Commit b50160ba authored by Chris Croome's avatar Chris Croome

Updates including sources.list to get latest PHP!

parent 04e831d0
Pipeline #3493 passed with stage
in 90 minutes and 57 seconds
......@@ -5,8 +5,11 @@ before_script:
- apt-get update
- apt-get -y install apt-transport-https
- echo "deb https://deb.debian.org/debian stretch main" > /etc/apt/sources.list
- echo "deb https://deb.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list
- echo "deb-src https://deb.debian.org/debian stretch main" >> /etc/apt/sources.list
- echo "deb https://deb.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list
- echo "deb-src https://deb.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list
- echo "deb https://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list
- echo "deb-src https://deb.debian.org/debian stretch-updates main" >> /etc/apt/sources.list
- apt-get update
- apt-get -y dist-upgrade
- apt-get -y install ansible openssh-client
......
# Debian Stretch PHP
This repo contains GitLab CI to install Ansible and copy a GPG secret file to the Docker container and then run three Ansible playbooks, `build.yml`, `test.yml` and `deploy.yml`.
This repo contains GitLab CI instructions to install Ansible and copy a GPG secret file to the CI Docker container and then run an Ansible playbooks, `run.yml`, which runs three roles:
The build role download source debs for PHP, set the file descriptors limit to a higher value and then rebuilds and signs them and create a apt repo layout.
1. The build role download source debs for PHP, set the file descriptors limit to a higher value and then rebuilds and signs them and create a apt repo layout.
2. The test role then installs the debs that have been built to test that they can be installed without errors (currently not enabled).
3. The deploy role `rsync`'s the files to the apt repo.
The test role then installs the debs that have benn built to thest that they can be installed without errors.
The apt repo that this code generates is available at [deb.webarch.net](https://deb.webarch.net/).
The deploy role rsync's the files to the apt repo.
The variables in `run.yml` would need changing if these playbooks are used elsewhere.
The variables in `run.yml` would need changing if these playbooks are used elsewhere for used for building other packages.
# PHP File Descriptors Limit
......@@ -34,7 +34,8 @@ Our shared hosting servers use a lot of file descriptors, for example this total
```bash
lsof | wc -l
181379```
181379
```
The file descriptors in kernel memory:
......@@ -74,7 +75,7 @@ The following environmental variables are set in GitLab CI / CD Settings for thi
It would be more secure to use Ansible Vault or something…
The corresponding GPG public key is in `roles/build/files/pub.gpg` and the GPG key id is a variable in `vars/main.yml`.
The corresponding GPG public key is in `roles/build/files/pub.gpg` and the GPG key id is a variable in `run.yml`.
The corresponding SSH public key is installed on the host that the repo is rsync'ed to.
......
Options +Indexes
SetEnv SITE_TITLE "{{ php_release_name }}"
AddType text/plain .gpg
# https://wiki.debian.org/DebianRepository/SetupWithReprepro#Configuring_Apache
<LocationMatch "/apt/*/db/*">
<LocationMatch "/db/*">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Deny,Allow
......@@ -22,7 +24,7 @@ SetEnv SITE_TITLE "{{ php_release_name }}"
</IfModule>
</IfModule>
</LocationMatch>
<LocationMatch "/apt/*/conf/*">
<LocationMatch "/conf/*">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Deny,Allow
......@@ -42,7 +44,7 @@ SetEnv SITE_TITLE "{{ php_release_name }}"
</IfModule>
</IfModule>
</LocationMatch>
<LocationMatch "/apt/*/incoming/*">
<LocationMatch "/incoming/*">
<IfModule mod_version.c>
<IfVersion < 2.4>
Order Deny,Allow
......
......@@ -8,32 +8,39 @@
--><!--#include virtual="/wsh/top.shtml" -->
<p>The PHP{{ php_version }} packages can be <a href="pool/main/p/php{{ php_version }}/">browsed here</a>, following are instructions for installing them on Debian {{ php_distro }}.
<h2 id="install">Install</h2>
<p>The following commands all assume you are <code>root</code>, run <code>sudo -i</code> first.
<p>To use the packages in this repo first ensure you have <code>apt-transport-https</code> installed:
<pre>
<pre><code>
apt install apt-transport-https
</pre>
</code></pre>
Then add the public GPG key to your machine:</p>
Then add <a href="pub.gpg">the public GPG key</a> (ID: {{ php_gpg_id }}) to your machine:</p>
<pre>
<pre><code>
wget -O - https://{{ php_repo_domain }}/pub.gpg | apt-key add -
</pre>
</code></pre>
<p>Then create a <code>/etc/apt/sources.list.d/php{{ php_version }}.list</code> file:</p>
<pre>
echo "deb https://{{ php_repo_domain }}/ {{ php_distro }} main" &gt; /etc/apt/sources.list.d/php{{ php_version }}.list
</pre>
<pre><code>
echo "deb https://{{ php_repo_domain }}/ {{ php_distro }} main" &gt; /etc/apt/sources.list.d/php.list
</code></pre>
<p>Finally update your cache and packages:</p>
<pre>
apt update
<pre><code>
apt update<br />
apt dist-upgrade
</pre>
</code></pre>
<!--#include virtual="/wsh/bot.shtml" -->
<h2 id="code>Code</h2>
<p>The code that was used to rebuild the PHP{{ php_version }} packages for Debian {{ php_distro }} and build this aot repo is <a href="https://git.coop/webarch/php">available on git.coop</a>.</p>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment