SpindleyQ/nix-php52
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Refactor to use flakes, continue to work on latest nixos

Browse source 
default.nix should continue to work, but module.nix now needs to be
passed a system-agnostic reference to the php52 package.
This commit is contained in:
Jeremy Penner 2023-11-14 22:07:01 -05:00
parent d467730a35
commit 0f4ed105cb
7 changed files with 214 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -3,6 +3,9 @@
I host a community site that is based on Drupal 5, which can't be upgraded without throwing the whole thing in the bin and starting from scratch.
Maybe someday I will do that, but in the meantime, people use it, and I have promised those people that I am not going to delete their stuff.
This repo now uses flakes but I haven't bothered to update this readme with usage information, sorry. Hopefully the flake itself is reasonable
documentation for what the repo provides. If anybody depends on this besides me, sorry I broke your site.
# Usage
I'm probably doing this wrong! I'm very new to NixOS. Bug reports or pull requests to make things more standard welcome. I think eventually I'll want this to

127
default.nix
View file

@ -1,120 +1,7 @@
{ pkgs ? import <nixpkgs> {}, lib ? import <nixpkgs/lib>, ... }:
with pkgs; let
mergedLib = lib: name:
derivation {
inherit name coreutils;
system = builtins.currentSystem;
builder = "${bash}/bin/bash";
args = [ ./merge.sh "${lib.out}/*" "${lib.dev}/*" ];
};
m_libjpeg = mergedLib libjpeg "m_libjpeg";
m_libpng = mergedLib libpng "m_libpng";
php52 = stdenv.mkDerivation {
name = "php52";
src = ./php-5.2.17.tar.bz2;
patches = [ ./php52-backports-security-20130717.patch ./php-5.2.17-fpm.patch ./suhosin-patch-5.2.16-0.9.7.patch ];
configureFlags = [
"--enable-fastcgi"
"--with-zlib=${zlib.dev}"
"--with-bz2=${bzip2.dev}"
"--enable-calendar"
"--with-curl=${curl.dev}"
"--enable-exif"
"--with-gd"
"--with-mcrypt=${libmcrypt}"
"--with-mysql=${mysql57}"
"--enable-zip"
"--with-pear"
"--enable-force-cgi-redirect"
"--enable-debug"
"--enable-mbstring"
"--enable-fastcgi"
"--with-fpm-log=/var/log/php52-fpm/php-fpm.log"
"--with-fpm-pid=/run/php52-fpm/php-fpm.pid"
"--enable-fpm"
"--with-libxml-dir=${libxml2.dev}"
"--with-jpeg-dir=${m_libjpeg}"
"--with-png-dir=${m_libpng}"
];
postInstall = ''
cp ./php.ini-recommended "$out/lib/php.ini"
tar xf ${./suhosin-0.9.31.tgz}
cd suhosin-0.9.31
PATH="$out/bin:$PATH" phpize
PATH="$out/bin:$PATH" ./configure --enable-suhosin
make install
cd ..
sed -i 's:^extension_dir = .*:extension_dir = "'$("$out/bin/php-config" --extension-dir)'":' "$out/lib/php.ini"
sed -i 's:^upload_max_filesize = .*:upload_max_filesize = 200M:' "$out/lib/php.ini"
sed -i 's:^post_max_size = .*:post_max_size = 200M:' "$out/lib/php.ini"
echo "extension=suhosin.so" >> "$out/lib/php.ini"
echo "sendmail_path=/run/wrappers/bin/sendmail -t -i" >> "$out/lib/php.ini"
'';
buildInputs = [ zlib bzip2 curlFull libmcrypt mysql57 libxml2 lzma m_libjpeg m_libpng autoconf automake ];
};
in
php52 // rec {
vhost = cfg: lib.recursiveUpdate {
extraConfig = ''
client_max_body_size 200m;
index index.php index.html index.htm;
'' + cfg.extraConfig or "";
locations = {
"/favicon.ico" = {
extraConfig = ''
log_not_found off;
access_log off;
'';
};
"/robots.txt" = {
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
"~ \\..*/.*\\.php$" = { return = "403"; };
"~ ^/sites/.*/private/" = { return = "403"; };
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
"~ (^|/)\\.(?!well-known/)" = { return = "403"; };
"~ \\.php$" = {
extraConfig = ''
client_max_body_size 200m;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param HTTP_PROXY "";
'';
};
"~ /\.ht" = {
extraConfig = ''
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
deny all;
'';
};
};
} (builtins.removeAttrs cfg [ "extraConfig" ]);
vhostDrupal = cfg: vhost (lib.recursiveUpdate cfg {
locations = {
"/" = { tryFiles = "$uri @rewrite"; };
"@rewrite" = {
extraConfig = ''
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1;
'';
};
};
});
}
{ pkgs ? import <nixpkgs> {}, ...}:
let pkgs22_05 = (builtins.fetchTarball {
url = "https://nixos.org/channels/nixos-22.05/nixexprs.tar.xz";
}) {};
php52 = import ./php52.nix pkgs22_05;
lib = import ./lib.nix pkgs;
in php52 // lib

61
flake.lock Normal file
View file

@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1685573264,
"narHash": "sha256-Zffu01pONhs/pqH07cjlF10NnMDLok8ix5Uk4rhOnZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "380be19fbd2d9079f677978361792cb25e8a3635",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

18
flake.nix Normal file
View file

@ -0,0 +1,18 @@
{
inputs = {
# build currently fails in 22.11 due to flex inserting some unexpected definition :/
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { nixpkgs, flake-utils, ... }:
let packages = flake-utils.lib.eachDefaultSystem (system:
{
packages.default = import ./php52.nix { pkgs = import nixpkgs { inherit system; }; };
});
in {
inherit (packages) packages;
lib = import ./lib.nix;
nixosModules.default = import ./module.nix packages.packages;
};
}

69
lib.nix Normal file
View file

@ -0,0 +1,69 @@
pkgs: let
lib = pkgs.lib;
vhost = cfg: lib.recursiveUpdate {
extraConfig = ''
client_max_body_size 200m;
index index.php index.html index.htm;
'' + cfg.extraConfig or "";
locations = {
"/favicon.ico" = {
extraConfig = ''
log_not_found off;
access_log off;
'';
};
"/robots.txt" = {
extraConfig = ''
allow all;
log_not_found off;
access_log off;
'';
};
"~ \\..*/.*\\.php$" = { return = "403"; };
"~ ^/sites/.*/private/" = { return = "403"; };
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
"~ (^|/)\\.(?!well-known/)" = { return = "403"; };
"~ \\.php$" = {
extraConfig = ''
client_max_body_size 200m;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param HTTP_PROXY "";
'';
};
"~ /\.ht" = {
extraConfig = ''
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
deny all;
'';
};
};
} (builtins.removeAttrs cfg [ "extraConfig" ]);
vhostDrupal = cfg: vhost (lib.recursiveUpdate cfg {
locations = {
"/" = { tryFiles = "$uri @rewrite"; };
"@rewrite" = {
extraConfig = ''
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1;
'';
};
};
});
in
{
inherit vhost vhostDrupal;
}

5
module.nix
View file

@ -1,8 +1,7 @@
{ config, lib, pkgs, ...}@args:
packages: { config, lib, pkgs, ...}@args:
with lib;
let
cfg = config.services.php52-fpm;
php52 = import ./default.nix args;
in {
options.services.php52-fpm = {
enable = mkOption {
@ -25,7 +24,7 @@ in {
serviceConfig = {
Type = "forking";
PIDFile = "/run/php52-fpm/php-fpm.pid";
ExecStart = "${php52}/bin/php-cgi -x";
ExecStart = "${packages."${pkgs.system}".default}/bin/php-cgi -x";
User = "nginx";
Group = "nginx";
RuntimeDirectory = "php52-fpm";

54
php52.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, ... }:
let mergedLib = lib: name:
derivation {
inherit name;
system = pkgs.system;
coreutils = pkgs.coreutils;
builder = "${pkgs.bash}/bin/bash";
args = [ ./merge.sh "${lib.out}/*" "${lib.dev}/*" ];
};
m_libjpeg = mergedLib pkgs.libjpeg "m_libjpeg";
m_libpng = mergedLib pkgs.libpng "m_libpng";
in with pkgs; stdenv.mkDerivation {
name = "php52";
src = ./php-5.2.17.tar.bz2;
patches = [ ./php52-backports-security-20130717.patch ./php-5.2.17-fpm.patch ./suhosin-patch-5.2.16-0.9.7.patch ];
configureFlags = [
"--enable-fastcgi"
"--with-zlib=${zlib.dev}"
"--with-bz2=${bzip2.dev}"
"--enable-calendar"
"--with-curl=${curl.dev}"
"--enable-exif"
"--with-gd"
"--with-mcrypt=${libmcrypt}"
"--with-mysql=${mysql57}"
"--enable-zip"
"--with-pear"
"--enable-force-cgi-redirect"
"--enable-debug"
"--enable-mbstring"
"--enable-fastcgi"
"--with-fpm-log=/var/log/php52-fpm/php-fpm.log"
"--with-fpm-pid=/run/php52-fpm/php-fpm.pid"
"--enable-fpm"
"--with-libxml-dir=${libxml2.dev}"
"--with-jpeg-dir=${m_libjpeg}"
"--with-png-dir=${m_libpng}"
];
postInstall = ''
cp ./php.ini-recommended "$out/lib/php.ini"
tar xf ${./suhosin-0.9.31.tgz}
cd suhosin-0.9.31
PATH="$out/bin:$PATH" phpize
PATH="$out/bin:$PATH" ./configure --enable-suhosin
make install
cd ..
sed -i 's:^extension_dir = .*:extension_dir = "'$("$out/bin/php-config" --extension-dir)'":' "$out/lib/php.ini"
sed -i 's:^upload_max_filesize = .*:upload_max_filesize = 200M:' "$out/lib/php.ini"
sed -i 's:^post_max_size = .*:post_max_size = 200M:' "$out/lib/php.ini"
echo "extension=suhosin.so" >> "$out/lib/php.ini"
echo "sendmail_path=/run/wrappers/bin/sendmail -t -i" >> "$out/lib/php.ini"
'';
buildInputs = [ zlib bzip2 curlFull libmcrypt mysql57 libxml2 lzma m_libjpeg m_libpng autoconf automake ];
}