Using ancient PHP versions from FreeBSD ports with suphp

04 Jan 2024 - tsp
Last update 09 Jan 2024
Reading time 3 mins

The following short blog article explains:

How to build old versions of PHP on FreeBSD out of the ports tree
How to install multiple versions in parallel on the same system by using different base and prefix settings
How to launch the different versions on systems using suphp
A word of caution
Checking out the ports tree of the required revision
- Copy current keywords for pkg
Building and installing the components
Calling different versions via suphp
Another word of caution

A word of caution

Don’t do this on any system facing the outward world. Really. Do not use software that has surpassed it’s end of life date. Usually this implies security problems - that also extend to all dependencies of that program. Never ever do this. If you have software that depends on ancient runtimes upgrade that software. If there is no current software stop using it and decide on some solution that gets maintained and stays downwards compatible the next time. There is no justification to run old software on any public network or reachable by anyone. Never.

Checking out the ports tree of the required revision

First check out the ports tree that contains the required version. When one wants to build PHP 5.6 for example the latest ports tree revision that contains php56 was 487169. One can determine this by looking at pages like FreshPorts. They also keep track of when ports got phased out.

To check out go to any directory where you want to check out the old ports tree and run:

svn checkout -r 487169 svn://svn.freebsd.org/ports/head oldtree

Copy current keywords for pkg

This is required since the ports use pkg to install the software. This requires current keywords. The simplest method to get this into working state is to use the keywords from the current ports tree:

cp /usr/ports/Keywords/*.ucl oldtree/Keywords/

Building and installing the components

Just enter the ports directory and build as usual. For php do not forget to set a PHPBASE and PREFIX to prevent overwriting of the current up to date PHP version. In addition one has to bypass conflict detection by setting DISABLE_CONFLICTS=1 and skip vulnerability scanning (since old packages usually have vulnerabilities - again remember to never do this on any exposed system) by setting DISABLE_VULNERABILITIES=YES

cd oldtree/lang/php56
make PREFIX=/usr/local/php56 PHPBASE=/usr/local/php56 DISABLE_CONFLICTS=1 DISABLE_VULNERABILITIES=YES install

In the next step build any required extensions:

cd ../php56-extensions
make PREFIX=/usr/local/php56 PHPBASE=/usr/local/php56 DISABLE_CONFLICTS=1 DISABLE_VULNERABILITIES=YES install

Calling different versions via suphp

To call components on the same system with different PHP versions when using suphp one can simply define different handlers in /usr/local/etc/suphp.conf:

[handlers]
application/x-su-httpd-php="php:/usr/local/bin/php-cgi"
application/x-su-httpd-php72="php:/usr/local/php72/bin/php-cgi"
application/x-su-httpd-php56="php:/usr/local/php56/bin/php-cgi"

In the webserver configuration one just sets the required handler for the PHP file extension. For Apache this could look like the following configuration:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com

    suPHP_Engine on
    suPHP_ConfigPath /usr/local/etc
    suPHP_UserGroup exampleuser examplegroup
    suPHP_AddHandler application/x-su-httpd-php56
</VirtualHost>

<Directory "/example">
    AllowOverride None
    Order allow,deny
    Allow from all

    Require all granted

    suPHP_AddHandler application/x-su-httpd-php56
    AddHandler application/x-su-httpd-php56 .php
</Directory>

Another word of caution

Just to write this a second time: Do not use this approach on any exposed system. I’ve personally used this to launch an ancient application to extract some data out of this application - on an airgapped system. Do never run old software connected to any public network or exposed to users.