To make life simple and provide easier upgrade paths (which someday I might actually use), I'm going to use as much stuff from ports as I can. For this stuff, you can crank out a simple
make all install clean in the port's directory. C-client from the imap-uw port is a bit of a pain, but we'll get to that in a bit. For now, build and install (with liberal sprinklings of
FLAVOR=no_x11 wherever you think appropriate) these ports:
graphics/jpeg graphics/png graphics/ungif databases/gdbm database/mysql devel/gmp devel/t1lib security/mcrypt textproc/libxml textproc/libxslt
Now, all that's left from ports is to extract the c-client libraries from the imap-uw port which can be done thusly:
cd /usr/ports/mail/imap-uw SUBPACKAGE="-c-client" FLAVOR=plaintext make all install clean
Before you write me hate mail, I'd like to say first off that I know plaintext is unsafe. The reason I build PHP with IMAP support is for stuff like Squirrelmail or Horde which live on the same box as the IMAP server. If someone's ripping passwords from my loopback, I have bigger problems.
Roll Your Own
The stuff listed in this section is what I usually always build myself. Their /usr/ports counterparts are either too out of date to be useful or have ridiculous dependencies that'll take longer to remove than just rolling my own. They're mostly your standard builds. In a couple cases, I've applied the patches from ports mostly to fix locations and crap like pthreads:
bzcat freetype-2.3.7.tar.bz2 | tar xvf - cd freetype-2.3.7 GNUMAKE=gmake ./configure && gmake && gmake install
tar zxvf fontconfig-2.6.0.tar.gz
./configure && make && make install
tar zxvf gd-2.0.35.tar.gz cd gd-2.0.35 for F in $(ls /usr/ports/graphics/gd/patches/patch*); do patch -p0 $F; done ./configure && make && make install
Now that we have everything we need to build PHP with pretty much everything, we can move on to PHP itself!
Download and Extract
Download and extract the latest version of PHP. For the purposes of this howto, 5.2.6 was the latest available version.
The Suhosin Patch
I always make it a point to apply the Suhosin patch every time I build PHP. You don't have to do this step, but just hop on over to hardened-php and grab the Suhosin patch that matches the version of PHP you downloaded. For me, this was 5.2.6-0.9.6.2:
wget http://download.suhosin.org/suhosin-patch-5.2.6-0.9.6.2.patch.gz cd php-5.2.6 zcat ../suhosin-patch-5.2.6-0.9.6.2.patch.gz | patch -p1
Patches from ports
To make live easy, I also apply whatever patches exist from /usr/ports (note that if the ports version is too old these patches might not apply cleanly, in which case go back and download PHP+Suhosin for whatever version is in ports. You can find it by looking int he Makefile). This is an easy process, but remember ports breaks PHP into core and extensions and the patches should be applied from the php-5.2.6 (or whatever) directory:
for F in $(ls /usr/ports/www/php5/patches/patch-*); do patch -p0 < $F; done for F in $(ls /usr/ports/www/php5/core/patches/patch-*); do patch -p0 < $F; done for F in $(ls /usr/ports/www/php5/extensions/patch-*); do patch -p0 < $F; done
At this point, you also need to edit the configure script and replace all occurances of gssapi_krb5 with gssapi and k5crypto with crypto. If you don't, configure will fail loudly and constantly.
The only thing we have left to do now is actually run the configure script. Remember to not miss the ENV line, otherwise libpng won't be found for some reason (nb: I also recall having to go into /usr/local/include and link libpng.h to libpng/libpng.h):
env CFLAGS="-I/usr/local/include/libpng" ./configure --with-apxs=/usr/sbin/apxs \ --with-iconv-dir=/usr/local \ --with-iconv=/usr/local \ --disable-dom \ --disable-cgi \ --with-gd \ --with-jpeg-dir=/usr/local \ --with-png-dir=/usr/local \ --with-zlib-dir=/usr \ --with-bz2=/usr/local \ --with-curl=/usr/local \ --enable-dba --with-gdbm=/usr/local \ --disable-dbase --with-gd \ --with-t1lib=/usr/local \ --with-freetype-dir=/usr/local \ --with-gmp=/usr/local \ --with-imap=/usr/local --with-kerberos=/usr \ --with-imap-ssl --without-ldap --enable-mbstring \ --enable-mbregex \ --with-mcrypt=/usr/local --with-mhash=/usr/local \ --with-mysql=/usr/local --without-mysqli \ --with-ncurses=/usr/local \ --with-pdo-mysql=/usr/local --without-pdo-pgsql \ --without-pdo-sqlite --without-pgsql \ --enable-shmop --enable-soap --without-snmp \ --enable-ucd-snmp-hack --without-sqlite \ --without-sybase-ct --with-xmlrpc --with-xsl \ --enable-dom --enable-ftp --enable-exif \ --with-zlib --enable-xml --with-openssl \ -enable-wddx --enable-cli --with-iconv=/usr/local \ --with-gettext=/usr/local --enable-bcmath \ --enable-session --enable-calendar \ --enable-ctype --enable-ftp --with-pcre-regex \ --enable-sockets --enable-sysvsem \ --enable-sysvshm --enable-exif \ --without-sqlite --without-pdo-sqlite \ --with-pear=/var/www/pear --enable-fastcgi \ --enable-force-cgi-redirect
As you would expect, most of the lines above are supposed to have backslashes after them. For some reason, HTWhy is stripping them out. At least it gives me something to do.
That's all, folks!
Welp, that's about it. All we need to do now is actually build and install PHP. This should go off without a hitch.
Also notice that my configure line puts the PEAR repository in /var/www/pear. This is because Apache on OpenBSD runs chrooted and putting it anywhere else is a pain. All you need to do after installation is edit your php.ini and add /pear (NOT /var/www/pear, we're chrooted, remember) to the include paths.
The method outlined above works. HTWhy is written in PHP5 and the simple fact you're reading this proves it :)
This howto may change from time to time as I replace my aging OpenBSD servers, but all that really changes are the version numbers. Sometimes cool new options are added to PHP and I throw them in as I need them, but the configure line above suits pretty much all my needs.