Re: a perhaps horrifying question...
Steve Wray wrote:
> Is there any way to 'forward port' php4 into Debian Lenny?
Isn't that just called the Etch version of php4?
> We do not have the resources to upgrade all of these to php5 in a
> reasonable amount of time. In fact we are unlikely to be able to upgrade
> most of these before the end of life of Etch. When that happens we will
> be left with servers with no security updates. I understand that there
> are no security updates for php4 but the server environment is more than
> just this one package.
I am in the same situation. Or rather I now have clients in the same
situation and I am helping them work through the problem. (It is good
business when you can get it.) And so I need to solve the same
problem. How do I keep the old php4 sites running but still upgrade
the system to Lenny Stable? In my case they used some binary blobs
that they don't have source code for and are stuck because those
binary blobs do not work with PHP5.
I am addressing this by creating an Etch chroot and running the web
server and php4 code in the chroot. The rest of the system is running
Lenny and gets full security updates. The Etch chroot is running
Apache and PHP4 but no other services. Then I am (slowly) migrating
things off of those binary blobs and onto more portable free software
replacements. This is slightly bad because Apache is the Etch version
and eventually upgrades will expire for it. But slightly good
otherwise because the bad parts are isolated.
> Since php4 was removed from Debian Lenny these servers would have to stay
> with Etch for the foreseeable future which is not good.
I am a little confused. It sounds like you are simply wanting to run
php4 from Etch on an otherwise Lenny server. In which case why not
simply clone a typical example of one of your machines, then test
upgrade the safe clone, without touching the original, from Etch to
Lenny and verify that everything still works? You will of course not
have any security upgrades anymore for php4 in Lenny since it has been
removed. But you also won't have security upgrades in Etch after
support for it has been dropped in the future after the year of
oldstable security support has expired either so no real difference in
the long run.
I tried this myself before posting this response and found that there
is an unfortunate package conflicts between the Lenny libaprutil1 and
the Etch php4-mysql. Therefore in order to avoid breaking php4-mysql
the libaprutil1 package needs to be held at the Etch version. Other
than this problem it seems to work okay for me. With this in place I
was able to upgrade to Lenny and keep running the Etch version of php4.
echo libaprutil1 hold | dpkg --set-selections
I suggest cloning a machine and trying it in a safe copy of the system
to verify this but it seems that would be an acceptable option for
you. Or you might do the chroot thing like I am doing. And of course
continue the migration effort forward to php5 and beyond.
> As sole sysadmin here I would like to be able to upgrade servers to the
> latest supported version without breaking the applications.
Of course!
> Even if php4 is not being maintained thats no reason not to maintain the
> rest of the server!
Agreed. And it seems to me on first look that it should work just
like that simply by upgrading to Lenny. You may have some particular
issues specific to your site however so you should test and verify
this yourself in a safe work area.
Bob
Reply to: