1+ export PHPIZE_DEPS=" autoconf dpkg-dev file g++ gcc libc-dev make pkg-config re2c"
2+
3+ # persistent / runtime deps
4+ set -eux; \
5+ install-packages \
6+ $PHPIZE_DEPS \
7+ ca-certificates \
8+ curl \
9+ xz-utils \
10+ libargon2-1 \
11+ libonig5
12+
13+ export PHP_INI_DIR=" /opt/drycc/php/etc"
14+ set -eux; \
15+ mkdir -p " $PHP_INI_DIR /conf.d" ; \
16+ # allow running as an arbitrary user (https://github.com/docker-library/php/issues/743)
17+ [ ! -d /var/www/html ]; \
18+ mkdir -p /var/www/html; \
19+ chown www-data:www-data /var/www/html; \
20+ chmod 777 /var/www/html
21+
22+ # Apply stack smash protection to functions using local buffers and alloca()
23+ # Make PHP's main executable position-independent (improves ASLR security mechanism, and has no performance impact on x86_64)
24+ # Enable optimization (-O2)
25+ # Enable linker optimization (this sorts the hash buckets to improve cache locality, and is non-default)
26+ # https://github.com/docker-library/php/issues/272
27+ # -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php)
28+ export PHP_CFLAGS=" -fstack-protector-strong -fpic -fpie -O2 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
29+ export PHP_CPPFLAGS=" $PHP_CFLAGS "
30+ export PHP_LDFLAGS=" -Wl,-O1 -pie"
31+
32+ export PHP_URL=" https://www.php.net/distributions/php-${STACK_VERSION} .tar.xz"
33+
34+ set -eux; \
35+ \
36+ savedAptMark=" $( apt-mark showmanual) " ; \
37+ install-packages gnupg dirmngr; \
38+ \
39+ mkdir -p /usr/src; \
40+ cd /usr/src; \
41+ \
42+ curl -fsSL -o php.tar.xz " $PHP_URL " ;
43+
44+ set -eux; \
45+ \
46+ savedAptMark=" $( apt-mark showmanual) " ; \
47+ install-packages libargon2-dev \
48+ libcurl4-openssl-dev \
49+ libonig-dev \
50+ libreadline-dev \
51+ libsodium-dev \
52+ libsqlite3-dev \
53+ libssl-dev \
54+ libxml2-dev \
55+ zlib1g-dev \
56+ ; \
57+ \
58+ export \
59+ CFLAGS=" $PHP_CFLAGS "
60+ CPPFLAGS=" $PHP_CPPFLAGS "
61+ LDFLAGS=" $PHP_LDFLAGS "
62+ ; \
63+ tar -Jxf /usr/src/php.tar.xz -C /usr/src; \
64+ mv /usr/src/php-${STACK_VERSION} /usr/src/php; \
65+ cd /usr/src/php; \
66+ gnuArch=" $( dpkg-architecture --query DEB_BUILD_GNU_TYPE) " ; \
67+ debMultiarch=" $( dpkg-architecture --query DEB_BUILD_MULTIARCH) " ; \
68+ # https://bugs.php.net/bug.php?id=74125
69+ if [ ! -d /usr/include/curl ]; then \
70+ ln -sT " /usr/include/$debMultiarch /curl" ; \
71+ fi ; \
72+ ./configure \
73+ --prefix=/opt/drycc/php \
74+ --build=" $gnuArch "
75+ --with-config-file-path=" $PHP_INI_DIR "
76+ --with-config-file-scan-dir=" $PHP_INI_DIR /conf.d"
77+ --enable-option-checking=fatal \
78+ --with-mhash \
79+ --with-pic \
80+ --enable-ftp \
81+ --enable-mbstring \
82+ --enable-mysqlnd \
83+ --with-password-argon2 \
84+ --with-sodium=shared \
85+ --with-pdo-sqlite=/usr \
86+ --with-sqlite3=/usr \
87+ --with-curl \
88+ --with-openssl \
89+ --with-readline \
90+ --with-zlib \
91+ --with-pear \
92+ $( test " $gnuArch " ' s390x-linux-gnu' && echo ' --without-pcre-jit' )
93+ --with-libdir=" lib/$debMultiarch "
94+ --disable-cgi \
95+ --enable-fpm \
96+ --with-fpm-user=www-data \
97+ --with-fpm-group=www-data \
98+ ; \
99+ make -j " $( nproc) " ; \
100+ find -type f -name ' *.a' ; \
101+ make install; \
102+ find \
103+ /opt/drycc/php \
104+ -type f \
105+ -perm ' /0111'
106+ -exec sh -euxc ' \
107+ strip --strip-all "$@" || : \
108+ ' -- ' {}'
109+ ; \
110+ make clean; \
111+ \
112+ # https://github.com/docker-library/php/issues/692 (copy default example "php.ini" files somewhere easily discoverable)
113+ cp -v php.ini-* " $PHP_INI_DIR /" ; \
114+ \
115+ cd /; \
116+ \
117+ # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
118+ apt-mark auto ' .*' > /dev/null; \
119+ [ -z " $savedAptMark " || apt-mark manual $savedAptMark ; \
120+ find /opt/drycc/php -type f -executable -exec ldd ' {}' ' ;'
121+ | awk ' /=>/ { print $(NF-1) }'
122+ | sort -u \
123+ | xargs -r dpkg-query --search \
124+ | cut -d: -f1 \
125+ | sort -u \
126+ | xargs -r apt-mark manual \
127+ ; \
128+ apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
129+ rm -rf /var/lib/apt/lists/* ; \
130+ \
131+ # update pecl channel definitions https://github.com/docker-library/php/issues/443
132+ pecl update-channels; \
133+ rm -rf /tmp/pear ~ /.pearrc; \
134+ \
135+ # smoke test
136+ php --version
137+
138+
139+ set -eux; \
140+ cd /opt/drycc/php/etc; \
141+ if [ -d php-fpm.d ]; then \
142+ # for some reason, upstream's php-fpm.conf.default has "include=NONE/etc/php-fpm.d/*.conf"
143+ sed ' s!=NONE/!=!g' | tee php-fpm.conf > /dev/null; \
144+ cp php-fpm.d/www.conf.default php-fpm.d/www.conf; \
145+ else \
146+ # PHP 5.x doesn't use "include=" by default, so we'll create our own simple config that mimics PHP 7+ for consistency
147+ mkdir php-fpm.d; \
148+ cp php-fpm.conf.default php-fpm.d/www.conf; \
149+ { \
150+ echo ' [global]' ; \
151+ echo ' include=etc/php-fpm.d/*.conf' ; \
152+ } | tee php-fpm.conf; \
153+ fi ; \
154+ { \
155+ echo ' [global]' ; \
156+ echo ' error_log = /proc/self/fd/2' ; \
157+ echo ; echo ' ; https://github.com/docker-library/php/pull/725#issuecomment-443540114' ; echo ' log_limit = 8192' ; \
158+ echo ; \
159+ echo ' [www]' ; \
160+ echo ' ; if we send this to /proc/self/fd/1, it never appears' ; \
161+ echo ' access.log = /proc/self/fd/2' ; \
162+ echo ; \
163+ echo ' clear_env = no' ; \
164+ echo ; \
165+ echo ' ; Ensure worker stdout and stderr are sent to the main error log.' ; \
166+ echo ' catch_workers_output = yes' ; \
167+ echo ' decorate_workers_output = no' ; \
168+ } | tee php-fpm.d/docker.conf; \
169+ { \
170+ echo ' [global]' ; \
171+ echo ' daemonize = no' ; \
172+ echo ; \
173+ echo ' [www]' ; \
174+ echo ' listen = 9000' ; \
175+ } | tee php-fpm.d/zz-docker.conf
0 commit comments