Using ancient PHP versions from FreeBSD ports with suphp
04 Jan 2024 - tsp
Last update 09 Jan 2024
3 mins
The following short blog article explains:
- How to build old versions of PHP on FreeBSD out of the ports tree
- How to install multiple versions in parallel on the same system by using different base and prefix settings
-
How to launch the different versions on systems using
suphp - A word of caution
- Checking out the ports tree of the required revision
- Building and installing the components
- Calling different versions via suphp
- Another word of caution
A word of caution
Don’t do this on any system facing the outward world. Really. Do not use software that has surpassed it’s end of life date. Usually this implies security problems - that also extend to all dependencies of that program. Never ever do this. If you have software that depends on ancient runtimes upgrade that software. If there is no current software stop using it and decide on some solution that gets maintained and stays downwards compatible the next time. There is no justification to run old software on any public network or reachable by anyone. Never.
Checking out the ports tree of the required revision
First check out the ports tree that contains the required version.
When one wants to build PHP 5.6 for example the latest ports tree
revision that contains php56 was 487169. One can determine
this by looking at pages like FreshPorts.
They also keep track of when ports got phased out.
To check out go to any directory where you want to check out the old ports tree and run:
svn checkout -r 487169 svn://svn.freebsd.org/ports/head oldtree
Copy current keywords for pkg
This is required since the ports use pkg to install the software.
This requires current keywords. The simplest method to get this into
working state is to use the keywords from the current ports tree:
cp /usr/ports/Keywords/*.ucl oldtree/Keywords/
Building and installing the components
Just enter the ports directory and build as usual. For php
do not forget to set a PHPBASE and PREFIX to prevent
overwriting of the current up to date PHP version. In addition one
has to bypass conflict detection by setting DISABLE_CONFLICTS=1
and skip vulnerability scanning (since old packages usually have
vulnerabilities - again remember to never do this on any exposed
system) by setting DISABLE_VULNERABILITIES=YES
cd oldtree/lang/php56
make PREFIX=/usr/local/php56 PHPBASE=/usr/local/php56 DISABLE_CONFLICTS=1 DISABLE_VULNERABILITIES=YES install
In the next step build any required extensions:
cd ../php56-extensions
make PREFIX=/usr/local/php56 PHPBASE=/usr/local/php56 DISABLE_CONFLICTS=1 DISABLE_VULNERABILITIES=YES install
Calling different versions via suphp
To call components on the same system with different PHP versions when
using suphp one can simply define different handlers in /usr/local/etc/suphp.conf:
[handlers]
application/x-su-httpd-php="php:/usr/local/bin/php-cgi"
application/x-su-httpd-php72="php:/usr/local/php72/bin/php-cgi"
application/x-su-httpd-php56="php:/usr/local/php56/bin/php-cgi"
In the webserver configuration one just sets the required handler for the PHP file extension. For Apache this could look like the following configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
suPHP_Engine on
suPHP_ConfigPath /usr/local/etc
suPHP_UserGroup exampleuser examplegroup
suPHP_AddHandler application/x-su-httpd-php56
</VirtualHost>
<Directory "/example">
AllowOverride None
Order allow,deny
Allow from all
Require all granted
suPHP_AddHandler application/x-su-httpd-php56
AddHandler application/x-su-httpd-php56 .php
</Directory>
Another word of caution
Just to write this a second time: Do not use this approach on any exposed system. I’ve personally used this to launch an ancient application to extract some data out of this application - on an airgapped system. Do never run old software connected to any public network or exposed to users.
This article is tagged:
