Pourquoi aurions nous besoin de faire une telle chose ? Et bien lorsque l’on est hébergeur, tous les clients ne font pas toujours ce que l’on veut et certains continuent de ne pas faire évoluer leurs logiciels… Résultat de cet immobilisme, l’hébergeur doit soit couper le service, soit continuer de maintenir lui même des versions périmées de logiciels tels qu’Apache ou PHP.
Aujourd’hui, je migre un serveur historique avec des clients encore en php4 et en apache 1.3 sur un nouveau serveur. Forcément le système de base est plus récent pour des raisons de sécurité. Rapidement, à la compilation, des problèmes apparaissent… La distribution choisie est une Mandriva 2010.2 64 bits, mais la procédure est la même avec d’autres distributions.
Je commence par rajouter les quelques paquetages dont j’aurai besoin sur mon systeme :
urpmi make gcc libpng-devel libjpeg-devel freetype2-devel mysql-devel curl-devel munin munin-node munin-master flex bzip2-devel pure-ftpd python-devel gd-devel librsync-devel ntp-client vim-e
Je me munis également des fichiers dont j’ai besoin pour mon install
- mod_ssl-2.8.31-1.3.41.tar.gz
- apache_1.3.41.tar.gz
- suexec.c modifié maison
- php-4.4.9.tar.gz
Après avoir extrait les archives et remplacé le src/support/suexec.c par mon propre fichier je passe à la compilation
cd apache_1.3.41
./configure –prefix=/usr/local/apache
Configuring for Apache, Version 1.3.41
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ using “tr [a-z] [A-Z]” to uppercase
+ checking for system header files
+ adding selected modules
+ using builtin Expat
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard
Ensuite mod_ssl
cd ../mod_ssl-2.8.31-1.3.41
./configure –with-apache=../apache_1.3.41 –with-ssl –prefix=/usr/local/apache
Configuring mod_ssl/2.8.31 for Apache/1.3.41
+ Apache location: ../apache_1.3.41 (Version 1.3.41)
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
o Extended API (EAPI)
o Distribution Documents
o SSL Module Source
o SSL Support
o SSL Configuration Additions
o SSL Module Documentation
o Addons
Done: source extension and patches successfully applied.
Maintenant on passe à la compilation d’apache à proprement parler avec le module ssl
cd ../apache_1.3.41
./configure –prefix=/usr/local/apache –enable-module=so –enable-module=rewrite –enable-suexec –suexec-caller=nobody –suexec-userdir=www –suexec-docroot=/ –suexec-logfile=/var/log/httpd/cgi.log –suexec-uidmin=500 –suexec-gidmin=100 –suexec-safepath=/usr/local/bin:/usr/bin:/bin –enable-module=ssl
Configuring for Apache, Version 1.3.41
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ using “tr [a-z] [A-Z]” to uppercase
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
disabling DBM support for mod_rewrite
(perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.31
+ SSL interface build type: OBJ
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: [SYSTEM]
Error: Cannot find SSL library files in any of the following dirs:
Error: . /lib /usr/lib /usr/local/lib
+ SSL library version: OpenSSL 1.0.0a 1 Jun 2010
Premier problème les emplacements de bibliothèque sous les versions 64 bits diffèrent. Un petit lien symbolique devrait arranger ça :
ln -s /usr/lib64/libssl.so /usr/lib/libssl.so
Et c’est reparti :
./configure –prefix=/usr/local/apache –enable-module=so –enable-module=rewrite –enable-suexec –suexec-caller=nobody –suexec-userdir=www –suexec-docroot=/ –suexec-logfile=/var/log/httpd/cgi.log –suexec-uidmin=500 –suexec-gidmin=100 –suexec-safepath=/usr/local/bin:/usr/bin:/bin –enable-module=ssl
Configuring for Apache, Version 1.3.41
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ using “tr [a-z] [A-Z]” to uppercase
+ checking for system header files
+ adding selected modules
o rewrite_module uses ConfigStart/End
disabling DBM support for mod_rewrite
(perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.8.31
+ SSL interface build type: OBJ
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface conservative code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: [SYSTEM]
+ SSL library version: OpenSSL 1.0.0a 1 Jun 2010
+ SSL library type: installed package (system-wide)
+ enabling Extended API (EAPI)
+ using builtin Expat
+ using -ldl for vendor DSO support
+ checking sizeof various data types
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/lib/expat-lite
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl
Tout est ok. On lance le make :
ssl_util_ssl.c: In function ‘SSL_X509_isSGC’:
ssl_util_ssl.c:327: erreur: ‘STACK’ undeclared (first use in this function)
ssl_util_ssl.c:327: erreur: (Each undeclared identifier is reported only once
ssl_util_ssl.c:327: erreur: for each function it appears in.)
ssl_util_ssl.c:327: erreur: ‘sk’ undeclared (first use in this function)
ssl_util_ssl.c:336: erreur: expected expression before ‘)’ token
make[4]: *** [ssl_util_ssl.o] Erreur 1
make[3]: *** [all] Erreur 1
make[2]: *** [subdirs] Erreur 1
make[2]: quittant le répertoire « /home/dni/apache/apache_1.3.41/src »
make[1]: *** [build-std] Erreur 2
make[1]: quittant le répertoire « /home/dni/apache/apache_1.3.41 »
make: *** [build] Erreur 2
Il va donc falloir modifier le ssl_util_ssl.c
Ligne 327 :
- STACK *sk;
+ _STACK *sk;
Ligne 336 :
– if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
+ if ((sk = (_STACK *)X509V3_EXT_d2i(ext)) != NULL) {
On relance :
make
/usr/include/stdio.h:651: note: previous declaration of ‘getline’ was here
make[2]: *** [htpasswd.o] Erreur 1
make[2]: quittant le répertoire « /home/dni/apache/apache_1.3.41/src/support »
make[1]: *** [build-support] Erreur 1
make[1]: quittant le répertoire « /home/dni/apache/apache_1.3.41 »
make: *** [build] Erreur 2
Maintenant c’est coté système qu’il va falloir effectuer une petite modification
vim /usr/include/stdio.h
Ligne 651 :
- extern _IO_ssize_t getline (char **__restrict __lineptr,
+ extern _IO_ssize_t preline (char **__restrict __lineptr,
Et on relance :
make
make[1]: entrant dans le répertoire « /home/dni/apache/apache_1.3.41 »
+———————————————————————+
| Before you install the package you now should prepare the SSL |
| certificate system by running the ‘make certificate’ command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you’re a vendor package maintainer, |
| the TYPE=test when you’re an admin but want to do tests only, |
| the TYPE=custom when you’re an admin willing to run a real server |
| and TYPE=existing when you’re an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use ‘make certificate VIEW=1′ to display the generated data. |
| |
| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |
| [email protected] |
| www.engelschall.com |
+———————————————————————+
make[1]: quittant le répertoire « /home/dni/apache/apache_1.3.41 »
ça marche !
Puis :
make install
make[1]: quittant le répertoire « /home/dni/apache/apache_1.3.41 »
+——————————————————–+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /usr/local/apache/conf/httpd.conf
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /usr/local/apache/bin/apachectl start
| |
| Or when you want to run it with SSL enabled use: |
| |
| /usr/local/apache/bin/apachectl startssl
| |
| Thanks for using Apache. The Apache Group |
| http://www.apache.org/ |
+——————————————————–+
Tout est ok, ouf !
On passe à php :
cd php-4.4.9
On prépare le source de php4 pour fonctionner en cgi suexec :
perl -pi -e “s/cgi = 1;/cgi = 0;/” sapi/cgi/cgi_main.c
Puis on lance notre configure :
./configure –with-xml –with-domxml –enable-ftp –enable-bcmath –enable-calendar –with-jpeg-dur –with-png-dir –with-gd –enable-dba –enable-freetype-4bit-antialias-hack –enable-gd-native-ttf –with-freetype-dir –with-xslt –with-gettext –enable-magic-quotes –enable-force-cgi-redirect –enable-fastcgi –with-curl –with-mysql=/usr –with-zlib-dir –with-bz2 –enable-trans-sid –enable-sysvsem –enable-sysvshm
configure: error: libpng.(a|so) not found.
Toujours notre problème d’emplacement de bibliothèques 64 bits :
ln -s /usr/lib64/libpng.so /usr/lib/libpng.so
ln -s /usr/lib64/libjpeg.so /usr/lib/libjpeg.so
ln -s /usr/lib64/libmysqlclient.so /usr/lib/libmysqlclient.so
On relance :
./configure –with-xml –with-domxml –enable-ftp –enable-bcmath –enable-calendar –with-jpeg-dur –with-png-dir –with-gd –enable-dba –enable-freetype-4bit-antialias-hack –enable-gd-native-ttf –with-freetype-dir –with-xslt –with-gettext –enable-magic-quotes –enable-force-cgi-redirect –enable-fastcgi –with-curl –with-mysql=/usr –with-zlib-dir –with-bz2 –enable-trans-sid –enable-sysvsem –enable-sysvshm
Generating files
updating cache ./config.cache
creating ./config.status
creating php4.spec
creating main/build-defs.h
creating scripts/phpize
creating scripts/man1/phpize.1
creating scripts/php-config
creating scripts/man1/php-config.1
creating sapi/cli/php.1
creating main/php_config.h
creating main/internal_functions.c
creating main/internal_functions_cli.c
+——————————————————————–+
| License: |
| This software is subject to the PHP License, available in this |
| distribution in the file LICENSE. By continuing this installation |
| process, you are bound by the terms of this license agreement. |
| If you do not agree with the terms of this license, you must abort |
| the installation process at this point. |
+——————————————————————–+
| *** NOTE *** |
| The default for register_globals is now OFF! |
| |
| If your application relies on register_globals being ON, you |
| should explicitly set it to on in your php.ini file. |
| Note that you are strongly encouraged to read |
| http://www.php.net/manual/en/security.globals.php |
| about the implications of having register_globals set to on, and |
| avoid using it if possible. |
+——————————————————————–+
Thank you for using PHP.
Puis on lance le make :
make
Build complete.
(It is safe to ignore warnings about tempnam and tmpnam).
Puis l’installation :
make install
Installing PHP SAPI module: cgi
Installing PHP CGI into: /usr/local/bin/
Installing PEAR environment: /usr/local/lib/php/
[PEAR] Archive_Tar – installed: 1.3.2
[PEAR] Console_Getopt – installed: 1.2.1
[PEAR] HTML_Template_IT- installed: 1.1
[PEAR] Net_UserAgent_Detect- installed: 2.0.1
warning: pear/PEAR requires package “pear/Structures_Graph” (recommended version 1.0.2)
pear/PEAR can optionally use package “pear/XML_RPC” (version >= 1.4.0)
[PEAR] PEAR – installed: 1.5.0
Wrote PEAR system config file at: /usr/local/etc/pear.conf
You may want to add: /usr/local/lib/php to your php.ini include_path
[PEAR] Structures_Graph- installed: 1.0.2
Installing build environment: /usr/local/lib/php/build/
Installing header files: /usr/local/include/php/
Installing helper programs: /usr/local/bin/
program: phpize
program: php-config
Installing man pages: /usr/local/man/man1/
page: phpize.1
page: php-config.1
Et voilà, finalement ce n’était pas si compliqué 
Christophe Casalegno
http://twitter.com/Brain_0verride
http://www.facebook.com/brain.override
Jeu de briques
Snake
Pacman
Bubble