his attempt to install the cairo_wrapper and includes a handy note on how he found to get it working.

I tried to install the cairo_wrapper by Hartmut on my gentoo machines, to play around with it, and probably writing an output driver for Image_3D, but I had some problems installing it, I want to share.

He was seeing failures with phpize when he tried to compile it, but had a suggestion from Hartmut on something that would help - setting an environment variable (PHP_AUTOHEADER) and then running the pear command from there.

tagged: cairo_wrapper gentoo environment variable pear install cairo_wrapper gentoo environment variable pear install

Link:

Tobias Schlitt's Blog:
A pitty in Gentoos PHP distribution
Mar 16, 2006 @ 07:29:38

Tobias Schlitt has some comments to share after taking a look at the way the Gentoo project is handling its PHP installation (through Portage).

I love portage above everything else, believe me, but the PHP package sucks. Although it compiles really well and is very easy to configure (hey, thanks Sebastian and all the other maintainers!), Gentoo seems to have an issue with enabling certain compiling options by default. If you don't set any of the USE flags (configuration options for compiling packages through Portage) for PHP, it will simply compile with --disable-all and is completly unusable.

He discovered this when he was working through an install to test something for eZ components and had to add in flags to the system just to get anything he could use. HE wonders why the most basic flags arean't included just by default, making for a much easier time for most users just needing something to get started with.

tagged: gentoo distribution default unusable add flags gentoo distribution default unusable add flags

Link:

Tobias Schlitt's Blog:
A pitty in Gentoos PHP distribution
Mar 16, 2006 @ 07:29:38

Tobias Schlitt has some comments to share after taking a look at the way the Gentoo project is handling its PHP installation (through Portage).

I love portage above everything else, believe me, but the PHP package sucks. Although it compiles really well and is very easy to configure (hey, thanks Sebastian and all the other maintainers!), Gentoo seems to have an issue with enabling certain compiling options by default. If you don't set any of the USE flags (configuration options for compiling packages through Portage) for PHP, it will simply compile with --disable-all and is completly unusable.

He discovered this when he was working through an install to test something for eZ components and had to add in flags to the system just to get anything he could use. HE wonders why the most basic flags arean't included just by default, making for a much easier time for most users just needing something to get started with.

tagged: gentoo distribution default unusable add flags gentoo distribution default unusable add flags

Link:

Stuart Herbet's Blog:
Gentoo's dev-lang/php Packages Being Stabilised
Jan 20, 2006 @ 06:56:57

On his Gentoo blog, Stuart Herbert has posted this update about the dev-lang/php packages being stabillised for the distribution of the OS.

On Wednesday, Luca filed a request to stabilise our new dev-lang/php packages. As of this morning, these are now the standard packages on the PPC64 and x86 architectures.

We're stabilising PHP-4.3.11 (for the folks who haven't ported packages to work with PHP 4.4's reference changes), PHP 4.4.1, and PHP 5.0.5 (for the early adopters who have binary-encrypted packages). PHP 4.4.2 and PHP 5.1.2 will be stabilised sometime in March (is my best guess).

He also lists some of the advantages that these new packages will bring to Gentoo, like: PHP5 support, a "one package install", the ability to run PHP4 and PHP5 concurrently, and the ability to install PECL packages easily.

tagged: gentoo package stanbilized 4.3.11 5.0.5 one package install gentoo package stanbilized 4.3.11 5.0.5 one package install

Link:

Stuart Herbet's Blog:
Gentoo's dev-lang/php Packages Being Stabilised
Jan 20, 2006 @ 06:56:57

On his Gentoo blog, Stuart Herbert has posted this update about the dev-lang/php packages being stabillised for the distribution of the OS.

On Wednesday, Luca filed a request to stabilise our new dev-lang/php packages. As of this morning, these are now the standard packages on the PPC64 and x86 architectures.

We're stabilising PHP-4.3.11 (for the folks who haven't ported packages to work with PHP 4.4's reference changes), PHP 4.4.1, and PHP 5.0.5 (for the early adopters who have binary-encrypted packages). PHP 4.4.2 and PHP 5.1.2 will be stabilised sometime in March (is my best guess).

He also lists some of the advantages that these new packages will bring to Gentoo, like: PHP5 support, a "one package install", the ability to run PHP4 and PHP5 concurrently, and the ability to install PECL packages easily.

tagged: gentoo package stanbilized 4.3.11 5.0.5 one package install gentoo package stanbilized 4.3.11 5.0.5 one package install

Link: